From: Stefan Metzmacher Date: Tue, 26 Aug 2008 17:35:52 +0000 (+0200) Subject: heimdal: import heimdal's trunk svn rev 23697 + lorikeet-heimdal patches X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=467a1f2163a63cdf1a4c83a69473db50e8794f53 heimdal: import heimdal's trunk svn rev 23697 + lorikeet-heimdal patches This is based on f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo. metze --- diff --git a/source/heimdal/README b/source/heimdal/README index 88ab7fd12135..3b938248fcb7 100644 --- a/source/heimdal/README +++ b/source/heimdal/README @@ -1,4 +1,4 @@ -$Id: README 8839 2000-07-27 02:33:54Z assar $ +$Id$ Heimdal is a Kerberos 5 implementation. @@ -10,7 +10,7 @@ Bug reports and bugs are appreciated, see more under Bug reports in the manual on how we prefer them. For more information see the web-page at - or the mailing lists: + or the mailing lists: heimdal-announce@sics.se low-volume announcement heimdal-discuss@sics.se high-volume discussion diff --git a/source/heimdal/cf/check-var.m4 b/source/heimdal/cf/check-var.m4 index 1e6846593b08..f81f3524c159 100644 --- a/source/heimdal/cf/check-var.m4 +++ b/source/heimdal/cf/check-var.m4 @@ -1,4 +1,4 @@ -dnl $Id: check-var.m4 15422 2005-06-16 18:59:29Z lha $ +dnl $Id$ dnl dnl rk_CHECK_VAR(variable, includes) AC_DEFUN([rk_CHECK_VAR], [ diff --git a/source/heimdal/cf/find-func-no-libs.m4 b/source/heimdal/cf/find-func-no-libs.m4 index 76965a84ee8a..f3413409f63c 100644 --- a/source/heimdal/cf/find-func-no-libs.m4 +++ b/source/heimdal/cf/find-func-no-libs.m4 @@ -1,4 +1,4 @@ -dnl $Id: find-func-no-libs.m4 13338 2004-02-12 14:21:14Z lha $ +dnl $Id$ dnl dnl dnl Look for function in any of the specified libraries diff --git a/source/heimdal/cf/find-func-no-libs2.m4 b/source/heimdal/cf/find-func-no-libs2.m4 index 617a09e8da1b..692001c103b7 100644 --- a/source/heimdal/cf/find-func-no-libs2.m4 +++ b/source/heimdal/cf/find-func-no-libs2.m4 @@ -1,4 +1,4 @@ -dnl $Id: find-func-no-libs2.m4 14166 2004-08-26 12:35:42Z joda $ +dnl $Id$ dnl dnl dnl Look for function in any of the specified libraries diff --git a/source/heimdal/cf/find-func.m4 b/source/heimdal/cf/find-func.m4 index 2354f38e5e4b..865772a70085 100644 --- a/source/heimdal/cf/find-func.m4 +++ b/source/heimdal/cf/find-func.m4 @@ -1,4 +1,4 @@ -dnl $Id: find-func.m4 13338 2004-02-12 14:21:14Z lha $ +dnl $Id$ dnl dnl AC_FIND_FUNC(func, libraries, includes, arguments) AC_DEFUN([AC_FIND_FUNC], [ diff --git a/source/heimdal/cf/make-proto.pl b/source/heimdal/cf/make-proto.pl index 8c7b54ae7846..b89ef790670b 100644 --- a/source/heimdal/cf/make-proto.pl +++ b/source/heimdal/cf/make-proto.pl @@ -1,5 +1,5 @@ # Make prototypes from .c files -# $Id: make-proto.pl 23023 2008-04-17 10:01:46Z lha $ +# $Id$ ##use Getopt::Std; require 'getopts.pl'; diff --git a/source/heimdal/cf/resolv.m4 b/source/heimdal/cf/resolv.m4 index 8bb5e4ecbb0f..b4045094d802 100644 --- a/source/heimdal/cf/resolv.m4 +++ b/source/heimdal/cf/resolv.m4 @@ -1,6 +1,6 @@ dnl stuff used by DNS resolv code in roken dnl -dnl $Id: resolv.m4 16009 2005-09-02 10:17:38Z lha $ +dnl $Id$ dnl AC_DEFUN([rk_RESOLV],[ diff --git a/source/heimdal/kdc/524.c b/source/heimdal/kdc/524.c index 3e4ad292537b..a46c9175b0b6 100644 --- a/source/heimdal/kdc/524.c +++ b/source/heimdal/kdc/524.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: 524.c 18270 2006-10-06 17:06:30Z lha $"); +RCSID("$Id$"); #include diff --git a/source/heimdal/kdc/default_config.c b/source/heimdal/kdc/default_config.c index 33a2c297fa11..87952ca6eb2a 100644 --- a/source/heimdal/kdc/default_config.c +++ b/source/heimdal/kdc/default_config.c @@ -36,7 +36,7 @@ #include #include -RCSID("$Id: default_config.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) diff --git a/source/heimdal/kdc/digest.c b/source/heimdal/kdc/digest.c index bf1e45b328a1..401ca1db1143 100644 --- a/source/heimdal/kdc/digest.c +++ b/source/heimdal/kdc/digest.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" #include -RCSID("$Id: digest.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #define MS_CHAP_V2 0x20 #define CHAP_MD5 0x10 diff --git a/source/heimdal/kdc/headers.h b/source/heimdal/kdc/headers.h index 64f6b6e438cb..c2bd4c5b4f30 100644 --- a/source/heimdal/kdc/headers.h +++ b/source/heimdal/kdc/headers.h @@ -32,7 +32,7 @@ */ /* - * $Id: headers.h 19658 2007-01-04 00:15:34Z lha $ + * $Id$ */ #ifndef __HEADERS_H__ diff --git a/source/heimdal/kdc/kaserver.c b/source/heimdal/kdc/kaserver.c index 4f257d717ee3..8f3c3e02ea83 100644 --- a/source/heimdal/kdc/kaserver.c +++ b/source/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c 23110 2008-04-27 18:51:17Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/kdc/kdc.h b/source/heimdal/kdc/kdc.h index 6c129f38f520..f0edae721f52 100644 --- a/source/heimdal/kdc/kdc.h +++ b/source/heimdal/kdc/kdc.h @@ -35,7 +35,7 @@ */ /* - * $Id: kdc.h 21287 2007-06-25 14:09:03Z lha $ + * $Id$ */ #ifndef __KDC_H__ diff --git a/source/heimdal/kdc/kdc_locl.h b/source/heimdal/kdc/kdc_locl.h index fe0523665a4d..6ce4a9f40f49 100644 --- a/source/heimdal/kdc/kdc_locl.h +++ b/source/heimdal/kdc/kdc_locl.h @@ -32,7 +32,7 @@ */ /* - * $Id: kdc_locl.h 22247 2007-12-08 23:49:41Z lha $ + * $Id$ */ #ifndef __KDC_LOCL_H__ diff --git a/source/heimdal/kdc/kerberos4.c b/source/heimdal/kdc/kerberos4.c index cbba64945b3e..3e9a70057e4d 100644 --- a/source/heimdal/kdc/kerberos4.c +++ b/source/heimdal/kdc/kerberos4.c @@ -35,7 +35,7 @@ #include -RCSID("$Id: kerberos4.c 21577 2007-07-16 08:14:06Z lha $"); +RCSID("$Id$"); #ifndef swap32 static uint32_t @@ -134,7 +134,7 @@ _kdc_do_version4(krb5_context context, struct sockaddr_in *addr) { krb5_storage *sp; - krb5_error_code ret; + krb5_error_code ret = EINVAL; hdb_entry_ex *client = NULL, *server = NULL; Key *ckey, *skey; int8_t pvno; @@ -162,6 +162,7 @@ _kdc_do_version4(krb5_context context, kdc_log(context, config, 0, "Protocol version mismatch (krb4) (%d)", pvno); make_err_reply(context, reply, KRB4ET_KDC_PKT_VER, "protocol mismatch"); + ret = KRB4ET_KDC_PKT_VER; goto out; } RCHECK(krb5_ret_int8(sp, &msg_type), out); @@ -258,20 +259,6 @@ _kdc_do_version4(krb5_context context, goto out1; } -#if 0 - /* this is not necessary with the new code in libkrb */ - /* find a properly salted key */ - while(ckey->salt == NULL || ckey->salt->salt.length != 0) - ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey); - if(ret){ - kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s", - name, inst, realm); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, - "No version-4 salted key in database"); - goto out1; - } -#endif - ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); if(ret){ kdc_log(context, config, 0, "no suitable DES key for server"); @@ -624,12 +611,14 @@ _kdc_do_version4(krb5_context context, break; } case AUTH_MSG_ERR_REPLY: + ret = EINVAL; break; default: kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s", msg_type, from); make_err_reply(context, reply, KFAILURE, "Unknown message type"); + ret = EINVAL; } out: if(name) @@ -647,7 +636,7 @@ _kdc_do_version4(krb5_context context, if(server) _kdc_free_ent(context, server); krb5_storage_free(sp); - return 0; + return ret; } krb5_error_code diff --git a/source/heimdal/kdc/kerberos5.c b/source/heimdal/kdc/kerberos5.c index 2a2c48c233a6..7930ef42e482 100644 --- a/source/heimdal/kdc/kerberos5.c +++ b/source/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -84,6 +84,24 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type) return NULL; } +/* + * This is a hack to allow predefined weak services, like afs to + * still use weak types + */ + +krb5_boolean +_kdc_is_weak_expection(krb5_principal principal, krb5_enctype etype) +{ + if (principal->name.name_string.len > 0 && + strcmp(principal->name.name_string.val[0], "afs") == 0 && + (etype == ETYPE_DES_CBC_CRC + || etype == ETYPE_DES_CBC_MD4 + || etype == ETYPE_DES_CBC_MD5)) + return TRUE; + return FALSE; +} + + /* * Detect if `key' is the using the the precomputed `default_salt'. */ @@ -120,7 +138,8 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ, for(i = 0; ret != 0 && i < len ; i++) { Key *key = NULL; - if (krb5_enctype_valid(context, etypes[i]) != 0) + if (krb5_enctype_valid(context, etypes[i]) != 0 && + !_kdc_is_weak_expection(princ->entry.principal, etypes[i])) continue; while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) { diff --git a/source/heimdal/kdc/krb5tgs.c b/source/heimdal/kdc/krb5tgs.c index 071a30d5a78a..19dff5e01df3 100644 --- a/source/heimdal/kdc/krb5tgs.c +++ b/source/heimdal/kdc/krb5tgs.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: krb5tgs.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * return the realm of a krbtgt-ticket or NULL @@ -662,6 +662,7 @@ tgs_make_reply(krb5_context context, krb5_kvno kvno, AuthorizationData *auth_data, hdb_entry_ex *server, + krb5_principal server_principal, const char *server_name, hdb_entry_ex *client, krb5_principal client_principal, @@ -678,6 +679,7 @@ tgs_make_reply(krb5_context context, EncTicketPart et; KDCOptions f = b->kdc_options; krb5_error_code ret; + int is_weak = 0; memset(&rep, 0, sizeof(rep)); memset(&et, 0, sizeof(et)); @@ -729,9 +731,9 @@ tgs_make_reply(krb5_context context, if(ret) goto out; - copy_Realm(krb5_princ_realm(context, server->entry.principal), + copy_Realm(krb5_princ_realm(context, server_principal), &rep.ticket.realm); - _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); + _krb5_principal2principalname(&rep.ticket.sname, server_principal); copy_Realm(&tgt_name->realm, &rep.crealm); /* if (f.request_anonymous) @@ -885,6 +887,14 @@ tgs_make_reply(krb5_context context, goto out; } + if (krb5_enctype_valid(context, et.key.keytype) != 0 + && _kdc_is_weak_expection(server->entry.principal, et.key.keytype)) + { + krb5_enctype_enable(context, et.key.keytype); + is_weak = 1; + } + + /* It is somewhat unclear where the etype in the following encryption should come from. What we have is a session key in the passed tgt, and a list of preferred etypes @@ -899,6 +909,9 @@ tgs_make_reply(krb5_context context, &rep, &et, &ek, et.key.keytype, kvno, serverkey, 0, &tgt->key, e_text, reply); + if (is_weak) + krb5_enctype_disable(context, et.key.keytype); + out: free_TGS_REP(&rep); free_TransitedEncoding(&et.transited); @@ -1462,7 +1475,8 @@ tgs_build_reply(krb5_context context, */ server_lookup: - ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER, NULL, &server); + ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | HDB_F_CANON, + NULL, &server); if(ret){ const char *new_rlm; @@ -1521,7 +1535,8 @@ server_lookup: goto out; } - ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT, NULL, &client); + ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | HDB_F_CANON, + NULL, &client); if(ret) { const char *krbtgt_realm; @@ -1927,6 +1942,7 @@ server_lookup: kvno, *auth_data, server, + sp, spn, client, cp, diff --git a/source/heimdal/kdc/kx509.c b/source/heimdal/kdc/kx509.c index 8f117cebc050..33991d19077b 100644 --- a/source/heimdal/kdc/kx509.c +++ b/source/heimdal/kdc/kx509.c @@ -36,7 +36,7 @@ #include #include -RCSID("$Id: kx509.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * diff --git a/source/heimdal/kdc/log.c b/source/heimdal/kdc/log.c index 8cf967fbfb8b..98b25b92dba7 100644 --- a/source/heimdal/kdc/log.c +++ b/source/heimdal/kdc/log.c @@ -32,7 +32,7 @@ */ #include "kdc_locl.h" -RCSID("$Id: log.c 22254 2007-12-09 06:01:05Z lha $"); +RCSID("$Id$"); void kdc_openlog(krb5_context context, diff --git a/source/heimdal/kdc/misc.c b/source/heimdal/kdc/misc.c index 528b9e6a3b67..0c64dd568eb9 100644 --- a/source/heimdal/kdc/misc.c +++ b/source/heimdal/kdc/misc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: misc.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct timeval _kdc_now; diff --git a/source/heimdal/kdc/pkinit.c b/source/heimdal/kdc/pkinit.c old mode 100755 new mode 100644 index 9f6d57f588fe..57767c4f48e3 --- a/source/heimdal/kdc/pkinit.c +++ b/source/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #ifdef PKINIT diff --git a/source/heimdal/kdc/process.c b/source/heimdal/kdc/process.c index 550bfb04b2a1..1a0c7c72ce65 100644 --- a/source/heimdal/kdc/process.c +++ b/source/heimdal/kdc/process.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" -RCSID("$Id: process.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * @@ -100,9 +100,9 @@ krb5_kdc_process_request(krb5_context context, return ret; } else if(_kdc_maybe_version4(buf, len)){ *prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */ - _kdc_do_version4(context, config, buf, len, reply, from, - (struct sockaddr_in*)addr); - return 0; + ret = _kdc_do_version4(context, config, buf, len, reply, from, + (struct sockaddr_in*)addr); + return ret; } else if (config->enable_kaserver) { ret = _kdc_do_kaserver(context, config, buf, len, reply, from, (struct sockaddr_in*)addr); diff --git a/source/heimdal/kdc/rx.h b/source/heimdal/kdc/rx.h index 18806d79dae6..a84e5ec5f54f 100644 --- a/source/heimdal/kdc/rx.h +++ b/source/heimdal/kdc/rx.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: rx.h 17447 2006-05-05 10:52:01Z lha $ */ +/* $Id$ */ #ifndef __RX_H__ #define __RX_H__ diff --git a/source/heimdal/kdc/windc.c b/source/heimdal/kdc/windc.c index 621757f6dcf9..e057a3e6fbae 100644 --- a/source/heimdal/kdc/windc.c +++ b/source/heimdal/kdc/windc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: windc.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); static krb5plugin_windc_ftable *windcft; static void *windcctx; diff --git a/source/heimdal/kdc/windc_plugin.h b/source/heimdal/kdc/windc_plugin.h index 44aab9e22b7a..3780258ad03f 100644 --- a/source/heimdal/kdc/windc_plugin.h +++ b/source/heimdal/kdc/windc_plugin.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: windc_plugin.h 22693 2008-03-19 08:57:49Z lha $ */ +/* $Id$ */ #ifndef HEIMDAL_KRB5_PAC_PLUGIN_H #define HEIMDAL_KRB5_PAC_PLUGIN_H 1 diff --git a/source/heimdal/kuser/kinit.c b/source/heimdal/kuser/kinit.c index 0e03dc4d377e..7880c9e010cb 100644 --- a/source/heimdal/kuser/kinit.c +++ b/source/heimdal/kuser/kinit.c @@ -32,7 +32,7 @@ */ #include "kuser_locl.h" -RCSID("$Id: kinit.c 23418 2008-07-26 18:36:48Z lha $"); +RCSID("$Id$"); #include "krb5-v4compat.h" @@ -67,6 +67,7 @@ char *pk_x509_anchors = NULL; int pk_use_enckey = 0; static int canonicalize_flag = 0; static int ok_as_delegate_flag = 0; +static int use_referrals_flag = 0; static int windows_flag = 0; static char *ntlm_domain; @@ -166,6 +167,9 @@ static struct getargs args[] = { { "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag, "honor ok-as-delegate on tickets" }, + { "use-referrals", 0, arg_flag, &use_referrals_flag, + "only use referrals, no dns canalisation" }, + { "windows", 0, arg_flag, &windows_flag, "get windows behavior" }, @@ -597,11 +601,17 @@ get_new_tickets(krb5_context context, if (ntlm_domain && ntlmkey.data) store_ntlmkey(context, ccache, ntlm_domain, &ntlmkey); - if (ok_as_delegate_flag || windows_flag) { + if (ok_as_delegate_flag || windows_flag || use_referrals_flag) { + unsigned char d = 0; krb5_data data; + if (ok_as_delegate_flag || windows_flag) + d |= 1; + if (use_referrals_flag || windows_flag) + d |= 2; + data.length = 1; - data.data = "\x01"; + data.data = &d; krb5_cc_set_config(context, ccache, NULL, "realm-config", &data); } diff --git a/source/heimdal/kuser/kuser_locl.h b/source/heimdal/kuser/kuser_locl.h index 36ea01a9a59f..ad48a0c99c55 100644 --- a/source/heimdal/kuser/kuser_locl.h +++ b/source/heimdal/kuser/kuser_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kuser_locl.h 20458 2007-04-19 20:41:27Z lha $ */ +/* $Id$ */ #ifndef __KUSER_LOCL_H__ #define __KUSER_LOCL_H__ diff --git a/source/heimdal/lib/asn1/CMS.asn1 b/source/heimdal/lib/asn1/CMS.asn1 index 685f0b189831..65a467521d79 100644 --- a/source/heimdal/lib/asn1/CMS.asn1 +++ b/source/heimdal/lib/asn1/CMS.asn1 @@ -1,5 +1,5 @@ -- From RFC 3369 -- --- $Id: CMS.asn1 18054 2006-09-07 12:20:42Z lha $ -- +-- $Id$ -- CMS DEFINITIONS ::= BEGIN diff --git a/source/heimdal/lib/asn1/asn1-common.h b/source/heimdal/lib/asn1/asn1-common.h index 5789e0f22dfb..4c6af8b45eb1 100644 --- a/source/heimdal/lib/asn1/asn1-common.h +++ b/source/heimdal/lib/asn1/asn1-common.h @@ -1,4 +1,4 @@ -/* $Id: asn1-common.h 22429 2008-01-13 10:25:50Z lha $ */ +/* $Id$ */ #include #include diff --git a/source/heimdal/lib/asn1/asn1_err.et b/source/heimdal/lib/asn1/asn1_err.et index c624e218e7cc..26bda55c1900 100644 --- a/source/heimdal/lib/asn1/asn1_err.et +++ b/source/heimdal/lib/asn1/asn1_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: asn1_err.et 21394 2007-07-02 10:14:43Z lha $" +id "$Id$" error_table asn1 prefix ASN1 diff --git a/source/heimdal/lib/asn1/asn1_gen.c b/source/heimdal/lib/asn1/asn1_gen.c index 65b382e6daf0..50eb598c22fd 100644 --- a/source/heimdal/lib/asn1/asn1_gen.c +++ b/source/heimdal/lib/asn1/asn1_gen.c @@ -40,7 +40,7 @@ #include #include -RCSID("$Id: asn1_gen.c 16666 2006-01-30 15:06:03Z lha $"); +RCSID("$Id$"); static int doit(const char *fn) diff --git a/source/heimdal/lib/asn1/asn1_queue.h b/source/heimdal/lib/asn1/asn1_queue.h index 3659b3859d0d..73eb50f8b825 100644 --- a/source/heimdal/lib/asn1/asn1_queue.h +++ b/source/heimdal/lib/asn1/asn1_queue.h @@ -1,5 +1,5 @@ /* $NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp $ */ -/* $Id: asn1_queue.h 15617 2005-07-12 06:27:42Z lha $ */ +/* $Id$ */ /* * Copyright (c) 1991, 1993 diff --git a/source/heimdal/lib/asn1/canthandle.asn1 b/source/heimdal/lib/asn1/canthandle.asn1 index 5ba3e3880c2e..5c2690f9b68a 100644 --- a/source/heimdal/lib/asn1/canthandle.asn1 +++ b/source/heimdal/lib/asn1/canthandle.asn1 @@ -1,4 +1,4 @@ --- $Id: canthandle.asn1 22071 2007-11-14 20:04:50Z lha $ -- +-- $Id$ -- CANTHANDLE DEFINITIONS ::= BEGIN diff --git a/source/heimdal/lib/asn1/der.c b/source/heimdal/lib/asn1/der.c index 120dc086afc9..159d358fcbd7 100644 --- a/source/heimdal/lib/asn1/der.c +++ b/source/heimdal/lib/asn1/der.c @@ -38,7 +38,7 @@ #include #include -RCSID("$Id: der.c 22429 2008-01-13 10:25:50Z lha $"); +RCSID("$Id$"); static const char *class_names[] = { diff --git a/source/heimdal/lib/asn1/der.h b/source/heimdal/lib/asn1/der.h index 0484137192c4..cef92aa07f2d 100644 --- a/source/heimdal/lib/asn1/der.h +++ b/source/heimdal/lib/asn1/der.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der.h 23183 2008-05-22 09:56:51Z lha $ */ +/* $Id$ */ #ifndef __DER_H__ #define __DER_H__ diff --git a/source/heimdal/lib/asn1/der_cmp.c b/source/heimdal/lib/asn1/der_cmp.c old mode 100755 new mode 100644 diff --git a/source/heimdal/lib/asn1/der_copy.c b/source/heimdal/lib/asn1/der_copy.c index 04c4531ca578..ba1aa36c0218 100644 --- a/source/heimdal/lib/asn1/der_copy.c +++ b/source/heimdal/lib/asn1/der_copy.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_copy.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); int der_copy_general_string (const heim_general_string *from, diff --git a/source/heimdal/lib/asn1/der_format.c b/source/heimdal/lib/asn1/der_format.c index 6908bddcc26e..37e5bd7f279f 100644 --- a/source/heimdal/lib/asn1/der_format.c +++ b/source/heimdal/lib/asn1/der_format.c @@ -34,7 +34,7 @@ #include "der_locl.h" #include -RCSID("$Id: der_format.c 20861 2007-06-03 20:18:29Z lha $"); +RCSID("$Id$"); int der_parse_hex_heim_integer (const char *p, heim_integer *data) diff --git a/source/heimdal/lib/asn1/der_free.c b/source/heimdal/lib/asn1/der_free.c index f59ec72eb7f5..8658dc7d15f0 100644 --- a/source/heimdal/lib/asn1/der_free.c +++ b/source/heimdal/lib/asn1/der_free.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_free.c 23182 2008-05-22 02:59:04Z lha $"); +RCSID("$Id$"); void der_free_general_string (heim_general_string *str) diff --git a/source/heimdal/lib/asn1/der_get.c b/source/heimdal/lib/asn1/der_get.c index f232ce9a296d..297823f8f03d 100644 --- a/source/heimdal/lib/asn1/der_get.c +++ b/source/heimdal/lib/asn1/der_get.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c 21369 2007-06-27 10:14:39Z lha $"); +RCSID("$Id$"); #include diff --git a/source/heimdal/lib/asn1/der_length.c b/source/heimdal/lib/asn1/der_length.c index a7f8f593a20e..f0091bd50b20 100644 --- a/source/heimdal/lib/asn1/der_length.c +++ b/source/heimdal/lib/asn1/der_length.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_length.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); size_t _heim_len_unsigned (unsigned val) diff --git a/source/heimdal/lib/asn1/der_locl.h b/source/heimdal/lib/asn1/der_locl.h index 5b97557d74a3..cdcb5c09a568 100644 --- a/source/heimdal/lib/asn1/der_locl.h +++ b/source/heimdal/lib/asn1/der_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der_locl.h 18608 2006-10-19 16:24:02Z lha $ */ +/* $Id$ */ #ifndef __DER_LOCL_H__ #define __DER_LOCL_H__ diff --git a/source/heimdal/lib/asn1/der_put.c b/source/heimdal/lib/asn1/der_put.c index 1fdbfe1305d6..54fc0cb5f86b 100644 --- a/source/heimdal/lib/asn1/der_put.c +++ b/source/heimdal/lib/asn1/der_put.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_put.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); /* * All encoding functions take a pointer `p' to first position in diff --git a/source/heimdal/lib/asn1/digest.asn1 b/source/heimdal/lib/asn1/digest.asn1 index eafe48ea5aee..1cf58b46380f 100644 --- a/source/heimdal/lib/asn1/digest.asn1 +++ b/source/heimdal/lib/asn1/digest.asn1 @@ -1,4 +1,4 @@ --- $Id: digest.asn1 22152 2007-12-04 19:59:18Z lha $ +-- $Id$ DIGEST DEFINITIONS ::= BEGIN diff --git a/source/heimdal/lib/asn1/extra.c b/source/heimdal/lib/asn1/extra.c index e29a43787851..90f98d8c2519 100644 --- a/source/heimdal/lib/asn1/extra.c +++ b/source/heimdal/lib/asn1/extra.c @@ -34,7 +34,7 @@ #include "der_locl.h" #include "heim_asn1.h" -RCSID("$Id: extra.c 16672 2006-01-31 09:44:54Z lha $"); +RCSID("$Id$"); int encode_heim_any(unsigned char *p, size_t len, diff --git a/source/heimdal/lib/asn1/gen.c b/source/heimdal/lib/asn1/gen.c index 39dba89e4e1c..ddacf7a1c850 100644 --- a/source/heimdal/lib/asn1/gen.c +++ b/source/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c 22896 2008-04-07 18:52:24Z lha $"); +RCSID("$Id$"); FILE *headerfile, *codefile, *logfile; diff --git a/source/heimdal/lib/asn1/gen_copy.c b/source/heimdal/lib/asn1/gen_copy.c index abf11859d5f4..8d41e704c315 100644 --- a/source/heimdal/lib/asn1/gen_copy.c +++ b/source/heimdal/lib/asn1/gen_copy.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_copy.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); static int used_fail; diff --git a/source/heimdal/lib/asn1/gen_decode.c b/source/heimdal/lib/asn1/gen_decode.c index face9ba47a04..40751cd077da 100644 --- a/source/heimdal/lib/asn1/gen_decode.c +++ b/source/heimdal/lib/asn1/gen_decode.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: gen_decode.c 21503 2007-07-12 11:57:19Z lha $"); +RCSID("$Id$"); static void decode_primitive (const char *typename, const char *name, const char *forwstr) diff --git a/source/heimdal/lib/asn1/gen_encode.c b/source/heimdal/lib/asn1/gen_encode.c index 08f1a9449f8b..bf26a965a94e 100644 --- a/source/heimdal/lib/asn1/gen_encode.c +++ b/source/heimdal/lib/asn1/gen_encode.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_encode.c 22429 2008-01-13 10:25:50Z lha $"); +RCSID("$Id$"); static void encode_primitive (const char *typename, const char *name) diff --git a/source/heimdal/lib/asn1/gen_free.c b/source/heimdal/lib/asn1/gen_free.c index d667c5d31aad..1cec79a9118f 100644 --- a/source/heimdal/lib/asn1/gen_free.c +++ b/source/heimdal/lib/asn1/gen_free.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_free.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); static void free_primitive (const char *typename, const char *name) diff --git a/source/heimdal/lib/asn1/gen_glue.c b/source/heimdal/lib/asn1/gen_glue.c index 8d8bd152a3b7..b01012be83b2 100644 --- a/source/heimdal/lib/asn1/gen_glue.c +++ b/source/heimdal/lib/asn1/gen_glue.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_glue.c 15617 2005-07-12 06:27:42Z lha $"); +RCSID("$Id$"); static void generate_2int (const Type *t, const char *gen_name) diff --git a/source/heimdal/lib/asn1/gen_length.c b/source/heimdal/lib/asn1/gen_length.c index 4cb5d45089f5..a10604a09cc0 100644 --- a/source/heimdal/lib/asn1/gen_length.c +++ b/source/heimdal/lib/asn1/gen_length.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_length.c 21503 2007-07-12 11:57:19Z lha $"); +RCSID("$Id$"); static void length_primitive (const char *typename, diff --git a/source/heimdal/lib/asn1/gen_locl.h b/source/heimdal/lib/asn1/gen_locl.h index 8cd4dbad5a84..eaf87390f27b 100644 --- a/source/heimdal/lib/asn1/gen_locl.h +++ b/source/heimdal/lib/asn1/gen_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gen_locl.h 18008 2006-09-05 12:29:18Z lha $ */ +/* $Id$ */ #ifndef __GEN_LOCL_H__ #define __GEN_LOCL_H__ diff --git a/source/heimdal/lib/asn1/gen_seq.c b/source/heimdal/lib/asn1/gen_seq.c index 54776752c2e3..d7d4fa5d7d82 100644 --- a/source/heimdal/lib/asn1/gen_seq.c +++ b/source/heimdal/lib/asn1/gen_seq.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_seq.c 20561 2007-04-24 16:14:30Z lha $"); +RCSID("$Id$"); void generate_type_seq (const Symbol *s) diff --git a/source/heimdal/lib/asn1/hash.c b/source/heimdal/lib/asn1/hash.c index eeb6b6d63dc9..f61a3eeb2415 100644 --- a/source/heimdal/lib/asn1/hash.c +++ b/source/heimdal/lib/asn1/hash.c @@ -37,7 +37,7 @@ #include "gen_locl.h" -RCSID("$Id: hash.c 17016 2006-04-07 22:16:00Z lha $"); +RCSID("$Id$"); static Hashentry *_search(Hashtab * htab, /* The hash table */ void *ptr); /* And key */ diff --git a/source/heimdal/lib/asn1/hash.h b/source/heimdal/lib/asn1/hash.h index 10d8ce99b0b5..41ecc9de0c52 100644 --- a/source/heimdal/lib/asn1/hash.h +++ b/source/heimdal/lib/asn1/hash.h @@ -35,7 +35,7 @@ * hash.h. Header file for hash table functions */ -/* $Id: hash.h 7464 1999-12-02 17:05:13Z joda $ */ +/* $Id$ */ struct hashentry { /* Entry in bucket */ struct hashentry **prev; diff --git a/source/heimdal/lib/asn1/k5.asn1 b/source/heimdal/lib/asn1/k5.asn1 index ea20eb99d24b..9b36498161fa 100644 --- a/source/heimdal/lib/asn1/k5.asn1 +++ b/source/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1 22745 2008-03-24 12:07:54Z lha $ +-- $Id$ KERBEROS5 DEFINITIONS ::= BEGIN @@ -72,6 +72,7 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com KRB5-PADATA-S4U2SELF(129), + KRB5-PADATA-EPAC(130), -- EPAK KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to -- tell KDC that is supports -- the asCheckSum in the @@ -94,7 +95,8 @@ AUTHDATA-TYPE ::= INTEGER { KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66), KRB5-AUTHDATA-WIN2K-PAC(128), KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only - KRB5-AUTHDATA-SIGNTICKET(-17) + KRB5-AUTHDATA-SIGNTICKET-OLD(-17), + KRB5-AUTHDATA-SIGNTICKET(142) } -- checksumtypes diff --git a/source/heimdal/lib/asn1/kx509.asn1 b/source/heimdal/lib/asn1/kx509.asn1 index fc6a696dab3a..820abc810687 100644 --- a/source/heimdal/lib/asn1/kx509.asn1 +++ b/source/heimdal/lib/asn1/kx509.asn1 @@ -1,4 +1,4 @@ --- $Id: kx509.asn1 19546 2006-12-28 21:05:23Z lha $ +-- $Id$ KX509 DEFINITIONS ::= BEGIN diff --git a/source/heimdal/lib/asn1/lex.c b/source/heimdal/lib/asn1/lex.c index 175760be4406..5efec619eefd 100644 --- a/source/heimdal/lib/asn1/lex.c +++ b/source/heimdal/lib/asn1/lex.c @@ -830,7 +830,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include diff --git a/source/heimdal/lib/asn1/lex.h b/source/heimdal/lib/asn1/lex.h index 7aececf6d7a0..34cef1716a84 100644 --- a/source/heimdal/lib/asn1/lex.h +++ b/source/heimdal/lib/asn1/lex.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.h 15617 2005-07-12 06:27:42Z lha $ */ +/* $Id$ */ #include diff --git a/source/heimdal/lib/asn1/lex.l b/source/heimdal/lib/asn1/lex.l index ec744220e9c0..e1452c3b04a7 100644 --- a/source/heimdal/lib/asn1/lex.l +++ b/source/heimdal/lib/asn1/lex.l @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include diff --git a/source/heimdal/lib/asn1/main.c b/source/heimdal/lib/asn1/main.c index 3b4a8122cada..3e15b39e6afb 100644 --- a/source/heimdal/lib/asn1/main.c +++ b/source/heimdal/lib/asn1/main.c @@ -35,7 +35,7 @@ #include #include "lex.h" -RCSID("$Id: main.c 20858 2007-06-03 18:56:41Z lha $"); +RCSID("$Id$"); extern FILE *yyin; diff --git a/source/heimdal/lib/asn1/parse.c b/source/heimdal/lib/asn1/parse.c index 6a3e524e93a9..edd3bba4639e 100644 --- a/source/heimdal/lib/asn1/parse.c +++ b/source/heimdal/lib/asn1/parse.c @@ -248,7 +248,7 @@ /* Copy the first part of user declarations. */ -#line 36 "parse.y" +#line 36 "heimdal/lib/asn1/parse.y" #ifdef HAVE_CONFIG_H #include @@ -261,7 +261,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $"); +RCSID("$Id$"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); @@ -280,7 +280,7 @@ struct string_list { /* Enabling traces. */ #ifndef YYDEBUG -# define YYDEBUG 1 +# define YYDEBUG 0 #endif /* Enabling verbose error messages. */ @@ -298,7 +298,7 @@ struct string_list { #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "parse.y" +#line 65 "heimdal/lib/asn1/parse.y" { int constant; struct value *value; @@ -314,7 +314,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 187 of yacc.c. */ -#line 318 "parse.c" +#line 318 "heimdal/lib/asn1/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -327,7 +327,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 331 "parse.c" +#line 331 "heimdal/lib/asn1/parse.y" #ifdef short # undef short @@ -1762,29 +1762,29 @@ yyreduce: switch (yyn) { case 2: -#line 235 "parse.y" +#line 235 "heimdal/lib/asn1/parse.y" { checkundefined(); } break; case 4: -#line 242 "parse.y" +#line 242 "heimdal/lib/asn1/parse.y" { error_message("implicit tagging is not supported"); } break; case 5: -#line 244 "parse.y" +#line 244 "heimdal/lib/asn1/parse.y" { error_message("automatic tagging is not supported"); } break; case 7: -#line 249 "parse.y" +#line 249 "heimdal/lib/asn1/parse.y" { error_message("no extensibility options supported"); } break; case 17: -#line 270 "parse.y" +#line 270 "heimdal/lib/asn1/parse.y" { struct string_list *sl; for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) { @@ -1796,7 +1796,7 @@ yyreduce: break; case 22: -#line 289 "parse.y" +#line 289 "heimdal/lib/asn1/parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (3)].name); @@ -1805,7 +1805,7 @@ yyreduce: break; case 23: -#line 295 "parse.y" +#line 295 "heimdal/lib/asn1/parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (1)].name); @@ -1814,7 +1814,7 @@ yyreduce: break; case 24: -#line 303 "parse.y" +#line 303 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym ((yyvsp[(1) - (3)].name)); s->stype = Stype; @@ -1825,7 +1825,7 @@ yyreduce: break; case 42: -#line 334 "parse.y" +#line 334 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); @@ -1833,7 +1833,7 @@ yyreduce: break; case 43: -#line 341 "parse.y" +#line 341 "heimdal/lib/asn1/parse.y" { if((yyvsp[(2) - (5)].value)->type != integervalue) error_message("Non-integer used in first part of range"); @@ -1846,7 +1846,7 @@ yyreduce: break; case 44: -#line 351 "parse.y" +#line 351 "heimdal/lib/asn1/parse.y" { if((yyvsp[(2) - (5)].value)->type != integervalue) error_message("Non-integer in first part of range"); @@ -1857,7 +1857,7 @@ yyreduce: break; case 45: -#line 359 "parse.y" +#line 359 "heimdal/lib/asn1/parse.y" { if((yyvsp[(4) - (5)].value)->type != integervalue) error_message("Non-integer in second part of range"); @@ -1868,7 +1868,7 @@ yyreduce: break; case 46: -#line 367 "parse.y" +#line 367 "heimdal/lib/asn1/parse.y" { if((yyvsp[(2) - (3)].value)->type != integervalue) error_message("Non-integer used in limit"); @@ -1879,7 +1879,7 @@ yyreduce: break; case 47: -#line 378 "parse.y" +#line 378 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); @@ -1887,7 +1887,7 @@ yyreduce: break; case 48: -#line 383 "parse.y" +#line 383 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->range = (yyvsp[(2) - (2)].range); @@ -1896,7 +1896,7 @@ yyreduce: break; case 49: -#line 389 "parse.y" +#line 389 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1905,7 +1905,7 @@ yyreduce: break; case 50: -#line 397 "parse.y" +#line 397 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1914,7 +1914,7 @@ yyreduce: break; case 51: -#line 403 "parse.y" +#line 403 "heimdal/lib/asn1/parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -1922,12 +1922,12 @@ yyreduce: break; case 52: -#line 408 "parse.y" +#line 408 "heimdal/lib/asn1/parse.y" { (yyval.members) = (yyvsp[(1) - (3)].members); } break; case 53: -#line 412 "parse.y" +#line 412 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -1941,7 +1941,7 @@ yyreduce: break; case 54: -#line 425 "parse.y" +#line 425 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1950,7 +1950,7 @@ yyreduce: break; case 56: -#line 436 "parse.y" +#line 436 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); @@ -1960,7 +1960,7 @@ yyreduce: break; case 57: -#line 443 "parse.y" +#line 443 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = (yyvsp[(4) - (5)].members); @@ -1969,7 +1969,7 @@ yyreduce: break; case 58: -#line 451 "parse.y" +#line 451 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); @@ -1977,7 +1977,7 @@ yyreduce: break; case 59: -#line 457 "parse.y" +#line 457 "heimdal/lib/asn1/parse.y" { Type *t = new_type(TOctetString); t->range = (yyvsp[(3) - (3)].range); @@ -1987,7 +1987,7 @@ yyreduce: break; case 60: -#line 466 "parse.y" +#line 466 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); @@ -1995,17 +1995,17 @@ yyreduce: break; case 61: -#line 473 "parse.y" +#line 473 "heimdal/lib/asn1/parse.y" { (yyval.range) = NULL; } break; case 62: -#line 475 "parse.y" +#line 475 "heimdal/lib/asn1/parse.y" { (yyval.range) = (yyvsp[(2) - (2)].range); } break; case 63: -#line 480 "parse.y" +#line 480 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2014,7 +2014,7 @@ yyreduce: break; case 64: -#line 486 "parse.y" +#line 486 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = NULL; @@ -2023,7 +2023,7 @@ yyreduce: break; case 65: -#line 494 "parse.y" +#line 494 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequenceOf); (yyval.type)->range = (yyvsp[(2) - (4)].range); @@ -2033,7 +2033,7 @@ yyreduce: break; case 66: -#line 503 "parse.y" +#line 503 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2042,7 +2042,7 @@ yyreduce: break; case 67: -#line 509 "parse.y" +#line 509 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = NULL; @@ -2051,7 +2051,7 @@ yyreduce: break; case 68: -#line 517 "parse.y" +#line 517 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSetOf); (yyval.type)->subtype = (yyvsp[(3) - (3)].type); @@ -2060,7 +2060,7 @@ yyreduce: break; case 69: -#line 525 "parse.y" +#line 525 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TChoice); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2068,7 +2068,7 @@ yyreduce: break; case 72: -#line 536 "parse.y" +#line 536 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); (yyval.type) = new_type(TType); @@ -2080,7 +2080,7 @@ yyreduce: break; case 73: -#line 547 "parse.y" +#line 547 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); @@ -2088,7 +2088,7 @@ yyreduce: break; case 74: -#line 552 "parse.y" +#line 552 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); @@ -2096,7 +2096,7 @@ yyreduce: break; case 75: -#line 559 "parse.y" +#line 559 "heimdal/lib/asn1/parse.y" { /* if (Constraint.type == contentConstrant) { assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too @@ -2112,14 +2112,14 @@ yyreduce: break; case 76: -#line 575 "parse.y" +#line 575 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec); } break; case 80: -#line 588 "parse.y" +#line 588 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type); @@ -2128,7 +2128,7 @@ yyreduce: break; case 81: -#line 594 "parse.y" +#line 594 "heimdal/lib/asn1/parse.y" { if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2139,7 +2139,7 @@ yyreduce: break; case 82: -#line 602 "parse.y" +#line 602 "heimdal/lib/asn1/parse.y" { if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2150,14 +2150,14 @@ yyreduce: break; case 83: -#line 612 "parse.y" +#line 612 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_USER); } break; case 84: -#line 618 "parse.y" +#line 618 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TTag); (yyval.type)->tag = (yyvsp[(1) - (3)].tag); @@ -2171,7 +2171,7 @@ yyreduce: break; case 85: -#line 631 "parse.y" +#line 631 "heimdal/lib/asn1/parse.y" { (yyval.tag).tagclass = (yyvsp[(2) - (4)].constant); (yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant); @@ -2180,56 +2180,56 @@ yyreduce: break; case 86: -#line 639 "parse.y" +#line 639 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; case 87: -#line 643 "parse.y" +#line 643 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; case 88: -#line 647 "parse.y" +#line 647 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_APPL; } break; case 89: -#line 651 "parse.y" +#line 651 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; case 90: -#line 657 "parse.y" +#line 657 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 91: -#line 661 "parse.y" +#line 661 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 92: -#line 665 "parse.y" +#line 665 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_IMPLICIT; } break; case 93: -#line 672 "parse.y" +#line 672 "heimdal/lib/asn1/parse.y" { Symbol *s; s = addsym ((yyvsp[(1) - (4)].name)); @@ -2241,7 +2241,7 @@ yyreduce: break; case 95: -#line 686 "parse.y" +#line 686 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); @@ -2249,7 +2249,7 @@ yyreduce: break; case 96: -#line 691 "parse.y" +#line 691 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); @@ -2257,7 +2257,7 @@ yyreduce: break; case 97: -#line 696 "parse.y" +#line 696 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); @@ -2265,7 +2265,7 @@ yyreduce: break; case 98: -#line 701 "parse.y" +#line 701 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, TE_EXPLICIT, new_type(TVisibleString)); @@ -2273,7 +2273,7 @@ yyreduce: break; case 99: -#line 706 "parse.y" +#line 706 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); @@ -2281,7 +2281,7 @@ yyreduce: break; case 100: -#line 711 "parse.y" +#line 711 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); @@ -2289,7 +2289,7 @@ yyreduce: break; case 101: -#line 716 "parse.y" +#line 716 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); @@ -2297,7 +2297,7 @@ yyreduce: break; case 102: -#line 724 "parse.y" +#line 724 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2306,7 +2306,7 @@ yyreduce: break; case 103: -#line 730 "parse.y" +#line 730 "heimdal/lib/asn1/parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -2314,7 +2314,7 @@ yyreduce: break; case 104: -#line 735 "parse.y" +#line 735 "heimdal/lib/asn1/parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -2326,7 +2326,7 @@ yyreduce: break; case 105: -#line 746 "parse.y" +#line 746 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (2)].name); @@ -2338,7 +2338,7 @@ yyreduce: break; case 106: -#line 757 "parse.y" +#line 757 "heimdal/lib/asn1/parse.y" { (yyval.member) = (yyvsp[(1) - (1)].member); (yyval.member)->optional = 0; @@ -2347,7 +2347,7 @@ yyreduce: break; case 107: -#line 763 "parse.y" +#line 763 "heimdal/lib/asn1/parse.y" { (yyval.member) = (yyvsp[(1) - (2)].member); (yyval.member)->optional = 1; @@ -2356,7 +2356,7 @@ yyreduce: break; case 108: -#line 769 "parse.y" +#line 769 "heimdal/lib/asn1/parse.y" { (yyval.member) = (yyvsp[(1) - (3)].member); (yyval.member)->optional = 0; @@ -2365,7 +2365,7 @@ yyreduce: break; case 109: -#line 777 "parse.y" +#line 777 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2374,7 +2374,7 @@ yyreduce: break; case 110: -#line 783 "parse.y" +#line 783 "heimdal/lib/asn1/parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -2382,7 +2382,7 @@ yyreduce: break; case 111: -#line 790 "parse.y" +#line 790 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -2396,26 +2396,26 @@ yyreduce: break; case 113: -#line 803 "parse.y" +#line 803 "heimdal/lib/asn1/parse.y" { (yyval.objid) = NULL; } break; case 114: -#line 807 "parse.y" +#line 807 "heimdal/lib/asn1/parse.y" { (yyval.objid) = (yyvsp[(2) - (3)].objid); } break; case 115: -#line 813 "parse.y" +#line 813 "heimdal/lib/asn1/parse.y" { (yyval.objid) = NULL; } break; case 116: -#line 817 "parse.y" +#line 817 "heimdal/lib/asn1/parse.y" { if ((yyvsp[(2) - (2)].objid)) { (yyval.objid) = (yyvsp[(2) - (2)].objid); @@ -2427,14 +2427,14 @@ yyreduce: break; case 117: -#line 828 "parse.y" +#line 828 "heimdal/lib/asn1/parse.y" { (yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant)); } break; case 118: -#line 832 "parse.y" +#line 832 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue || @@ -2448,14 +2448,14 @@ yyreduce: break; case 119: -#line 843 "parse.y" +#line 843 "heimdal/lib/asn1/parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant)); } break; case 129: -#line 866 "parse.y" +#line 866 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue) @@ -2467,7 +2467,7 @@ yyreduce: break; case 130: -#line 877 "parse.y" +#line 877 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2476,7 +2476,7 @@ yyreduce: break; case 131: -#line 885 "parse.y" +#line 885 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2485,7 +2485,7 @@ yyreduce: break; case 132: -#line 891 "parse.y" +#line 891 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2494,7 +2494,7 @@ yyreduce: break; case 133: -#line 899 "parse.y" +#line 899 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2503,13 +2503,13 @@ yyreduce: break; case 135: -#line 910 "parse.y" +#line 910 "heimdal/lib/asn1/parse.y" { } break; case 136: -#line 915 "parse.y" +#line 915 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2519,7 +2519,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 2523 "parse.c" +#line 2523 "heimdal/lib/asn1/parse.y" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -2733,7 +2733,7 @@ yyreturn: } -#line 922 "parse.y" +#line 922 "heimdal/lib/asn1/parse.y" void diff --git a/source/heimdal/lib/asn1/parse.h b/source/heimdal/lib/asn1/parse.h index 5e73094f9e6b..bea506ca7b98 100644 --- a/source/heimdal/lib/asn1/parse.h +++ b/source/heimdal/lib/asn1/parse.h @@ -222,7 +222,7 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "parse.y" +#line 65 "heimdal/lib/asn1/parse.y" { int constant; struct value *value; @@ -238,7 +238,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 1489 of yacc.c. */ -#line 242 "parse.h" +#line 242 "heimdal/lib/asn1/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source/heimdal/lib/asn1/parse.y b/source/heimdal/lib/asn1/parse.y index 772f2b1bc1c3..956386820f7b 100644 --- a/source/heimdal/lib/asn1/parse.y +++ b/source/heimdal/lib/asn1/parse.y @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse.y 21597 2007-07-16 18:48:58Z lha $ */ +/* $Id$ */ %{ #ifdef HAVE_CONFIG_H @@ -45,7 +45,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $"); +RCSID("$Id$"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); diff --git a/source/heimdal/lib/asn1/pkcs12.asn1 b/source/heimdal/lib/asn1/pkcs12.asn1 index 37fe03e58e8a..4d6454a08fc3 100644 --- a/source/heimdal/lib/asn1/pkcs12.asn1 +++ b/source/heimdal/lib/asn1/pkcs12.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs12.asn1 15715 2005-07-23 11:08:47Z lha $ -- +-- $Id$ -- PKCS12 DEFINITIONS ::= diff --git a/source/heimdal/lib/asn1/pkcs8.asn1 b/source/heimdal/lib/asn1/pkcs8.asn1 index 911e727c7085..203d91eef829 100644 --- a/source/heimdal/lib/asn1/pkcs8.asn1 +++ b/source/heimdal/lib/asn1/pkcs8.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs8.asn1 16060 2005-09-13 19:41:29Z lha $ -- +-- $Id$ -- PKCS8 DEFINITIONS ::= diff --git a/source/heimdal/lib/asn1/pkcs9.asn1 b/source/heimdal/lib/asn1/pkcs9.asn1 index d985e91f3c03..50bf9dd1cd71 100644 --- a/source/heimdal/lib/asn1/pkcs9.asn1 +++ b/source/heimdal/lib/asn1/pkcs9.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs9.asn1 17202 2006-04-24 08:59:10Z lha $ -- +-- $Id$ -- PKCS9 DEFINITIONS ::= diff --git a/source/heimdal/lib/asn1/symbol.c b/source/heimdal/lib/asn1/symbol.c index 9407915c19b7..4972e265e77a 100644 --- a/source/heimdal/lib/asn1/symbol.c +++ b/source/heimdal/lib/asn1/symbol.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: symbol.c 15617 2005-07-12 06:27:42Z lha $"); +RCSID("$Id$"); static Hashtab *htab; diff --git a/source/heimdal/lib/asn1/symbol.h b/source/heimdal/lib/asn1/symbol.h index d07caf559042..8282e700bae7 100644 --- a/source/heimdal/lib/asn1/symbol.h +++ b/source/heimdal/lib/asn1/symbol.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: symbol.h 19539 2006-12-28 17:15:05Z lha $ */ +/* $Id$ */ #ifndef _SYMBOL_H #define _SYMBOL_H diff --git a/source/heimdal/lib/asn1/test.asn1 b/source/heimdal/lib/asn1/test.asn1 index b2f58a20c2ce..d07bba6185be 100644 --- a/source/heimdal/lib/asn1/test.asn1 +++ b/source/heimdal/lib/asn1/test.asn1 @@ -1,4 +1,4 @@ --- $Id: test.asn1 21455 2007-07-10 12:51:19Z lha $ -- +-- $Id$ -- TEST DEFINITIONS ::= diff --git a/source/heimdal/lib/asn1/test.gen b/source/heimdal/lib/asn1/test.gen index d0fc7d98a44b..bfb04864818f 100644 --- a/source/heimdal/lib/asn1/test.gen +++ b/source/heimdal/lib/asn1/test.gen @@ -1,4 +1,4 @@ -# $Id: test.gen 15617 2005-07-12 06:27:42Z lha $ +# $Id$ # Sample for TESTSeq in test.asn1 # diff --git a/source/heimdal/lib/asn1/timegm.c b/source/heimdal/lib/asn1/timegm.c index 33b9684a5d87..5119ee887edd 100644 --- a/source/heimdal/lib/asn1/timegm.c +++ b/source/heimdal/lib/asn1/timegm.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: timegm.c 21366 2007-06-27 10:06:22Z lha $"); +RCSID("$Id$"); static int is_leap(unsigned y) diff --git a/source/heimdal/lib/com_err/com_err.c b/source/heimdal/lib/com_err/com_err.c index faf4294cdd8f..3dec3b2accb3 100644 --- a/source/heimdal/lib/com_err/com_err.c +++ b/source/heimdal/lib/com_err/com_err.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: com_err.c 14930 2005-04-24 19:43:06Z lha $"); +RCSID("$Id$"); #endif #include #include diff --git a/source/heimdal/lib/com_err/com_err.h b/source/heimdal/lib/com_err/com_err.h index bdd764f7e982..d7b0912168e5 100644 --- a/source/heimdal/lib/com_err/com_err.h +++ b/source/heimdal/lib/com_err/com_err.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: com_err.h 15566 2005-07-07 14:58:07Z lha $ */ +/* $Id$ */ /* MIT compatible com_err library */ diff --git a/source/heimdal/lib/com_err/com_right.h b/source/heimdal/lib/com_err/com_right.h index 4d929da866b3..f8cd2b61214a 100644 --- a/source/heimdal/lib/com_err/com_right.h +++ b/source/heimdal/lib/com_err/com_right.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: com_right.h 14551 2005-02-03 08:45:13Z lha $ */ +/* $Id$ */ #ifndef __COM_RIGHT_H__ #define __COM_RIGHT_H__ diff --git a/source/heimdal/lib/com_err/compile_et.c b/source/heimdal/lib/com_err/compile_et.c index 105765482265..c5a4f4fbcc0d 100644 --- a/source/heimdal/lib/com_err/compile_et.c +++ b/source/heimdal/lib/com_err/compile_et.c @@ -35,7 +35,7 @@ #include "compile_et.h" #include -RCSID("$Id: compile_et.c 15426 2005-06-16 19:21:42Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/com_err/compile_et.h b/source/heimdal/lib/com_err/compile_et.h index 1c7de5a08b69..5563f40e4819 100644 --- a/source/heimdal/lib/com_err/compile_et.h +++ b/source/heimdal/lib/com_err/compile_et.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: compile_et.h 15426 2005-06-16 19:21:42Z lha $ */ +/* $Id$ */ #ifndef __COMPILE_ET_H__ #define __COMPILE_ET_H__ diff --git a/source/heimdal/lib/com_err/error.c b/source/heimdal/lib/com_err/error.c index 051078025c56..51a28b7f4899 100644 --- a/source/heimdal/lib/com_err/error.c +++ b/source/heimdal/lib/com_err/error.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: error.c 9724 2001-02-28 20:00:13Z joda $"); +RCSID("$Id$"); #endif #include #include diff --git a/source/heimdal/lib/com_err/lex.c b/source/heimdal/lib/com_err/lex.c index b70ef4749f86..f030831d726e 100644 --- a/source/heimdal/lib/com_err/lex.c +++ b/source/heimdal/lib/com_err/lex.c @@ -527,7 +527,7 @@ char *yytext; #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); +RCSID("$Id$"); static unsigned lineno = 1; static int getstring(void); diff --git a/source/heimdal/lib/com_err/lex.h b/source/heimdal/lib/com_err/lex.h index 89f0387655f4..c97324a1a561 100644 --- a/source/heimdal/lib/com_err/lex.h +++ b/source/heimdal/lib/com_err/lex.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.h 8451 2000-06-22 00:42:52Z assar $ */ +/* $Id$ */ void error_message (const char *, ...) __attribute__ ((format (printf, 1, 2))); diff --git a/source/heimdal/lib/com_err/lex.l b/source/heimdal/lib/com_err/lex.l index 08aef516b304..4d56be4da08f 100644 --- a/source/heimdal/lib/com_err/lex.l +++ b/source/heimdal/lib/com_err/lex.l @@ -44,7 +44,7 @@ #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); +RCSID("$Id$"); static unsigned lineno = 1; static int getstring(void); diff --git a/source/heimdal/lib/com_err/parse.c b/source/heimdal/lib/com_err/parse.c index 4bacb721ca11..868e3f39f3fa 100644 --- a/source/heimdal/lib/com_err/parse.c +++ b/source/heimdal/lib/com_err/parse.c @@ -90,7 +90,7 @@ /* Copy the first part of user declarations. */ -#line 1 "parse.y" +#line 1 "heimdal/lib/com_err/parse.y" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -128,7 +128,7 @@ #include "compile_et.h" #include "lex.h" -RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $"); +RCSID("$Id$"); void yyerror (char *s); static long name2number(const char *str); @@ -163,13 +163,13 @@ extern char *yytext; #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "parse.y" +#line 53 "heimdal/lib/com_err/parse.y" { char *string; int number; } /* Line 187 of yacc.c. */ -#line 173 "parse.c" +#line 173 "heimdal/lib/com_err/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -182,7 +182,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 186 "parse.c" +#line 186 "heimdal/lib/com_err/parse.y" #ifdef short # undef short @@ -1381,14 +1381,14 @@ yyreduce: switch (yyn) { case 6: -#line 73 "parse.y" +#line 73 "heimdal/lib/com_err/parse.y" { id_str = (yyvsp[(2) - (2)].string); } break; case 7: -#line 79 "parse.y" +#line 79 "heimdal/lib/com_err/parse.y" { base_id = name2number((yyvsp[(2) - (2)].string)); strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name)); @@ -1397,7 +1397,7 @@ yyreduce: break; case 8: -#line 85 "parse.y" +#line 85 "heimdal/lib/com_err/parse.y" { base_id = name2number((yyvsp[(2) - (3)].string)); strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name)); @@ -1407,14 +1407,14 @@ yyreduce: break; case 11: -#line 98 "parse.y" +#line 98 "heimdal/lib/com_err/parse.y" { number = (yyvsp[(2) - (2)].number); } break; case 12: -#line 102 "parse.y" +#line 102 "heimdal/lib/com_err/parse.y" { free(prefix); asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string)); @@ -1425,7 +1425,7 @@ yyreduce: break; case 13: -#line 110 "parse.y" +#line 110 "heimdal/lib/com_err/parse.y" { prefix = realloc(prefix, 1); if (prefix == NULL) @@ -1435,7 +1435,7 @@ yyreduce: break; case 14: -#line 117 "parse.y" +#line 117 "heimdal/lib/com_err/parse.y" { struct error_code *ec = malloc(sizeof(*ec)); @@ -1458,7 +1458,7 @@ yyreduce: break; case 15: -#line 137 "parse.y" +#line 137 "heimdal/lib/com_err/parse.y" { YYACCEPT; } @@ -1466,7 +1466,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 1470 "parse.c" +#line 1470 "heimdal/lib/com_err/parse.y" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -1680,7 +1680,7 @@ yyreturn: } -#line 142 "parse.y" +#line 142 "heimdal/lib/com_err/parse.y" static long diff --git a/source/heimdal/lib/com_err/parse.h b/source/heimdal/lib/com_err/parse.h index 4c9681ff34f5..9aabca90236f 100644 --- a/source/heimdal/lib/com_err/parse.h +++ b/source/heimdal/lib/com_err/parse.h @@ -64,13 +64,13 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "parse.y" +#line 53 "heimdal/lib/com_err/parse.y" { char *string; int number; } /* Line 1489 of yacc.c. */ -#line 74 "parse.h" +#line 74 "heimdal/lib/com_err/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source/heimdal/lib/com_err/parse.y b/source/heimdal/lib/com_err/parse.y index 315931389fe4..e9b28370513c 100644 --- a/source/heimdal/lib/com_err/parse.y +++ b/source/heimdal/lib/com_err/parse.y @@ -35,7 +35,7 @@ #include "compile_et.h" #include "lex.h" -RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $"); +RCSID("$Id$"); void yyerror (char *s); static long name2number(const char *str); diff --git a/source/heimdal/lib/gssapi/gssapi/gssapi.h b/source/heimdal/lib/gssapi/gssapi/gssapi.h index 63f66f73133e..d6417cdf0c79 100644 --- a/source/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source/heimdal/lib/gssapi/gssapi/gssapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h 23025 2008-04-17 10:01:57Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_GSSAPI_H_ #define GSSAPI_GSSAPI_H_ @@ -123,6 +123,7 @@ typedef OM_uint32 gss_qop_t; #define GSS_C_DCE_STYLE 4096 #define GSS_C_IDENTIFY_FLAG 8192 #define GSS_C_EXTENDED_ERROR_FLAG 16384 +#define GSS_C_DELEG_POLICY_FLAG 32768 /* * Credential usage options diff --git a/source/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index 55f78866588c..bab719019ddc 100644 --- a/source/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_krb5.h 23420 2008-07-26 18:37:48Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_KRB5_H_ #define GSSAPI_KRB5_H_ diff --git a/source/heimdal/lib/gssapi/gssapi/gssapi_spnego.h b/source/heimdal/lib/gssapi/gssapi/gssapi_spnego.h index 3358863a8016..6587acd7d01b 100644 --- a/source/heimdal/lib/gssapi/gssapi/gssapi_spnego.h +++ b/source/heimdal/lib/gssapi/gssapi/gssapi_spnego.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_spnego.h 23025 2008-04-17 10:01:57Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_SPNEGO_H_ #define GSSAPI_SPNEGO_H_ diff --git a/source/heimdal/lib/gssapi/krb5/8003.c b/source/heimdal/lib/gssapi/krb5/8003.c index 619cbf97fcbd..a9b93d32a6e2 100644 --- a/source/heimdal/lib/gssapi/krb5/8003.c +++ b/source/heimdal/lib/gssapi/krb5/8003.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: 8003.c 18334 2006-10-07 22:16:04Z lha $"); +RCSID("$Id$"); krb5_error_code _gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p) diff --git a/source/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source/heimdal/lib/gssapi/krb5/accept_sec_context.c index 8dbd087da626..84110b7a827b 100644 --- a/source/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: accept_sec_context.c 23433 2008-07-26 18:44:26Z lha $"); +RCSID("$Id$"); HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; krb5_keytab _gsskrb5_keytab; @@ -371,9 +371,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if (kret) { if (in) krb5_rd_req_in_ctx_free(context, in); - ret = GSS_S_FAILURE; *minor_status = kret; - return ret; + return GSS_S_FAILURE; } kret = krb5_rd_req_ctx(context, @@ -382,13 +381,18 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, server, in, &out); krb5_rd_req_in_ctx_free(context, in); - if (kret) { + if (kret == KRB5KRB_AP_ERR_SKEW) { /* * No reply in non-MUTUAL mode, but we don't know that its - * non-MUTUAL mode yet, thats inside the 8003 checksum. + * non-MUTUAL mode yet, thats inside the 8003 checksum, so + * lets only send the error token on clock skew, that + * limit when send error token for non-MUTUAL. */ return send_error_token(minor_status, context, kret, server, &indata, output_token); + } else if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; } /* @@ -520,16 +524,36 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if(ctx->flags & GSS_C_MUTUAL_FLAG) { krb5_data outbuf; + int use_subkey = 0; _gsskrb5i_is_cfx(ctx, &is_cfx); - if (is_cfx != 0 - || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); + if (is_cfx || (ap_options & AP_OPTS_USE_SUBKEY)) { + use_subkey = 1; + } else { + krb5_keyblock *rkey; + + /* + * If there is a initiator subkey, copy that to acceptor + * subkey to match Windows behavior + */ + kret = krb5_auth_con_getremotesubkey(context, + ctx->auth_context, + &rkey); + if (kret == 0) { + kret = krb5_auth_con_setlocalsubkey(context, + ctx->auth_context, + rkey); + if (kret == 0) + use_subkey = 1; + krb5_free_keyblock(context, rkey); + } + } + if (use_subkey) { ctx->more_flags |= ACCEPTOR_SUBKEY; + krb5_auth_con_addflags(context, ctx->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); } kret = krb5_mk_rep(context, diff --git a/source/heimdal/lib/gssapi/krb5/acquire_cred.c b/source/heimdal/lib/gssapi/krb5/acquire_cred.c index 051446c19b4d..a7caf1a32ed8 100644 --- a/source/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: acquire_cred.c 22596 2008-02-18 18:05:55Z lha $"); +RCSID("$Id$"); OM_uint32 __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, @@ -134,11 +134,16 @@ static OM_uint32 acquire_initiator_cred * errors while searching. */ - if (handle->principal) + if (handle->principal) { kret = krb5_cc_cache_match (context, handle->principal, NULL, &ccache); + if (kret == 0) { + ret = GSS_S_COMPLETE; + goto found; + } + } if (ccache == NULL) { kret = krb5_cc_default(context, &ccache); @@ -211,7 +216,7 @@ static OM_uint32 acquire_initiator_cred } kret = 0; } - + found: handle->ccache = ccache; ret = GSS_S_COMPLETE; @@ -242,7 +247,6 @@ static OM_uint32 acquire_acceptor_cred OM_uint32 ret; krb5_error_code kret; - kret = 0; ret = GSS_S_FAILURE; kret = get_keytab(context, &handle->keytab); if (kret) @@ -336,13 +340,13 @@ OM_uint32 _gsskrb5_acquire_cred HEIMDAL_MUTEX_init(&handle->cred_id_mutex); if (desired_name != GSS_C_NO_NAME) { - krb5_principal name = (krb5_principal)desired_name; - ret = krb5_copy_principal(context, name, &handle->principal); + + ret = _gsskrb5_canon_name(minor_status, context, 0, desired_name, + &handle->principal); if (ret) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - *minor_status = ret; free(handle); - return GSS_S_FAILURE; + return ret; } } if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { diff --git a/source/heimdal/lib/gssapi/krb5/add_cred.c b/source/heimdal/lib/gssapi/krb5/add_cred.c index 9a1045a889f6..5cd17eb35d0e 100644 --- a/source/heimdal/lib/gssapi/krb5/add_cred.c +++ b/source/heimdal/lib/gssapi/krb5/add_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: add_cred.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_add_cred ( OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/arcfour.c b/source/heimdal/lib/gssapi/krb5/arcfour.c index 032da36ebc86..2f39a4e40004 100644 --- a/source/heimdal/lib/gssapi/krb5/arcfour.c +++ b/source/heimdal/lib/gssapi/krb5/arcfour.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: arcfour.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); /* * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt diff --git a/source/heimdal/lib/gssapi/krb5/canonicalize_name.c b/source/heimdal/lib/gssapi/krb5/canonicalize_name.c index c1744abd3bec..f2143560d06c 100644 --- a/source/heimdal/lib/gssapi/krb5/canonicalize_name.c +++ b/source/heimdal/lib/gssapi/krb5/canonicalize_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: canonicalize_name.c 18334 2006-10-07 22:16:04Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_canonicalize_name ( OM_uint32 * minor_status, @@ -42,5 +42,19 @@ OM_uint32 _gsskrb5_canonicalize_name ( gss_name_t * output_name ) { - return _gsskrb5_duplicate_name (minor_status, input_name, output_name); + krb5_context context; + krb5_principal name; + OM_uint32 ret; + + *output_name = NULL; + + GSSAPI_KRB5_INIT (&context); + + ret = _gsskrb5_canon_name(minor_status, context, 1, input_name, &name); + if (ret) + return ret; + + *output_name = (gss_name_t)name; + + return GSS_S_COMPLETE; } diff --git a/source/heimdal/lib/gssapi/krb5/cfx.c b/source/heimdal/lib/gssapi/krb5/cfx.c index bc0d736e81ac..188344fb2612 100755 --- a/source/heimdal/lib/gssapi/krb5/cfx.c +++ b/source/heimdal/lib/gssapi/krb5/cfx.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: cfx.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); /* * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt diff --git a/source/heimdal/lib/gssapi/krb5/cfx.h b/source/heimdal/lib/gssapi/krb5/cfx.h old mode 100755 new mode 100644 index 672704a8418d..c30ed07840ef --- a/source/heimdal/lib/gssapi/krb5/cfx.h +++ b/source/heimdal/lib/gssapi/krb5/cfx.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: cfx.h 19031 2006-11-13 18:02:57Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_CFX_H_ #define GSSAPI_CFX_H_ 1 diff --git a/source/heimdal/lib/gssapi/krb5/compare_name.c b/source/heimdal/lib/gssapi/krb5/compare_name.c index 3f3b59d11621..a5406a7f2ae0 100644 --- a/source/heimdal/lib/gssapi/krb5/compare_name.c +++ b/source/heimdal/lib/gssapi/krb5/compare_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: compare_name.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_compare_name (OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/compat.c b/source/heimdal/lib/gssapi/krb5/compat.c index a0f075621a49..0caada04f6d5 100644 --- a/source/heimdal/lib/gssapi/krb5/compat.c +++ b/source/heimdal/lib/gssapi/krb5/compat.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: compat.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); static krb5_error_code diff --git a/source/heimdal/lib/gssapi/krb5/context_time.c b/source/heimdal/lib/gssapi/krb5/context_time.c index b57ac7854e69..7f70be733e63 100644 --- a/source/heimdal/lib/gssapi/krb5/context_time.c +++ b/source/heimdal/lib/gssapi/krb5/context_time.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: context_time.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_lifetime_left(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/copy_ccache.c b/source/heimdal/lib/gssapi/krb5/copy_ccache.c index 66d797c19933..fd348e841b14 100644 --- a/source/heimdal/lib/gssapi/krb5/copy_ccache.c +++ b/source/heimdal/lib/gssapi/krb5/copy_ccache.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: copy_ccache.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); #if 0 OM_uint32 diff --git a/source/heimdal/lib/gssapi/krb5/decapsulate.c b/source/heimdal/lib/gssapi/krb5/decapsulate.c index 39176faff442..419e61a436d1 100644 --- a/source/heimdal/lib/gssapi/krb5/decapsulate.c +++ b/source/heimdal/lib/gssapi/krb5/decapsulate.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: decapsulate.c 18334 2006-10-07 22:16:04Z lha $"); +RCSID("$Id$"); /* * return the length of the mechanism in token or -1 diff --git a/source/heimdal/lib/gssapi/krb5/delete_sec_context.c b/source/heimdal/lib/gssapi/krb5/delete_sec_context.c index 9c618ac6a621..ec680d737895 100644 --- a/source/heimdal/lib/gssapi/krb5/delete_sec_context.c +++ b/source/heimdal/lib/gssapi/krb5/delete_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: delete_sec_context.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_delete_sec_context(OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/display_name.c b/source/heimdal/lib/gssapi/krb5/display_name.c index 727c447d2a06..a902ff7ea55c 100644 --- a/source/heimdal/lib/gssapi/krb5/display_name.c +++ b/source/heimdal/lib/gssapi/krb5/display_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_name.c 21077 2007-06-12 22:42:56Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_display_name (OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/display_status.c b/source/heimdal/lib/gssapi/krb5/display_status.c index f932261ffa09..52a651c506e0 100644 --- a/source/heimdal/lib/gssapi/krb5/display_status.c +++ b/source/heimdal/lib/gssapi/krb5/display_status.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_status.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); static const char * calling_error(OM_uint32 v) @@ -122,7 +122,7 @@ _gsskrb5_clear_status (void) } void -_gsskrb5_set_status (const char *fmt, ...) +_gsskrb5_set_status (int ret, const char *fmt, ...) { krb5_context context; va_list args; @@ -135,7 +135,7 @@ _gsskrb5_set_status (const char *fmt, ...) vasprintf(&str, fmt, args); va_end(args); if (str) { - krb5_set_error_message(context, 0, str); + krb5_set_error_message(context, ret, str); free(str); } } @@ -171,14 +171,13 @@ OM_uint32 _gsskrb5_display_status calling_error(GSS_CALLING_ERROR(status_value)), routine_error(GSS_ROUTINE_ERROR(status_value))); } else if (status_type == GSS_C_MECH_CODE) { - buf = krb5_get_error_string(context); - if (buf == NULL) { - const char *tmp = krb5_get_err_text (context, status_value); - if (tmp == NULL) - asprintf(&buf, "unknown mech error-code %u", - (unsigned)status_value); - else - buf = strdup(tmp); + const char *buf2 = krb5_get_error_message(context, status_value); + if (buf2) { + buf = strdup(buf2); + krb5_free_error_message(context, buf2); + } else { + asprintf(&buf, "unknown mech error-code %u", + (unsigned)status_value); } } else { *minor_status = EINVAL; diff --git a/source/heimdal/lib/gssapi/krb5/duplicate_name.c b/source/heimdal/lib/gssapi/krb5/duplicate_name.c index 7337f1ab72b8..eeb777ed5f79 100644 --- a/source/heimdal/lib/gssapi/krb5/duplicate_name.c +++ b/source/heimdal/lib/gssapi/krb5/duplicate_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: duplicate_name.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_duplicate_name ( OM_uint32 * minor_status, @@ -41,18 +41,19 @@ OM_uint32 _gsskrb5_duplicate_name ( gss_name_t * dest_name ) { - krb5_context context; krb5_const_principal src = (krb5_const_principal)src_name; - krb5_principal *dest = (krb5_principal *)dest_name; + krb5_context context; + krb5_principal dest; krb5_error_code kret; GSSAPI_KRB5_INIT (&context); - kret = krb5_copy_principal (context, src, dest); + kret = krb5_copy_principal (context, src, &dest); if (kret) { *minor_status = kret; return GSS_S_FAILURE; } else { + *dest_name = (gss_name_t)dest; *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/source/heimdal/lib/gssapi/krb5/encapsulate.c b/source/heimdal/lib/gssapi/krb5/encapsulate.c index 58dcb5c9c4b2..3f42899a40cc 100644 --- a/source/heimdal/lib/gssapi/krb5/encapsulate.c +++ b/source/heimdal/lib/gssapi/krb5/encapsulate.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: encapsulate.c 18459 2006-10-14 10:12:16Z lha $"); +RCSID("$Id$"); void _gssapi_encap_length (size_t data_len, diff --git a/source/heimdal/lib/gssapi/krb5/export_name.c b/source/heimdal/lib/gssapi/krb5/export_name.c index efa45a2638bf..92ee101b0dbf 100644 --- a/source/heimdal/lib/gssapi/krb5/export_name.c +++ b/source/heimdal/lib/gssapi/krb5/export_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: export_name.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_export_name (OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/export_sec_context.c b/source/heimdal/lib/gssapi/krb5/export_sec_context.c index 00218617a07b..2bc50a04eebf 100644 --- a/source/heimdal/lib/gssapi/krb5/export_sec_context.c +++ b/source/heimdal/lib/gssapi/krb5/export_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: export_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_export_sec_context ( diff --git a/source/heimdal/lib/gssapi/krb5/external.c b/source/heimdal/lib/gssapi/krb5/external.c index 2ee018708a53..87e4aa01df72 100644 --- a/source/heimdal/lib/gssapi/krb5/external.c +++ b/source/heimdal/lib/gssapi/krb5/external.c @@ -34,7 +34,7 @@ #include "krb5/gsskrb5_locl.h" #include -RCSID("$Id: external.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); /* * The implementation must reserve static storage for a diff --git a/source/heimdal/lib/gssapi/krb5/get_mic.c b/source/heimdal/lib/gssapi/krb5/get_mic.c index f689e624a89b..98a3f7e2259a 100644 --- a/source/heimdal/lib/gssapi/krb5/get_mic.c +++ b/source/heimdal/lib/gssapi/krb5/get_mic.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: get_mic.c 23112 2008-04-27 18:51:26Z lha $"); +RCSID("$Id$"); static OM_uint32 mic_des diff --git a/source/heimdal/lib/gssapi/krb5/gkrb5_err.et b/source/heimdal/lib/gssapi/krb5/gkrb5_err.et index dbfdbdf2f122..3c23412a6aee 100644 --- a/source/heimdal/lib/gssapi/krb5/gkrb5_err.et +++ b/source/heimdal/lib/gssapi/krb5/gkrb5_err.et @@ -2,7 +2,7 @@ # extended gss krb5 error messages # -id "$Id: gkrb5_err.et 20049 2007-01-24 00:14:24Z lha $" +id "$Id$" error_table gk5 diff --git a/source/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source/heimdal/lib/gssapi/krb5/gsskrb5_locl.h index d9af44f960cd..dc7adec68f17 100644 --- a/source/heimdal/lib/gssapi/krb5/gsskrb5_locl.h +++ b/source/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gsskrb5_locl.h 23435 2008-07-26 20:49:35Z lha $ */ +/* $Id$ */ #ifndef GSSKRB5_LOCL_H #define GSSKRB5_LOCL_H @@ -137,4 +137,7 @@ struct gssapi_thr_context { #define SC_LOCAL_SUBKEY 0x08 #define SC_REMOTE_SUBKEY 0x10 +/* type to signal that that dns canon maybe should be done */ +#define MAGIC_HOSTBASED_NAME_TYPE 4711 + #endif diff --git a/source/heimdal/lib/gssapi/krb5/import_name.c b/source/heimdal/lib/gssapi/krb5/import_name.c index bf31db923256..9589979ee869 100644 --- a/source/heimdal/lib/gssapi/krb5/import_name.c +++ b/source/heimdal/lib/gssapi/krb5/import_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_name.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); static OM_uint32 parse_krb5_name (OM_uint32 *minor_status, @@ -83,18 +83,56 @@ import_krb5_name (OM_uint32 *minor_status, return ret; } +OM_uint32 +_gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context, + int use_dns, gss_name_t name, krb5_principal *out) +{ + krb5_principal p = (krb5_principal)name; + krb5_error_code ret; + char *hostname = NULL, *service; + + *minor_status = 0; + + /* If its not a hostname */ + if (krb5_principal_get_type(context, p) != MAGIC_HOSTBASED_NAME_TYPE) { + ret = krb5_copy_principal(context, p, out); + } else if (!use_dns) { + ret = krb5_copy_principal(context, p, out); + if (ret == 0) + krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST); + } else { + if (p->name.name_string.len == 0) + return GSS_S_BAD_NAME; + else if (p->name.name_string.len > 1) + hostname = p->name.name_string.val[1]; + + service = p->name.name_string.val[0]; + + ret = krb5_sname_to_principal(context, + hostname, + service, + KRB5_NT_SRV_HST, + out); + } + + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + return 0; +} + + static OM_uint32 import_hostbased_name (OM_uint32 *minor_status, krb5_context context, const gss_buffer_t input_name_buffer, gss_name_t *output_name) { - krb5_error_code kerr; - char *tmp; - char *p; - char *host; - char local_hostname[MAXHOSTNAMELEN]; krb5_principal princ = NULL; + krb5_error_code kerr; + char *tmp, *p, *host = NULL; tmp = malloc (input_name_buffer->length + 1); if (tmp == NULL) { @@ -110,31 +148,20 @@ import_hostbased_name (OM_uint32 *minor_status, if (p != NULL) { *p = '\0'; host = p + 1; - } else { - if (gethostname(local_hostname, sizeof(local_hostname)) < 0) { - *minor_status = errno; - free (tmp); - return GSS_S_FAILURE; - } - host = local_hostname; } - kerr = krb5_sname_to_principal (context, - host, - tmp, - KRB5_NT_SRV_HST, - &princ); + kerr = krb5_make_principal(context, &princ, NULL, tmp, host, NULL); free (tmp); *minor_status = kerr; - if (kerr == 0) { - *output_name = (gss_name_t)princ; - return GSS_S_COMPLETE; - } - if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) return GSS_S_BAD_NAME; + else if (kerr) + return GSS_S_FAILURE; - return GSS_S_FAILURE; + krb5_principal_set_type(context, princ, MAGIC_HOSTBASED_NAME_TYPE); + *output_name = (gss_name_t)princ; + + return 0; } static OM_uint32 diff --git a/source/heimdal/lib/gssapi/krb5/import_sec_context.c b/source/heimdal/lib/gssapi/krb5/import_sec_context.c index 5fd8c9410420..1b709657f4b2 100644 --- a/source/heimdal/lib/gssapi/krb5/import_sec_context.c +++ b/source/heimdal/lib/gssapi/krb5/import_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_sec_context.c 22997 2008-04-15 19:36:25Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_import_sec_context ( diff --git a/source/heimdal/lib/gssapi/krb5/indicate_mechs.c b/source/heimdal/lib/gssapi/krb5/indicate_mechs.c index eb886c24d347..b0219fc7ced8 100644 --- a/source/heimdal/lib/gssapi/krb5/indicate_mechs.c +++ b/source/heimdal/lib/gssapi/krb5/indicate_mechs.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: indicate_mechs.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_indicate_mechs (OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/init.c b/source/heimdal/lib/gssapi/krb5/init.c index 3bbdcc8ff1a2..ea32fce061e6 100644 --- a/source/heimdal/lib/gssapi/krb5/init.c +++ b/source/heimdal/lib/gssapi/krb5/init.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER; static int created_key; diff --git a/source/heimdal/lib/gssapi/krb5/init_sec_context.c b/source/heimdal/lib/gssapi/krb5/init_sec_context.c index c9b9e155888f..3d5e3b71c549 100644 --- a/source/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init_sec_context.c 23422 2008-07-26 18:38:29Z lha $"); +RCSID("$Id$"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -271,6 +271,7 @@ do_delegation (krb5_context context, krb5_creds *cred, krb5_const_principal name, krb5_data *fwd_data, + uint32_t flagmask, uint32_t *flags) { krb5_creds creds; @@ -314,9 +315,9 @@ do_delegation (krb5_context context, out: if (kret) - *flags &= ~GSS_C_DELEG_FLAG; + *flags &= ~flagmask; else - *flags |= GSS_C_DELEG_FLAG; + *flags |= flagmask; if (creds.client) krb5_free_principal(context, creds.client); @@ -334,7 +335,7 @@ init_auth gsskrb5_cred cred, gsskrb5_ctx ctx, krb5_context context, - krb5_const_principal name, + gss_name_t name, const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, @@ -350,6 +351,7 @@ init_auth krb5_data outbuf; krb5_data fwd_data; OM_uint32 lifetime_rec; + int use_dns = 1; krb5_data_zero(&outbuf); krb5_data_zero(&fwd_data); @@ -377,13 +379,21 @@ init_auth goto failure; } - kret = krb5_copy_principal (context, name, &ctx->target); - if (kret) { - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; + /* canon name if needed for client + target realm */ + kret = krb5_cc_get_config(context, ctx->ccache, NULL, + "realm-config", &outbuf); + if (kret == 0) { + /* XXX 2 is no server canon */ + if (outbuf.length < 1 || ((((unsigned char *)outbuf.data)[0]) & 2)) + use_dns = 0; + krb5_data_free(&outbuf); } + ret = _gsskrb5_canon_name(minor_status, context, use_dns, + name, &ctx->target); + if (ret) + goto failure; + ret = _gss_DES3_get_mic_compat(minor_status, ctx, context); if (ret) goto failure; @@ -479,6 +489,7 @@ init_auth_restart krb5_enctype enctype; krb5_data fwd_data, timedata; int32_t offset = 0, oldoffset; + uint32_t flagmask; krb5_data_zero(&outbuf); krb5_data_zero(&fwd_data); @@ -486,41 +497,41 @@ init_auth_restart *minor_status = 0; /* - * If the credential doesn't have ok-as-delegate, check what local - * policy say about ok-as-delegate, default is FALSE that makes - * code ignore the KDC setting and follow what the application - * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the - * KDC doesn't set ok-as-delegate. + * If the credential doesn't have ok-as-delegate, check if there + * is a realm setting and use that. */ if (!ctx->kcred->flags.b.ok_as_delegate) { - krb5_boolean delegate, realm_setting; krb5_data data; - - realm_setting = FALSE; - + ret = krb5_cc_get_config(context, ctx->ccache, NULL, "realm-config", &data); if (ret == 0) { /* XXX 1 is use ok-as-delegate */ - if (data.length > 0 && (((unsigned char *)data.data)[0]) & 1) - realm_setting = TRUE; + if (data.length < 1 || ((((unsigned char *)data.data)[0]) & 1) == 0) + req_flags &= ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG); krb5_data_free(&data); } - - krb5_appdefault_boolean(context, "gssapi", ctx->target->realm, - "ok-as-delegate", realm_setting, - &delegate); - if (delegate) - req_flags &= ~GSS_C_DELEG_FLAG; } + flagmask = 0; + + /* if we used GSS_C_DELEG_POLICY_FLAG, trust KDC */ + if ((req_flags & GSS_C_DELEG_POLICY_FLAG) + && ctx->kcred->flags.b.ok_as_delegate) + flagmask |= GSS_C_DELEG_FLAG | GSS_C_DELEG_POLICY_FLAG; + /* if there still is a GSS_C_DELEG_FLAG, use that */ + if (req_flags & GSS_C_DELEG_FLAG) + flagmask |= GSS_C_DELEG_FLAG; + + flags = 0; ap_options = 0; - if (req_flags & GSS_C_DELEG_FLAG) + if (flagmask & GSS_C_DELEG_FLAG) { do_delegation (context, ctx->auth_context, ctx->ccache, ctx->kcred, ctx->target, - &fwd_data, &flags); + &fwd_data, flagmask, &flags); + } if (req_flags & GSS_C_MUTUAL_FLAG) { flags |= GSS_C_MUTUAL_FLAG; @@ -817,7 +828,6 @@ OM_uint32 _gsskrb5_init_sec_context { krb5_context context; gsskrb5_cred cred = (gsskrb5_cred)cred_handle; - krb5_const_principal name = (krb5_const_principal)target_name; gsskrb5_ctx ctx; OM_uint32 ret; @@ -880,7 +890,7 @@ OM_uint32 _gsskrb5_init_sec_context cred, ctx, context, - name, + target_name, mech_type, req_flags, time_req, @@ -926,11 +936,16 @@ OM_uint32 _gsskrb5_init_sec_context * If we get there, the caller have called * gss_init_sec_context() one time too many. */ - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "init_sec_context " + "called one time too many"); + *minor_status = EINVAL; ret = GSS_S_BAD_STATUS; break; default: - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "init_sec_context " + "invalid state %d for client", + (int)ctx->state); + *minor_status = EINVAL; ret = GSS_S_BAD_STATUS; break; } diff --git a/source/heimdal/lib/gssapi/krb5/inquire_context.c b/source/heimdal/lib/gssapi/krb5/inquire_context.c index 41430568b005..f2e01b464afe 100644 --- a/source/heimdal/lib/gssapi/krb5/inquire_context.c +++ b/source/heimdal/lib/gssapi/krb5/inquire_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_context.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_context ( OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/inquire_cred.c b/source/heimdal/lib/gssapi/krb5/inquire_cred.c index 47bf71e686ff..42488c718cad 100644 --- a/source/heimdal/lib/gssapi/krb5/inquire_cred.c +++ b/source/heimdal/lib/gssapi/krb5/inquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_cred (OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c b/source/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c index a8af2145bea8..de7ec6cd75c3 100644 --- a/source/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c +++ b/source/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_mech.c 20634 2007-05-09 15:33:01Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_cred_by_mech ( OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c b/source/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c index da50b11d934a..2bcc17683b40 100644 --- a/source/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c +++ b/source/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_oid.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_cred_by_oid (OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c b/source/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c index 0ce051f19c0c..2384c29656f3 100644 --- a/source/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c +++ b/source/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_mechs_for_name.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_mechs_for_name ( OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c b/source/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c index 64abd3c34a9f..c07eb6010805 100644 --- a/source/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c +++ b/source/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_names_for_mech.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); static gss_OID *name_list[] = { diff --git a/source/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c index 5ca7536e6a39..24b640f4b523 100644 --- a/source/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/source/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_sec_context_by_oid.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); static int oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix) @@ -84,7 +84,7 @@ static OM_uint32 inquire_sec_context_tkt_flags if (context_handle->ticket == NULL) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - _gsskrb5_set_status("No ticket from which to obtain flags"); + _gsskrb5_set_status(EINVAL, "No ticket from which to obtain flags"); *minor_status = EINVAL; return GSS_S_BAD_MECH; } @@ -137,7 +137,7 @@ static OM_uint32 inquire_sec_context_get_subkey ret = _gsskrb5i_get_token_key(context_handle, context, &key); break; default: - _gsskrb5_set_status("%d is not a valid subkey type", keytype); + _gsskrb5_set_status(EINVAL, "%d is not a valid subkey type", keytype); ret = EINVAL; break; } @@ -145,7 +145,7 @@ static OM_uint32 inquire_sec_context_get_subkey if (ret) goto out; if (key == NULL) { - _gsskrb5_set_status("have no subkey of type %d", keytype); + _gsskrb5_set_status(EINVAL, "have no subkey of type %d", keytype); ret = EINVAL; goto out; } @@ -199,7 +199,7 @@ static OM_uint32 inquire_sec_context_authz_data if (context_handle->ticket == NULL) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); *minor_status = EINVAL; - _gsskrb5_set_status("No ticket to obtain authz data from"); + _gsskrb5_set_status(EINVAL, "No ticket to obtain authz data from"); return GSS_S_NO_CONTEXT; } @@ -301,12 +301,16 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, context_handle->auth_context, &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ + if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); + if (ret) goto out; krb5_auth_getremoteseqnumber (context, context_handle->auth_context, &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ + if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); + if (ret) goto out; ret = krb5_store_int32(sp, (is_cfx) ? 1 : 0); if (ret) goto out; @@ -401,7 +405,7 @@ get_authtime(OM_uint32 *minor_status, HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); if (ctx->ticket == NULL) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - _gsskrb5_set_status("No ticket to obtain auth time from"); + _gsskrb5_set_status(EINVAL, "No ticket to obtain auth time from"); *minor_status = EINVAL; return GSS_S_FAILURE; } @@ -441,7 +445,7 @@ get_service_keyblock HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); if (ctx->service_keyblock == NULL) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - _gsskrb5_set_status("No service keyblock on gssapi context"); + _gsskrb5_set_status(EINVAL, "No service keyblock on gssapi context"); *minor_status = EINVAL; return GSS_S_FAILURE; } diff --git a/source/heimdal/lib/gssapi/krb5/prf.c b/source/heimdal/lib/gssapi/krb5/prf.c index f79c9374a9c7..a7372d87ccef 100644 --- a/source/heimdal/lib/gssapi/krb5/prf.c +++ b/source/heimdal/lib/gssapi/krb5/prf.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: prf.c 21129 2007-06-18 20:28:44Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_pseudo_random(OM_uint32 *minor_status, @@ -72,14 +72,14 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, _gsskrb5i_get_initiator_subkey(ctx, context, &key); break; default: - _gsskrb5_set_status("unknown kerberos prf_key"); - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "unknown kerberos prf_key"); + *minor_status = EINVAL; return GSS_S_FAILURE; } if (key == NULL) { - _gsskrb5_set_status("no prf_key found"); - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "no prf_key found"); + *minor_status = EINVAL; return GSS_S_FAILURE; } @@ -92,7 +92,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, prf_out->value = malloc(desired_output_len); if (prf_out->value == NULL) { - _gsskrb5_set_status("Out of memory"); + _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory"); *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; @@ -105,7 +105,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, input.data = malloc(prf_in->length + 4); if (input.data == NULL) { OM_uint32 junk; - _gsskrb5_set_status("Out of memory"); + _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory"); *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; gss_release_buffer(&junk, prf_out); krb5_crypto_destroy(context, crypto); diff --git a/source/heimdal/lib/gssapi/krb5/process_context_token.c b/source/heimdal/lib/gssapi/krb5/process_context_token.c index 15638f57fcc5..80d96f5ce445 100644 --- a/source/heimdal/lib/gssapi/krb5/process_context_token.c +++ b/source/heimdal/lib/gssapi/krb5/process_context_token.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: process_context_token.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_process_context_token ( OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/release_buffer.c b/source/heimdal/lib/gssapi/krb5/release_buffer.c index 5dff62631ab4..e2f1f4ec14a5 100644 --- a/source/heimdal/lib/gssapi/krb5/release_buffer.c +++ b/source/heimdal/lib/gssapi/krb5/release_buffer.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_buffer.c 18334 2006-10-07 22:16:04Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_release_buffer (OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/release_cred.c b/source/heimdal/lib/gssapi/krb5/release_cred.c index ab5695b097b1..1becd1c6b18d 100644 --- a/source/heimdal/lib/gssapi/krb5/release_cred.c +++ b/source/heimdal/lib/gssapi/krb5/release_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_cred.c 20753 2007-05-31 22:50:06Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_release_cred (OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/release_name.c b/source/heimdal/lib/gssapi/krb5/release_name.c index 80b91930fd37..e2ff9dde31de 100644 --- a/source/heimdal/lib/gssapi/krb5/release_name.c +++ b/source/heimdal/lib/gssapi/krb5/release_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_name.c 21128 2007-06-18 20:26:50Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_release_name (OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/sequence.c b/source/heimdal/lib/gssapi/krb5/sequence.c old mode 100755 new mode 100644 index 677a3c8d0778..b40fe52578c2 --- a/source/heimdal/lib/gssapi/krb5/sequence.c +++ b/source/heimdal/lib/gssapi/krb5/sequence.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: sequence.c 18334 2006-10-07 22:16:04Z lha $"); +RCSID("$Id$"); #define DEFAULT_JITTER_WINDOW 20 @@ -255,16 +255,16 @@ _gssapi_msg_order_import(OM_uint32 *minor_status, kret = krb5_ret_int32(sp, &flags); if (kret) goto failed; - ret = krb5_ret_int32(sp, &start); + kret = krb5_ret_int32(sp, &start); if (kret) goto failed; - ret = krb5_ret_int32(sp, &length); + kret = krb5_ret_int32(sp, &length); if (kret) goto failed; - ret = krb5_ret_int32(sp, &jitter_window); + kret = krb5_ret_int32(sp, &jitter_window); if (kret) goto failed; - ret = krb5_ret_int32(sp, &first_seq); + kret = krb5_ret_int32(sp, &first_seq); if (kret) goto failed; diff --git a/source/heimdal/lib/gssapi/krb5/set_cred_option.c b/source/heimdal/lib/gssapi/krb5/set_cred_option.c index 8c554fb8e0f5..e47e6fdb6ce0 100644 --- a/source/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/source/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_cred_option.c 23331 2008-06-27 12:01:48Z lha $"); +RCSID("$Id$"); /* 1.2.752.43.13.17 */ static gss_OID_desc gss_krb5_cred_no_ci_flags_x_oid_desc = diff --git a/source/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source/heimdal/lib/gssapi/krb5/set_sec_context_option.c index fd76838af514..f28d2397be5d 100644 --- a/source/heimdal/lib/gssapi/krb5/set_sec_context_option.c +++ b/source/heimdal/lib/gssapi/krb5/set_sec_context_option.c @@ -36,7 +36,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_sec_context_option.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); static OM_uint32 get_bool(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/krb5/unwrap.c b/source/heimdal/lib/gssapi/krb5/unwrap.c index eec4078a7060..727bbf7403bd 100644 --- a/source/heimdal/lib/gssapi/krb5/unwrap.c +++ b/source/heimdal/lib/gssapi/krb5/unwrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: unwrap.c 23112 2008-04-27 18:51:26Z lha $"); +RCSID("$Id$"); static OM_uint32 unwrap_des @@ -59,10 +59,17 @@ unwrap_des OM_uint32 ret; int cstate; int cmp; + int token_len; + + if (IS_DCE_STYLE(context_handle)) { + token_len = 22 + 8 + 15; /* 45 */ + } else { + token_len = input_message_buffer->length; + } p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, - input_message_buffer->length, + token_len, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) @@ -105,12 +112,17 @@ unwrap_des memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); } - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; + + if (IS_DCE_STYLE(context_handle)) { + padlength = 0; + } else { + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + } MD5_Init (&md5); MD5_Update (&md5, p - 24, 8); @@ -195,10 +207,17 @@ unwrap_des3 krb5_crypto crypto; Checksum csum; int cmp; + int token_len; + + if (IS_DCE_STYLE(context_handle)) { + token_len = 34 + 8 + 15; /* 57 */ + } else { + token_len = input_message_buffer->length; + } p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, - input_message_buffer->length, + token_len, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) @@ -245,12 +264,17 @@ unwrap_des3 memcpy (p, tmp.data, tmp.length); krb5_data_free(&tmp); } - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; + + if (IS_DCE_STYLE(context_handle)) { + padlength = 0; + } else { + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + } /* verify sequence number */ diff --git a/source/heimdal/lib/gssapi/krb5/verify_mic.c b/source/heimdal/lib/gssapi/krb5/verify_mic.c index 560c14bc8956..df71f8f7d1e5 100644 --- a/source/heimdal/lib/gssapi/krb5/verify_mic.c +++ b/source/heimdal/lib/gssapi/krb5/verify_mic.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: verify_mic.c 23112 2008-04-27 18:51:26Z lha $"); +RCSID("$Id$"); static OM_uint32 verify_mic_des diff --git a/source/heimdal/lib/gssapi/krb5/wrap.c b/source/heimdal/lib/gssapi/krb5/wrap.c index 6d00f2adcfba..ecd4f7cd54e2 100644 --- a/source/heimdal/lib/gssapi/krb5/wrap.c +++ b/source/heimdal/lib/gssapi/krb5/wrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: wrap.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * Return initiator subkey, or if that doesn't exists, the subkey. @@ -210,10 +210,19 @@ wrap_des int32_t seq_number; size_t len, total_len, padlength, datalen; - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 22; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + if (IS_DCE_STYLE(ctx)) { + padlength = 0; + datalen = input_message_buffer->length; + len = 22 + 8; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + total_len += datalen; + datalen += 8; + } else { + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 22; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + } output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); @@ -336,10 +345,19 @@ wrap_des3 Checksum cksum; krb5_data encdata; - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 34; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + if (IS_DCE_STYLE(ctx)) { + padlength = 0; + datalen = input_message_buffer->length; + len = 34 + 8; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + total_len += datalen; + datalen += 8; + } else { + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 34; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + } output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); diff --git a/source/heimdal/lib/gssapi/mech/context.c b/source/heimdal/lib/gssapi/mech/context.c index 926630c42dcd..bfb303ac8ed7 100644 --- a/source/heimdal/lib/gssapi/mech/context.c +++ b/source/heimdal/lib/gssapi/mech/context.c @@ -1,7 +1,7 @@ #include "mech/mech_locl.h" #include "heim_threads.h" -RCSID("$Id: context.c 22600 2008-02-21 12:46:24Z lha $"); +RCSID("$Id$"); struct mg_thread_ctx { gss_OID mech; @@ -74,8 +74,14 @@ _gss_mg_get_error(const gss_OID mech, OM_uint32 type, if (mg == NULL) return GSS_S_BAD_STATUS; +#if 0 + /* + * We cant check the mech here since a pseudo-mech might have + * called an lower layer and then the mech info is all broken + */ if (mech != NULL && gss_oid_equal(mg->mech, mech) == 0) return GSS_S_BAD_STATUS; +#endif switch (type) { case GSS_C_GSS_CODE: { diff --git a/source/heimdal/lib/gssapi/mech/context.h b/source/heimdal/lib/gssapi/mech/context.h index 24e529864d61..f2a7009cdad4 100644 --- a/source/heimdal/lib/gssapi/mech/context.h +++ b/source/heimdal/lib/gssapi/mech/context.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/context.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: context.h 19925 2007-01-16 10:19:27Z lha $ + * $Id$ */ #include diff --git a/source/heimdal/lib/gssapi/mech/cred.h b/source/heimdal/lib/gssapi/mech/cred.h index 7f77b8a68e2e..01bd882ddaa2 100644 --- a/source/heimdal/lib/gssapi/mech/cred.h +++ b/source/heimdal/lib/gssapi/mech/cred.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/cred.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: cred.h 20626 2007-05-08 13:56:49Z lha $ + * $Id$ */ struct _gss_mechanism_cred { diff --git a/source/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source/heimdal/lib/gssapi/mech/gss_accept_sec_context.c index a6b1ded5cad5..5fa102193ecd 100644 --- a/source/heimdal/lib/gssapi/mech/gss_accept_sec_context.c +++ b/source/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_accept_sec_context.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id$"); static OM_uint32 parse_header(const gss_buffer_t input_token, gss_OID mech_oid) @@ -151,14 +151,13 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle) { - OM_uint32 major_status, mech_ret_flags; + OM_uint32 major_status, mech_ret_flags, junk; gssapi_mech_interface m; struct _gss_context *ctx = (struct _gss_context *) *context_handle; struct _gss_cred *cred = (struct _gss_cred *) acceptor_cred_handle; struct _gss_mechanism_cred *mc; gss_cred_id_t acceptor_mc, delegated_mc; gss_name_t src_mn; - int allocated_ctx; *minor_status = 0; if (src_name) @@ -200,18 +199,19 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, free(ctx); return (GSS_S_BAD_MECH); } - allocated_ctx = 1; + *context_handle = (gss_ctx_id_t) ctx; } else { m = ctx->gc_mech; - allocated_ctx = 0; } if (cred) { SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) if (mc->gmc_mech == m) break; - if (!mc) + if (!mc) { + gss_delete_sec_context(&junk, context_handle, NULL); return (GSS_S_BAD_MECH); + } acceptor_mc = mc->gmc_cred; } else { acceptor_mc = GSS_C_NO_CREDENTIAL; @@ -234,6 +234,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, major_status != GSS_S_CONTINUE_NEEDED) { _gss_mg_error(m, major_status, *minor_status); + gss_delete_sec_context(&junk, context_handle, NULL); return (major_status); } @@ -245,11 +246,12 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, if (!name) { m->gm_release_name(minor_status, &src_mn); + gss_delete_sec_context(&junk, context_handle, NULL); return (GSS_S_FAILURE); } *src_name = (gss_name_t) name; } else if (src_mn) { - m->gm_release_name(minor_status, &src_mn); + m->gm_release_name(minor_status, &src_mn); } if (mech_ret_flags & GSS_C_DELEG_FLAG) { @@ -263,6 +265,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, dcred = malloc(sizeof(struct _gss_cred)); if (!dcred) { *minor_status = ENOMEM; + gss_delete_sec_context(&junk, context_handle, NULL); return (GSS_S_FAILURE); } SLIST_INIT(&dcred->gc_mc); @@ -270,6 +273,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, if (!dmc) { free(dcred); *minor_status = ENOMEM; + gss_delete_sec_context(&junk, context_handle, NULL); return (GSS_S_FAILURE); } dmc->gmc_mech = m; @@ -283,6 +287,5 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, if (ret_flags) *ret_flags = mech_ret_flags; - *context_handle = (gss_ctx_id_t) ctx; return (major_status); } diff --git a/source/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source/heimdal/lib/gssapi/mech/gss_acquire_cred.c index a2757140ae24..b21b3f62e842 100644 --- a/source/heimdal/lib/gssapi/mech/gss_acquire_cred.c +++ b/source/heimdal/lib/gssapi/mech/gss_acquire_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_acquire_cred.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_acquire_cred(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_add_cred.c b/source/heimdal/lib/gssapi/mech/gss_add_cred.c index 49efa20c8beb..d1908528842b 100644 --- a/source/heimdal/lib/gssapi/mech/gss_add_cred.c +++ b/source/heimdal/lib/gssapi/mech/gss_add_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_add_cred.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); static struct _gss_mechanism_cred * _gss_copy_cred(struct _gss_mechanism_cred *mc) diff --git a/source/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c b/source/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c index d89adbf63a3d..1214e72fa972 100644 --- a/source/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c +++ b/source/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_add_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_add_oid_set_member (OM_uint32 * minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_buffer_set.c b/source/heimdal/lib/gssapi/mech/gss_buffer_set.c index 091e21936798..9f0bb4cce3ff 100644 --- a/source/heimdal/lib/gssapi/mech/gss_buffer_set.c +++ b/source/heimdal/lib/gssapi/mech/gss_buffer_set.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_buffer_set.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_buffer_set diff --git a/source/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source/heimdal/lib/gssapi/mech/gss_canonicalize_name.c index d242c56a909b..91a08fb2bcb3 100644 --- a/source/heimdal/lib/gssapi/mech/gss_canonicalize_name.c +++ b/source/heimdal/lib/gssapi/mech/gss_canonicalize_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_canonicalize_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_canonicalize_name(OM_uint32 *minor_status, @@ -38,7 +38,7 @@ gss_canonicalize_name(OM_uint32 *minor_status, OM_uint32 major_status; struct _gss_name *name = (struct _gss_name *) input_name; struct _gss_mechanism_name *mn; - gssapi_mech_interface m = __gss_get_mechanism(mech_type); + gssapi_mech_interface m; gss_name_t new_canonical_name; *minor_status = 0; diff --git a/source/heimdal/lib/gssapi/mech/gss_compare_name.c b/source/heimdal/lib/gssapi/mech/gss_compare_name.c index 1eb7625ee282..3f2d0013c500 100644 --- a/source/heimdal/lib/gssapi/mech/gss_compare_name.c +++ b/source/heimdal/lib/gssapi/mech/gss_compare_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_compare_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_compare_name(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_context_time.c b/source/heimdal/lib/gssapi/mech/gss_context_time.c index 8dce822a9fc9..df89612060e7 100644 --- a/source/heimdal/lib/gssapi/mech/gss_context_time.c +++ b/source/heimdal/lib/gssapi/mech/gss_context_time.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_context_time.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_context_time(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c b/source/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c index 8dd352734925..8858f2849869 100644 --- a/source/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c +++ b/source/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_create_empty_oid_set.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_oid_set(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_decapsulate_token.c b/source/heimdal/lib/gssapi/mech/gss_decapsulate_token.c index 8f9392558504..6dba77e41045 100644 --- a/source/heimdal/lib/gssapi/mech/gss_decapsulate_token.c +++ b/source/heimdal/lib/gssapi/mech/gss_decapsulate_token.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_decapsulate_token.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_decapsulate_token(gss_buffer_t input_token, diff --git a/source/heimdal/lib/gssapi/mech/gss_delete_sec_context.c b/source/heimdal/lib/gssapi/mech/gss_delete_sec_context.c index 91273bcf5687..96abae6b33ab 100644 --- a/source/heimdal/lib/gssapi/mech/gss_delete_sec_context.c +++ b/source/heimdal/lib/gssapi/mech/gss_delete_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_delete_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_delete_sec_context(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_display_name.c b/source/heimdal/lib/gssapi/mech/gss_display_name.c index 0d8240024648..d720ffe88051 100644 --- a/source/heimdal/lib/gssapi/mech/gss_display_name.c +++ b/source/heimdal/lib/gssapi/mech/gss_display_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_display_name(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_display_status.c b/source/heimdal/lib/gssapi/mech/gss_display_status.c index 5bbc89b1ece3..7a91af2abc92 100644 --- a/source/heimdal/lib/gssapi/mech/gss_display_status.c +++ b/source/heimdal/lib/gssapi/mech/gss_display_status.c @@ -59,7 +59,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_status.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); static const char * calling_error(OM_uint32 v) diff --git a/source/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source/heimdal/lib/gssapi/mech/gss_duplicate_name.c index f38c840b314c..6912e3329fc5 100644 --- a/source/heimdal/lib/gssapi/mech/gss_duplicate_name.c +++ b/source/heimdal/lib/gssapi/mech/gss_duplicate_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_duplicate_name.c 21480 2007-07-10 16:32:32Z lha $"); +RCSID("$Id$"); OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t src_name, diff --git a/source/heimdal/lib/gssapi/mech/gss_duplicate_oid.c b/source/heimdal/lib/gssapi/mech/gss_duplicate_oid.c index d111a0ed6189..59bd797766ef 100644 --- a/source/heimdal/lib/gssapi/mech/gss_duplicate_oid.c +++ b/source/heimdal/lib/gssapi/mech/gss_duplicate_oid.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_duplicate_oid.c 19954 2007-01-17 11:50:23Z lha $"); +RCSID("$Id$"); OM_uint32 gss_duplicate_oid ( OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_encapsulate_token.c b/source/heimdal/lib/gssapi/mech/gss_encapsulate_token.c index 32ecbbacb2d6..b9d06c28fa28 100644 --- a/source/heimdal/lib/gssapi/mech/gss_encapsulate_token.c +++ b/source/heimdal/lib/gssapi/mech/gss_encapsulate_token.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_encapsulate_token.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_encapsulate_token(gss_buffer_t input_token, diff --git a/source/heimdal/lib/gssapi/mech/gss_export_name.c b/source/heimdal/lib/gssapi/mech/gss_export_name.c index 22053202aa86..7c1e6791da9a 100644 --- a/source/heimdal/lib/gssapi/mech/gss_export_name.c +++ b/source/heimdal/lib/gssapi/mech/gss_export_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_export_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_export_name(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_export_sec_context.c b/source/heimdal/lib/gssapi/mech/gss_export_sec_context.c index 053d203ba16e..f3a6dc4fb57b 100644 --- a/source/heimdal/lib/gssapi/mech/gss_export_sec_context.c +++ b/source/heimdal/lib/gssapi/mech/gss_export_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_export_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_export_sec_context(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_get_mic.c b/source/heimdal/lib/gssapi/mech/gss_get_mic.c index 7b33ac0ed9e3..9cd5060fc941 100644 --- a/source/heimdal/lib/gssapi/mech/gss_get_mic.c +++ b/source/heimdal/lib/gssapi/mech/gss_get_mic.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_get_mic.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_get_mic(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_import_name.c b/source/heimdal/lib/gssapi/mech/gss_import_name.c index 104452f5b95e..040e2284105b 100644 --- a/source/heimdal/lib/gssapi/mech/gss_import_name.c +++ b/source/heimdal/lib/gssapi/mech/gss_import_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_import_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); static OM_uint32 _gss_import_export_name(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_import_sec_context.c b/source/heimdal/lib/gssapi/mech/gss_import_sec_context.c index c68849ce008b..01ca9f10df94 100644 --- a/source/heimdal/lib/gssapi/mech/gss_import_sec_context.c +++ b/source/heimdal/lib/gssapi/mech/gss_import_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_import_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_import_sec_context(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_indicate_mechs.c b/source/heimdal/lib/gssapi/mech/gss_indicate_mechs.c index cafb6609914c..34c0bb55d832 100644 --- a/source/heimdal/lib/gssapi/mech/gss_indicate_mechs.c +++ b/source/heimdal/lib/gssapi/mech/gss_indicate_mechs.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_indicate_mechs.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_indicate_mechs(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source/heimdal/lib/gssapi/mech/gss_init_sec_context.c index d0e92f41cebc..579000a7ec46 100644 --- a/source/heimdal/lib/gssapi/mech/gss_init_sec_context.c +++ b/source/heimdal/lib/gssapi/mech/gss_init_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_init_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); static gss_cred_id_t _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type) diff --git a/source/heimdal/lib/gssapi/mech/gss_inquire_context.c b/source/heimdal/lib/gssapi/mech/gss_inquire_context.c index 26f403807120..8872f121d049 100644 --- a/source/heimdal/lib/gssapi/mech/gss_inquire_context.c +++ b/source/heimdal/lib/gssapi/mech/gss_inquire_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_context.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_context(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_inquire_cred.c b/source/heimdal/lib/gssapi/mech/gss_inquire_cred.c index 1610be553872..358757267248 100644 --- a/source/heimdal/lib/gssapi/mech/gss_inquire_cred.c +++ b/source/heimdal/lib/gssapi/mech/gss_inquire_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); #define AUSAGE 1 #define IUSAGE 2 diff --git a/source/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c b/source/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c index fedd963ffa4c..47a2eaf27998 100644 --- a/source/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c +++ b/source/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred_by_mech.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_mech(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/source/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c index c1bbf3a724f8..d22231d96b5a 100644 --- a/source/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c +++ b/source/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred_by_oid.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_oid (OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c b/source/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c index 6b06a33053da..8df7f88a0a50 100644 --- a/source/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c +++ b/source/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_mechs_for_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_mechs_for_name(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c b/source/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c index 1ba1ee056336..a630d762161a 100644 --- a/source/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c +++ b/source/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_names_for_mech.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_names_for_mech(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c b/source/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c index b06a3e10f090..9ba892dc0eb2 100644 --- a/source/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c +++ b/source/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_sec_context_by_oid.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_krb5.c b/source/heimdal/lib/gssapi/mech/gss_krb5.c index d6b89e3e236a..e224dffe05d3 100644 --- a/source/heimdal/lib/gssapi/mech/gss_krb5.c +++ b/source/heimdal/lib/gssapi/mech/gss_krb5.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_krb5.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); #include #include @@ -52,7 +52,7 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status, if (ret) return ret; - if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count < 1) { gss_release_buffer_set(minor_status, &data_set); *minor_status = EINVAL; return GSS_S_FAILURE; diff --git a/source/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source/heimdal/lib/gssapi/mech/gss_mech_switch.c index 8abbb7d0cc1d..5b8d35c3ddea 100644 --- a/source/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -28,7 +28,7 @@ #include "mech_locl.h" #include -RCSID("$Id: gss_mech_switch.c 23471 2008-07-27 12:17:49Z lha $"); +RCSID("$Id$"); #ifndef _PATH_GSS_MECH #define _PATH_GSS_MECH "/etc/gss/mech" @@ -249,7 +249,7 @@ _gss_load_mech(void) #define RTLD_LOCAL 0 #endif - so = dlopen(lib, RTLD_LOCAL); + so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL); if (!so) { /* fprintf(stderr, "dlopen: %s\n", dlerror()); */ continue; diff --git a/source/heimdal/lib/gssapi/mech/gss_names.c b/source/heimdal/lib/gssapi/mech/gss_names.c index f78672d8374d..a1b858d9388d 100644 --- a/source/heimdal/lib/gssapi/mech/gss_names.c +++ b/source/heimdal/lib/gssapi/mech/gss_names.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_names.c 21473 2007-07-10 16:29:53Z lha $"); +RCSID("$Id$"); OM_uint32 _gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech, diff --git a/source/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source/heimdal/lib/gssapi/mech/gss_oid_equal.c index b272316115a4..0ec6a9b5cc97 100644 --- a/source/heimdal/lib/gssapi/mech/gss_oid_equal.c +++ b/source/heimdal/lib/gssapi/mech/gss_oid_equal.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_oid_equal.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); int GSSAPI_LIB_FUNCTION gss_oid_equal(const gss_OID a, const gss_OID b) diff --git a/source/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source/heimdal/lib/gssapi/mech/gss_oid_to_str.c index 4678a3e71077..69a723adb110 100644 --- a/source/heimdal/lib/gssapi/mech/gss_oid_to_str.c +++ b/source/heimdal/lib/gssapi/mech/gss_oid_to_str.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_oid_to_str.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) diff --git a/source/heimdal/lib/gssapi/mech/gss_process_context_token.c b/source/heimdal/lib/gssapi/mech/gss_process_context_token.c index db55bc24be29..9dc3f5b90481 100644 --- a/source/heimdal/lib/gssapi/mech/gss_process_context_token.c +++ b/source/heimdal/lib/gssapi/mech/gss_process_context_token.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_process_context_token.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_process_context_token(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_pseudo_random.c b/source/heimdal/lib/gssapi/mech/gss_pseudo_random.c index ba027cb95a62..5807ee9d9b85 100644 --- a/source/heimdal/lib/gssapi/mech/gss_pseudo_random.c +++ b/source/heimdal/lib/gssapi/mech/gss_pseudo_random.c @@ -31,10 +31,10 @@ * SUCH DAMAGE. */ -/* $Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $ */ +/* $Id$ */ #include "mech_locl.h" -RCSID("$Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_pseudo_random(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_release_buffer.c b/source/heimdal/lib/gssapi/mech/gss_release_buffer.c index eb1bf34985dc..1af528915728 100644 --- a/source/heimdal/lib/gssapi/mech/gss_release_buffer.c +++ b/source/heimdal/lib/gssapi/mech/gss_release_buffer.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_buffer.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_release_buffer(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_release_cred.c b/source/heimdal/lib/gssapi/mech/gss_release_cred.c index 9648929c91b7..40777fa2a12e 100644 --- a/source/heimdal/lib/gssapi/mech/gss_release_cred.c +++ b/source/heimdal/lib/gssapi/mech/gss_release_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_cred.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) diff --git a/source/heimdal/lib/gssapi/mech/gss_release_name.c b/source/heimdal/lib/gssapi/mech/gss_release_name.c index d8c36c10a71c..ad07c60bda5b 100644 --- a/source/heimdal/lib/gssapi/mech/gss_release_name.c +++ b/source/heimdal/lib/gssapi/mech/gss_release_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_release_name(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_release_oid.c b/source/heimdal/lib/gssapi/mech/gss_release_oid.c index ccc59638fb51..dda8efb65016 100644 --- a/source/heimdal/lib/gssapi/mech/gss_release_oid.c +++ b/source/heimdal/lib/gssapi/mech/gss_release_oid.c @@ -33,7 +33,7 @@ #include "mech_locl.h" -RCSID("$Id: gss_release_oid.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid(OM_uint32 *minor_status, gss_OID *oid) diff --git a/source/heimdal/lib/gssapi/mech/gss_release_oid_set.c b/source/heimdal/lib/gssapi/mech/gss_release_oid_set.c index 00b1f4656ded..0ccb9e4dc63d 100644 --- a/source/heimdal/lib/gssapi/mech/gss_release_oid_set.c +++ b/source/heimdal/lib/gssapi/mech/gss_release_oid_set.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_oid_set.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid_set(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_seal.c b/source/heimdal/lib/gssapi/mech/gss_seal.c index 79794554305b..f6636456ea3b 100644 --- a/source/heimdal/lib/gssapi/mech/gss_seal.c +++ b/source/heimdal/lib/gssapi/mech/gss_seal.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_seal.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_seal(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source/heimdal/lib/gssapi/mech/gss_set_cred_option.c index bbd75c9849cf..20eaa14d9e2d 100644 --- a/source/heimdal/lib/gssapi/mech/gss_set_cred_option.c +++ b/source/heimdal/lib/gssapi/mech/gss_set_cred_option.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_cred_option.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_set_cred_option (OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c b/source/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c index 48377fd6bcbd..735d59322e6a 100644 --- a/source/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c +++ b/source/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_sec_context_option.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_set_sec_context_option (OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_sign.c b/source/heimdal/lib/gssapi/mech/gss_sign.c index c91b6490d2cc..1d736413557f 100644 --- a/source/heimdal/lib/gssapi/mech/gss_sign.c +++ b/source/heimdal/lib/gssapi/mech/gss_sign.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_sign.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_sign(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c b/source/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c index ee42cc5d1a3a..ca1dca8fadd0 100644 --- a/source/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c +++ b/source/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_test_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_test_oid_set_member(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_unseal.c b/source/heimdal/lib/gssapi/mech/gss_unseal.c index d6f73c55222a..539e65a01c3e 100644 --- a/source/heimdal/lib/gssapi/mech/gss_unseal.c +++ b/source/heimdal/lib/gssapi/mech/gss_unseal.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_unseal.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_unseal(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_unwrap.c b/source/heimdal/lib/gssapi/mech/gss_unwrap.c index 4866bacbe52e..693bbe020be9 100644 --- a/source/heimdal/lib/gssapi/mech/gss_unwrap.c +++ b/source/heimdal/lib/gssapi/mech/gss_unwrap.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_unwrap.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_utils.c b/source/heimdal/lib/gssapi/mech/gss_utils.c index 22217a9d62b7..6e05acff030f 100644 --- a/source/heimdal/lib/gssapi/mech/gss_utils.c +++ b/source/heimdal/lib/gssapi/mech/gss_utils.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_utils.c 19965 2007-01-17 16:23:47Z lha $"); +RCSID("$Id$"); OM_uint32 _gss_copy_oid(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_verify.c b/source/heimdal/lib/gssapi/mech/gss_verify.c index d82ceee9847b..f287cb4816d0 100644 --- a/source/heimdal/lib/gssapi/mech/gss_verify.c +++ b/source/heimdal/lib/gssapi/mech/gss_verify.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_verify.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_verify(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_verify_mic.c b/source/heimdal/lib/gssapi/mech/gss_verify_mic.c index c58c63ac0fb2..1a411729c68a 100644 --- a/source/heimdal/lib/gssapi/mech/gss_verify_mic.c +++ b/source/heimdal/lib/gssapi/mech/gss_verify_mic.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_verify_mic.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_verify_mic(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_wrap.c b/source/heimdal/lib/gssapi/mech/gss_wrap.c index f6b5077d0e02..b3363d3f207d 100644 --- a/source/heimdal/lib/gssapi/mech/gss_wrap.c +++ b/source/heimdal/lib/gssapi/mech/gss_wrap.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_wrap.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c b/source/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c index 14f373dada40..15b86a9367b4 100644 --- a/source/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c +++ b/source/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_wrap_size_limit.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap_size_limit(OM_uint32 *minor_status, diff --git a/source/heimdal/lib/gssapi/mech/gssapi.asn1 b/source/heimdal/lib/gssapi/mech/gssapi.asn1 index 44b30bfa7ebd..1ba7b40637b0 100644 --- a/source/heimdal/lib/gssapi/mech/gssapi.asn1 +++ b/source/heimdal/lib/gssapi/mech/gssapi.asn1 @@ -1,4 +1,4 @@ --- $Id: gssapi.asn1 18565 2006-10-18 21:08:19Z lha $ +-- $Id$ GSS-API DEFINITIONS ::= BEGIN diff --git a/source/heimdal/lib/gssapi/mech/mech_locl.h b/source/heimdal/lib/gssapi/mech/mech_locl.h index 4399fa78a681..8887692e08fe 100644 --- a/source/heimdal/lib/gssapi/mech/mech_locl.h +++ b/source/heimdal/lib/gssapi/mech/mech_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: mech_locl.h 19948 2007-01-17 10:03:07Z lha $ */ +/* $Id$ */ #include diff --git a/source/heimdal/lib/gssapi/mech/mech_switch.h b/source/heimdal/lib/gssapi/mech/mech_switch.h index 14e6d7978c05..e83a4c8a5aaf 100644 --- a/source/heimdal/lib/gssapi/mech/mech_switch.h +++ b/source/heimdal/lib/gssapi/mech/mech_switch.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/mech_switch.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: mech_switch.h 18246 2006-10-05 18:36:07Z lha $ + * $Id$ */ #include diff --git a/source/heimdal/lib/gssapi/mech/name.h b/source/heimdal/lib/gssapi/mech/name.h index 7c9ba33d85cb..49b412dd7340 100644 --- a/source/heimdal/lib/gssapi/mech/name.h +++ b/source/heimdal/lib/gssapi/mech/name.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: name.h 21477 2007-07-10 16:31:44Z lha $ + * $Id$ */ struct _gss_mechanism_name { diff --git a/source/heimdal/lib/gssapi/mech/utils.h b/source/heimdal/lib/gssapi/mech/utils.h index 908203557ee3..7b27d38f3cd0 100644 --- a/source/heimdal/lib/gssapi/mech/utils.h +++ b/source/heimdal/lib/gssapi/mech/utils.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/utils.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: utils.h 19398 2006-12-18 13:01:40Z lha $ + * $Id$ */ OM_uint32 _gss_free_oid(OM_uint32 *, gss_OID); diff --git a/source/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source/heimdal/lib/gssapi/spnego/accept_sec_context.c index 6b618092fe16..2afeaf080eea 100644 --- a/source/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/source/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: accept_sec_context.c 23158 2008-05-02 09:45:28Z lha $"); +RCSID("$Id$"); static OM_uint32 send_reject (OM_uint32 *minor_status, @@ -524,7 +524,7 @@ acceptor_complete(OM_uint32 * minor_status, free(buf.value); } else - *get_mic = verify_mic = 0; + *get_mic = 0; return GSS_S_COMPLETE; } diff --git a/source/heimdal/lib/gssapi/spnego/compat.c b/source/heimdal/lib/gssapi/spnego/compat.c index 36de854784c3..67d9b202a730 100644 --- a/source/heimdal/lib/gssapi/spnego/compat.c +++ b/source/heimdal/lib/gssapi/spnego/compat.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: compat.c 22688 2008-03-16 11:33:58Z lha $"); +RCSID("$Id$"); /* * Apparently Microsoft got the OID wrong, and used diff --git a/source/heimdal/lib/gssapi/spnego/context_stubs.c b/source/heimdal/lib/gssapi/spnego/context_stubs.c index 6f1c3eb4b6f4..60c53058b8aa 100644 --- a/source/heimdal/lib/gssapi/spnego/context_stubs.c +++ b/source/heimdal/lib/gssapi/spnego/context_stubs.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: context_stubs.c 22688 2008-03-16 11:33:58Z lha $"); +RCSID("$Id$"); static OM_uint32 spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs) diff --git a/source/heimdal/lib/gssapi/spnego/cred_stubs.c b/source/heimdal/lib/gssapi/spnego/cred_stubs.c index d87d7d618e77..836b63f437e1 100644 --- a/source/heimdal/lib/gssapi/spnego/cred_stubs.c +++ b/source/heimdal/lib/gssapi/spnego/cred_stubs.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: cred_stubs.c 22688 2008-03-16 11:33:58Z lha $"); +RCSID("$Id$"); OM_uint32 _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) diff --git a/source/heimdal/lib/gssapi/spnego/external.c b/source/heimdal/lib/gssapi/spnego/external.c index 317d35870726..d5718c3fd37f 100644 --- a/source/heimdal/lib/gssapi/spnego/external.c +++ b/source/heimdal/lib/gssapi/spnego/external.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" #include -RCSID("$Id: external.c 22688 2008-03-16 11:33:58Z lha $"); +RCSID("$Id$"); /* * RFC2478, SPNEGO: diff --git a/source/heimdal/lib/gssapi/spnego/init_sec_context.c b/source/heimdal/lib/gssapi/spnego/init_sec_context.c index bee489589810..f032757fddcb 100644 --- a/source/heimdal/lib/gssapi/spnego/init_sec_context.c +++ b/source/heimdal/lib/gssapi/spnego/init_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: init_sec_context.c 22600 2008-02-21 12:46:24Z lha $"); +RCSID("$Id$"); /* * Is target_name an sane target for `mech´. diff --git a/source/heimdal/lib/gssapi/spnego/spnego.asn1 b/source/heimdal/lib/gssapi/spnego/spnego.asn1 index 058f10ba3ad1..048e86bb43d5 100644 --- a/source/heimdal/lib/gssapi/spnego/spnego.asn1 +++ b/source/heimdal/lib/gssapi/spnego/spnego.asn1 @@ -1,4 +1,4 @@ --- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $ +-- $Id$ SPNEGO DEFINITIONS ::= BEGIN diff --git a/source/heimdal/lib/gssapi/spnego/spnego_locl.h b/source/heimdal/lib/gssapi/spnego/spnego_locl.h index 6eb808efbc27..8344e750ae78 100644 --- a/source/heimdal/lib/gssapi/spnego/spnego_locl.h +++ b/source/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: spnego_locl.h 23161 2008-05-05 09:56:20Z lha $ */ +/* $Id$ */ #ifndef SPNEGO_LOCL_H #define SPNEGO_LOCL_H diff --git a/source/heimdal/lib/hcrypto/aes.c b/source/heimdal/lib/hcrypto/aes.c index a36459a45707..668b4f269ff1 100644 --- a/source/heimdal/lib/hcrypto/aes.c +++ b/source/heimdal/lib/hcrypto/aes.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: aes.c 15495 2005-06-18 22:47:33Z lha $"); +RCSID("$Id$"); #endif #ifdef KRB5 diff --git a/source/heimdal/lib/hcrypto/aes.h b/source/heimdal/lib/hcrypto/aes.h index eeba5c9e5161..9550f61e9fdf 100644 --- a/source/heimdal/lib/hcrypto/aes.h +++ b/source/heimdal/lib/hcrypto/aes.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: aes.h 22958 2008-04-11 11:33:22Z lha $ */ +/* $Id$ */ #ifndef HEIM_AES_H #define HEIM_AES_H 1 diff --git a/source/heimdal/lib/hcrypto/bn.c b/source/heimdal/lib/hcrypto/bn.c index 1f8c1d5471f6..eb2e1c37a50e 100644 --- a/source/heimdal/lib/hcrypto/bn.c +++ b/source/heimdal/lib/hcrypto/bn.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: bn.c 22850 2008-04-07 18:49:01Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/hcrypto/bn.h b/source/heimdal/lib/hcrypto/bn.h index 92cacec2a66c..924ccf9cecc6 100644 --- a/source/heimdal/lib/hcrypto/bn.h +++ b/source/heimdal/lib/hcrypto/bn.h @@ -32,7 +32,7 @@ */ /* - * $Id: bn.h 22260 2007-12-09 06:23:47Z lha $ + * $Id$ */ #ifndef _HEIM_BN_H diff --git a/source/heimdal/lib/hcrypto/des.c b/source/heimdal/lib/hcrypto/des.c index 9e533dd708e6..8be9d649cd35 100644 --- a/source/heimdal/lib/hcrypto/des.c +++ b/source/heimdal/lib/hcrypto/des.c @@ -84,7 +84,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: des.c 23117 2008-04-28 10:29:36Z lha $"); +RCSID("$Id$"); #endif #define HC_DEPRECATED diff --git a/source/heimdal/lib/hcrypto/des.h b/source/heimdal/lib/hcrypto/des.h index 3c52f59e289d..f1a67988517d 100644 --- a/source/heimdal/lib/hcrypto/des.h +++ b/source/heimdal/lib/hcrypto/des.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: des.h 23148 2008-04-29 05:53:27Z biorn $ */ +/* $Id$ */ #ifndef _DESperate_H #define _DESperate_H 1 diff --git a/source/heimdal/lib/hcrypto/dh-imath.c b/source/heimdal/lib/hcrypto/dh-imath.c index 494d436d1311..f4e5e118a016 100644 --- a/source/heimdal/lib/hcrypto/dh-imath.c +++ b/source/heimdal/lib/hcrypto/dh-imath.c @@ -43,7 +43,7 @@ #include "imath/imath.h" -RCSID("$Id: dh-imath.c 22368 2007-12-28 15:27:52Z lha $"); +RCSID("$Id$"); static void BN2mpz(mpz_t *s, const BIGNUM *bn) diff --git a/source/heimdal/lib/hcrypto/dh.c b/source/heimdal/lib/hcrypto/dh.c index 9f1af0b3b114..b2aa890e5581 100644 --- a/source/heimdal/lib/hcrypto/dh.c +++ b/source/heimdal/lib/hcrypto/dh.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: dh.c 22397 2008-01-01 20:20:31Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/hcrypto/dh.h b/source/heimdal/lib/hcrypto/dh.h index e34390dc99c5..533d832a3db6 100644 --- a/source/heimdal/lib/hcrypto/dh.h +++ b/source/heimdal/lib/hcrypto/dh.h @@ -32,7 +32,7 @@ */ /* - * $Id: dh.h 17483 2006-05-06 13:11:15Z lha $ + * $Id$ */ #ifndef _HEIM_DH_H diff --git a/source/heimdal/lib/hcrypto/dsa.c b/source/heimdal/lib/hcrypto/dsa.c index 0dc59dac614f..637963a591e2 100644 --- a/source/heimdal/lib/hcrypto/dsa.c +++ b/source/heimdal/lib/hcrypto/dsa.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: dsa.c 17496 2006-05-07 11:31:58Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/hcrypto/dsa.h b/source/heimdal/lib/hcrypto/dsa.h index 0544b8011841..94d8206589e7 100644 --- a/source/heimdal/lib/hcrypto/dsa.h +++ b/source/heimdal/lib/hcrypto/dsa.h @@ -32,7 +32,7 @@ */ /* - * $Id: dsa.h 16564 2006-01-13 15:26:52Z lha $ + * $Id$ */ #ifndef _HEIM_DSA_H diff --git a/source/heimdal/lib/hcrypto/engine.c b/source/heimdal/lib/hcrypto/engine.c index 1a754909c5b7..b26987884d39 100644 --- a/source/heimdal/lib/hcrypto/engine.c +++ b/source/heimdal/lib/hcrypto/engine.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: engine.c 20828 2007-06-03 05:10:20Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/hcrypto/engine.h b/source/heimdal/lib/hcrypto/engine.h index 547a2d1324a4..d317a77e0d80 100644 --- a/source/heimdal/lib/hcrypto/engine.h +++ b/source/heimdal/lib/hcrypto/engine.h @@ -32,7 +32,7 @@ */ /* - * $Id: engine.h 17475 2006-05-06 12:34:36Z lha $ + * $Id$ */ #ifndef _HEIM_ENGINE_H diff --git a/source/heimdal/lib/hcrypto/evp.c b/source/heimdal/lib/hcrypto/evp.c index b4fb8a7f2302..42b7c6da0b9b 100644 --- a/source/heimdal/lib/hcrypto/evp.c +++ b/source/heimdal/lib/hcrypto/evp.c @@ -35,9 +35,10 @@ #include #endif -RCSID("$Id: evp.c 23144 2008-04-29 05:47:16Z lha $"); +RCSID("$Id$"); #define HC_DEPRECATED +#define HC_DEPRECATED_CRYPTO #include #include @@ -49,7 +50,6 @@ RCSID("$Id: evp.c 23144 2008-04-29 05:47:16Z lha $"); #include -#include #include "camellia.h" #include #include @@ -63,24 +63,20 @@ RCSID("$Id: evp.c 23144 2008-04-29 05:47:16Z lha $"); * @page page_evp EVP - generic crypto interface * * See the library functions here: @ref hcrypto_evp + * + * @section evp_cipher EVP Cipher + * + * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to + * understand forward, then EVP_CipherUpdate() and + * EVP_CipherFinal_ex() really needs an example to explain @ref + * example_evp_cipher.c . + * + * @example example_evp_cipher.c + * + * This is an example how to use EVP_CipherInit_ex(), + * EVP_CipherUpdate() and EVP_CipherFinal_ex(). */ - -typedef int (*evp_md_init)(EVP_MD_CTX *); -typedef int (*evp_md_update)(EVP_MD_CTX *,const void *, size_t); -typedef int (*evp_md_final)(void *, EVP_MD_CTX *); -typedef int (*evp_md_cleanup)(EVP_MD_CTX *); - -struct hc_evp_md { - int hash_size; - int block_size; - int ctx_size; - evp_md_init init; - evp_md_update update; - evp_md_final final; - evp_md_cleanup cleanup; -}; - struct hc_EVP_MD_CTX { const EVP_MD *md; ENGINE *engine; @@ -361,9 +357,9 @@ EVP_sha256(void) 32, 64, sizeof(SHA256_CTX), - (evp_md_init)SHA256_Init, - (evp_md_update)SHA256_Update, - (evp_md_final)SHA256_Final, + (hc_evp_md_init)SHA256_Init, + (hc_evp_md_update)SHA256_Update, + (hc_evp_md_final)SHA256_Final, NULL }; return &sha256; @@ -373,9 +369,9 @@ static const struct hc_evp_md sha1 = { 20, 64, sizeof(SHA_CTX), - (evp_md_init)SHA1_Init, - (evp_md_update)SHA1_Update, - (evp_md_final)SHA1_Final, + (hc_evp_md_init)SHA1_Init, + (hc_evp_md_update)SHA1_Update, + (hc_evp_md_final)SHA1_Final, NULL }; @@ -422,9 +418,9 @@ EVP_md5(void) 16, 64, sizeof(MD5_CTX), - (evp_md_init)MD5_Init, - (evp_md_update)MD5_Update, - (evp_md_final)MD5_Final, + (hc_evp_md_init)MD5_Init, + (hc_evp_md_update)MD5_Update, + (hc_evp_md_final)MD5_Final, NULL }; return &md5; @@ -445,9 +441,9 @@ EVP_md4(void) 16, 64, sizeof(MD4_CTX), - (evp_md_init)MD4_Init, - (evp_md_update)MD4_Update, - (evp_md_final)MD4_Final, + (hc_evp_md_init)MD4_Init, + (hc_evp_md_update)MD4_Update, + (hc_evp_md_final)MD4_Final, NULL }; return &md4; @@ -468,9 +464,9 @@ EVP_md2(void) 16, 16, sizeof(MD2_CTX), - (evp_md_init)MD2_Init, - (evp_md_update)MD2_Update, - (evp_md_final)MD2_Final, + (hc_evp_md_init)MD2_Init, + (hc_evp_md_update)MD2_Update, + (hc_evp_md_final)MD2_Final, NULL }; return &md2; @@ -508,9 +504,9 @@ EVP_md_null(void) 0, 0, 0, - (evp_md_init)null_Init, - (evp_md_update)null_Update, - (evp_md_final)null_Final, + (hc_evp_md_init)null_Init, + (hc_evp_md_update)null_Update, + (hc_evp_md_final)null_Final, NULL }; return &null; @@ -769,6 +765,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, const void *key, const void *iv, int encp) { + ctx->buf_len = 0; + if (encp == -1) encp = ctx->encrypt; else @@ -783,6 +781,9 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, if (ctx->cipher_data == NULL && c->ctx_size != 0) return 0; + /* assume block size is a multiple of 2 */ + ctx->block_mask = EVP_CIPHER_block_size(c) - 1; + } else if (ctx->cipher == NULL) { /* reuse of cipher, but not any cipher ever set! */ return 0; @@ -808,7 +809,138 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, } /** - * Encypher/decypher data + * Encipher/decipher partial data + * + * @param ctx the cipher context. + * @param out output data from the operation. + * @param outlen output length + * @param in input data to the operation. + * @param inlen length of data. + * + * The output buffer length should at least be EVP_CIPHER_block_size() + * byte longer then the input length. + * + * See @ref evp_cipher for an example how to use this function. + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + +int +EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen, + void *in, size_t inlen) +{ + int ret, left, blocksize; + + *outlen = 0; + + /** + * If there in no spare bytes in the left from last Update and the + * input length is on the block boundery, the EVP_CipherUpdate() + * function can take a shortcut (and preformance gain) and + * directly encrypt the data, otherwise we hav to fix it up and + * store extra it the EVP_CIPHER_CTX. + */ + if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) { + ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); + if (ret == 1) + *outlen = inlen; + else + *outlen = 0; + return ret; + } + + + blocksize = EVP_CIPHER_CTX_block_size(ctx); + left = blocksize - ctx->buf_len; + assert(left > 0); + + if (ctx->buf_len) { + + /* if total buffer is smaller then input, store locally */ + if (inlen < left) { + memcpy(ctx->buf + ctx->buf_len, in, inlen); + ctx->buf_len += inlen; + return 1; + } + + /* fill in local buffer and encrypt */ + memcpy(ctx->buf + ctx->buf_len, in, left); + ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); + memset(ctx->buf, 0, blocksize); + if (ret != 1) + return ret; + + *outlen += blocksize; + inlen -= left; + in = ((unsigned char *)in) + left; + out = ((unsigned char *)out) + blocksize; + ctx->buf_len = 0; + } + + if (inlen) { + ctx->buf_len = (inlen & ctx->block_mask); + inlen &= ~ctx->block_mask; + + ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); + if (ret != 1) + return ret; + + *outlen += inlen; + + in = ((unsigned char *)in) + inlen; + memcpy(ctx->buf, in, ctx->buf_len); + } + + return 1; +} + +/** + * Encipher/decipher final data + * + * @param ctx the cipher context. + * @param out output data from the operation. + * @param outlen output length + * + * The input length needs to be at least EVP_CIPHER_block_size() bytes + * long. + * + * See @ref evp_cipher for an example how to use this function. + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + +int +EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen) +{ + *outlen = 0; + + if (ctx->buf_len) { + int ret, left, blocksize; + + blocksize = EVP_CIPHER_CTX_block_size(ctx); + + left = blocksize - ctx->buf_len; + assert(left > 0); + + /* zero fill local buffer */ + memset(ctx->buf + ctx->buf_len, 0, left); + ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); + memset(ctx->buf, 0, blocksize); + if (ret != 1) + return ret; + + *outlen += blocksize; + } + + return 1; +} + +/** + * Encipher/decipher data * * @param ctx the cipher context. * @param out out data from the operation. @@ -1043,6 +1175,71 @@ EVP_rc4_40(void) return NULL; } +/* + * + */ + +static int +des_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + DES_key_schedule *k = ctx->cipher_data; + DES_cblock deskey; + memcpy(&deskey, key, sizeof(deskey)); + DES_set_key_unchecked(&deskey, k); + return 1; +} + +static int +des_cbc_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + DES_key_schedule *k = ctx->cipher_data; + DES_cbc_encrypt(in, out, size, + k, (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; +} + +static int +des_cbc_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(struct DES_key_schedule)); + return 1; +} + +/** + * The DES cipher type + * + * @return the DES-CBC EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_des_cbc(void) +{ + static const EVP_CIPHER des_ede3_cbc = { + 0, + 8, + 8, + 8, + EVP_CIPH_CBC_MODE, + des_cbc_init, + des_cbc_do_cipher, + des_cbc_cleanup, + sizeof(DES_key_schedule), + NULL, + NULL, + NULL, + NULL + }; + return &des_ede3_cbc; +} + /* * */ @@ -1124,42 +1321,6 @@ EVP_des_ede3_cbc(void) return &des_ede3_cbc; } -/* - * - */ - -static int -aes_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - AES_KEY *k = ctx->cipher_data; - if (ctx->encrypt) - AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); - else - AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); - return 1; -} - -static int -aes_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int size) -{ - AES_KEY *k = ctx->cipher_data; - AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); - return 1; -} - -static int -aes_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(AES_KEY)); - return 1; -} - /** * The AES-128 cipher type * @@ -1171,22 +1332,7 @@ aes_cleanup(EVP_CIPHER_CTX *ctx) const EVP_CIPHER * EVP_aes_128_cbc(void) { - static const EVP_CIPHER aes_128_cbc = { - 0, - 16, - 16, - 16, - EVP_CIPH_CBC_MODE, - aes_init, - aes_do_cipher, - aes_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &aes_128_cbc; + return EVP_hcrypto_aes_128_cbc(); } /** @@ -1200,22 +1346,7 @@ EVP_aes_128_cbc(void) const EVP_CIPHER * EVP_aes_192_cbc(void) { - static const EVP_CIPHER aes_192_cbc = { - 0, - 16, - 24, - 16, - EVP_CIPH_CBC_MODE, - aes_init, - aes_do_cipher, - aes_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &aes_192_cbc; + return EVP_hcrypto_aes_192_cbc(); } /** @@ -1229,22 +1360,7 @@ EVP_aes_192_cbc(void) const EVP_CIPHER * EVP_aes_256_cbc(void) { - static const EVP_CIPHER aes_256_cbc = { - 0, - 16, - 32, - 16, - EVP_CIPH_CBC_MODE, - aes_init, - aes_do_cipher, - aes_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &aes_256_cbc; + return EVP_hcrypto_aes_256_cbc(); } static int diff --git a/source/heimdal/lib/hcrypto/evp.h b/source/heimdal/lib/hcrypto/evp.h index c8f8f80f800f..e2c95b929e55 100644 --- a/source/heimdal/lib/hcrypto/evp.h +++ b/source/heimdal/lib/hcrypto/evp.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: evp.h 23141 2008-04-29 05:47:04Z lha $ */ +/* $Id$ */ #ifndef HEIM_EVP_H #define HEIM_EVP_H 1 @@ -56,6 +56,8 @@ #define EVP_CIPHER_key_length hc_EVP_CIPHER_key_length #define EVP_Cipher hc_EVP_Cipher #define EVP_CipherInit_ex hc_EVP_CipherInit_ex +#define EVP_CipherUpdate hc_EVP_CipherUpdate +#define EVP_CipherFinal_ex hc_EVP_CipherFinal_ex #define EVP_Digest hc_EVP_Digest #define EVP_DigestFinal_ex hc_EVP_DigestFinal_ex #define EVP_DigestInit_ex hc_EVP_DigestInit_ex @@ -72,6 +74,13 @@ #define EVP_aes_128_cbc hc_EVP_aes_128_cbc #define EVP_aes_192_cbc hc_EVP_aes_192_cbc #define EVP_aes_256_cbc hc_EVP_aes_256_cbc +#define EVP_hcrypto_aes_128_cbc hc_EVP_hcrypto_aes_128_cbc +#define EVP_hcrypto_aes_192_cbc hc_EVP_hcrypto_aes_192_cbc +#define EVP_hcrypto_aes_256_cbc hc_EVP_hcrypto_aes_256_cbc +#define EVP_hcrypto_aes_128_cts hc_EVP_hcrypto_aes_128_cts +#define EVP_hcrypto_aes_192_cts hc_EVP_hcrypto_aes_192_cts +#define EVP_hcrypto_aes_256_cts hc_EVP_hcrypto_aes_256_cts +#define EVP_des_cbc hc_EVP_des_cbc #define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc #define EVP_enc_null hc_EVP_enc_null #define EVP_md2 hc_EVP_md2 @@ -121,6 +130,7 @@ struct hc_CIPHER { * cipher is used in (use EVP_CIPHER.._mode() to extract the * mode). The rest of the flag field is a bitfield. */ +#define EVP_CIPH_STREAM_CIPHER 0 #define EVP_CIPH_CBC_MODE 2 #define EVP_CIPH_MODE 0x7 @@ -141,7 +151,7 @@ struct hc_CIPHER_CTX { const EVP_CIPHER *cipher; ENGINE *engine; int encrypt; - int buf_len; + int buf_len; /* bytes stored in buf for EVP_CipherUpdate */ unsigned char oiv[EVP_MAX_IV_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char buf[EVP_MAX_BLOCK_LENGTH]; @@ -155,6 +165,21 @@ struct hc_CIPHER_CTX { unsigned char final[EVP_MAX_BLOCK_LENGTH]; }; +typedef int (*hc_evp_md_init)(EVP_MD_CTX *); +typedef int (*hc_evp_md_update)(EVP_MD_CTX *,const void *, size_t); +typedef int (*hc_evp_md_final)(void *, EVP_MD_CTX *); +typedef int (*hc_evp_md_cleanup)(EVP_MD_CTX *); + +struct hc_evp_md { + int hash_size; + int block_size; + int ctx_size; + hc_evp_md_init init; + hc_evp_md_update update; + hc_evp_md_final final; + hc_evp_md_cleanup cleanup; +}; + #if !defined(__GNUC__) && !defined(__attribute__) #define __attribute__(x) #endif @@ -162,6 +187,10 @@ struct hc_CIPHER_CTX { #ifndef HC_DEPRECATED #define HC_DEPRECATED __attribute__((deprecated)) #endif +#ifndef HC_DEPRECATED_CRYPTO +#define HC_DEPRECATED_CRYPTO __attribute__((deprecated)) +#endif + #ifdef __cplusplus extern "C" { @@ -172,9 +201,9 @@ extern "C" { */ const EVP_MD *EVP_md_null(void); -const EVP_MD *EVP_md2(void); -const EVP_MD *EVP_md4(void); -const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO; +const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO; +const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO; const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_sha256(void); @@ -182,13 +211,20 @@ const EVP_MD *EVP_sha256(void); const EVP_CIPHER * EVP_aes_128_cbc(void); const EVP_CIPHER * EVP_aes_192_cbc(void); const EVP_CIPHER * EVP_aes_256_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_128_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_192_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_256_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_128_cts(void); +const EVP_CIPHER * EVP_hcrypto_aes_192_cts(void); +const EVP_CIPHER * EVP_hcrypto_aes_256_cts(void); +const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO; const EVP_CIPHER * EVP_des_ede3_cbc(void); const EVP_CIPHER * EVP_enc_null(void); -const EVP_CIPHER * EVP_rc2_40_cbc(void); -const EVP_CIPHER * EVP_rc2_64_cbc(void); -const EVP_CIPHER * EVP_rc2_cbc(void); +const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO; +const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO; +const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO; const EVP_CIPHER * EVP_rc4(void); -const EVP_CIPHER * EVP_rc4_40(void); +const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO; const EVP_CIPHER * EVP_camellia_128_cbc(void); const EVP_CIPHER * EVP_camellia_192_cbc(void); const EVP_CIPHER * EVP_camellia_256_cbc(void); @@ -245,6 +281,8 @@ void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *, void *); int EVP_CipherInit_ex(EVP_CIPHER_CTX *,const EVP_CIPHER *, ENGINE *, const void *, const void *, int); +int EVP_CipherUpdate(EVP_CIPHER_CTX *, void *, int *, void *, size_t); +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, void *, int *); int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t); diff --git a/source/heimdal/lib/hcrypto/hash.h b/source/heimdal/lib/hcrypto/hash.h index d19f0c0ae1de..0b12bddbb7f6 100644 --- a/source/heimdal/lib/hcrypto/hash.h +++ b/source/heimdal/lib/hcrypto/hash.h @@ -30,7 +30,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: hash.h 17450 2006-05-05 11:11:43Z lha $ */ +/* $Id$ */ /* stuff in common between md4, md5, and sha1 */ diff --git a/source/heimdal/lib/hcrypto/hmac.h b/source/heimdal/lib/hcrypto/hmac.h index 5bdae0a36946..345016db2771 100644 --- a/source/heimdal/lib/hcrypto/hmac.h +++ b/source/heimdal/lib/hcrypto/hmac.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hmac.h 16564 2006-01-13 15:26:52Z lha $ */ +/* $Id$ */ #ifndef HEIM_HMAC_H #define HEIM_HMAC_H 1 diff --git a/source/heimdal/lib/hcrypto/imath/LICENSE b/source/heimdal/lib/hcrypto/imath/LICENSE index 53dd364c2b06..96b231720d2f 100644 --- a/source/heimdal/lib/hcrypto/imath/LICENSE +++ b/source/heimdal/lib/hcrypto/imath/LICENSE @@ -1,4 +1,4 @@ -IMath is Copyright 2002-2007 Michael J. Fromberger +IMath is Copyright © 2002-2008 Michael J. Fromberger You may use it subject to the following Licensing Terms: Permission is hereby granted, free of charge, to any person obtaining diff --git a/source/heimdal/lib/hcrypto/imath/imath.c b/source/heimdal/lib/hcrypto/imath/imath.c old mode 100755 new mode 100644 index 4487029f78fd..d8e170aeddda --- a/source/heimdal/lib/hcrypto/imath/imath.c +++ b/source/heimdal/lib/hcrypto/imath/imath.c @@ -1,8 +1,8 @@ /* Name: imath.c Purpose: Arbitrary precision integer arithmetic routines. - Author: M. J. Fromberger - Info: $Id: imath.c 22648 2008-02-25 07:37:57Z lha $ + Author: M. J. Fromberger + Info: $Id: imath.c 645 2008-08-03 04:00:30Z sting $ Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved. @@ -53,6 +53,7 @@ const mp_result MP_RANGE = -3; /* argument out of range */ const mp_result MP_UNDEF = -4; /* result undefined */ const mp_result MP_TRUNC = -5; /* output truncated */ const mp_result MP_BADARG = -6; /* invalid null argument */ +const mp_result MP_MINERR = -6; const mp_sign MP_NEG = 1; /* value is strictly negative */ const mp_sign MP_ZPOS = 0; /* value is non-negative */ @@ -65,7 +66,7 @@ static const char *s_error_msg[] = { "argument out of range", "result undefined", "output truncated", - "invalid null argument", + "invalid argument", NULL }; @@ -97,14 +98,7 @@ static const double s_log2[] = { 0.218104292, 0.215338279, 0.212746054, 0.210309918, /* 24 25 26 27 */ 0.208014598, 0.205846832, 0.203795047, 0.201849087, /* 28 29 30 31 */ 0.200000000, 0.198239863, 0.196561632, 0.194959022, /* 32 33 34 35 */ - 0.193426404, 0.191958720, 0.190551412, 0.189200360, /* 36 37 38 39 */ - 0.187901825, 0.186652411, 0.185449023, 0.184288833, /* 40 41 42 43 */ - 0.183169251, 0.182087900, 0.181042597, 0.180031327, /* 44 45 46 47 */ - 0.179052232, 0.178103594, 0.177183820, 0.176291434, /* 48 49 50 51 */ - 0.175425064, 0.174583430, 0.173765343, 0.172969690, /* 52 53 54 55 */ - 0.172195434, 0.171441601, 0.170707280, 0.169991616, /* 56 57 58 59 */ - 0.169293808, 0.168613099, 0.167948779, 0.167300179, /* 60 61 62 63 */ - 0.166666667 + 0.193426404, /* 36 */ }; /* }}} */ @@ -130,31 +124,38 @@ memcpy(q__,p__,i__);}while(0) #define REV(T, A, N) \ do{T *u_=(A),*v_=u_+(N)-1;while(u_ 1 && (*dz_-- == 0)) --uz_;MP_USED(z_)=uz_;}while(0) -#endif +/* Select min/max. Do not provide expressions for which multiple + evaluation would be problematic, e.g. x++ */ #define MIN(A, B) ((B)<(A)?(B):(A)) #define MAX(A, B) ((B)>(A)?(B):(A)) + +/* Exchange lvalues A and B of type T, e.g. + SWAP(int, x, y) where x and y are variables of type int. */ #define SWAP(T, A, B) do{T t_=(A);A=(B);B=t_;}while(0) +/* Used to set up and access simple temp stacks within functions. */ #define TEMP(K) (temp + (K)) #define SETUP(E, C) \ do{if((res = (E)) != MP_OK) goto CLEANUP; ++(C);}while(0) +/* Compare value to zero. */ #define CMPZ(Z) \ (((Z)->used==1&&(Z)->digits[0]==0)?0:((Z)->sign==MP_NEG)?-1:1) +/* Multiply X by Y into Z, ignoring signs. Requires that Z have + enough storage preallocated to hold the result. */ #define UMUL(X, Y, Z) \ do{mp_size ua_=MP_USED(X),ub_=MP_USED(Y);mp_size o_=ua_+ub_;\ ZERO(MP_DIGITS(Z),o_);\ (void) s_kmul(MP_DIGITS(X),MP_DIGITS(Y),MP_DIGITS(Z),ua_,ub_);\ MP_USED(Z)=o_;CLAMP(Z);}while(0) +/* Square X into Z. Requires that Z have enough storage to hold the + result. */ #define USQR(X, Z) \ do{mp_size ua_=MP_USED(X),o_=ua_+ua_;ZERO(MP_DIGITS(Z),o_);\ (void) s_ksqr(MP_DIGITS(X),MP_DIGITS(Z),ua_);MP_USED(Z)=o_;CLAMP(Z);}while(0) @@ -194,25 +195,20 @@ static void s_free(void *ptr); necessary. Returns true if successful, false if out of memory. */ static int s_pad(mp_int z, mp_size min); -/* Normalize by removing leading zeroes (except when z = 0) */ -#if TRACEABLE_CLAMP -static void s_clamp(mp_int z); -#endif - /* Fill in a "fake" mp_int on the stack with a given value */ -static void s_fake(mp_int z, int value, mp_digit vbuf[]); +static void s_fake(mp_int z, mp_small value, mp_digit vbuf[]); /* Compare two runs of digits of given length, returns <0, 0, >0 */ static int s_cdig(mp_digit *da, mp_digit *db, mp_size len); /* Pack the unsigned digits of v into array t */ -static int s_vpack(int v, mp_digit t[]); +static int s_vpack(mp_small v, mp_digit t[]); /* Compare magnitudes of a and b, returns <0, 0, >0 */ static int s_ucmp(mp_int a, mp_int b); /* Compare magnitudes of a and v, returns <0, 0, >0 */ -static int s_vcmp(mp_int a, int v); +static int s_vcmp(mp_int a, mp_small v); /* Unsigned magnitude addition; assumes dc is big enough. Carry out is returned (no memory allocated). */ @@ -272,7 +268,7 @@ static int s_dp2k(mp_int z); static int s_isp2(mp_int z); /* Set z to 2^k. May allocate; returns false in case this fails. */ -static int s_2expt(mp_int z, int k); +static int s_2expt(mp_int z, mp_small k); /* Normalize a and b for division, returns normalization constant */ static int s_norm(mp_int a, mp_int b); @@ -410,7 +406,7 @@ mp_result mp_int_init_copy(mp_int z, mp_int old) /* {{{ mp_int_init_value(z, value) */ -mp_result mp_int_init_value(mp_int z, int value) +mp_result mp_int_init_value(mp_int z, mp_small value) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -423,7 +419,7 @@ mp_result mp_int_init_value(mp_int z, int value) /* {{{ mp_int_set_value(z, value) */ -mp_result mp_int_set_value(mp_int z, int value) +mp_result mp_int_set_value(mp_int z, mp_small value) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -589,12 +585,18 @@ mp_result mp_int_add(mp_int a, mp_int b, mp_int c) mp_int x, y; int cmp = s_ucmp(a, b); /* magnitude comparision, sign ignored */ - /* Set x to max(a, b), y to min(a, b) to simplify later code */ - if(cmp >= 0) { - x = a; y = b; - } + /* Set x to max(a, b), y to min(a, b) to simplify later code. + A special case yields zero for equal magnitudes. + */ + if(cmp == 0) { + mp_int_zero(c); + return MP_OK; + } + else if(cmp < 0) { + x = b; y = a; + } else { - x = b; y = a; + x = a; y = b; } if(!s_pad(c, MP_USED(x))) @@ -616,7 +618,7 @@ mp_result mp_int_add(mp_int a, mp_int b, mp_int c) /* {{{ mp_int_add_value(a, value, c) */ -mp_result mp_int_add_value(mp_int a, int value, mp_int c) +mp_result mp_int_add_value(mp_int a, mp_small value, mp_int c) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -694,7 +696,7 @@ mp_result mp_int_sub(mp_int a, mp_int b, mp_int c) /* {{{ mp_int_sub_value(a, value, c) */ -mp_result mp_int_sub_value(mp_int a, int value, mp_int c) +mp_result mp_int_sub_value(mp_int a, mp_small value, mp_int c) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -770,7 +772,7 @@ mp_result mp_int_mul(mp_int a, mp_int b, mp_int c) /* {{{ mp_int_mul_value(a, value, c) */ -mp_result mp_int_mul_value(mp_int a, int value, mp_int c) +mp_result mp_int_mul_value(mp_int a, mp_small value, mp_int c) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -784,7 +786,7 @@ mp_result mp_int_mul_value(mp_int a, int value, mp_int c) /* {{{ mp_int_mul_pow2(a, p2, c) */ -mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c) +mp_result mp_int_mul_pow2(mp_int a, mp_small p2, mp_int c) { mp_result res; CHECK(a != NULL && c != NULL && p2 >= 0); @@ -896,16 +898,22 @@ mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) or to overlap with the inputs. */ if((lg = s_isp2(b)) < 0) { - if(q && b != q && (res = mp_int_copy(a, q)) == MP_OK) { - qout = q; + if(q && b != q) { + if((res = mp_int_copy(a, q)) != MP_OK) + goto CLEANUP; + else + qout = q; } else { qout = TEMP(last); SETUP(mp_int_init_copy(TEMP(last), a), last); } - if(r && a != r && (res = mp_int_copy(b, r)) == MP_OK) { - rout = r; + if(r && a != r) { + if((res = mp_int_copy(b, r)) != MP_OK) + goto CLEANUP; + else + rout = r; } else { rout = TEMP(last); @@ -981,7 +989,7 @@ mp_result mp_int_mod(mp_int a, mp_int m, mp_int c) /* {{{ mp_int_div_value(a, value, q, r) */ -mp_result mp_int_div_value(mp_int a, int value, mp_int q, int *r) +mp_result mp_int_div_value(mp_int a, mp_small value, mp_int q, mp_small *r) { mpz_t vtmp, rtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -1005,7 +1013,7 @@ mp_result mp_int_div_value(mp_int a, int value, mp_int q, int *r) /* {{{ mp_int_div_pow2(a, p2, q, r) */ -mp_result mp_int_div_pow2(mp_int a, int p2, mp_int q, mp_int r) +mp_result mp_int_div_pow2(mp_int a, mp_small p2, mp_int q, mp_int r) { mp_result res = MP_OK; @@ -1024,7 +1032,7 @@ mp_result mp_int_div_pow2(mp_int a, int p2, mp_int q, mp_int r) /* {{{ mp_int_expt(a, b, c) */ -mp_result mp_int_expt(mp_int a, int b, mp_int c) +mp_result mp_int_expt(mp_int a, mp_small b, mp_int c) { mpz_t t; mp_result res; @@ -1058,7 +1066,7 @@ mp_result mp_int_expt(mp_int a, int b, mp_int c) /* {{{ mp_int_expt_value(a, b, c) */ -mp_result mp_int_expt_value(int a, int b, mp_int c) +mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c) { mpz_t t; mp_result res; @@ -1149,7 +1157,7 @@ int mp_int_compare_zero(mp_int z) /* {{{ mp_int_compare_value(z, value) */ -int mp_int_compare_value(mp_int z, int value) +int mp_int_compare_value(mp_int z, mp_small value) { mp_sign vsign = (value < 0) ? MP_NEG : MP_ZPOS; int cmp; @@ -1224,7 +1232,7 @@ mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c) /* {{{ mp_int_exptmod_evalue(a, value, m, c) */ -mp_result mp_int_exptmod_evalue(mp_int a, int value, mp_int m, mp_int c) +mp_result mp_int_exptmod_evalue(mp_int a, mp_small value, mp_int m, mp_int c) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -1238,7 +1246,7 @@ mp_result mp_int_exptmod_evalue(mp_int a, int value, mp_int m, mp_int c) /* {{{ mp_int_exptmod_bvalue(v, b, m, c) */ -mp_result mp_int_exptmod_bvalue(int value, mp_int b, +mp_result mp_int_exptmod_bvalue(mp_small value, mp_int b, mp_int m, mp_int c) { mpz_t vtmp; @@ -1555,11 +1563,45 @@ mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* }}} */ +/* {{{ mp_int_lcm(a, b, c) */ + +mp_result mp_int_lcm(mp_int a, mp_int b, mp_int c) +{ + mpz_t lcm; + mp_result res; + + CHECK(a != NULL && b != NULL && c != NULL); + + /* Since a * b = gcd(a, b) * lcm(a, b), we can compute + lcm(a, b) = (a / gcd(a, b)) * b. + + This formulation insures everything works even if the input + variables share space. + */ + if((res = mp_int_init(&lcm)) != MP_OK) + return res; + if((res = mp_int_gcd(a, b, &lcm)) != MP_OK) + goto CLEANUP; + if((res = mp_int_div(a, &lcm, &lcm, NULL)) != MP_OK) + goto CLEANUP; + if((res = mp_int_mul(&lcm, b, &lcm)) != MP_OK) + goto CLEANUP; + + res = mp_int_copy(&lcm, c); + + CLEANUP: + mp_int_clear(&lcm); + + return res; +} + +/* }}} */ + /* {{{ mp_int_divisible_value(a, v) */ -int mp_int_divisible_value(mp_int a, int v) +int mp_int_divisible_value(mp_int a, mp_small v) { - int rem = 0; + mp_small rem = 0; if(mp_int_div_value(a, v, NULL, &rem) != MP_OK) return 0; @@ -1580,61 +1622,87 @@ int mp_int_is_pow2(mp_int z) /* }}} */ -/* {{{ mp_int_sqrt(a, c) */ +/* {{{ mp_int_root(a, b, c) */ -mp_result mp_int_sqrt(mp_int a, mp_int c) +/* Implementation of Newton's root finding method, based loosely on a + patch contributed by Hal Finkel + modified by M. J. Fromberger. + */ +mp_result mp_int_root(mp_int a, mp_small b, mp_int c) { mp_result res = MP_OK; - mpz_t temp[2]; + mpz_t temp[5]; int last = 0; + int flips = 0; - CHECK(a != NULL && c != NULL); + CHECK(a != NULL && c != NULL && b > 0); - /* The square root of a negative value does not exist in the integers. */ - if(MP_SIGN(a) == MP_NEG) - return MP_UNDEF; + if(b == 1) { + return mp_int_copy(a, c); + } + if(MP_SIGN(a) == MP_NEG) { + if(b % 2 == 0) + return MP_UNDEF; /* root does not exist for negative a with even b */ + else + flips = 1; + } SETUP(mp_int_init_copy(TEMP(last), a), last); + SETUP(mp_int_init_copy(TEMP(last), a), last); + SETUP(mp_int_init(TEMP(last)), last); + SETUP(mp_int_init(TEMP(last)), last); SETUP(mp_int_init(TEMP(last)), last); + (void) mp_int_abs(TEMP(0), TEMP(0)); + (void) mp_int_abs(TEMP(1), TEMP(1)); + for(;;) { - if((res = mp_int_sqr(TEMP(0), TEMP(1))) != MP_OK) + if((res = mp_int_expt(TEMP(1), b, TEMP(2))) != MP_OK) goto CLEANUP; - if(mp_int_compare_unsigned(a, TEMP(1)) == 0) break; + if(mp_int_compare_unsigned(TEMP(2), TEMP(0)) <= 0) + break; - if((res = mp_int_copy(a, TEMP(1))) != MP_OK) + if((res = mp_int_sub(TEMP(2), TEMP(0), TEMP(2))) != MP_OK) goto CLEANUP; - if((res = mp_int_div(TEMP(1), TEMP(0), TEMP(1), NULL)) != MP_OK) + if((res = mp_int_expt(TEMP(1), b - 1, TEMP(3))) != MP_OK) goto CLEANUP; - if((res = mp_int_add(TEMP(0), TEMP(1), TEMP(1))) != MP_OK) + if((res = mp_int_mul_value(TEMP(3), b, TEMP(3))) != MP_OK) goto CLEANUP; - if((res = mp_int_div_pow2(TEMP(1), 1, TEMP(1), NULL)) != MP_OK) + if((res = mp_int_div(TEMP(2), TEMP(3), TEMP(4), NULL)) != MP_OK) + goto CLEANUP; + if((res = mp_int_sub(TEMP(1), TEMP(4), TEMP(4))) != MP_OK) goto CLEANUP; - if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break; - if((res = mp_int_sub_value(TEMP(0), 1, TEMP(0))) != MP_OK) goto CLEANUP; - if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break; - - if((res = mp_int_copy(TEMP(1), TEMP(0))) != MP_OK) goto CLEANUP; + if(mp_int_compare_unsigned(TEMP(1), TEMP(4)) == 0) { + if((res = mp_int_sub_value(TEMP(4), 1, TEMP(4))) != MP_OK) + goto CLEANUP; + } + if((res = mp_int_copy(TEMP(4), TEMP(1))) != MP_OK) + goto CLEANUP; } - res = mp_int_copy(TEMP(0), c); + if((res = mp_int_copy(TEMP(1), c)) != MP_OK) + goto CLEANUP; + + /* If the original value of a was negative, flip the output sign. */ + if(flips) + (void) mp_int_neg(c, c); /* cannot fail */ CLEANUP: while(--last >= 0) mp_int_clear(TEMP(last)); - - return res; + + return res; } /* }}} */ /* {{{ mp_int_to_int(z, out) */ -mp_result mp_int_to_int(mp_int z, int *out) +mp_result mp_int_to_int(mp_int z, mp_small *out) { - unsigned int uv = 0; + mp_usmall uv = 0; mp_size uz; mp_digit *dz; mp_sign sz; @@ -1643,8 +1711,8 @@ mp_result mp_int_to_int(mp_int z, int *out) /* Make sure the value is representable as an int */ sz = MP_SIGN(z); - if((sz == MP_ZPOS && mp_int_compare_value(z, INT_MAX) > 0) || - mp_int_compare_value(z, INT_MIN) < 0) + if((sz == MP_ZPOS && mp_int_compare_value(z, MP_SMALL_MAX) > 0) || + mp_int_compare_value(z, MP_SMALL_MIN) < 0) return MP_RANGE; uz = MP_USED(z); @@ -1657,13 +1725,46 @@ mp_result mp_int_to_int(mp_int z, int *out) } if(out) - *out = (sz == MP_NEG) ? -(int)uv : (int)uv; + *out = (sz == MP_NEG) ? -(mp_small)uv : (mp_small)uv; return MP_OK; } /* }}} */ +/* {{{ mp_int_to_uint(z, *out) */ + +mp_result mp_int_to_uint(mp_int z, mp_usmall *out) +{ + mp_usmall uv = 0; + mp_size uz; + mp_digit *dz; + mp_sign sz; + + CHECK(z != NULL); + + /* Make sure the value is representable as an int */ + sz = MP_SIGN(z); + if(!(sz == MP_ZPOS && mp_int_compare_value(z, UINT_MAX) <= 0)) + return MP_RANGE; + + uz = MP_USED(z); + dz = MP_DIGITS(z) + uz - 1; + + while(uz > 0) { + uv <<= MP_DIGIT_BIT/2; + uv = (uv << (MP_DIGIT_BIT/2)) | *dz--; + --uz; + } + + if(out) + *out = uv; + + return MP_OK; +} + +/* }}} */ + /* {{{ mp_int_to_string(z, radix, str, limit) */ mp_result mp_int_to_string(mp_int z, mp_size radix, @@ -1769,7 +1870,7 @@ mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **e return MP_RANGE; /* Skip leading whitespace */ - while(isspace((unsigned char)*str)) + while(isspace((int)*str)) ++str; /* Handle leading sign tag (+/-, positive default) */ @@ -2091,26 +2192,9 @@ static int s_pad(mp_int z, mp_size min) /* }}} */ -/* {{{ s_clamp(z) */ - -#if TRACEABLE_CLAMP -static void s_clamp(mp_int z) -{ - mp_size uz = MP_USED(z); - mp_digit *zd = MP_DIGITS(z) + uz - 1; - - while(uz > 1 && (*zd-- == 0)) - --uz; - - MP_USED(z) = uz; -} -#endif - -/* }}} */ - /* {{{ s_fake(z, value, vbuf) */ -static void s_fake(mp_int z, int value, mp_digit vbuf[]) +static void s_fake(mp_int z, mp_small value, mp_digit vbuf[]) { mp_size uv = (mp_size) s_vpack(value, vbuf); @@ -2142,9 +2226,9 @@ static int s_cdig(mp_digit *da, mp_digit *db, mp_size len) /* {{{ s_vpack(v, t[]) */ -static int s_vpack(int v, mp_digit t[]) +static int s_vpack(mp_small v, mp_digit t[]) { - unsigned int uv = (unsigned int)((v < 0) ? -v : v); + mp_usmall uv = (mp_usmall) ((v < 0) ? -v : v); int ndig = 0; if(uv == 0) @@ -2180,7 +2264,7 @@ static int s_ucmp(mp_int a, mp_int b) /* {{{ s_vcmp(a, v) */ -static int s_vcmp(mp_int a, int v) +static int s_vcmp(mp_int a, mp_small v) { mp_digit vdig[MP_VALUE_DIGITS(v)]; int ndig = 0; @@ -2814,7 +2898,7 @@ static int s_isp2(mp_int z) /* {{{ s_2expt(z, k) */ -static int s_2expt(mp_int z, int k) +static int s_2expt(mp_int z, mp_small k) { mp_size ndig, rest; mp_digit *dz; @@ -3100,12 +3184,13 @@ static mp_result s_udiv(mp_int a, mp_int b) /* {{{ s_outlen(z, r) */ -/* Precondition: 2 <= r < 64 */ static int s_outlen(mp_int z, mp_size r) { mp_result bits; double raw; + assert(r >= MP_MIN_RADIX && r <= MP_MAX_RADIX); + bits = mp_int_count_bits(z); raw = (double)bits * s_log2[r]; @@ -3135,7 +3220,7 @@ static int s_ch2val(char c, int r) if(isdigit((unsigned char) c)) out = c - '0'; else if(r > 10 && isalpha((unsigned char) c)) - out = toupper((unsigned char)c) - 'A' + 10; + out = toupper(c) - 'A' + 10; else return -1; diff --git a/source/heimdal/lib/hcrypto/imath/imath.h b/source/heimdal/lib/hcrypto/imath/imath.h old mode 100755 new mode 100644 index f13c09d1a2ef..cb877959e98a --- a/source/heimdal/lib/hcrypto/imath/imath.h +++ b/source/heimdal/lib/hcrypto/imath/imath.h @@ -1,8 +1,8 @@ /* Name: imath.h Purpose: Arbitrary precision integer arithmetic routines. - Author: M. J. Fromberger - Info: $Id: imath.h 20764 2007-06-01 03:55:14Z lha $ + Author: M. J. Fromberger + Info: $Id: imath.h 635 2008-01-08 18:19:40Z sting $ Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved. @@ -39,6 +39,8 @@ extern "C" { typedef unsigned char mp_sign; typedef unsigned int mp_size; typedef int mp_result; +typedef long mp_small; /* must be a signed type */ +typedef unsigned long mp_usmall; /* must be an unsigned type */ #ifdef USE_LONG_LONG typedef unsigned int mp_digit; typedef unsigned long long mp_word; @@ -68,9 +70,14 @@ extern const mp_result MP_RANGE; extern const mp_result MP_UNDEF; extern const mp_result MP_TRUNC; extern const mp_result MP_BADARG; +extern const mp_result MP_MINERR; #define MP_DIGIT_BIT (sizeof(mp_digit) * CHAR_BIT) #define MP_WORD_BIT (sizeof(mp_word) * CHAR_BIT) +#define MP_SMALL_MIN LONG_MIN +#define MP_SMALL_MAX LONG_MAX +#define MP_USMALL_MIN ULONG_MIN +#define MP_USMALL_MAX ULONG_MAX #ifdef USE_LONG_LONG # ifndef ULONG_LONG_MAX @@ -108,8 +115,8 @@ mp_result mp_int_init(mp_int z); mp_int mp_int_alloc(void); mp_result mp_int_init_size(mp_int z, mp_size prec); mp_result mp_int_init_copy(mp_int z, mp_int old); -mp_result mp_int_init_value(mp_int z, int value); -mp_result mp_int_set_value(mp_int z, int value); +mp_result mp_int_init_value(mp_int z, mp_small value); +mp_result mp_int_set_value(mp_int z, mp_small value); void mp_int_clear(mp_int z); void mp_int_free(mp_int z); @@ -119,40 +126,40 @@ void mp_int_zero(mp_int z); /* z = 0 */ mp_result mp_int_abs(mp_int a, mp_int c); /* c = |a| */ mp_result mp_int_neg(mp_int a, mp_int c); /* c = -a */ mp_result mp_int_add(mp_int a, mp_int b, mp_int c); /* c = a + b */ -mp_result mp_int_add_value(mp_int a, int value, mp_int c); +mp_result mp_int_add_value(mp_int a, mp_small value, mp_int c); mp_result mp_int_sub(mp_int a, mp_int b, mp_int c); /* c = a - b */ -mp_result mp_int_sub_value(mp_int a, int value, mp_int c); +mp_result mp_int_sub_value(mp_int a, mp_small value, mp_int c); mp_result mp_int_mul(mp_int a, mp_int b, mp_int c); /* c = a * b */ -mp_result mp_int_mul_value(mp_int a, int value, mp_int c); -mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c); +mp_result mp_int_mul_value(mp_int a, mp_small value, mp_int c); +mp_result mp_int_mul_pow2(mp_int a, mp_small p2, mp_int c); mp_result mp_int_sqr(mp_int a, mp_int c); /* c = a * a */ mp_result mp_int_div(mp_int a, mp_int b, /* q = a / b */ mp_int q, mp_int r); /* r = a % b */ -mp_result mp_int_div_value(mp_int a, int value, /* q = a / value */ - mp_int q, int *r); /* r = a % value */ -mp_result mp_int_div_pow2(mp_int a, int p2, /* q = a / 2^p2 */ +mp_result mp_int_div_value(mp_int a, mp_small value, /* q = a / value */ + mp_int q, mp_small *r); /* r = a % value */ +mp_result mp_int_div_pow2(mp_int a, mp_small p2, /* q = a / 2^p2 */ mp_int q, mp_int r); /* r = q % 2^p2 */ mp_result mp_int_mod(mp_int a, mp_int m, mp_int c); /* c = a % m */ #define mp_int_mod_value(A, V, R) mp_int_div_value((A), (V), 0, (R)) -mp_result mp_int_expt(mp_int a, int b, mp_int c); /* c = a^b */ -mp_result mp_int_expt_value(int a, int b, mp_int c); /* c = a^b */ +mp_result mp_int_expt(mp_int a, mp_small b, mp_int c); /* c = a^b */ +mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c); /* c = a^b */ int mp_int_compare(mp_int a, mp_int b); /* a <=> b */ int mp_int_compare_unsigned(mp_int a, mp_int b); /* |a| <=> |b| */ -int mp_int_compare_zero(mp_int z); /* a <=> 0 */ -int mp_int_compare_value(mp_int z, int value); /* a <=> v */ +int mp_int_compare_zero(mp_int z); /* a <=> 0 */ +int mp_int_compare_value(mp_int z, mp_small value); /* a <=> v */ /* Returns true if v|a, false otherwise (including errors) */ -int mp_int_divisible_value(mp_int a, int v); +int mp_int_divisible_value(mp_int a, mp_small v); /* Returns k >= 0 such that z = 2^k, if one exists; otherwise < 0 */ int mp_int_is_pow2(mp_int z); mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c); /* c = a^b (mod m) */ -mp_result mp_int_exptmod_evalue(mp_int a, int value, +mp_result mp_int_exptmod_evalue(mp_int a, mp_small value, mp_int m, mp_int c); /* c = a^v (mod m) */ -mp_result mp_int_exptmod_bvalue(int value, mp_int b, +mp_result mp_int_exptmod_bvalue(mp_small value, mp_int b, mp_int m, mp_int c); /* c = v^b (mod m) */ mp_result mp_int_exptmod_known(mp_int a, mp_int b, mp_int m, mp_int mu, @@ -166,10 +173,14 @@ mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c); /* c = gcd(a, b) */ mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* c = gcd(a, b) */ mp_int x, mp_int y); /* c = ax + by */ -mp_result mp_int_sqrt(mp_int a, mp_int c); /* c = floor(sqrt(q)) */ +mp_result mp_int_lcm(mp_int a, mp_int b, mp_int c); /* c = lcm(a, b) */ -/* Convert to an int, if representable (returns MP_RANGE if not). */ -mp_result mp_int_to_int(mp_int z, int *out); +mp_result mp_int_root(mp_int a, mp_small b, mp_int c); /* c = floor(a^{1/b}) */ +#define mp_int_sqrt(a, c) mp_int_root(a, 2, c) /* c = floor(sqrt(a)) */ + +/* Convert to a small int, if representable; else MP_RANGE */ +mp_result mp_int_to_int(mp_int z, mp_small *out); +mp_result mp_int_to_uint(mp_int z, mp_usmall *out); /* Convert to nul-terminated string with the specified radix, writing at most limit characters including the nul terminator */ diff --git a/source/heimdal/lib/hcrypto/imath/iprime.c b/source/heimdal/lib/hcrypto/imath/iprime.c old mode 100755 new mode 100644 index 6313bab1b711..2bc9e7a6d161 --- a/source/heimdal/lib/hcrypto/imath/iprime.c +++ b/source/heimdal/lib/hcrypto/imath/iprime.c @@ -1,10 +1,10 @@ /* Name: iprime.c Purpose: Pseudoprimality testing routines - Author: M. J. Fromberger - Info: $Id: iprime.c 19737 2007-01-05 21:01:48Z lha $ + Author: M. J. Fromberger + Info: $Id: iprime.c 635 2008-01-08 18:19:40Z sting $ - Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. + Copyright (C) 2002-2008 Michael J. Fromberger, All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files @@ -47,7 +47,9 @@ static const int s_ptab[] = { 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, - 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, + 991, 997 +#ifdef IMATH_LARGE_PRIME_TABLE + , 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, @@ -110,10 +112,10 @@ static const int s_ptab[] = { 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, 4969, 4973, 4987, 4993, 4999 +#endif }; static const int s_ptab_size = sizeof(s_ptab)/sizeof(s_ptab[0]); - /* {{{ mp_int_is_prime(z) */ /* Test whether z is likely to be prime: @@ -122,7 +124,8 @@ static const int s_ptab_size = sizeof(s_ptab)/sizeof(s_ptab[0]); */ mp_result mp_int_is_prime(mp_int z) { - int i, rem; + int i; + mp_small rem; mp_result res; /* First check for divisibility by small primes; this eliminates a diff --git a/source/heimdal/lib/hcrypto/imath/iprime.h b/source/heimdal/lib/hcrypto/imath/iprime.h old mode 100755 new mode 100644 index c935cdc11108..6110dccb5500 --- a/source/heimdal/lib/hcrypto/imath/iprime.h +++ b/source/heimdal/lib/hcrypto/imath/iprime.h @@ -1,10 +1,10 @@ /* Name: iprime.h Purpose: Pseudoprimality testing routines - Author: M. J. Fromberger - Info: $Id: iprime.h 18759 2006-10-21 16:32:36Z lha $ + Author: M. J. Fromberger + Info: $Id: iprime.h 635 2008-01-08 18:19:40Z sting $ - Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. + Copyright (C) 2002-2008 Michael J. Fromberger, All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files diff --git a/source/heimdal/lib/hcrypto/md2.c b/source/heimdal/lib/hcrypto/md2.c index 84b66c225f97..8e4dd6169fb2 100644 --- a/source/heimdal/lib/hcrypto/md2.c +++ b/source/heimdal/lib/hcrypto/md2.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: md2.c 16480 2006-01-08 21:47:29Z lha $"); +RCSID("$Id$"); #endif #include "hash.h" diff --git a/source/heimdal/lib/hcrypto/md2.h b/source/heimdal/lib/hcrypto/md2.h index cf3960b93503..5fd832d5f076 100644 --- a/source/heimdal/lib/hcrypto/md2.h +++ b/source/heimdal/lib/hcrypto/md2.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: md2.h 16480 2006-01-08 21:47:29Z lha $ */ +/* $Id$ */ #ifndef HEIM_MD2_H #define HEIM_MD2_H 1 diff --git a/source/heimdal/lib/hcrypto/md4.c b/source/heimdal/lib/hcrypto/md4.c index 95ab340b48fd..dfdd78c84930 100644 --- a/source/heimdal/lib/hcrypto/md4.c +++ b/source/heimdal/lib/hcrypto/md4.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: md4.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #endif #include "hash.h" diff --git a/source/heimdal/lib/hcrypto/md4.h b/source/heimdal/lib/hcrypto/md4.h index 8725209d02dc..089c329a2986 100644 --- a/source/heimdal/lib/hcrypto/md4.h +++ b/source/heimdal/lib/hcrypto/md4.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: md4.h 17450 2006-05-05 11:11:43Z lha $ */ +/* $Id$ */ #ifndef HEIM_MD4_H #define HEIM_MD4_H 1 diff --git a/source/heimdal/lib/hcrypto/md5.c b/source/heimdal/lib/hcrypto/md5.c index b145fd2ac775..d6149cdc730d 100644 --- a/source/heimdal/lib/hcrypto/md5.c +++ b/source/heimdal/lib/hcrypto/md5.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: md5.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #endif #include "hash.h" diff --git a/source/heimdal/lib/hcrypto/md5.h b/source/heimdal/lib/hcrypto/md5.h index de6bd3a0a692..0689113685fd 100644 --- a/source/heimdal/lib/hcrypto/md5.h +++ b/source/heimdal/lib/hcrypto/md5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: md5.h 17450 2006-05-05 11:11:43Z lha $ */ +/* $Id$ */ #ifndef HEIM_MD5_H #define HEIM_MD5_H 1 diff --git a/source/heimdal/lib/hcrypto/pkcs12.c b/source/heimdal/lib/hcrypto/pkcs12.c index fcf04a73c169..2de482ccc8e1 100644 --- a/source/heimdal/lib/hcrypto/pkcs12.c +++ b/source/heimdal/lib/hcrypto/pkcs12.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: pkcs12.c 23137 2008-04-29 05:46:48Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/hcrypto/pkcs12.h b/source/heimdal/lib/hcrypto/pkcs12.h index eb28b0546795..71ee6ee49fed 100644 --- a/source/heimdal/lib/hcrypto/pkcs12.h +++ b/source/heimdal/lib/hcrypto/pkcs12.h @@ -32,7 +32,7 @@ */ /* - * $Id: pkcs12.h 16564 2006-01-13 15:26:52Z lha $ + * $Id$ */ #ifndef _HEIM_PKCS12_H diff --git a/source/heimdal/lib/hcrypto/pkcs5.c b/source/heimdal/lib/hcrypto/pkcs5.c index 8a8f948abb5a..c44c76df5f70 100644 --- a/source/heimdal/lib/hcrypto/pkcs5.c +++ b/source/heimdal/lib/hcrypto/pkcs5.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: pkcs5.c 23059 2008-04-18 13:04:08Z lha $"); +RCSID("$Id$"); #ifdef KRB5 #include diff --git a/source/heimdal/lib/hcrypto/rand-egd.c b/source/heimdal/lib/hcrypto/rand-egd.c index c1f306bcc3db..0ed06d83dba4 100644 --- a/source/heimdal/lib/hcrypto/rand-egd.c +++ b/source/heimdal/lib/hcrypto/rand-egd.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand-egd.c 23461 2008-07-27 12:14:20Z lha $"); +RCSID("$Id$"); #include #ifdef HAVE_SYS_UN_H diff --git a/source/heimdal/lib/hcrypto/rand-fortuna.c b/source/heimdal/lib/hcrypto/rand-fortuna.c index da59a433b17f..f75ba575cfc0 100644 --- a/source/heimdal/lib/hcrypto/rand-fortuna.c +++ b/source/heimdal/lib/hcrypto/rand-fortuna.c @@ -33,7 +33,7 @@ #include #endif -RCSID("$Id: rand-fortuna.c 23463 2008-07-27 12:15:06Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/hcrypto/rand-unix.c b/source/heimdal/lib/hcrypto/rand-unix.c index 5fb099d72460..eaa81b0f1df1 100644 --- a/source/heimdal/lib/hcrypto/rand-unix.c +++ b/source/heimdal/lib/hcrypto/rand-unix.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand-unix.c 23462 2008-07-27 12:14:42Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/hcrypto/rand.c b/source/heimdal/lib/hcrypto/rand.c index 1561f2ad3936..4278300325e1 100644 --- a/source/heimdal/lib/hcrypto/rand.c +++ b/source/heimdal/lib/hcrypto/rand.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand.c 23464 2008-07-27 12:15:21Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/hcrypto/rand.h b/source/heimdal/lib/hcrypto/rand.h index c8ba2d9a7b81..06e9ba420366 100644 --- a/source/heimdal/lib/hcrypto/rand.h +++ b/source/heimdal/lib/hcrypto/rand.h @@ -33,7 +33,7 @@ */ /* - * $Id: rand.h 20063 2007-01-30 18:30:36Z lha $ + * $Id$ */ #ifndef _HEIM_RAND_H diff --git a/source/heimdal/lib/hcrypto/randi.h b/source/heimdal/lib/hcrypto/randi.h index 6ae75f262b38..7a5eb82c41a3 100644 --- a/source/heimdal/lib/hcrypto/randi.h +++ b/source/heimdal/lib/hcrypto/randi.h @@ -32,7 +32,7 @@ */ /* - * $Id: randi.h 21101 2007-06-18 03:53:46Z lha $ + * $Id$ */ #ifndef _HEIM_RANDI_H diff --git a/source/heimdal/lib/hcrypto/rc2.c b/source/heimdal/lib/hcrypto/rc2.c index 63992be9a90d..e377ca790949 100644 --- a/source/heimdal/lib/hcrypto/rc2.c +++ b/source/heimdal/lib/hcrypto/rc2.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: rc2.c 17022 2006-04-09 17:03:21Z lha $"); +RCSID("$Id$"); #endif #include "rc2.h" diff --git a/source/heimdal/lib/hcrypto/rc2.h b/source/heimdal/lib/hcrypto/rc2.h index 5a2dd2d70533..82b1e5eb3a4f 100644 --- a/source/heimdal/lib/hcrypto/rc2.h +++ b/source/heimdal/lib/hcrypto/rc2.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: rc2.h 16480 2006-01-08 21:47:29Z lha $ */ +/* $Id$ */ /* symbol renaming */ #define RC2_set_key hc_RC2_set_key diff --git a/source/heimdal/lib/hcrypto/rc4.c b/source/heimdal/lib/hcrypto/rc4.c index edaf37ddc420..7b97ab194700 100644 --- a/source/heimdal/lib/hcrypto/rc4.c +++ b/source/heimdal/lib/hcrypto/rc4.c @@ -36,7 +36,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rc4.c 13640 2004-03-25 16:40:59Z lha $"); +RCSID("$Id$"); #endif #include diff --git a/source/heimdal/lib/hcrypto/rc4.h b/source/heimdal/lib/hcrypto/rc4.h index 1ab25f59e66b..c7cbc0df331d 100644 --- a/source/heimdal/lib/hcrypto/rc4.h +++ b/source/heimdal/lib/hcrypto/rc4.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: rc4.h 16480 2006-01-08 21:47:29Z lha $ */ +/* $Id$ */ /* symbol renaming */ #define RC4_set_key hc_RC4_set_key diff --git a/source/heimdal/lib/hcrypto/rijndael-alg-fst.c b/source/heimdal/lib/hcrypto/rijndael-alg-fst.c index c6330d27e457..57f13177dfc0 100644 --- a/source/heimdal/lib/hcrypto/rijndael-alg-fst.c +++ b/source/heimdal/lib/hcrypto/rijndael-alg-fst.c @@ -31,7 +31,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rijndael-alg-fst.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #endif #ifdef KRB5 diff --git a/source/heimdal/lib/hcrypto/rnd_keys.c b/source/heimdal/lib/hcrypto/rnd_keys.c index 0fd64af3b5de..57dc7c373fe2 100644 --- a/source/heimdal/lib/hcrypto/rnd_keys.c +++ b/source/heimdal/lib/hcrypto/rnd_keys.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rnd_keys.c 23093 2008-04-27 18:49:51Z lha $"); +RCSID("$Id$"); #endif #define HC_DEPRECATED diff --git a/source/heimdal/lib/hcrypto/rsa-imath.c b/source/heimdal/lib/hcrypto/rsa-imath.c index 74093ff7ba0e..4926a0c4e080 100644 --- a/source/heimdal/lib/hcrypto/rsa-imath.c +++ b/source/heimdal/lib/hcrypto/rsa-imath.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rsa-imath.c 21154 2007-06-18 21:58:12Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/hcrypto/rsa.c b/source/heimdal/lib/hcrypto/rsa.c index 270857d1759e..da773a44b343 100644 --- a/source/heimdal/lib/hcrypto/rsa.c +++ b/source/heimdal/lib/hcrypto/rsa.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rsa.c 22422 2008-01-13 09:43:59Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source/heimdal/lib/hcrypto/rsa.h b/source/heimdal/lib/hcrypto/rsa.h index 0f54ca0a4dd0..3fa82fce7da5 100644 --- a/source/heimdal/lib/hcrypto/rsa.h +++ b/source/heimdal/lib/hcrypto/rsa.h @@ -32,7 +32,7 @@ */ /* - * $Id: rsa.h 22269 2007-12-11 10:59:22Z lha $ + * $Id$ */ #ifndef _HEIM_RSA_H diff --git a/source/heimdal/lib/hcrypto/sha.c b/source/heimdal/lib/hcrypto/sha.c index a264f53f33f1..24b3e42f9b00 100644 --- a/source/heimdal/lib/hcrypto/sha.c +++ b/source/heimdal/lib/hcrypto/sha.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: sha.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #endif #include "hash.h" diff --git a/source/heimdal/lib/hcrypto/sha.h b/source/heimdal/lib/hcrypto/sha.h index 70fc20e222af..50650f50fa22 100644 --- a/source/heimdal/lib/hcrypto/sha.h +++ b/source/heimdal/lib/hcrypto/sha.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: sha.h 17450 2006-05-05 11:11:43Z lha $ */ +/* $Id$ */ #ifndef HEIM_SHA_H #define HEIM_SHA_H 1 diff --git a/source/heimdal/lib/hcrypto/sha256.c b/source/heimdal/lib/hcrypto/sha256.c index b95442eff62a..ba662393a81c 100644 --- a/source/heimdal/lib/hcrypto/sha256.c +++ b/source/heimdal/lib/hcrypto/sha256.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: sha256.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #endif #include "hash.h" diff --git a/source/heimdal/lib/hcrypto/ui.c b/source/heimdal/lib/hcrypto/ui.c index 8c3ea1fa1561..05f44bc6694b 100644 --- a/source/heimdal/lib/hcrypto/ui.c +++ b/source/heimdal/lib/hcrypto/ui.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: ui.c 23466 2008-07-27 12:16:15Z lha $"); +RCSID("$Id$"); #endif #include diff --git a/source/heimdal/lib/hcrypto/ui.h b/source/heimdal/lib/hcrypto/ui.h index 53926cc1f7a1..f13f75c7590b 100644 --- a/source/heimdal/lib/hcrypto/ui.h +++ b/source/heimdal/lib/hcrypto/ui.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: ui.h 16480 2006-01-08 21:47:29Z lha $ */ +/* $Id$ */ #ifndef _HEIM_UI_H #define _HEIM_UI_H 1 diff --git a/source/heimdal/lib/hdb/db.c b/source/heimdal/lib/hdb/db.c index cb2822643107..a598e9e1a483 100644 --- a/source/heimdal/lib/hdb/db.c +++ b/source/heimdal/lib/hdb/db.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: db.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #if HAVE_DB1 diff --git a/source/heimdal/lib/hdb/dbinfo.c b/source/heimdal/lib/hdb/dbinfo.c index e99f72050dfb..67b9fc6ecf9f 100644 --- a/source/heimdal/lib/hdb/dbinfo.c +++ b/source/heimdal/lib/hdb/dbinfo.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: dbinfo.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct hdb_dbinfo { char *label; diff --git a/source/heimdal/lib/hdb/ext.c b/source/heimdal/lib/hdb/ext.c index 30e15efb2750..92147254ee6e 100644 --- a/source/heimdal/lib/hdb/ext.c +++ b/source/heimdal/lib/hdb/ext.c @@ -34,7 +34,7 @@ #include "hdb_locl.h" #include -RCSID("$Id: ext.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) diff --git a/source/heimdal/lib/hdb/hdb.asn1 b/source/heimdal/lib/hdb/hdb.asn1 index acd8f61d7e8f..5cddf8f1d053 100644 --- a/source/heimdal/lib/hdb/hdb.asn1 +++ b/source/heimdal/lib/hdb/hdb.asn1 @@ -1,4 +1,4 @@ --- $Id: hdb.asn1 20236 2007-02-16 23:52:29Z lha $ +-- $Id$ HDB DEFINITIONS ::= BEGIN diff --git a/source/heimdal/lib/hdb/hdb.c b/source/heimdal/lib/hdb/hdb.c index 3da980a81f7b..3fddabb2d08d 100644 --- a/source/heimdal/lib/hdb/hdb.c +++ b/source/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #ifdef HAVE_DLFCN_H #include @@ -55,9 +55,6 @@ static struct hdb_method methods[] = { {"ldap:", hdb_ldap_create}, {"ldapi:", hdb_ldapi_create}, #endif -#ifdef _SAMBA_BUILD_ - {"ldb:", hdb_ldb_create}, -#endif #ifdef HAVE_LDB /* Used for integrated samba build */ {"ldb:", hdb_ldb_create}, #endif diff --git a/source/heimdal/lib/hdb/hdb.h b/source/heimdal/lib/hdb/hdb.h index 742b92405d45..bc1b744015cb 100644 --- a/source/heimdal/lib/hdb/hdb.h +++ b/source/heimdal/lib/hdb/hdb.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb.h 22198 2007-12-07 13:09:25Z lha $ */ +/* $Id$ */ #ifndef __HDB_H__ #define __HDB_H__ diff --git a/source/heimdal/lib/hdb/hdb_err.et b/source/heimdal/lib/hdb/hdb_err.et index 5c5b80bb3660..64f79fc84e67 100644 --- a/source/heimdal/lib/hdb/hdb_err.et +++ b/source/heimdal/lib/hdb/hdb_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: hdb_err.et 15878 2005-08-11 13:17:22Z lha $" +id "$Id$" error_table hdb diff --git a/source/heimdal/lib/hdb/hdb_locl.h b/source/heimdal/lib/hdb/hdb_locl.h index 8f9d6fc4c2b6..9229146d0450 100644 --- a/source/heimdal/lib/hdb/hdb_locl.h +++ b/source/heimdal/lib/hdb/hdb_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */ +/* $Id$ */ #ifndef __HDB_LOCL_H__ #define __HDB_LOCL_H__ @@ -67,11 +67,4 @@ #define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal" #define HDB_DB_FORMAT_ENTRY "hdb/db-format" -krb5_error_code -hdb_ldb_create ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*arg*/); - - #endif /* __HDB_LOCL_H__ */ diff --git a/source/heimdal/lib/hdb/keys.c b/source/heimdal/lib/hdb/keys.c index e689ae102034..e649f445e0ad 100644 --- a/source/heimdal/lib/hdb/keys.c +++ b/source/heimdal/lib/hdb/keys.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: keys.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * free all the memory used by (len, keys) @@ -68,11 +68,13 @@ hdb_free_keys (krb5_context context, int len, Key *keys) * afs or afs3 == des:afs3-salt */ -/* the 3 DES types must be first */ -static const krb5_enctype all_etypes[] = { +static const krb5_enctype des_etypes[] = { ETYPE_DES_CBC_MD5, ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC, + ETYPE_DES_CBC_CRC +}; + +static const krb5_enctype all_etypes[] = { ETYPE_AES256_CTS_HMAC_SHA1_96, ETYPE_ARCFOUR_HMAC_MD5, ETYPE_DES3_CBC_SHA1 @@ -110,8 +112,8 @@ parse_key_set(krb5_context context, const char *key, /* XXX there should be a string_to_etypes handling special cases like `des' and `all' */ if(strcmp(buf[i], "des") == 0) { - enctypes = all_etypes; - num_enctypes = 3; + enctypes = des_etypes; + num_enctypes = sizeof(des_etypes)/sizeof(des_etypes[0]); } else if(strcmp(buf[i], "des3") == 0) { e = ETYPE_DES3_CBC_SHA1; enctypes = &e; @@ -139,8 +141,8 @@ parse_key_set(krb5_context context, const char *key, salt->salttype = KRB5_PW_SALT; } else if(strcmp(buf[i], "afs3-salt") == 0) { if(enctypes == NULL) { - enctypes = all_etypes; - num_enctypes = 3; + enctypes = des_etypes; + num_enctypes = sizeof(des_etypes)/sizeof(des_etypes[0]); } salt->salttype = KRB5_AFS3_SALT; } diff --git a/source/heimdal/lib/hdb/keytab.c b/source/heimdal/lib/hdb/keytab.c index dc4ccf7678f5..b2d1fec3d221 100644 --- a/source/heimdal/lib/hdb/keytab.c +++ b/source/heimdal/lib/hdb/keytab.c @@ -35,7 +35,7 @@ /* keytab backend for HDB databases */ -RCSID("$Id: keytab.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct hdb_data { char *dbname; diff --git a/source/heimdal/lib/hdb/mkey.c b/source/heimdal/lib/hdb/mkey.c index 04cb42388982..7d2958b4acee 100644 --- a/source/heimdal/lib/hdb/mkey.c +++ b/source/heimdal/lib/hdb/mkey.c @@ -36,7 +36,7 @@ #define O_BINARY 0 #endif -RCSID("$Id: mkey.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct hdb_master_key_data { krb5_keytab_entry keytab; diff --git a/source/heimdal/lib/hdb/ndbm.c b/source/heimdal/lib/hdb/ndbm.c index e1e8aacf87f9..c4fc52e17f64 100644 --- a/source/heimdal/lib/hdb/ndbm.c +++ b/source/heimdal/lib/hdb/ndbm.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: ndbm.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #if HAVE_NDBM diff --git a/source/heimdal/lib/hx509/ca.c b/source/heimdal/lib/hx509/ca.c index 55374321ea50..5b4d7711e7a8 100644 --- a/source/heimdal/lib/hx509/ca.c +++ b/source/heimdal/lib/hx509/ca.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: ca.c 22995 2008-04-15 19:31:29Z lha $"); +RCSID("$Id$"); /** * @page page_ca Hx509 CA functions diff --git a/source/heimdal/lib/hx509/cert.c b/source/heimdal/lib/hx509/cert.c index 3194526e3456..3597896c0c63 100644 --- a/source/heimdal/lib/hx509/cert.c +++ b/source/heimdal/lib/hx509/cert.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cert.c 23457 2008-07-27 12:12:56Z lha $"); +RCSID("$Id$"); #include "crypto-headers.h" #include diff --git a/source/heimdal/lib/hx509/cms.c b/source/heimdal/lib/hx509/cms.c index 69e7730f3c85..629060a25368 100644 --- a/source/heimdal/lib/hx509/cms.c +++ b/source/heimdal/lib/hx509/cms.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cms.c 23268 2008-06-23 03:23:47Z lha $"); +RCSID("$Id$"); /** * @page page_cms CMS/PKCS7 message functions. diff --git a/source/heimdal/lib/hx509/collector.c b/source/heimdal/lib/hx509/collector.c index 8b6ffcb94567..d8212927e6f9 100644 --- a/source/heimdal/lib/hx509/collector.c +++ b/source/heimdal/lib/hx509/collector.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: collector.c 20778 2007-06-01 22:04:13Z lha $"); +RCSID("$Id$"); struct private_key { AlgorithmIdentifier alg; diff --git a/source/heimdal/lib/hx509/crmf.asn1 b/source/heimdal/lib/hx509/crmf.asn1 index 97ade264ae2c..3d8403c8e86a 100644 --- a/source/heimdal/lib/hx509/crmf.asn1 +++ b/source/heimdal/lib/hx509/crmf.asn1 @@ -1,4 +1,4 @@ --- $Id: crmf.asn1 17102 2006-04-18 13:05:21Z lha $ +-- $Id$ PKCS10 DEFINITIONS ::= BEGIN diff --git a/source/heimdal/lib/hx509/crypto.c b/source/heimdal/lib/hx509/crypto.c index 9334a4a8474b..e16977c6bfeb 100644 --- a/source/heimdal/lib/hx509/crypto.c +++ b/source/heimdal/lib/hx509/crypto.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: crypto.c 22855 2008-04-07 18:49:24Z lha $"); +RCSID("$Id$"); struct hx509_crypto; diff --git a/source/heimdal/lib/hx509/env.c b/source/heimdal/lib/hx509/env.c index a124e6ea1c35..9d771c506fe6 100644 --- a/source/heimdal/lib/hx509/env.c +++ b/source/heimdal/lib/hx509/env.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: env.c 22677 2008-03-13 17:35:49Z lha $"); +RCSID("$Id$"); /** * @page page_env Hx509 enviroment functions diff --git a/source/heimdal/lib/hx509/error.c b/source/heimdal/lib/hx509/error.c index 25119ed28830..9eeecb227c32 100644 --- a/source/heimdal/lib/hx509/error.c +++ b/source/heimdal/lib/hx509/error.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: error.c 22332 2007-12-17 01:03:22Z lha $"); +RCSID("$Id$"); /** * @page page_error Hx509 error reporting functions diff --git a/source/heimdal/lib/hx509/hx509.h b/source/heimdal/lib/hx509/hx509.h index d2a6b06e0c63..289f8d04a72c 100644 --- a/source/heimdal/lib/hx509/hx509.h +++ b/source/heimdal/lib/hx509/hx509.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx509.h 22908 2008-04-08 08:16:32Z lha $ */ +/* $Id$ */ #ifndef HEIMDAL_HX509_H #define HEIMDAL_HX509_H 1 diff --git a/source/heimdal/lib/hx509/hx509_err.et b/source/heimdal/lib/hx509/hx509_err.et index 8fc5cb8f2f7e..c1dfaf587e69 100644 --- a/source/heimdal/lib/hx509/hx509_err.et +++ b/source/heimdal/lib/hx509/hx509_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: hx509_err.et 22329 2007-12-15 05:13:14Z lha $" +id "$Id$" error_table hx prefix HX509 diff --git a/source/heimdal/lib/hx509/hx_locl.h b/source/heimdal/lib/hx509/hx_locl.h index d2db3354c7f4..4cf7a54e13d0 100644 --- a/source/heimdal/lib/hx509/hx_locl.h +++ b/source/heimdal/lib/hx509/hx_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx_locl.h 23189 2008-05-23 15:04:27Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include @@ -69,6 +69,7 @@ #include +#define HC_DEPRECATED_CRYPTO #include "crypto-headers.h" struct hx509_keyset_ops; diff --git a/source/heimdal/lib/hx509/keyset.c b/source/heimdal/lib/hx509/keyset.c index 1fceb849ec85..bb36221affdf 100644 --- a/source/heimdal/lib/hx509/keyset.c +++ b/source/heimdal/lib/hx509/keyset.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: keyset.c 22851 2008-04-07 18:49:07Z lha $"); +RCSID("$Id$"); /** * @page page_keyset Certificate store operations diff --git a/source/heimdal/lib/hx509/ks_dir.c b/source/heimdal/lib/hx509/ks_dir.c index 0dabc78c52f9..17a3ae4745c5 100644 --- a/source/heimdal/lib/hx509/ks_dir.c +++ b/source/heimdal/lib/hx509/ks_dir.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_dir.c 23460 2008-07-27 12:14:03Z lha $"); +RCSID("$Id$"); #include /* diff --git a/source/heimdal/lib/hx509/ks_file.c b/source/heimdal/lib/hx509/ks_file.c index 25ceb1c64f91..bb8dce3a4e3e 100644 --- a/source/heimdal/lib/hx509/ks_file.c +++ b/source/heimdal/lib/hx509/ks_file.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_file.c 23459 2008-07-27 12:13:31Z lha $"); +RCSID("$Id$"); typedef enum { USE_PEM, USE_DER } outformat; diff --git a/source/heimdal/lib/hx509/ks_keychain.c b/source/heimdal/lib/hx509/ks_keychain.c index f8181975d9d5..e51b0ab6a0ba 100644 --- a/source/heimdal/lib/hx509/ks_keychain.c +++ b/source/heimdal/lib/hx509/ks_keychain.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_keychain.c 22084 2007-11-16 20:12:30Z lha $"); +RCSID("$Id$"); #ifdef HAVE_FRAMEWORK_SECURITY diff --git a/source/heimdal/lib/hx509/ks_mem.c b/source/heimdal/lib/hx509/ks_mem.c index efa19eb19c54..043f19b3e4dd 100644 --- a/source/heimdal/lib/hx509/ks_mem.c +++ b/source/heimdal/lib/hx509/ks_mem.c @@ -195,8 +195,8 @@ mem_addkey(hx509_context context, return ENOMEM; } mem->keys = ptr; - mem->keys[i++] = _hx509_private_key_ref(key); - mem->keys[i++] = NULL; + mem->keys[i] = _hx509_private_key_ref(key); + mem->keys[i + 1] = NULL; return 0; } diff --git a/source/heimdal/lib/hx509/ks_null.c b/source/heimdal/lib/hx509/ks_null.c index 3be259fc6052..0b571c840669 100644 --- a/source/heimdal/lib/hx509/ks_null.c +++ b/source/heimdal/lib/hx509/ks_null.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_null.c 20901 2007-06-04 23:14:08Z lha $"); +RCSID("$Id$"); static int diff --git a/source/heimdal/lib/hx509/ks_p11.c b/source/heimdal/lib/hx509/ks_p11.c index bf46e6604e50..19db6004ce40 100644 --- a/source/heimdal/lib/hx509/ks_p11.c +++ b/source/heimdal/lib/hx509/ks_p11.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p11.c 22899 2008-04-07 18:52:36Z lha $"); +RCSID("$Id$"); #ifdef HAVE_DLFCN_H #include #endif @@ -503,7 +503,7 @@ iterate_entries(hx509_context context, { CK_OBJECT_HANDLE object; CK_ULONG object_count; - int ret, i; + int ret, ret2, i; ret = P11FUNC(p, FindObjectsInit, (session, search_data, num_search_data)); if (ret != CKR_OK) { @@ -557,13 +557,12 @@ iterate_entries(hx509_context context, query[i].pValue = NULL; } - ret = P11FUNC(p, FindObjectsFinal, (session)); - if (ret != CKR_OK) { - return -2; + ret2 = P11FUNC(p, FindObjectsFinal, (session)); + if (ret2 != CKR_OK) { + return ret2; } - - return 0; + return ret; } static BIGNUM * diff --git a/source/heimdal/lib/hx509/ks_p12.c b/source/heimdal/lib/hx509/ks_p12.c index 3ab824a330ea..53590c768cf5 100644 --- a/source/heimdal/lib/hx509/ks_p12.c +++ b/source/heimdal/lib/hx509/ks_p12.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p12.c 23413 2008-07-26 18:34:53Z lha $"); +RCSID("$Id$"); struct ks_pkcs12 { hx509_certs certs; diff --git a/source/heimdal/lib/hx509/lock.c b/source/heimdal/lib/hx509/lock.c index e835aee35af0..df1acea042f3 100644 --- a/source/heimdal/lib/hx509/lock.c +++ b/source/heimdal/lib/hx509/lock.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: lock.c 22327 2007-12-15 04:49:37Z lha $"); +RCSID("$Id$"); /** * @page page_lock Locking and unlocking certificates and encrypted data. diff --git a/source/heimdal/lib/hx509/name.c b/source/heimdal/lib/hx509/name.c index ccc33a3e5533..a34e09e8474a 100644 --- a/source/heimdal/lib/hx509/name.c +++ b/source/heimdal/lib/hx509/name.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: name.c 22677 2008-03-13 17:35:49Z lha $"); +RCSID("$Id$"); /** * @page page_name PKIX/X.509 Names diff --git a/source/heimdal/lib/hx509/ocsp.asn1 b/source/heimdal/lib/hx509/ocsp.asn1 index d8ecd66ccf70..eb090a4cc768 100644 --- a/source/heimdal/lib/hx509/ocsp.asn1 +++ b/source/heimdal/lib/hx509/ocsp.asn1 @@ -1,5 +1,5 @@ -- From rfc2560 --- $Id: ocsp.asn1 19576 2006-12-30 12:40:43Z lha $ +-- $Id$ OCSP DEFINITIONS EXPLICIT TAGS::= BEGIN diff --git a/source/heimdal/lib/hx509/peer.c b/source/heimdal/lib/hx509/peer.c index eb0ecd2bdefb..9845ce051f36 100644 --- a/source/heimdal/lib/hx509/peer.c +++ b/source/heimdal/lib/hx509/peer.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: peer.c 22345 2007-12-26 19:03:51Z lha $"); +RCSID("$Id$"); /** * @page page_peer Hx509 crypto selecting functions diff --git a/source/heimdal/lib/hx509/pkcs10.asn1 b/source/heimdal/lib/hx509/pkcs10.asn1 index 518fe3bfa36a..f3fe37b1bf9e 100644 --- a/source/heimdal/lib/hx509/pkcs10.asn1 +++ b/source/heimdal/lib/hx509/pkcs10.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs10.asn1 16918 2006-04-01 09:46:57Z lha $ +-- $Id$ PKCS10 DEFINITIONS ::= BEGIN diff --git a/source/heimdal/lib/hx509/print.c b/source/heimdal/lib/hx509/print.c index c1594ff04764..92d78119092e 100644 --- a/source/heimdal/lib/hx509/print.c +++ b/source/heimdal/lib/hx509/print.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: print.c 22538 2008-01-27 13:05:47Z lha $"); +RCSID("$Id$"); /** * @page page_print Hx509 printing functions diff --git a/source/heimdal/lib/hx509/req.c b/source/heimdal/lib/hx509/req.c index f374044ca670..1ffa0a53cf65 100644 --- a/source/heimdal/lib/hx509/req.c +++ b/source/heimdal/lib/hx509/req.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: req.c 23413 2008-07-26 18:34:53Z lha $"); +RCSID("$Id$"); struct hx509_request_data { hx509_name name; diff --git a/source/heimdal/lib/hx509/revoke.c b/source/heimdal/lib/hx509/revoke.c index 8325c4723d7e..a36ec964d23a 100644 --- a/source/heimdal/lib/hx509/revoke.c +++ b/source/heimdal/lib/hx509/revoke.c @@ -50,7 +50,7 @@ */ #include "hx_locl.h" -RCSID("$Id: revoke.c 23413 2008-07-26 18:34:53Z lha $"); +RCSID("$Id$"); struct revoke_crl { char *path; @@ -1515,10 +1515,13 @@ hx509_crl_sign(hx509_context context, &c.signatureAlgorithm, &c.signatureValue); free(os->data); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to sign CRL"); + goto out; + } ASN1_MALLOC_ENCODE(CRLCertificateList, os->data, os->length, &c, &size, ret); - free_CRLCertificateList(&c); if (ret) { hx509_set_error_string(context, 0, ret, "failed to encode CRL"); goto out; @@ -1526,6 +1529,8 @@ hx509_crl_sign(hx509_context context, if (size != os->length) _hx509_abort("internal ASN.1 encoder error"); + free_CRLCertificateList(&c); + return 0; out: diff --git a/source/heimdal/lib/hx509/test_name.c b/source/heimdal/lib/hx509/test_name.c index 6dcf542d0186..7326fe632a85 100644 --- a/source/heimdal/lib/hx509/test_name.c +++ b/source/heimdal/lib/hx509/test_name.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: test_name.c 22677 2008-03-13 17:35:49Z lha $"); +RCSID("$Id$"); static int test_name(hx509_context context, const char *name) diff --git a/source/heimdal/lib/krb5/acache.c b/source/heimdal/lib/krb5/acache.c index 8dd868700532..fb38abedfd25 100644 --- a/source/heimdal/lib/krb5/acache.c +++ b/source/heimdal/lib/krb5/acache.c @@ -37,7 +37,7 @@ #include #endif -RCSID("$Id: acache.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; diff --git a/source/heimdal/lib/krb5/add_et_list.c b/source/heimdal/lib/krb5/add_et_list.c index 5455d8ac9948..e61f775eefa0 100644 --- a/source/heimdal/lib/krb5/add_et_list.c +++ b/source/heimdal/lib/krb5/add_et_list.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: add_et_list.c 22603 2008-02-21 18:44:57Z lha $"); +RCSID("$Id$"); /** * Add a specified list of error messages to the et list in context. diff --git a/source/heimdal/lib/krb5/addr_families.c b/source/heimdal/lib/krb5/addr_families.c index 40abd874ccd6..dcb9a9715424 100644 --- a/source/heimdal/lib/krb5/addr_families.c +++ b/source/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct addr_operations { int af; diff --git a/source/heimdal/lib/krb5/appdefault.c b/source/heimdal/lib/krb5/appdefault.c index b0bb171f4a14..a5b6e67e3092 100644 --- a/source/heimdal/lib/krb5/appdefault.c +++ b/source/heimdal/lib/krb5/appdefault.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: appdefault.c 14465 2005-01-05 05:40:59Z lukeh $"); +RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_appdefault_boolean(krb5_context context, const char *appname, diff --git a/source/heimdal/lib/krb5/asn1_glue.c b/source/heimdal/lib/krb5/asn1_glue.c index b3f775b4bea3..84c9cd8b680e 100644 --- a/source/heimdal/lib/krb5/asn1_glue.c +++ b/source/heimdal/lib/krb5/asn1_glue.c @@ -37,7 +37,7 @@ #include "krb5_locl.h" -RCSID("$Id: asn1_glue.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION _krb5_principal2principalname (PrincipalName *p, diff --git a/source/heimdal/lib/krb5/auth_context.c b/source/heimdal/lib/krb5/auth_context.c index e4fb50e5b820..cbb186d6c388 100644 --- a/source/heimdal/lib/krb5/auth_context.c +++ b/source/heimdal/lib/krb5/auth_context.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c 23273 2008-06-23 03:25:00Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_auth_con_init(krb5_context context, diff --git a/source/heimdal/lib/krb5/build_ap_req.c b/source/heimdal/lib/krb5/build_ap_req.c index b1968fe817b7..92051ba68a5d 100644 --- a/source/heimdal/lib/krb5/build_ap_req.c +++ b/source/heimdal/lib/krb5/build_ap_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: build_ap_req.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_build_ap_req (krb5_context context, diff --git a/source/heimdal/lib/krb5/build_auth.c b/source/heimdal/lib/krb5/build_auth.c index fe3a5f523c0d..eb106dc23f99 100644 --- a/source/heimdal/lib/krb5/build_auth.c +++ b/source/heimdal/lib/krb5/build_auth.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: build_auth.c 23273 2008-06-23 03:25:00Z lha $"); +RCSID("$Id$"); static krb5_error_code make_etypelist(krb5_context context, diff --git a/source/heimdal/lib/krb5/cache.c b/source/heimdal/lib/krb5/cache.c index 34bfb4a350f5..02db405f7ef9 100644 --- a/source/heimdal/lib/krb5/cache.c +++ b/source/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c 23417 2008-07-26 18:36:33Z lha $"); +RCSID("$Id$"); /** * Add a new ccache type with operations `ops', overwriting any diff --git a/source/heimdal/lib/krb5/changepw.c b/source/heimdal/lib/krb5/changepw.c index ac1a2d312ec6..d57ed9e3b8d3 100644 --- a/source/heimdal/lib/krb5/changepw.c +++ b/source/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: changepw.c 23445 2008-07-27 12:08:03Z lha $"); +RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) @@ -577,7 +577,7 @@ change_password_loop (krb5_context context, for (a = ai; !done && a != NULL; a = a->ai_next) { int replied = 0; - sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); if (sock < 0) continue; rk_cloexec(sock); diff --git a/source/heimdal/lib/krb5/codec.c b/source/heimdal/lib/krb5/codec.c index 0d36b4b44268..478f77ecef81 100644 --- a/source/heimdal/lib/krb5/codec.c +++ b/source/heimdal/lib/krb5/codec.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: codec.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_decode_EncTicketPart (krb5_context context, diff --git a/source/heimdal/lib/krb5/config_file.c b/source/heimdal/lib/krb5/config_file.c index bf3c43239770..f7f7957b042e 100644 --- a/source/heimdal/lib/krb5/config_file.c +++ b/source/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); #ifndef HAVE_NETINFO diff --git a/source/heimdal/lib/krb5/config_file_netinfo.c b/source/heimdal/lib/krb5/config_file_netinfo.c index 1e01e7c5ffbc..d51739ae376c 100644 --- a/source/heimdal/lib/krb5/config_file_netinfo.c +++ b/source/heimdal/lib/krb5/config_file_netinfo.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file_netinfo.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); /* * Netinfo implementation from Luke Howard diff --git a/source/heimdal/lib/krb5/constants.c b/source/heimdal/lib/krb5/constants.c index 8fffb0f4028d..dc96bcb632a8 100644 --- a/source/heimdal/lib/krb5/constants.c +++ b/source/heimdal/lib/krb5/constants.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: constants.c 23026 2008-04-17 10:02:03Z lha $"); +RCSID("$Id$"); KRB5_LIB_VARIABLE const char *krb5_config_file = #ifdef __APPLE__ diff --git a/source/heimdal/lib/krb5/context.c b/source/heimdal/lib/krb5/context.c index 9f17b8c205ad..358ab20349d8 100644 --- a/source/heimdal/lib/krb5/context.c +++ b/source/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: context.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -192,6 +192,19 @@ init_context_from_config_file(krb5_context context) INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac"); context->default_cc_name = NULL; context->default_cc_name_set = 0; + + ret = krb5_config_get_bool_default(context, NULL, FALSE, + "libdefaults", + "allow_weak_crypto", NULL); + if (ret) { + krb5_enctype_enable(context, ETYPE_DES_CBC_CRC); + krb5_enctype_enable(context, ETYPE_DES_CBC_MD4); + krb5_enctype_enable(context, ETYPE_DES_CBC_MD5); + krb5_enctype_enable(context, ETYPE_DES_CBC_NONE); + krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE); + krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE); + } + return 0; } diff --git a/source/heimdal/lib/krb5/convert_creds.c b/source/heimdal/lib/krb5/convert_creds.c index 07943efb2893..d74f1212078d 100644 --- a/source/heimdal/lib/krb5/convert_creds.c +++ b/source/heimdal/lib/krb5/convert_creds.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); #include "krb5-v4compat.h" diff --git a/source/heimdal/lib/krb5/copy_host_realm.c b/source/heimdal/lib/krb5/copy_host_realm.c index cbe333850cb9..db06e56fb67c 100644 --- a/source/heimdal/lib/krb5/copy_host_realm.c +++ b/source/heimdal/lib/krb5/copy_host_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: copy_host_realm.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /** * Copy the list of realms from `from' to `to'. diff --git a/source/heimdal/lib/krb5/crc.c b/source/heimdal/lib/krb5/crc.c index e8ddecf7babb..cdb40b81106c 100644 --- a/source/heimdal/lib/krb5/crc.c +++ b/source/heimdal/lib/krb5/crc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: crc.c 22862 2008-04-07 18:49:55Z lha $"); +RCSID("$Id$"); static u_long table[256]; diff --git a/source/heimdal/lib/krb5/creds.c b/source/heimdal/lib/krb5/creds.c index 938ec294a45c..d194041766ea 100644 --- a/source/heimdal/lib/krb5/creds.c +++ b/source/heimdal/lib/krb5/creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: creds.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) diff --git a/source/heimdal/lib/krb5/crypto.c b/source/heimdal/lib/krb5/crypto.c index e91cb9391a64..66756477360a 100644 --- a/source/heimdal/lib/krb5/crypto.c +++ b/source/heimdal/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,15 +32,25 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c 23454 2008-07-27 12:11:44Z lha $"); +RCSID("$Id$"); #include -#undef CRYPTO_DEBUG -#ifdef CRYPTO_DEBUG -static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*); +#undef __attribute__ +#define __attribute__(X) + +#ifndef HEIMDAL_SMALLER +#define WEAK_ENCTYPES 1 +#define DES3_OLD_ENCTYPE 1 #endif +#ifdef HAVE_OPENSSL /* XXX forward decl for hcrypto glue */ +const EVP_CIPHER * _krb5_EVP_hcrypto_aes_128_cts(void); +const EVP_CIPHER * _krb5_EVP_hcrypto_aes_256_cts(void); +#define EVP_hcrypto_aes_128_cts _krb5_EVP_hcrypto_aes_128_cts +#define EVP_hcrypto_aes_256_cts _krb5_EVP_hcrypto_aes_256_cts +#endif + struct key_data { krb5_keyblock *key; krb5_data *schedule; @@ -82,13 +92,12 @@ struct key_type { size_t bits; size_t size; size_t schedule_size; -#if 0 - krb5_enctype best_etype; -#endif void (*random_key)(krb5_context, krb5_keyblock*); - void (*schedule)(krb5_context, struct key_data *); + void (*schedule)(krb5_context, struct key_type *, struct key_data *); struct salt_type *string_to_key; void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); + void (*cleanup)(krb5_context, struct key_data *); + const EVP_CIPHER *(*evp)(void); }; struct checksum_type { @@ -97,11 +106,11 @@ struct checksum_type { size_t blocksize; size_t checksumsize; unsigned flags; - void (*checksum)(krb5_context context, - struct key_data *key, - const void *buf, size_t len, - unsigned usage, - Checksum *csum); + krb5_enctype (*checksum)(krb5_context context, + struct key_data *key, + const void *buf, size_t len, + unsigned usage, + Checksum *csum); krb5_error_code (*verify)(krb5_context context, struct key_data *key, const void *buf, size_t len, @@ -152,7 +161,9 @@ static krb5_error_code hmac(krb5_context context, unsigned usage, struct key_data *keyblock, Checksum *result); -static void free_key_data(krb5_context context, struct key_data *key); +static void free_key_data(krb5_context, + struct key_data *, + struct encryption_type *); static krb5_error_code usage2arcfour (krb5_context, unsigned *); static void xor (DES_cblock *, const unsigned char *); @@ -160,9 +171,14 @@ static void xor (DES_cblock *, const unsigned char *); * * ************************************************************/ -static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; +struct evp_schedule { + EVP_CIPHER_CTX ectx; + EVP_CIPHER_CTX dctx; +}; +static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; + static void krb5_DES_random_key(krb5_context context, krb5_keyblock *key) @@ -174,12 +190,16 @@ krb5_DES_random_key(krb5_context context, } while(DES_is_weak_key(k)); } +#ifdef WEAK_ENCTYPES static void -krb5_DES_schedule(krb5_context context, - struct key_data *key) +krb5_DES_schedule_old(krb5_context context, + struct key_type *kt, + struct key_data *key) { DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data); } +#endif /* WEAK_ENCTYPES */ + #ifdef ENABLE_AFS_STRING_TO_KEY @@ -384,17 +404,6 @@ DES3_random_key(krb5_context context, DES_is_weak_key(&k[2])); } -static void -DES3_schedule(krb5_context context, - struct key_data *key) -{ - DES_cblock *k = key->key->keyvalue.data; - DES_key_schedule *s = key->schedule->data; - DES_set_key_unchecked(&k[0], &s[0]); - DES_set_key_unchecked(&k[1], &s[1]); - DES_set_key_unchecked(&k[2], &s[2]); -} - /* * A = A xor B. A & B are 8 bytes. */ @@ -413,6 +422,7 @@ xor (DES_cblock *key, const unsigned char *b) a[7] ^= b[7]; } +#ifdef DES3_OLD_ENCTYPE static krb5_error_code DES3_string_to_key(krb5_context context, krb5_enctype enctype, @@ -476,6 +486,7 @@ DES3_string_to_key(krb5_context context, free(str); return 0; } +#endif static krb5_error_code DES3_string_to_key_derived(krb5_context context, @@ -546,6 +557,7 @@ DES3_random_to_key(krb5_context context, static void ARCFOUR_schedule(krb5_context context, + struct key_type *kt, struct key_data *kd) { RC4_set_key (kd->schedule->data, @@ -561,20 +573,30 @@ ARCFOUR_string_to_key(krb5_context context, krb5_keyblock *key) { krb5_error_code ret; - uint16_t *s; + uint16_t *s = NULL; size_t len, i; - MD4_CTX m; + EVP_MD_CTX *m; + + m = EVP_MD_CTX_create(); + if (m == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, "Malloc: out of memory"); + goto out; + } + + EVP_DigestInit_ex(m, EVP_md4(), NULL); ret = wind_utf8ucs2_length(password.data, &len); if (ret) { krb5_set_error_message (context, ret, "Password not an UCS2 string"); - return ret; + goto out; } s = malloc (len * sizeof(s[0])); if (len != 0 && s == NULL) { krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + goto out; } ret = wind_utf8ucs2(password.data, s, &len); @@ -584,13 +606,12 @@ ARCFOUR_string_to_key(krb5_context context, } /* LE encoding */ - MD4_Init (&m); for (i = 0; i < len; i++) { unsigned char p; p = (s[i] & 0xff); - MD4_Update (&m, &p, 1); + EVP_DigestUpdate (m, &p, 1); p = (s[i] >> 8) & 0xff; - MD4_Update (&m, &p, 1); + EVP_DigestUpdate (m, &p, 1); } key->keytype = enctype; @@ -599,10 +620,12 @@ ARCFOUR_string_to_key(krb5_context context, krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); goto out; } - MD4_Final (key->keyvalue.data, &m); - ret = 0; + EVP_DigestFinal_ex (m, key->keyvalue.data, NULL); + out: - memset (s, 0, len); + EVP_MD_CTX_destroy(m); + if (s) + memset (s, 0, len); free (s); return ret; } @@ -657,7 +680,7 @@ AES_string_to_key(krb5_context context, iter, et->keytype->size, kd.key->keyvalue.data); if (ret != 1) { - free_key_data(context, &kd); + free_key_data(context, &kd, et); krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, "Error calculating s2k"); return KRB5_PROG_KEYTYPE_NOSUPP; @@ -666,26 +689,30 @@ AES_string_to_key(krb5_context context, ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); if (ret == 0) ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); + free_key_data(context, &kd, et); return ret; } -struct krb5_aes_schedule { - AES_KEY ekey; - AES_KEY dkey; -}; - static void -AES_schedule(krb5_context context, - struct key_data *kd) +evp_schedule(krb5_context context, struct key_type *kt, struct key_data *kd) { - struct krb5_aes_schedule *key = kd->schedule->data; - int bits = kd->key->keyvalue.length * 8; + struct evp_schedule *key = kd->schedule->data; + const EVP_CIPHER *c = (*kt->evp)(); + + EVP_CIPHER_CTX_init(&key->ectx); + EVP_CIPHER_CTX_init(&key->dctx); + + EVP_CipherInit_ex(&key->ectx, c, NULL, kd->key->keyvalue.data, NULL, 1); + EVP_CipherInit_ex(&key->dctx, c, NULL, kd->key->keyvalue.data, NULL, 0); +} - memset(key, 0, sizeof(*key)); - AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey); - AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey); +static void +evp_cleanup(krb5_context context, struct key_data *kd) +{ + struct evp_schedule *key = kd->schedule->data; + EVP_CIPHER_CTX_cleanup(&key->ectx); + EVP_CIPHER_CTX_cleanup(&key->dctx); } /* @@ -708,6 +735,7 @@ static struct salt_type des_salt[] = { { 0 } }; +#ifdef DES3_OLD_ENCTYPE static struct salt_type des3_salt[] = { { KRB5_PW_SALT, @@ -716,6 +744,7 @@ static struct salt_type des3_salt[] = { }, { 0 } }; +#endif static struct salt_type des3_salt_derived[] = { { @@ -759,40 +788,62 @@ static struct key_type keytype_null = { NULL }; -static struct key_type keytype_des = { +#ifdef WEAK_ENCTYPES +static struct key_type keytype_des_old = { KEYTYPE_DES, - "des", + "des-old", 56, - sizeof(DES_cblock), + 8, sizeof(DES_key_schedule), krb5_DES_random_key, - krb5_DES_schedule, + krb5_DES_schedule_old, des_salt, krb5_DES_random_to_key }; +#endif /* WEAK_ENCTYPES */ + +static struct key_type keytype_des = { + KEYTYPE_DES, + "des", + 56, + 8, + sizeof(struct evp_schedule), + krb5_DES_random_key, + evp_schedule, + des_salt, + krb5_DES_random_to_key, + evp_cleanup, + EVP_des_cbc +}; +#ifdef DES3_OLD_ENCTYPE static struct key_type keytype_des3 = { KEYTYPE_DES3, "des3", 168, - 3 * sizeof(DES_cblock), - 3 * sizeof(DES_key_schedule), + 24, + sizeof(struct evp_schedule), DES3_random_key, - DES3_schedule, + evp_schedule, des3_salt, - DES3_random_to_key + DES3_random_to_key, + evp_cleanup, + EVP_des_ede3_cbc }; +#endif static struct key_type keytype_des3_derived = { KEYTYPE_DES3, "des3", 168, - 3 * sizeof(DES_cblock), - 3 * sizeof(DES_key_schedule), + 24, + sizeof(struct evp_schedule), DES3_random_key, - DES3_schedule, + evp_schedule, des3_salt_derived, - DES3_random_to_key + DES3_random_to_key, + evp_cleanup, + EVP_des_ede3_cbc }; static struct key_type keytype_aes128 = { @@ -800,10 +851,13 @@ static struct key_type keytype_aes128 = { "aes-128", 128, 16, - sizeof(struct krb5_aes_schedule), + sizeof(struct evp_schedule), + NULL, + evp_schedule, + AES_salt, NULL, - AES_schedule, - AES_salt + evp_cleanup, + EVP_hcrypto_aes_128_cts }; static struct key_type keytype_aes256 = { @@ -811,10 +865,13 @@ static struct key_type keytype_aes256 = { "aes-256", 256, 32, - sizeof(struct krb5_aes_schedule), + sizeof(struct evp_schedule), NULL, - AES_schedule, - AES_salt + evp_schedule, + AES_salt, + NULL, + evp_cleanup, + EVP_hcrypto_aes_256_cts }; static struct key_type keytype_arcfour = { @@ -832,7 +889,9 @@ static struct key_type *keytypes[] = { &keytype_null, &keytype_des, &keytype_des3_derived, +#ifdef DES3_OLD_ENCTYPE &keytype_des3, +#endif &keytype_aes128, &keytype_aes256, &keytype_arcfour @@ -1057,51 +1116,6 @@ krb5_string_to_key_salt_opaque (krb5_context context, pw, salt, opaque, key); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_string(krb5_context context, - krb5_keytype keytype, - char **string) -{ - struct key_type *kt = _find_keytype(keytype); - if(kt == NULL) { - krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, - "key type %d not supported", keytype); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - *string = strdup(kt->name); - if(*string == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); - return ENOMEM; - } - return 0; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_keytype(krb5_context context, - const char *string, - krb5_keytype *keytype) -{ - char *end; - int i; - - for(i = 0; i < num_keytypes; i++) - if(strcasecmp(keytypes[i]->name, string) == 0){ - *keytype = keytypes[i]->type; - return 0; - } - - /* check if the enctype is a number */ - *keytype = strtol(string, &end, 0); - if(*end == '\0' && *keytype != 0) { - if (krb5_enctype_valid(context, *keytype) == 0) - return 0; - } - - krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, - "key type %s not supported", string); - return KRB5_PROG_KEYTYPE_NOSUPP; -} - krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_keysize(krb5_context context, krb5_enctype type, @@ -1182,7 +1196,7 @@ _key_schedule(krb5_context context, key->schedule = NULL; return ret; } - (*kt->schedule)(context, key); + (*kt->schedule)(context, kt, key); return 0; } @@ -1190,7 +1204,7 @@ _key_schedule(krb5_context context, * * ************************************************************/ -static void +static krb5_error_code NONE_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1198,9 +1212,10 @@ NONE_checksum(krb5_context context, unsigned usage, Checksum *C) { + return 0; } -static void +static krb5_error_code CRC32_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1216,9 +1231,10 @@ CRC32_checksum(krb5_context context, r[1] = (crc >> 8) & 0xff; r[2] = (crc >> 16) & 0xff; r[3] = (crc >> 24) & 0xff; + return 0; } -static void +static krb5_error_code RSA_MD4_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1226,64 +1242,74 @@ RSA_MD4_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD4_CTX m; - - MD4_Init (&m); - MD4_Update (&m, data, len); - MD4_Final (C->checksum.data, &m); + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md4(), NULL) != 1) + krb5_abortx(context, "md4 checksum failed"); + return 0; } -static void -RSA_MD4_DES_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *cksum) +static krb5_error_code +des_checksum(krb5_context context, + const EVP_MD *evp_md, + struct key_data *key, + const void *data, + size_t len, + Checksum *cksum) { - MD4_CTX md4; + struct evp_schedule *ctx = key->schedule->data; + EVP_MD_CTX *m; DES_cblock ivec; unsigned char *p = cksum->checksum.data; krb5_generate_random_block(p, 8); - MD4_Init (&md4); - MD4_Update (&md4, p, 8); - MD4_Update (&md4, data, len); - MD4_Final (p + 8, &md4); + + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + return ENOMEM; + } + + EVP_DigestInit_ex(m, evp_md, NULL); + EVP_DigestUpdate(m, p, 8); + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, p + 8, NULL); + EVP_MD_CTX_destroy(m); memset (&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(p, - p, - 24, - key->schedule->data, - &ivec, - DES_ENCRYPT); + EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(&ctx->ectx, p, p, 24); + + return 0; } static krb5_error_code -RSA_MD4_DES_verify(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) +des_verify(krb5_context context, + const EVP_MD *evp_md, + struct key_data *key, + const void *data, + size_t len, + Checksum *C) { - MD4_CTX md4; + struct evp_schedule *ctx = key->schedule->data; + EVP_MD_CTX *m; unsigned char tmp[24]; unsigned char res[16]; DES_cblock ivec; krb5_error_code ret = 0; + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + return ENOMEM; + } + memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - key->schedule->data, - &ivec, - DES_DECRYPT); - MD4_Init (&md4); - MD4_Update (&md4, tmp, 8); /* confounder */ - MD4_Update (&md4, data, len); - MD4_Final (res, &md4); + EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24); + + EVP_DigestInit_ex(m, evp_md, NULL); + EVP_DigestUpdate(m, tmp, 8); /* confounder */ + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, res, NULL); + EVP_MD_CTX_destroy(m); if(memcmp(res, tmp + 8, sizeof(res)) != 0) { krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; @@ -1293,7 +1319,29 @@ RSA_MD4_DES_verify(krb5_context context, return ret; } -static void +static krb5_error_code +RSA_MD4_DES_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *cksum) +{ + return des_checksum(context, EVP_md4(), key, data, len, cksum); +} + +static krb5_error_code +RSA_MD4_DES_verify(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + return des_verify(context, EVP_md5(), key, data, len, C); +} + +static krb5_error_code RSA_MD5_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1301,14 +1349,12 @@ RSA_MD5_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX m; - - MD5_Init (&m); - MD5_Update(&m, data, len); - MD5_Final (C->checksum.data, &m); + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1) + krb5_abortx(context, "md5 checksum failed"); + return 0; } -static void +static krb5_error_code RSA_MD5_DES_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1316,22 +1362,7 @@ RSA_MD5_DES_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - DES_cblock ivec; - unsigned char *p = C->checksum.data; - - krb5_generate_random_block(p, 8); - MD5_Init (&md5); - MD5_Update (&md5, p, 8); - MD5_Update (&md5, data, len); - MD5_Final (p + 8, &md5); - memset (&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(p, - p, - 24, - key->schedule->data, - &ivec, - DES_ENCRYPT); + return des_checksum(context, EVP_md5(), key, data, len, C); } static krb5_error_code @@ -1342,34 +1373,10 @@ RSA_MD5_DES_verify(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - unsigned char tmp[24]; - unsigned char res[16]; - DES_cblock ivec; - DES_key_schedule *sched = key->schedule->data; - krb5_error_code ret = 0; - - memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - &sched[0], - &ivec, - DES_DECRYPT); - MD5_Init (&md5); - MD5_Update (&md5, tmp, 8); /* confounder */ - MD5_Update (&md5, data, len); - MD5_Final (res, &md5); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); - return ret; + return des_verify(context, EVP_md5(), key, data, len, C); } -static void +static krb5_error_code RSA_MD5_DES3_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1377,23 +1384,7 @@ RSA_MD5_DES3_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - DES_cblock ivec; - unsigned char *p = C->checksum.data; - DES_key_schedule *sched = key->schedule->data; - - krb5_generate_random_block(p, 8); - MD5_Init (&md5); - MD5_Update (&md5, p, 8); - MD5_Update (&md5, data, len); - MD5_Final (p + 8, &md5); - memset (&ivec, 0, sizeof(ivec)); - DES_ede3_cbc_encrypt(p, - p, - 24, - &sched[0], &sched[1], &sched[2], - &ivec, - DES_ENCRYPT); + return des_checksum(context, EVP_md5(), key, data, len, C); } static krb5_error_code @@ -1404,34 +1395,10 @@ RSA_MD5_DES3_verify(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - unsigned char tmp[24]; - unsigned char res[16]; - DES_cblock ivec; - DES_key_schedule *sched = key->schedule->data; - krb5_error_code ret = 0; - - memset(&ivec, 0, sizeof(ivec)); - DES_ede3_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - &sched[0], &sched[1], &sched[2], - &ivec, - DES_DECRYPT); - MD5_Init (&md5); - MD5_Update (&md5, tmp, 8); /* confounder */ - MD5_Update (&md5, data, len); - MD5_Final (res, &md5); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); - return ret; + return des_verify(context, EVP_md5(), key, data, len, C); } -static void +static krb5_error_code SHA1_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1439,11 +1406,9 @@ SHA1_checksum(krb5_context context, unsigned usage, Checksum *C) { - SHA_CTX m; - - SHA1_Init(&m); - SHA1_Update(&m, data, len); - SHA1_Final(C->checksum.data, &m); + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_sha1(), NULL) != 1) + krb5_abortx(context, "sha1 checksum failed"); + return 0; } /* HMAC according to RFC2104 */ @@ -1535,7 +1500,7 @@ krb5_hmac(krb5_context context, return ret; } -static void +static krb5_error_code SP_HMAC_SHA1_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1555,13 +1520,14 @@ SP_HMAC_SHA1_checksum(krb5_context context, if (ret) krb5_abortx(context, "hmac failed"); memcpy(result->checksum.data, res.checksum.data, result->checksum.length); + return 0; } /* * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt */ -static void +static krb5_error_code HMAC_MD5_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1569,7 +1535,7 @@ HMAC_MD5_checksum(krb5_context context, unsigned usage, Checksum *result) { - MD5_CTX md5; + EVP_MD_CTX *m; struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); const char signature[] = "signaturekey"; Checksum ksign_c; @@ -1580,61 +1546,34 @@ HMAC_MD5_checksum(krb5_context context, unsigned char ksign_c_data[16]; krb5_error_code ret; + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + return ENOMEM; + } ksign_c.checksum.length = sizeof(ksign_c_data); ksign_c.checksum.data = ksign_c_data; ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c); - if (ret) - krb5_abortx(context, "hmac failed"); + if (ret) { + EVP_MD_CTX_destroy(m); + return ret; + } ksign.key = &kb; kb.keyvalue = ksign_c.checksum; - MD5_Init (&md5); - t[0] = (usage >> 0) & 0xFF; - t[1] = (usage >> 8) & 0xFF; - t[2] = (usage >> 16) & 0xFF; - t[3] = (usage >> 24) & 0xFF; - MD5_Update (&md5, t, 4); - MD5_Update (&md5, data, len); - MD5_Final (tmp, &md5); - ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); - if (ret) - krb5_abortx(context, "hmac failed"); -} - -/* - * same as previous but being used while encrypting. - */ - -static void -HMAC_MD5_checksum_enc(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *result) -{ - struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); - Checksum ksign_c; - struct key_data ksign; - krb5_keyblock kb; - unsigned char t[4]; - unsigned char ksign_c_data[16]; - krb5_error_code ret; - + EVP_DigestInit_ex(m, EVP_md5(), NULL); t[0] = (usage >> 0) & 0xFF; t[1] = (usage >> 8) & 0xFF; t[2] = (usage >> 16) & 0xFF; t[3] = (usage >> 24) & 0xFF; + EVP_DigestUpdate(m, t, 4); + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, tmp, NULL); + EVP_MD_CTX_destroy(m); - ksign_c.checksum.length = sizeof(ksign_c_data); - ksign_c.checksum.data = ksign_c_data; - ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c); - if (ret) - krb5_abortx(context, "hmac failed"); - ksign.key = &kb; - kb.keyvalue = ksign_c.checksum; - ret = hmac(context, c, data, len, 0, &ksign, result); + ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); if (ret) - krb5_abortx(context, "hmac failed"); + return ret; + return 0; } static struct checksum_type checksum_none = { @@ -1673,33 +1612,6 @@ static struct checksum_type checksum_rsa_md4_des = { RSA_MD4_DES_checksum, RSA_MD4_DES_verify }; -#if 0 -static struct checksum_type checksum_des_mac = { - CKSUMTYPE_DES_MAC, - "des-mac", - 0, - 0, - 0, - DES_MAC_checksum -}; -static struct checksum_type checksum_des_mac_k = { - CKSUMTYPE_DES_MAC_K, - "des-mac-k", - 0, - 0, - 0, - DES_MAC_K_checksum -}; -static struct checksum_type checksum_rsa_md4_des_k = { - CKSUMTYPE_RSA_MD4_DES_K, - "rsa-md4-des-k", - 0, - 0, - 0, - RSA_MD4_DES_K_checksum, - RSA_MD4_DES_K_verify -}; -#endif static struct checksum_type checksum_rsa_md5 = { CKSUMTYPE_RSA_MD5, "rsa-md5", @@ -1718,6 +1630,7 @@ static struct checksum_type checksum_rsa_md5_des = { RSA_MD5_DES_checksum, RSA_MD5_DES_verify }; +#ifdef DES3_OLD_ENCTYPE static struct checksum_type checksum_rsa_md5_des3 = { CKSUMTYPE_RSA_MD5_DES3, "rsa-md5-des3", @@ -1727,6 +1640,7 @@ static struct checksum_type checksum_rsa_md5_des3 = { RSA_MD5_DES3_checksum, RSA_MD5_DES3_verify }; +#endif static struct checksum_type checksum_sha1 = { CKSUMTYPE_SHA1, "sha1", @@ -1776,35 +1690,21 @@ static struct checksum_type checksum_hmac_md5 = { NULL }; -static struct checksum_type checksum_hmac_md5_enc = { - CKSUMTYPE_HMAC_MD5_ENC, - "hmac-md5-enc", - 64, - 16, - F_KEYED | F_CPROOF | F_PSEUDO, - HMAC_MD5_checksum_enc, - NULL -}; - static struct checksum_type *checksum_types[] = { &checksum_none, &checksum_crc32, &checksum_rsa_md4, &checksum_rsa_md4_des, -#if 0 - &checksum_des_mac, - &checksum_des_mac_k, - &checksum_rsa_md4_des_k, -#endif &checksum_rsa_md5, &checksum_rsa_md5_des, +#ifdef DES3_OLD_ENCTYPE &checksum_rsa_md5_des3, +#endif &checksum_sha1, &checksum_hmac_sha1_des3, &checksum_hmac_sha1_aes128, &checksum_hmac_sha1_aes256, - &checksum_hmac_md5, - &checksum_hmac_md5_enc + &checksum_hmac_md5 }; static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]); @@ -1886,8 +1786,7 @@ create_checksum (krb5_context context, ret = krb5_data_alloc(&result->checksum, ct->checksumsize); if (ret) return (ret); - (*ct->checksum)(context, dkey, data, len, usage, result); - return 0; + return (*ct->checksum)(context, dkey, data, len, usage, result); } static int @@ -1968,9 +1867,11 @@ verify_checksum(krb5_context context, ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } - if(keyed_checksum) + if(keyed_checksum) { ret = get_checksum_key(context, crypto, usage, ct, &dkey); - else + if (ret) + return ret; + } else dkey = NULL; if(ct->verify) return (*ct->verify)(context, dkey, data, len, usage, cksum); @@ -1979,7 +1880,11 @@ verify_checksum(krb5_context context, if (ret) return ret; - (*ct->checksum)(context, dkey, data, len, usage, &c); + ret = (*ct->checksum)(context, dkey, data, len, usage, &c); + if (ret) { + krb5_data_free(&c.checksum); + return ret; + } if(c.checksum.length != cksum->checksum.length || memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { @@ -2125,7 +2030,37 @@ NULL_encrypt(krb5_context context, } static krb5_error_code -DES_CBC_encrypt_null_ivec(krb5_context context, +evp_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + struct evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; + c = encryptp ? &ctx->ectx : &ctx->dctx; + if (ivec == NULL) { + /* alloca ? */ + size_t len = EVP_CIPHER_CTX_iv_length(c); + void *loiv = malloc(len); + if (loiv == NULL) { + krb5_clear_error_string(context); + return ENOMEM; + } + memset(loiv, 0, len); + EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1); + free(loiv); + } else + EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1); + EVP_Cipher(c, data, data, len); + return 0; +} + +#ifdef WEAK_ENCTYPES +static krb5_error_code +evp_des_encrypt_null_ivec(krb5_context context, struct key_data *key, void *data, size_t len, @@ -2133,15 +2068,18 @@ DES_CBC_encrypt_null_ivec(krb5_context context, int usage, void *ignore_ivec) { + struct evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; DES_cblock ivec; - DES_key_schedule *s = key->schedule->data; memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); + c = encryptp ? &ctx->ectx : &ctx->dctx; + EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(c, data, data, len); return 0; } static krb5_error_code -DES_CBC_encrypt_key_ivec(krb5_context context, +evp_des_encrypt_key_ivec(krb5_context context, struct key_data *key, void *data, size_t len, @@ -2149,29 +2087,13 @@ DES_CBC_encrypt_key_ivec(krb5_context context, int usage, void *ignore_ivec) { + struct evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; DES_cblock ivec; - DES_key_schedule *s = key->schedule->data; memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); - DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); - return 0; -} - -static krb5_error_code -DES3_CBC_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - DES_cblock local_ivec; - DES_key_schedule *s = key->schedule->data; - if(ivec == NULL) { - ivec = &local_ivec; - memset(local_ivec, 0, sizeof(local_ivec)); - } - DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp); + c = encryptp ? &ctx->ectx : &ctx->dctx; + EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(c, data, data, len); return 0; } @@ -2209,114 +2131,7 @@ DES_PCBC_encrypt_key_ivec(krb5_context context, DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp); return 0; } - -/* - * AES draft-raeburn-krb-rijndael-krb-02 - */ - -void KRB5_LIB_FUNCTION -_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, const int encryptp) -{ - unsigned char tmp[AES_BLOCK_SIZE]; - int i; - - /* - * In the framework of kerberos, the length can never be shorter - * then at least one blocksize. - */ - - if (encryptp) { - - while(len > AES_BLOCK_SIZE) { - for (i = 0; i < AES_BLOCK_SIZE; i++) - tmp[i] = in[i] ^ ivec[i]; - AES_encrypt(tmp, out, key); - memcpy(ivec, out, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - for (i = 0; i < len; i++) - tmp[i] = in[i] ^ ivec[i]; - for (; i < AES_BLOCK_SIZE; i++) - tmp[i] = 0 ^ ivec[i]; - - AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); - - memcpy(out, ivec, len); - memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - } else { - unsigned char tmp2[AES_BLOCK_SIZE]; - unsigned char tmp3[AES_BLOCK_SIZE]; - - while(len > AES_BLOCK_SIZE * 2) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - len -= AES_BLOCK_SIZE; - - memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */ - AES_decrypt(in, tmp2, key); - - memcpy(tmp3, in + AES_BLOCK_SIZE, len); - memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ - - for (i = 0; i < len; i++) - out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; - - AES_decrypt(tmp3, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } -} - -static krb5_error_code -AES_CTS_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - struct krb5_aes_schedule *aeskey = key->schedule->data; - char local_ivec[AES_BLOCK_SIZE]; - AES_KEY *k; - - if (encryptp) - k = &aeskey->ekey; - else - k = &aeskey->dkey; - - if (len < AES_BLOCK_SIZE) - krb5_abortx(context, "invalid use of AES_CTS_encrypt"); - if (len == AES_BLOCK_SIZE) { - if (encryptp) - AES_encrypt(data, data, k); - else - AES_decrypt(data, data, k); - } else { - if(ivec == NULL) { - memset(local_ivec, 0, sizeof(local_ivec)); - ivec = local_ivec; - } - _krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp); - } - - return 0; -} +#endif /* * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 @@ -2530,7 +2345,11 @@ AES_PRF(krb5_context context, return ret; } - (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); + ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); + if (ret) { + krb5_data_free(&result.checksum); + return ret; + } if (result.checksum.length < crypto->et->blocksize) krb5_abortx(context, "internal prf error"); @@ -2546,12 +2365,13 @@ AES_PRF(krb5_context context, krb5_abortx(context, "malloc failed"); { - AES_KEY key; - - AES_set_encrypt_key(derived->keyvalue.data, - crypto->et->keytype->bits, &key); - AES_encrypt(result.checksum.data, out->data, &key); - memset(&key, 0, sizeof(key)); + const EVP_CIPHER *c = (*crypto->et->keytype->evp)(); + EVP_CIPHER_CTX ctx; + /* XXX blksz 1 for cts, so we can't use that */ + EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */ + EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1); + EVP_Cipher(&ctx, out->data, result.checksum.data, 16); + EVP_CIPHER_CTX_cleanup(&ctx); } krb5_data_free(&result.checksum); @@ -2578,48 +2398,6 @@ static struct encryption_type enctype_null = { 0, NULL }; -static struct encryption_type enctype_des_cbc_crc = { - ETYPE_DES_CBC_CRC, - "des-cbc-crc", - 8, - 8, - 8, - &keytype_des, - &checksum_crc32, - NULL, - 0, - DES_CBC_encrypt_key_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des_cbc_md4 = { - ETYPE_DES_CBC_MD4, - "des-cbc-md4", - 8, - 8, - 8, - &keytype_des, - &checksum_rsa_md4, - &checksum_rsa_md4_des, - 0, - DES_CBC_encrypt_null_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des_cbc_md5 = { - ETYPE_DES_CBC_MD5, - "des-cbc-md5", - 8, - 8, - 8, - &keytype_des, - &checksum_rsa_md5, - &checksum_rsa_md5_des, - 0, - DES_CBC_encrypt_null_ivec, - 0, - NULL -}; static struct encryption_type enctype_arcfour_hmac_md5 = { ETYPE_ARCFOUR_HMAC_MD5, "arcfour-hmac-md5", @@ -2634,6 +2412,7 @@ static struct encryption_type enctype_arcfour_hmac_md5 = { 0, NULL }; +#ifdef DES3_OLD_ENCTYPE static struct encryption_type enctype_des3_cbc_md5 = { ETYPE_DES3_CBC_MD5, "des3-cbc-md5", @@ -2644,10 +2423,11 @@ static struct encryption_type enctype_des3_cbc_md5 = { &checksum_rsa_md5, &checksum_rsa_md5_des3, 0, - DES3_CBC_encrypt, + evp_encrypt, 0, NULL }; +#endif static struct encryption_type enctype_des3_cbc_sha1 = { ETYPE_DES3_CBC_SHA1, "des3-cbc-sha1", @@ -2658,10 +2438,11 @@ static struct encryption_type enctype_des3_cbc_sha1 = { &checksum_sha1, &checksum_hmac_sha1_des3, F_DERIVED, - DES3_CBC_encrypt, + evp_encrypt, 0, NULL }; +#ifdef DES3_OLD_ENCTYPE static struct encryption_type enctype_old_des3_cbc_sha1 = { ETYPE_OLD_DES3_CBC_SHA1, "old-des3-cbc-sha1", @@ -2672,10 +2453,11 @@ static struct encryption_type enctype_old_des3_cbc_sha1 = { &checksum_sha1, &checksum_hmac_sha1_des3, 0, - DES3_CBC_encrypt, + evp_encrypt, 0, NULL }; +#endif static struct encryption_type enctype_aes128_cts_hmac_sha1 = { ETYPE_AES128_CTS_HMAC_SHA1_96, "aes128-cts-hmac-sha1-96", @@ -2686,7 +2468,7 @@ static struct encryption_type enctype_aes128_cts_hmac_sha1 = { &checksum_sha1, &checksum_hmac_sha1_aes128, F_DERIVED, - AES_CTS_encrypt, + evp_encrypt, 16, AES_PRF }; @@ -2700,10 +2482,67 @@ static struct encryption_type enctype_aes256_cts_hmac_sha1 = { &checksum_sha1, &checksum_hmac_sha1_aes256, F_DERIVED, - AES_CTS_encrypt, + evp_encrypt, 16, AES_PRF }; +static struct encryption_type enctype_des3_cbc_none = { + ETYPE_DES3_CBC_NONE, + "des3-cbc-none", + 8, + 8, + 0, + &keytype_des3_derived, + &checksum_none, + NULL, + F_PSEUDO, + evp_encrypt, + 0, + NULL +}; +#ifdef WEAK_ENCTYPES +static struct encryption_type enctype_des_cbc_crc = { + ETYPE_DES_CBC_CRC, + "des-cbc-crc", + 8, + 8, + 8, + &keytype_des, + &checksum_crc32, + NULL, + F_DISABLED, + evp_des_encrypt_key_ivec, + 0, + NULL +}; +static struct encryption_type enctype_des_cbc_md4 = { + ETYPE_DES_CBC_MD4, + "des-cbc-md4", + 8, + 8, + 8, + &keytype_des, + &checksum_rsa_md4, + &checksum_rsa_md4_des, + F_DISABLED, + evp_des_encrypt_null_ivec, + 0, + NULL +}; +static struct encryption_type enctype_des_cbc_md5 = { + ETYPE_DES_CBC_MD5, + "des-cbc-md5", + 8, + 8, + 8, + &keytype_des, + &checksum_rsa_md5, + &checksum_rsa_md5_des, + F_DISABLED, + evp_des_encrypt_null_ivec, + 0, + NULL +}; static struct encryption_type enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, "des-cbc-none", @@ -2713,8 +2552,8 @@ static struct encryption_type enctype_des_cbc_none = { &keytype_des, &checksum_none, NULL, - F_PSEUDO, - DES_CBC_encrypt_null_ivec, + F_PSEUDO|F_DISABLED, + evp_des_encrypt_null_ivec, 0, NULL }; @@ -2724,10 +2563,10 @@ static struct encryption_type enctype_des_cfb64_none = { 1, 1, 0, - &keytype_des, + &keytype_des_old, &checksum_none, NULL, - F_PSEUDO, + F_PSEUDO|F_DISABLED, DES_CFB64_encrypt_null_ivec, 0, NULL @@ -2738,44 +2577,35 @@ static struct encryption_type enctype_des_pcbc_none = { 8, 8, 0, - &keytype_des, + &keytype_des_old, &checksum_none, NULL, - F_PSEUDO, + F_PSEUDO|F_DISABLED, DES_PCBC_encrypt_key_ivec, 0, NULL }; -static struct encryption_type enctype_des3_cbc_none = { - ETYPE_DES3_CBC_NONE, - "des3-cbc-none", - 8, - 8, - 0, - &keytype_des3_derived, - &checksum_none, - NULL, - F_PSEUDO, - DES3_CBC_encrypt, - 0, - NULL -}; +#endif /* WEAK_ENCTYPES */ static struct encryption_type *etypes[] = { - &enctype_null, - &enctype_des_cbc_crc, - &enctype_des_cbc_md4, - &enctype_des_cbc_md5, + &enctype_aes256_cts_hmac_sha1, + &enctype_aes128_cts_hmac_sha1, + &enctype_des3_cbc_sha1, + &enctype_des3_cbc_none, /* used by the gss-api mech */ &enctype_arcfour_hmac_md5, +#ifdef DES3_OLD_ENCTYPE &enctype_des3_cbc_md5, - &enctype_des3_cbc_sha1, &enctype_old_des3_cbc_sha1, - &enctype_aes128_cts_hmac_sha1, - &enctype_aes256_cts_hmac_sha1, +#endif +#ifdef WEAK_ENCTYPES + &enctype_des_cbc_crc, + &enctype_des_cbc_md4, + &enctype_des_cbc_md5, &enctype_des_cbc_none, &enctype_des_cfb64_none, &enctype_des_pcbc_none, - &enctype_des3_cbc_none +#endif + &enctype_null }; static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]); @@ -2878,37 +2708,6 @@ krb5_keytype_to_enctypes (krb5_context context, return 0; } -/* - * First take the configured list of etypes for `keytype' if available, - * else, do `krb5_keytype_to_enctypes'. - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctypes_default (krb5_context context, - krb5_keytype keytype, - unsigned *len, - krb5_enctype **val) -{ - unsigned int i, n; - krb5_enctype *ret; - - if (keytype != KEYTYPE_DES || context->etypes_des == NULL) - return krb5_keytype_to_enctypes (context, keytype, len, val); - - for (n = 0; context->etypes_des[n]; ++n) - ; - ret = malloc (n * sizeof(*ret)); - if (ret == NULL && n != 0) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); - return ENOMEM; - } - for (i = 0; i < n; ++i) - ret[i] = context->etypes_des[i]; - *len = n; - *val = ret; - return 0; -} - krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_valid(krb5_context context, krb5_enctype etype) @@ -3032,9 +2831,6 @@ encrypt_internal_derived(krb5_context context, ret = _key_schedule(context, dkey); if(ret) goto fail; -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 1, block_sz, dkey->key); -#endif ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec); if (ret) goto fail; @@ -3098,9 +2894,6 @@ encrypt_internal(krb5_context context, ret = _key_schedule(context, &crypto->key); if(ret) goto fail; -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 1, block_sz, crypto->key.key); -#endif ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec); if (ret) { memset(p, 0, block_sz); @@ -3202,9 +2995,6 @@ decrypt_internal_derived(krb5_context context, free(p); return ret; } -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 0, len, dkey->key); -#endif ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); if (ret) { free(p); @@ -3269,9 +3059,6 @@ decrypt_internal(krb5_context context, free(p); return ret; } -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 0, len, crypto->key.key); -#endif ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec); if (ret) { free(p); @@ -3346,9 +3133,389 @@ decrypt_internal_special(krb5_context context, return 0; } +/** + * Inline encrypt a kerberos message + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param ivec initial cbc/cts vector + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + * + * Kerberos encrypted data look like this: + * + * 1. KRB5_CRYPTO_TYPE_HEADER + * 2. array KRB5_CRYPTO_TYPE_DATA and KRB5_CRYPTO_TYPE_SIGN_ONLY in + * any order, however the receiver have to aware of the + * order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and + * trailers. + * 3. KRB5_CRYPTO_TYPE_TRAILER + */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_encrypt_ivec(krb5_context context, +static krb5_crypto_iov * +find_iv(krb5_crypto_iov *data, int num_data, int type) +{ + int i; + for (i = 0; i < num_data; i++) + if (data[i].flags == type) + return &data[i]; + return NULL; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt_iov_ivec(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + size_t num_data, + void *ivec) +{ + size_t headersz, trailersz, len; + size_t i, sz, block_sz, pad_sz; + Checksum cksum; + unsigned char *p, *q; + krb5_error_code ret; + struct key_data *dkey; + const struct encryption_type *et = crypto->et; + krb5_crypto_iov *tiv, *piv, *hiv; + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_string(context); + return KRB5_CRYPTO_INTERNAL; + } + + headersz = et->confoundersize; + trailersz = CHECKSUMSIZE(et->keyed_checksum); + + for (len = 0, i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && + data[i].flags == KRB5_CRYPTO_TYPE_DATA) { + len += data[i].data.length; + } + } + + sz = headersz + len; + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ + + pad_sz = block_sz - sz; + trailersz += pad_sz; + + /* header */ + + hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (hiv == NULL || hiv->data.length != headersz) + return KRB5_BAD_MSIZE; + + krb5_generate_random_block(hiv->data.data, hiv->data.length); + + /* padding */ + + piv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_PADDING); + /* its ok to have no TYPE_PADDING if there is no padding */ + if (piv == NULL && pad_sz != 0) + return KRB5_BAD_MSIZE; + if (piv) { + if (piv->data.length < pad_sz) + return KRB5_BAD_MSIZE; + piv->data.length = pad_sz; + } + + + /* trailer */ + + tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (tiv == NULL || tiv->data.length != trailersz) + return KRB5_BAD_MSIZE; + + + /* + * XXX replace with EVP_Sign? at least make create_checksum an iov + * function. + * XXX CTS EVP is broken, can't handle multi buffers :( + */ + + len = hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = create_checksum(context, + et->keyed_checksum, + crypto, + INTEGRITY_USAGE(usage), + p, + len, + &cksum); + free(p); + if(ret == 0 && cksum.checksum.length != trailersz) { + free_Checksum (&cksum); + krb5_clear_error_string (context); + ret = KRB5_CRYPTO_INTERNAL; + } + if(ret) + return ret; + + /* save cksum at end */ + memcpy(tiv->data.data, cksum.checksum.data, cksum.checksum.length); + free_Checksum (&cksum); + + /* now encrypt data */ + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) + return ret; + ret = _key_schedule(context, dkey); + if(ret) + return ret; + + /* XXX replace with EVP_Cipher */ + + len = hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_PADDING) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + if(p == NULL) + return ENOMEM; + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_PADDING) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) { + free(p); + return ret; + } + ret = _key_schedule(context, dkey); + if(ret) { + free(p); + return ret; + } + + ret = (*et->encrypt)(context, dkey, p, len, 1, usage, ivec); + if (ret) { + free(p); + return ret; + } + + /* now copy data back to buffers */ + q = p; + memcpy(hiv->data.data, q, hiv->data.length); + q += hiv->data.length; + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_PADDING) + continue; + memcpy(data[i].data.data, q, data[i].data.length); + q += data[i].data.length; + } + free(p); + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt_iov_ivec(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + size_t num_data, + void *ivec) +{ + size_t headersz, trailersz, len; + size_t i, sz, block_sz, pad_sz; + Checksum cksum; + unsigned char *p, *q; + krb5_error_code ret; + struct key_data *dkey; + struct encryption_type *et = crypto->et; + krb5_crypto_iov *tiv, *hiv; + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_string(context); + return KRB5_CRYPTO_INTERNAL; + } + + headersz = et->confoundersize; + trailersz = CHECKSUMSIZE(et->keyed_checksum); + + for (len = 0, i = 0; i < num_data; i++) + if (data[i].flags == KRB5_CRYPTO_TYPE_DATA) + len += data[i].data.length; + + sz = headersz + len; + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ + + pad_sz = block_sz - sz; + trailersz += pad_sz; + + /* header */ + + hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (hiv == NULL || hiv->data.length < headersz) + return KRB5_BAD_MSIZE; + hiv->data.length = headersz; + + /* trailer */ + + tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (tiv == NULL || tiv->data.length < trailersz) + return KRB5_BAD_MSIZE; + tiv->data.length = trailersz; + + /* body */ + + /* XXX replace with EVP_Cipher */ + + for (len = 0, i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && + data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + if (p == NULL) + return ENOMEM; + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) { + free(p); + return ret; + } + ret = _key_schedule(context, dkey); + if(ret) { + free(p); + return ret; + } + + ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); + if (ret) { + free(p); + return ret; + } + + /* XXX now copy data back to buffers */ + q = p; + memcpy(hiv->data.data, q, hiv->data.length); + q += hiv->data.length; + len -= hiv->data.length; + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + if (len < data[i].data.length) + data[i].data.length = len; + memcpy(data[i].data.data, q, data[i].data.length); + q += data[i].data.length; + len -= data[i].data.length; + } + free(p); + if (len) + krb5_abortx(context, "data still in the buffer"); + + len = hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + cksum.checksum.data = tiv->data.data; + cksum.checksum.length = tiv->data.length; + cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum); + + ret = verify_checksum(context, + crypto, + INTEGRITY_USAGE(usage), + p, + len, + &cksum); + free(p); + if(ret) + return ret; + + return 0; +} + + +size_t KRB5_LIB_FUNCTION +krb5_crypto_length(krb5_context context, + krb5_crypto crypto, + int type) +{ + if (!derived_crypto(context, crypto)) + return (size_t)-1; + switch(type) { + case KRB5_CRYPTO_TYPE_EMPTY: + return 0; + case KRB5_CRYPTO_TYPE_HEADER: + return crypto->et->blocksize; + case KRB5_CRYPTO_TYPE_PADDING: + if (crypto->et->padsize > 1) + return crypto->et->padsize; + return 0; + case KRB5_CRYPTO_TYPE_TRAILER: + return CHECKSUMSIZE(crypto->et->keyed_checksum); + } + return (size_t)-1; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, const void *data, @@ -3452,7 +3619,7 @@ seed_something(void) so use 0 for the entropy estimate */ if (RAND_file_name(seedfile, sizeof(seedfile))) { int fd; - fd = open(seedfile, O_RDONLY); + fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC); if (fd >= 0) { ssize_t ret; rk_cloexec(fd); @@ -3652,7 +3819,7 @@ krb5_derive_key(krb5_context context, ret = derive_key(context, et, &d, constant, constant_len); if (ret == 0) ret = krb5_copy_keyblock(context, d.key, derived_key); - free_key_data(context, &d); + free_key_data(context, &d, et); return ret; } @@ -3727,19 +3894,23 @@ krb5_crypto_init(krb5_context context, } static void -free_key_data(krb5_context context, struct key_data *key) +free_key_data(krb5_context context, struct key_data *key, + struct encryption_type *et) { krb5_free_keyblock(context, key->key); if(key->schedule) { + if (et->keytype->cleanup) + (*et->keytype->cleanup)(context, key); memset(key->schedule->data, 0, key->schedule->length); krb5_free_data(context, key->schedule); } } static void -free_key_usage(krb5_context context, struct key_usage *ku) +free_key_usage(krb5_context context, struct key_usage *ku, + struct encryption_type *et) { - free_key_data(context, &ku->key); + free_key_data(context, &ku->key, et); } krb5_error_code KRB5_LIB_FUNCTION @@ -3749,9 +3920,9 @@ krb5_crypto_destroy(krb5_context context, int i; for(i = 0; i < crypto->num_key_usage; i++) - free_key_usage(context, &crypto->key_usage[i]); + free_key_usage(context, &crypto->key_usage[i], crypto->et); free(crypto->key_usage); - free_key_data(context, &crypto->key); + free_key_data(context, &crypto->key, crypto->et); free (crypto); return 0; } @@ -3792,6 +3963,18 @@ krb5_crypto_getconfoundersize(krb5_context context, return 0; } + +/** + * Disable encryption type + * + * @param context Kerberos 5 context + * @param enctype encryption type to disable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_disable(krb5_context context, krb5_enctype enctype) @@ -3808,6 +3991,34 @@ krb5_enctype_disable(krb5_context context, return 0; } +/** + * Enable encryption type + * + * @param context Kerberos 5 context + * @param enctype encryption type to enable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_enable(krb5_context context, + krb5_enctype enctype) +{ + struct encryption_type *et = _find_enctype(enctype); + if(et == NULL) { + if (context) + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + enctype); + return KRB5_PROG_ETYPE_NOSUPP; + } + et->flags &= ~F_DISABLED; + return 0; +} + + krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key_derived(krb5_context context, const void *str, @@ -3862,8 +4073,12 @@ krb5_string_to_key_derived(krb5_context context, &kd, "kerberos", /* XXX well known constant */ strlen("kerberos")); + if (ret) { + free_key_data(context, &kd, et); + return ret; + } ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); + free_key_data(context, &kd, et); return ret; } @@ -4265,108 +4480,86 @@ krb5_crypto_prf(krb5_context context, return (*et->prf)(context, crypto, input, output); } - +#ifndef HEIMDAL_SMALLER +/* + * First take the configured list of etypes for `keytype' if available, + * else, do `krb5_keytype_to_enctypes'. + */ -#ifdef CRYPTO_DEBUG - -static krb5_error_code -krb5_get_keyid(krb5_context context, - krb5_keyblock *key, - uint32_t *keyid) +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_enctypes_default (krb5_context context, + krb5_keytype keytype, + unsigned *len, + krb5_enctype **val) + __attribute__((deprecated)) { - MD5_CTX md5; - unsigned char tmp[16]; + unsigned int i, n; + krb5_enctype *ret; - MD5_Init (&md5); - MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length); - MD5_Final (tmp, &md5); - *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15]; + if (keytype != KEYTYPE_DES || context->etypes_des == NULL) + return krb5_keytype_to_enctypes (context, keytype, len, val); + + for (n = 0; context->etypes_des[n]; ++n) + ; + ret = malloc (n * sizeof(*ret)); + if (ret == NULL && n != 0) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + for (i = 0; i < n; ++i) + ret[i] = context->etypes_des[i]; + *len = n; + *val = ret; return 0; } -static void -krb5_crypto_debug(krb5_context context, - int encryptp, - size_t len, - krb5_keyblock *key) +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_string(krb5_context context, + krb5_keytype keytype, + char **string) + __attribute__((deprecated)) { - uint32_t keyid; - char *kt; - krb5_get_keyid(context, key, &keyid); - krb5_enctype_to_string(context, key->keytype, &kt); - krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)", - encryptp ? "encrypting" : "decrypting", - (unsigned long)len, - keyid, - kt); - free(kt); + struct key_type *kt = _find_keytype(keytype); + if(kt == NULL) { + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "key type %d not supported", keytype); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + *string = strdup(kt->name); + if(*string == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + return 0; } -#endif /* CRYPTO_DEBUG */ -#if 0 -int -main() +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_keytype(krb5_context context, + const char *string, + krb5_keytype *keytype) + __attribute__((deprecated)) { -#if 0 - int i; - krb5_context context; - krb5_crypto crypto; - struct key_data *d; - krb5_keyblock key; - char constant[4]; - unsigned usage = ENCRYPTION_USAGE(3); - krb5_error_code ret; - - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - key.keytype = ETYPE_NEW_DES3_CBC_SHA1; - key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8" - "\x25\xe9\x85\xab\x3e\xb5\xfb\x0e" - "\xc8\xdf\xab\x26\x86\x64\x15\x25"; - key.keyvalue.length = 24; - - krb5_crypto_init(context, &key, 0, &crypto); - - d = _new_derived_key(crypto, usage); - if(d == NULL) - krb5_errx(context, 1, "_new_derived_key failed"); - krb5_copy_keyblock(context, crypto->key.key, &d->key); - _krb5_put_int(constant, usage, 4); - derive_key(context, crypto->et, d, constant, sizeof(constant)); - return 0; -#else + char *end; int i; - krb5_context context; - krb5_crypto crypto; - struct key_data *d; - krb5_keyblock key; - krb5_error_code ret; - Checksum res; - - char *data = "what do ya want for nothing?"; - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - key.keytype = ETYPE_NEW_DES3_CBC_SHA1; - key.keyvalue.data = "Jefe"; - /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */ - key.keyvalue.length = 4; + for(i = 0; i < num_keytypes; i++) + if(strcasecmp(keytypes[i]->name, string) == 0){ + *keytype = keytypes[i]->type; + return 0; + } - d = ecalloc(1, sizeof(*d)); - d->key = &key; - res.checksum.length = 20; - res.checksum.data = emalloc(res.checksum.length); - SP_HMAC_SHA1_checksum(context, d, data, 28, &res); + /* check if the enctype is a number */ + *keytype = strtol(string, &end, 0); + if(*end == '\0' && *keytype != 0) { + if (krb5_enctype_valid(context, *keytype) == 0) + return 0; + } - return 0; -#endif + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "key type %s not supported", string); + return KRB5_PROG_KEYTYPE_NOSUPP; } #endif diff --git a/source/heimdal/lib/krb5/data.c b/source/heimdal/lib/krb5/data.c index 2b78bfb32b42..0286316214df 100644 --- a/source/heimdal/lib/krb5/data.c +++ b/source/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /** * Reset the (potentially uninitalized) krb5_data structure. diff --git a/source/heimdal/lib/krb5/eai_to_heim_errno.c b/source/heimdal/lib/krb5/eai_to_heim_errno.c index 19315cea8678..c06e8fb9bb06 100644 --- a/source/heimdal/lib/krb5/eai_to_heim_errno.c +++ b/source/heimdal/lib/krb5/eai_to_heim_errno.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: eai_to_heim_errno.c 22065 2007-11-11 16:41:06Z lha $"); +RCSID("$Id$"); /** * Convert the getaddrinfo() error code to a Kerberos et error code. diff --git a/source/heimdal/lib/krb5/error_string.c b/source/heimdal/lib/krb5/error_string.c index 6679b7674928..17bc30572b93 100644 --- a/source/heimdal/lib/krb5/error_string.c +++ b/source/heimdal/lib/krb5/error_string.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: error_string.c 23274 2008-06-23 03:25:08Z lha $"); +RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) @@ -199,7 +199,7 @@ krb5_free_error_message(krb5_context context, const char *msg) * @param context Kerberos context * @param msg error message to free * - * @ingroup krb5_error + * @ingroup krb5_deprecated */ void KRB5_LIB_FUNCTION __attribute__((deprecated)) @@ -208,6 +208,16 @@ krb5_free_error_string(krb5_context context, char *str) krb5_free_error_message(context, str); } +/** + * Set the error message returned by krb5_get_error_string(), + * deprecated, use krb5_set_error_message(). + * + * @param context Kerberos context + * @param msg error message to free + * + * @ingroup krb5_deprecated + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_set_error_string(krb5_context context, const char *fmt, ...) __attribute__((format (printf, 2, 3))) __attribute__((deprecated)) @@ -220,6 +230,16 @@ krb5_set_error_string(krb5_context context, const char *fmt, ...) return 0; } +/** + * Set the error message returned by krb5_get_error_string(), + * deprecated, use krb5_set_error_message(). + * + * @param context Kerberos context + * @param msg error message to free + * + * @ingroup krb5_deprecated + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) __attribute__ ((format (printf, 2, 0))) __attribute__((deprecated)) diff --git a/source/heimdal/lib/krb5/expand_hostname.c b/source/heimdal/lib/krb5/expand_hostname.c index d06d57643272..4ada4b81109a 100644 --- a/source/heimdal/lib/krb5/expand_hostname.c +++ b/source/heimdal/lib/krb5/expand_hostname.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); static krb5_error_code copy_hostname(krb5_context context, diff --git a/source/heimdal/lib/krb5/fcache.c b/source/heimdal/lib/krb5/fcache.c index 8951bdb24e38..fc1189345272 100644 --- a/source/heimdal/lib/krb5/fcache.c +++ b/source/heimdal/lib/krb5/fcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c 23444 2008-07-27 12:07:47Z lha $"); +RCSID("$Id$"); typedef struct krb5_fcache{ char *filename; @@ -395,7 +395,7 @@ fcc_initialize(krb5_context context, unlink (filename); - ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) return ret; { @@ -462,7 +462,7 @@ fcc_store_cred(krb5_context context, int ret; int fd; - ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0); + ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; { @@ -503,7 +503,7 @@ init_fcc (krb5_context context, krb5_storage *sp; krb5_error_code ret; - ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0); + ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; @@ -851,14 +851,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) int fd1, fd2; char buf[BUFSIZ]; - ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0); + ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; unlink(FILENAME(to)); ret = fcc_open(context, to, &fd2, - O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600); + O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) goto out1; diff --git a/source/heimdal/lib/krb5/free.c b/source/heimdal/lib/krb5/free.c index 1b0bd05412f2..d0eac84ca169 100644 --- a/source/heimdal/lib/krb5/free.c +++ b/source/heimdal/lib/krb5/free.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: free.c 15175 2005-05-18 10:06:16Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) diff --git a/source/heimdal/lib/krb5/free_host_realm.c b/source/heimdal/lib/krb5/free_host_realm.c index 6b13ce7d0e04..a9287de5fd30 100644 --- a/source/heimdal/lib/krb5/free_host_realm.c +++ b/source/heimdal/lib/krb5/free_host_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: free_host_realm.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); /* * Free all memory allocated by `realmlist' diff --git a/source/heimdal/lib/krb5/generate_seq_number.c b/source/heimdal/lib/krb5/generate_seq_number.c index 8a04f048c8c8..472fff7fd595 100644 --- a/source/heimdal/lib/krb5/generate_seq_number.c +++ b/source/heimdal/lib/krb5/generate_seq_number.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: generate_seq_number.c 17442 2006-05-05 09:31:15Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_seq_number(krb5_context context, diff --git a/source/heimdal/lib/krb5/generate_subkey.c b/source/heimdal/lib/krb5/generate_subkey.c index fb7efbcd2966..aa68d14df639 100644 --- a/source/heimdal/lib/krb5/generate_subkey.c +++ b/source/heimdal/lib/krb5/generate_subkey.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: generate_subkey.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_subkey(krb5_context context, diff --git a/source/heimdal/lib/krb5/get_cred.c b/source/heimdal/lib/krb5/get_cred.c index 268550b22930..c19a5e4abc45 100644 --- a/source/heimdal/lib/krb5/get_cred.c +++ b/source/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_cred.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /* * Take the `body' and encode it into `padata' using the credentials diff --git a/source/heimdal/lib/krb5/get_default_principal.c b/source/heimdal/lib/krb5/get_default_principal.c index 5a7a7829fc0e..6a56218ed780 100644 --- a/source/heimdal/lib/krb5/get_default_principal.c +++ b/source/heimdal/lib/krb5/get_default_principal.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_principal.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /* * Try to find out what's a reasonable default principal. diff --git a/source/heimdal/lib/krb5/get_default_realm.c b/source/heimdal/lib/krb5/get_default_realm.c index 1c996031e8da..8e8c1ef9746a 100644 --- a/source/heimdal/lib/krb5/get_default_realm.c +++ b/source/heimdal/lib/krb5/get_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_realm.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /* * Return a NULL-terminated list of default realms in `realms'. diff --git a/source/heimdal/lib/krb5/get_for_creds.c b/source/heimdal/lib/krb5/get_for_creds.c index a8aac950ec7d..f005460e3f92 100644 --- a/source/heimdal/lib/krb5/get_for_creds.c +++ b/source/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_for_creds.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); static krb5_error_code add_addrs(krb5_context context, diff --git a/source/heimdal/lib/krb5/get_host_realm.c b/source/heimdal/lib/krb5/get_host_realm.c index f4c875b347dd..e22659810198 100644 --- a/source/heimdal/lib/krb5/get_host_realm.c +++ b/source/heimdal/lib/krb5/get_host_realm.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: get_host_realm.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* To automagically find the correct realm of a host (without * [domain_realm] in krb5.conf) add a text record for your domain with diff --git a/source/heimdal/lib/krb5/get_in_tkt.c b/source/heimdal/lib/krb5/get_in_tkt.c index 8bdc8c0eb269..c835a9a29e7e 100644 --- a/source/heimdal/lib/krb5/get_in_tkt.c +++ b/source/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_init_etype (krb5_context context, @@ -383,8 +383,7 @@ _krb5_extract_ticket(krb5_context context, * based on the DNS Name. */ flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; - flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ; - + flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; /* compare client and save */ ret = _krb5_principalname2krb5_principal (context, diff --git a/source/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/source/heimdal/lib/krb5/get_in_tkt_with_keytab.c index 52f95c4bc45e..78a1c340ac12 100644 --- a/source/heimdal/lib/krb5/get_in_tkt_with_keytab.c +++ b/source/heimdal/lib/krb5/get_in_tkt_with_keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt_with_keytab.c 15477 2005-06-17 04:56:44Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_keytab_key_proc (krb5_context context, diff --git a/source/heimdal/lib/krb5/get_port.c b/source/heimdal/lib/krb5/get_port.c index 85587ea76620..895c21a433ba 100644 --- a/source/heimdal/lib/krb5/get_port.c +++ b/source/heimdal/lib/krb5/get_port.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_port.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); int KRB5_LIB_FUNCTION krb5_getportbyname (krb5_context context, diff --git a/source/heimdal/lib/krb5/heim_err.et b/source/heimdal/lib/krb5/heim_err.et index 1b8ab49bc11e..547a14e04ceb 100644 --- a/source/heimdal/lib/krb5/heim_err.et +++ b/source/heimdal/lib/krb5/heim_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: heim_err.et 13352 2004-02-13 16:23:40Z lha $" +id "$Id$" error_table heim diff --git a/source/heimdal/lib/krb5/heim_threads.h b/source/heimdal/lib/krb5/heim_threads.h old mode 100755 new mode 100644 index 3c27d13d81b9..c550499499a0 --- a/source/heimdal/lib/krb5/heim_threads.h +++ b/source/heimdal/lib/krb5/heim_threads.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: heim_threads.h 14409 2004-12-18 16:03:38Z lha $ */ +/* $Id$ */ /* * Provide wrapper macros for thread synchronization primitives so we diff --git a/source/heimdal/lib/krb5/init_creds.c b/source/heimdal/lib/krb5/init_creds.c index 74c9ff78e58c..b2b3b6550df9 100644 --- a/source/heimdal/lib/krb5/init_creds.c +++ b/source/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) diff --git a/source/heimdal/lib/krb5/init_creds_pw.c b/source/heimdal/lib/krb5/init_creds_pw.c index e3098b0a9283..f56d069b3792 100644 --- a/source/heimdal/lib/krb5/init_creds_pw.c +++ b/source/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); typedef struct krb5_get_init_creds_ctx { KDCOptions flags; diff --git a/source/heimdal/lib/krb5/k524_err.et b/source/heimdal/lib/krb5/k524_err.et index 0ca25f74d474..4827b397af02 100644 --- a/source/heimdal/lib/krb5/k524_err.et +++ b/source/heimdal/lib/krb5/k524_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: k524_err.et 10141 2001-06-20 02:45:58Z joda $" +id "$Id$" error_table k524 diff --git a/source/heimdal/lib/krb5/kcm.c b/source/heimdal/lib/krb5/kcm.c index 0c91fbb3a0e8..d5f38c5aaf8c 100644 --- a/source/heimdal/lib/krb5/kcm.c +++ b/source/heimdal/lib/krb5/kcm.c @@ -43,7 +43,7 @@ #include "kcm.h" -RCSID("$Id: kcm.c 23446 2008-07-27 12:08:37Z lha $"); +RCSID("$Id$"); typedef struct krb5_kcmcache { char *name; @@ -105,7 +105,7 @@ try_unix_socket(krb5_context context, krb5_error_code ret; int fd; - fd = socket(AF_UNIX, SOCK_STREAM, 0); + fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); if (fd < 0) return KRB5_CC_IO; rk_cloexec(fd); diff --git a/source/heimdal/lib/krb5/keyblock.c b/source/heimdal/lib/krb5/keyblock.c index fa19e1e726e9..38a856624e2f 100644 --- a/source/heimdal/lib/krb5/keyblock.c +++ b/source/heimdal/lib/krb5/keyblock.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keyblock.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_keyblock_zero(krb5_keyblock *keyblock) diff --git a/source/heimdal/lib/krb5/keytab.c b/source/heimdal/lib/krb5/keytab.c index 09e130d8501d..f3e6b9e8f4c8 100644 --- a/source/heimdal/lib/krb5/keytab.c +++ b/source/heimdal/lib/krb5/keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * Register a new keytab in `ops' @@ -341,6 +341,7 @@ krb5_kt_get_entry(krb5_context context, if (ret) { /* This is needed for krb5_verify_init_creds, but keep error * string from previous error for the human. */ + context->error_code = KRB5_KT_NOTFOUND; return KRB5_KT_NOTFOUND; } diff --git a/source/heimdal/lib/krb5/keytab_any.c b/source/heimdal/lib/krb5/keytab_any.c index 9e9319104558..a4b15394a542 100644 --- a/source/heimdal/lib/krb5/keytab_any.c +++ b/source/heimdal/lib/krb5/keytab_any.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct any_data { krb5_keytab kt; diff --git a/source/heimdal/lib/krb5/keytab_file.c b/source/heimdal/lib/krb5/keytab_file.c index e830ab34129f..17f2d5774290 100644 --- a/source/heimdal/lib/krb5/keytab_file.c +++ b/source/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c 23469 2008-07-27 12:17:12Z lha $"); +RCSID("$Id$"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 @@ -385,7 +385,7 @@ fkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *c) { - return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c); + return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY | O_CLOEXEC, 0, c); } static krb5_error_code @@ -488,9 +488,9 @@ fkt_add_entry(krb5_context context, krb5_data keytab; int32_t len; - fd = open (d->filename, O_RDWR | O_BINARY); + fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC); if (fd < 0) { - fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; krb5_set_error_message(context, ret, "open(%s): %s", d->filename, @@ -632,7 +632,7 @@ fkt_remove_entry(krb5_context context, int found = 0; krb5_error_code ret; - ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor); + ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY | O_CLOEXEC, 1, &cursor); if(ret != 0) goto out; /* return other error here? */ while(fkt_next_entry_int(context, id, &e, &cursor, diff --git a/source/heimdal/lib/krb5/keytab_keyfile.c b/source/heimdal/lib/krb5/keytab_keyfile.c index 7e14cbd32983..3339a9631947 100644 --- a/source/heimdal/lib/krb5/keytab_keyfile.c +++ b/source/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* afs keyfile operations --------------------------------------- */ @@ -194,7 +194,7 @@ akf_start_seq_get(krb5_context context, int32_t ret; struct akf_data *d = id->data; - c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); + c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600); if (c->fd < 0) { ret = errno; krb5_set_error_message(context, ret, "keytab afs keyfil open %s failed: %s", @@ -301,10 +301,10 @@ akf_add_entry(krb5_context context, return 0; } - fd = open (d->filename, O_RDWR | O_BINARY); + fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC); if (fd < 0) { fd = open (d->filename, - O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); + O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; krb5_set_error_message(context, ret, "open(%s): %s", d->filename, diff --git a/source/heimdal/lib/krb5/keytab_memory.c b/source/heimdal/lib/krb5/keytab_memory.c index eabee7c69379..5f648d9bce8c 100644 --- a/source/heimdal/lib/krb5/keytab_memory.c +++ b/source/heimdal/lib/krb5/keytab_memory.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c 23293 2008-06-23 03:28:22Z lha $"); +RCSID("$Id$"); /* memory operations -------------------------------------------- */ diff --git a/source/heimdal/lib/krb5/krb5-v4compat.h b/source/heimdal/lib/krb5/krb5-v4compat.h index dfd7e944607f..9470f1033772 100644 --- a/source/heimdal/lib/krb5/krb5-v4compat.h +++ b/source/heimdal/lib/krb5/krb5-v4compat.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */ +/* $Id$ */ #ifndef __KRB5_V4COMPAT_H__ #define __KRB5_V4COMPAT_H__ diff --git a/source/heimdal/lib/krb5/krb5.h b/source/heimdal/lib/krb5/krb5.h index b1e2781d5209..aedabcc3503e 100644 --- a/source/heimdal/lib/krb5/krb5.h +++ b/source/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h 23026 2008-04-17 10:02:03Z lha $ */ +/* $Id$ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -761,6 +761,28 @@ struct credentials; /* this is to keep the compiler happy */ struct getargs; struct sockaddr; +/** + * Semi private, not stable yet + */ + +typedef struct krb5_crypto_iov { + unsigned int flags; + /* ignored */ +#define KRB5_CRYPTO_TYPE_EMPTY 0 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */ +#define KRB5_CRYPTO_TYPE_HEADER 1 + /* IN and OUT */ +#define KRB5_CRYPTO_TYPE_DATA 2 + /* IN */ +#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 + /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_PADDING 4 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_TRAILER 5 + krb5_data data; +} krb5_crypto_iov; + + #include /* variables */ diff --git a/source/heimdal/lib/krb5/krb5_ccapi.h b/source/heimdal/lib/krb5/krb5_ccapi.h index 59a38425c252..7a8ac584a13a 100644 --- a/source/heimdal/lib/krb5/krb5_ccapi.h +++ b/source/heimdal/lib/krb5/krb5_ccapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_ccapi.h 22090 2007-12-02 23:23:43Z lha $ */ +/* $Id$ */ #ifndef KRB5_CCAPI_H #define KRB5_CCAPI_H 1 diff --git a/source/heimdal/lib/krb5/krb5_err.et b/source/heimdal/lib/krb5/krb5_err.et index 8e49ffcc4afc..c076992d0baf 100644 --- a/source/heimdal/lib/krb5/krb5_err.et +++ b/source/heimdal/lib/krb5/krb5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: krb5_err.et 23354 2008-07-15 11:23:34Z lha $" +id "$Id$" error_table krb5 @@ -110,7 +110,7 @@ error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not suppo index 128 prefix -error_code KRB5_ERR_RCSID, "$Id: krb5_err.et 23354 2008-07-15 11:23:34Z lha $" +error_code KRB5_ERR_RCSID, "$Id$" error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" diff --git a/source/heimdal/lib/krb5/krb5_locl.h b/source/heimdal/lib/krb5/krb5_locl.h index aaabd4541bef..73075bf56c70 100644 --- a/source/heimdal/lib/krb5/krb5_locl.h +++ b/source/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h 23324 2008-06-26 03:54:45Z lha $ */ +/* $Id$ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -133,6 +133,7 @@ struct sockaddr_dl; #include +#define HC_DEPRECATED_CRYPTO #include "crypto-headers.h" @@ -176,6 +177,15 @@ struct _krb5_krb_auth_data; #define O_BINARY 0 #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0 +#endif + + #define KRB5_BUFSIZ 1024 typedef enum { diff --git a/source/heimdal/lib/krb5/krbhst.c b/source/heimdal/lib/krb5/krbhst.c index 3514a026b74b..8e49818c5090 100644 --- a/source/heimdal/lib/krb5/krbhst.c +++ b/source/heimdal/lib/krb5/krbhst.c @@ -35,7 +35,7 @@ #include #include "locate_plugin.h" -RCSID("$Id: krbhst.c 23447 2008-07-27 12:09:05Z lha $"); +RCSID("$Id$"); static int string_to_proto(const char *string) diff --git a/source/heimdal/lib/krb5/locate_plugin.h b/source/heimdal/lib/krb5/locate_plugin.h index a342617d384f..baca037ebcbd 100644 --- a/source/heimdal/lib/krb5/locate_plugin.h +++ b/source/heimdal/lib/krb5/locate_plugin.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: locate_plugin.h 23351 2008-07-15 11:22:39Z lha $ */ +/* $Id$ */ #ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H #define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1 diff --git a/source/heimdal/lib/krb5/log.c b/source/heimdal/lib/krb5/log.c index 721e3691cab1..2ed061c80b79 100644 --- a/source/heimdal/lib/krb5/log.c +++ b/source/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c 23443 2008-07-27 12:07:25Z lha $"); +RCSID("$Id$"); struct facility { int min; @@ -358,12 +358,12 @@ krb5_openlog(krb5_context context, if(p == NULL) p = krb5_config_get_strings(context, NULL, "logging", "default", NULL); if(p){ - for(q = p; *q; q++) + for(q = p; *q && ret == 0; q++) ret = krb5_addlog_dest(context, *fac, *q); krb5_config_free_strings(p); }else ret = krb5_addlog_dest(context, *fac, "SYSLOG"); - return 0; + return ret; } krb5_error_code KRB5_LIB_FUNCTION diff --git a/source/heimdal/lib/krb5/mcache.c b/source/heimdal/lib/krb5/mcache.c index 682f9f6abd35..3f26b27a46b7 100644 --- a/source/heimdal/lib/krb5/mcache.c +++ b/source/heimdal/lib/krb5/mcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mcache.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); typedef struct krb5_mcache { char *name; diff --git a/source/heimdal/lib/krb5/misc.c b/source/heimdal/lib/krb5/misc.c index 8050bdb9b467..1ed4f08d770c 100644 --- a/source/heimdal/lib/krb5/misc.c +++ b/source/heimdal/lib/krb5/misc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: misc.c 21174 2007-06-19 10:10:58Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION _krb5_s4u2self_to_checksumdata(krb5_context context, diff --git a/source/heimdal/lib/krb5/mit_glue.c b/source/heimdal/lib/krb5/mit_glue.c old mode 100755 new mode 100644 index 7440d5476279..c157c5d36556 --- a/source/heimdal/lib/krb5/mit_glue.c +++ b/source/heimdal/lib/krb5/mit_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: mit_glue.c 20042 2007-01-23 20:37:43Z lha $"); +RCSID("$Id$"); /* * Glue for MIT API diff --git a/source/heimdal/lib/krb5/mk_error.c b/source/heimdal/lib/krb5/mk_error.c index 704664993435..d4c3867edd7c 100644 --- a/source/heimdal/lib/krb5/mk_error.c +++ b/source/heimdal/lib/krb5/mk_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mk_error.c 15457 2005-06-16 21:16:40Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_error(krb5_context context, diff --git a/source/heimdal/lib/krb5/mk_priv.c b/source/heimdal/lib/krb5/mk_priv.c index 3b4b6e30b749..a1a9ea4dff9c 100644 --- a/source/heimdal/lib/krb5/mk_priv.c +++ b/source/heimdal/lib/krb5/mk_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_priv.c 23297 2008-06-23 03:28:53Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION diff --git a/source/heimdal/lib/krb5/mk_rep.c b/source/heimdal/lib/krb5/mk_rep.c index 069df42e2680..65c97b580315 100644 --- a/source/heimdal/lib/krb5/mk_rep.c +++ b/source/heimdal/lib/krb5/mk_rep.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_rep.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_rep(krb5_context context, diff --git a/source/heimdal/lib/krb5/mk_req.c b/source/heimdal/lib/krb5/mk_req.c index 5f64f01e9560..1068aaa66806 100644 --- a/source/heimdal/lib/krb5/mk_req.c +++ b/source/heimdal/lib/krb5/mk_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_req.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_req_exact(krb5_context context, diff --git a/source/heimdal/lib/krb5/mk_req_ext.c b/source/heimdal/lib/krb5/mk_req_ext.c index b6d55c8815ac..645dadee22a5 100644 --- a/source/heimdal/lib/krb5/mk_req_ext.c +++ b/source/heimdal/lib/krb5/mk_req_ext.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_req_ext.c 19511 2006-12-27 12:07:22Z lha $"); +RCSID("$Id$"); krb5_error_code _krb5_mk_req_internal(krb5_context context, diff --git a/source/heimdal/lib/krb5/n-fold.c b/source/heimdal/lib/krb5/n-fold.c index 287f8cf64fa5..147f6aeac78f 100644 --- a/source/heimdal/lib/krb5/n-fold.c +++ b/source/heimdal/lib/krb5/n-fold.c @@ -32,7 +32,7 @@ #include "krb5_locl.h" -RCSID("$Id: n-fold.c 22923 2008-04-08 14:51:33Z lha $"); +RCSID("$Id$"); static krb5_error_code rr13(unsigned char *buf, size_t len) diff --git a/source/heimdal/lib/krb5/pac.c b/source/heimdal/lib/krb5/pac.c index fbc754efda32..ac7e3eda9b0c 100644 --- a/source/heimdal/lib/krb5/pac.c +++ b/source/heimdal/lib/krb5/pac.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: pac.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct PAC_INFO_BUFFER { uint32_t type; @@ -819,7 +819,7 @@ pac_checksum(krb5_context context, return ret; ret = krb5_crypto_get_checksum_type(context, crypto, &cktype); - ret = krb5_crypto_destroy(context, crypto); + krb5_crypto_destroy(context, crypto); if (ret) return ret; diff --git a/source/heimdal/lib/krb5/padata.c b/source/heimdal/lib/krb5/padata.c index 9dc3fe69a59e..2cd3c18287e1 100644 --- a/source/heimdal/lib/krb5/padata.c +++ b/source/heimdal/lib/krb5/padata.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: padata.c 23300 2008-06-23 03:29:22Z lha $"); +RCSID("$Id$"); PA_DATA * krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) diff --git a/source/heimdal/lib/krb5/pkinit.c b/source/heimdal/lib/krb5/pkinit.c old mode 100755 new mode 100644 index 1e82971c6ea3..634ef26c7fcf --- a/source/heimdal/lib/krb5/pkinit.c +++ b/source/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c 23450 2008-07-27 12:10:10Z lha $"); +RCSID("$Id$"); struct krb5_dh_moduli { char *name; @@ -381,7 +381,7 @@ build_auth_pack(krb5_context context, ret = krb5_data_alloc(a->clientDHNonce, 40); if (a->clientDHNonce == NULL) { krb5_clear_error_string(context); - return ENOMEM; + return ret; } memset(a->clientDHNonce->data, 0, a->clientDHNonce->length); ret = krb5_copy_data(context, a->clientDHNonce, diff --git a/source/heimdal/lib/krb5/plugin.c b/source/heimdal/lib/krb5/plugin.c index 8dda27fa596c..fb1ee32285e2 100644 --- a/source/heimdal/lib/krb5/plugin.c +++ b/source/heimdal/lib/krb5/plugin.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: plugin.c 23451 2008-07-27 12:10:30Z lha $"); +RCSID("$Id$"); #ifdef HAVE_DLFCN_H #include #endif diff --git a/source/heimdal/lib/krb5/principal.c b/source/heimdal/lib/krb5/principal.c index 0d6d72dbcf2e..3a1d184c3d41 100644 --- a/source/heimdal/lib/krb5/principal.c +++ b/source/heimdal/lib/krb5/principal.c @@ -57,7 +57,7 @@ host/admin@H5L.ORG #include #include "resolve.h" -RCSID("$Id: principal.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -1259,7 +1259,14 @@ krb5_sname_to_principal (krb5_context context, return KRB5_SNAME_UNSUPP_NAMETYPE; } if(hostname == NULL) { - gethostname(localhost, sizeof(localhost)); + ret = gethostname(localhost, sizeof(localhost) - 1); + if (ret != 0) { + ret = errno; + krb5_set_error_message(context, ret, + "Failed to get local hostname"); + return ret; + } + localhost[sizeof(localhost) - 1] = '\0'; hostname = localhost; } if(sname == NULL) diff --git a/source/heimdal/lib/krb5/prompter_posix.c b/source/heimdal/lib/krb5/prompter_posix.c index e0f407fb247e..840bb328ca7e 100644 --- a/source/heimdal/lib/krb5/prompter_posix.c +++ b/source/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); int KRB5_LIB_FUNCTION krb5_prompter_posix (krb5_context context, diff --git a/source/heimdal/lib/krb5/rd_cred.c b/source/heimdal/lib/krb5/rd_cred.c index 26aa3f2d79e1..e2807c20d05a 100644 --- a/source/heimdal/lib/krb5/rd_cred.c +++ b/source/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_cred.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); static krb5_error_code compare_addrs(krb5_context context, diff --git a/source/heimdal/lib/krb5/rd_error.c b/source/heimdal/lib/krb5/rd_error.c index 9e50af539a19..9f23d8df291c 100644 --- a/source/heimdal/lib/krb5/rd_error.c +++ b/source/heimdal/lib/krb5/rd_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: rd_error.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_error(krb5_context context, diff --git a/source/heimdal/lib/krb5/rd_priv.c b/source/heimdal/lib/krb5/rd_priv.c index ed7a2ccc5278..da8f44febb1d 100644 --- a/source/heimdal/lib/krb5/rd_priv.c +++ b/source/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_priv.c 21751 2007-07-31 20:42:20Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_priv(krb5_context context, @@ -50,14 +50,18 @@ krb5_rd_priv(krb5_context context, krb5_keyblock *key; krb5_crypto crypto; - if (outbuf) - krb5_data_zero(outbuf); + krb5_data_zero(outbuf); if ((auth_context->flags & - (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - outdata == NULL) { - krb5_clear_error_string (context); - return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) + { + if (outdata == NULL) { + krb5_clear_error_string (context); + return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + } + /* if these fields are not present in the priv-part, silently + return zero */ + memset(outdata, 0, sizeof(*outdata)); } memset(&priv, 0, sizeof(priv)); @@ -165,9 +169,6 @@ krb5_rd_priv(krb5_context context, if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { - /* if these fields are not present in the priv-part, silently - return zero */ - memset(outdata, 0, sizeof(*outdata)); if(part.timestamp) outdata->timestamp = *part.timestamp; if(part.usec) diff --git a/source/heimdal/lib/krb5/rd_rep.c b/source/heimdal/lib/krb5/rd_rep.c index 0e6e3d09afa0..846de26c6067 100644 --- a/source/heimdal/lib/krb5/rd_rep.c +++ b/source/heimdal/lib/krb5/rd_rep.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_rep.c 23304 2008-06-23 03:29:56Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_rep(krb5_context context, diff --git a/source/heimdal/lib/krb5/rd_req.c b/source/heimdal/lib/krb5/rd_req.c index ddf1f69ae44d..ef91f9fdd6b1 100644 --- a/source/heimdal/lib/krb5/rd_req.c +++ b/source/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c 23415 2008-07-26 18:35:44Z lha $"); +RCSID("$Id$"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, diff --git a/source/heimdal/lib/krb5/replay.c b/source/heimdal/lib/krb5/replay.c index 7639bfa2ce22..cd717f27ac98 100644 --- a/source/heimdal/lib/krb5/replay.c +++ b/source/heimdal/lib/krb5/replay.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: replay.c 23467 2008-07-27 12:16:37Z lha $"); +RCSID("$Id$"); struct krb5_rcache_data { char *name; diff --git a/source/heimdal/lib/krb5/send_to_kdc.c b/source/heimdal/lib/krb5/send_to_kdc.c index 1ddb5afd1f90..45b728aa6c4e 100644 --- a/source/heimdal/lib/krb5/send_to_kdc.c +++ b/source/heimdal/lib/krb5/send_to_kdc.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "send_to_kdc_plugin.h" -RCSID("$Id: send_to_kdc.c 23448 2008-07-27 12:09:22Z lha $"); +RCSID("$Id$"); struct send_to_kdc { krb5_send_to_kdc_func func; @@ -288,7 +288,7 @@ send_via_proxy (krb5_context context, return krb5_eai_to_heim_errno(ret, errno); for (a = ai; a != NULL; a = a->ai_next) { - s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol | SOCK_CLOEXEC); if (s < 0) continue; rk_cloexec(s); @@ -411,7 +411,7 @@ krb5_sendto (krb5_context context, continue; for (a = ai; a != NULL; a = a->ai_next) { - fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); if (fd < 0) continue; rk_cloexec(fd); diff --git a/source/heimdal/lib/krb5/set_default_realm.c b/source/heimdal/lib/krb5/set_default_realm.c index 55abf2ea7d8a..c21ac453a29d 100644 --- a/source/heimdal/lib/krb5/set_default_realm.c +++ b/source/heimdal/lib/krb5/set_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: set_default_realm.c 23309 2008-06-23 03:30:41Z lha $"); +RCSID("$Id$"); /* * Convert the simple string `s' into a NULL-terminated and freshly allocated diff --git a/source/heimdal/lib/krb5/store.c b/source/heimdal/lib/krb5/store.c index c9cbbb5cef33..321ca633a628 100644 --- a/source/heimdal/lib/krb5/store.c +++ b/source/heimdal/lib/krb5/store.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id$"); #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) diff --git a/source/heimdal/lib/krb5/store_emem.c b/source/heimdal/lib/krb5/store_emem.c index c38c1b53c3a5..3cb561ec77b9 100644 --- a/source/heimdal/lib/krb5/store_emem.c +++ b/source/heimdal/lib/krb5/store_emem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_emem.c 22574 2008-02-05 20:31:55Z lha $"); +RCSID("$Id$"); typedef struct emem_storage{ unsigned char *base; diff --git a/source/heimdal/lib/krb5/store_fd.c b/source/heimdal/lib/krb5/store_fd.c index 15f86fcac30b..21fa171c286a 100644 --- a/source/heimdal/lib/krb5/store_fd.c +++ b/source/heimdal/lib/krb5/store_fd.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_fd.c 17779 2006-06-30 21:23:19Z lha $"); +RCSID("$Id$"); typedef struct fd_storage { int fd; diff --git a/source/heimdal/lib/krb5/store_mem.c b/source/heimdal/lib/krb5/store_mem.c index e6e62b5a62e4..6d8306051aa6 100644 --- a/source/heimdal/lib/krb5/store_mem.c +++ b/source/heimdal/lib/krb5/store_mem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_mem.c 20307 2007-04-11 11:16:28Z lha $"); +RCSID("$Id$"); typedef struct mem_storage{ unsigned char *base; diff --git a/source/heimdal/lib/krb5/ticket.c b/source/heimdal/lib/krb5/ticket.c index 5eff64e12db1..77ce8cb22101 100644 --- a/source/heimdal/lib/krb5/ticket.c +++ b/source/heimdal/lib/krb5/ticket.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: ticket.c 23310 2008-06-23 03:30:49Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_ticket(krb5_context context, diff --git a/source/heimdal/lib/krb5/time.c b/source/heimdal/lib/krb5/time.c index 46f88a86cd94..7a9b36372ca3 100644 --- a/source/heimdal/lib/krb5/time.c +++ b/source/heimdal/lib/krb5/time.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: time.c 23260 2008-06-21 15:22:37Z lha $"); +RCSID("$Id$"); /** * Set the absolute time that the caller knows the kdc has so the diff --git a/source/heimdal/lib/krb5/transited.c b/source/heimdal/lib/krb5/transited.c index 58b00a4b7a80..c9db83234877 100644 --- a/source/heimdal/lib/krb5/transited.c +++ b/source/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead diff --git a/source/heimdal/lib/krb5/v4_glue.c b/source/heimdal/lib/krb5/v4_glue.c index 55570c44dd35..baa4bd689212 100644 --- a/source/heimdal/lib/krb5/v4_glue.c +++ b/source/heimdal/lib/krb5/v4_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: v4_glue.c 23452 2008-07-27 12:10:54Z lha $"); +RCSID("$Id$"); #include "krb5-v4compat.h" @@ -348,12 +348,12 @@ storage_to_etext(krb5_context context, krb5_ssize_t size; krb5_data data; - /* multiple of eight bytes */ + /* multiple of eight bytes, don't round up */ size = krb5_storage_seek(sp, 0, SEEK_END); if (size < 0) return KRB4ET_RD_AP_UNDEC; - size = 8 - (size & 7); + size = ((size+7) & ~7) - size; ret = krb5_storage_write(sp, eightzeros, size); if (ret != size) diff --git a/source/heimdal/lib/krb5/version.c b/source/heimdal/lib/krb5/version.c index f7ccff5bc882..cbc4f8c3e148 100644 --- a/source/heimdal/lib/krb5/version.c +++ b/source/heimdal/lib/krb5/version.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: version.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); /* this is just to get a version stamp in the library file */ diff --git a/source/heimdal/lib/krb5/warn.c b/source/heimdal/lib/krb5/warn.c index 97a6cc9e0a73..c7fe5640b567 100644 --- a/source/heimdal/lib/krb5/warn.c +++ b/source/heimdal/lib/krb5/warn.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: warn.c 23206 2008-05-29 02:13:41Z lha $"); +RCSID("$Id$"); static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) diff --git a/source/heimdal/lib/ntlm/heimntlm.h b/source/heimdal/lib/ntlm/heimntlm.h index 09d2205fd213..e26cf950eed4 100644 --- a/source/heimdal/lib/ntlm/heimntlm.h +++ b/source/heimdal/lib/ntlm/heimntlm.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: heimntlm.h 22376 2007-12-28 18:38:23Z lha $ */ +/* $Id$ */ #ifndef HEIM_NTLM_H #define HEIM_NTLM_H diff --git a/source/heimdal/lib/ntlm/ntlm.c b/source/heimdal/lib/ntlm/ntlm.c index d3309824b52c..244df54bb612 100644 --- a/source/heimdal/lib/ntlm/ntlm.c +++ b/source/heimdal/lib/ntlm/ntlm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: ntlm.c 23169 2008-05-22 02:52:07Z lha $"); +RCSID("$Id$"); #include #include @@ -46,6 +46,8 @@ RCSID("$Id: ntlm.c 23169 2008-05-22 02:52:07Z lha $"); #include #include +#define HC_DEPRECATED_CRYPTO + #include "krb5-types.h" #include "crypto-headers.h" @@ -1046,7 +1048,7 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len, HMAC_Init_ex(&c, key, len, EVP_md5(), NULL); { struct ntlm_buf buf; - /* uppercase username and turn it inte ucs2-le */ + /* uppercase username and turn it into ucs2-le */ ascii2ucs2le(username, 1, &buf); HMAC_Update(&c, buf.data, buf.length); free(buf.data); diff --git a/source/heimdal/lib/roken/base64.c b/source/heimdal/lib/roken/base64.c index daf7fc567161..ce3bf015e73f 100644 --- a/source/heimdal/lib/roken/base64.c +++ b/source/heimdal/lib/roken/base64.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: base64.c 15506 2005-06-23 10:47:57Z lha $"); +RCSID("$Id$"); #endif #include #include @@ -64,7 +64,7 @@ base64_encode(const void *data, int size, char **str) if (p == NULL) return -1; q = (const unsigned char *) data; - i = 0; + for (i = 0; i < size;) { c = q[i++]; c *= 256; diff --git a/source/heimdal/lib/roken/base64.h b/source/heimdal/lib/roken/base64.h index 09aadffe7c41..33918d3548c1 100644 --- a/source/heimdal/lib/roken/base64.h +++ b/source/heimdal/lib/roken/base64.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: base64.h 15535 2005-06-30 07:13:33Z lha $ */ +/* $Id$ */ #ifndef _BASE64_H_ #define _BASE64_H_ diff --git a/source/heimdal/lib/roken/bswap.c b/source/heimdal/lib/roken/bswap.c index 1e7a7abc1148..0f42fc31681c 100644 --- a/source/heimdal/lib/roken/bswap.c +++ b/source/heimdal/lib/roken/bswap.c @@ -34,9 +34,9 @@ #ifdef HAVE_CONFIG_H #include #endif -#include +#include "roken.h" -RCSID("$Id: bswap.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #ifndef HAVE_BSWAP32 diff --git a/source/heimdal/lib/roken/cloexec.c b/source/heimdal/lib/roken/cloexec.c index 6308daa1db6e..136868624cc5 100644 --- a/source/heimdal/lib/roken/cloexec.c +++ b/source/heimdal/lib/roken/cloexec.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include -#include +#include "roken.h" void ROKEN_LIB_FUNCTION rk_cloexec(int fd) diff --git a/source/heimdal/lib/roken/closefrom.c b/source/heimdal/lib/roken/closefrom.c index 697566561c47..8bf99f8603d0 100644 --- a/source/heimdal/lib/roken/closefrom.c +++ b/source/heimdal/lib/roken/closefrom.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: closefrom.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #ifdef HAVE_SYS_TYPES_H @@ -43,7 +43,7 @@ RCSID("$Id: closefrom.c 21005 2007-06-08 01:54:35Z lha $"); #include #endif -#include +#include "roken.h" int ROKEN_LIB_FUNCTION closefrom(int fd) diff --git a/source/heimdal/lib/roken/copyhostent.c b/source/heimdal/lib/roken/copyhostent.c index 73e20ed03949..4999bbab82b5 100644 --- a/source/heimdal/lib/roken/copyhostent.c +++ b/source/heimdal/lib/roken/copyhostent.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: copyhostent.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * return a malloced copy of `h' diff --git a/source/heimdal/lib/roken/dumpdata.c b/source/heimdal/lib/roken/dumpdata.c index 81fd12729695..4dbb02abe7dd 100644 --- a/source/heimdal/lib/roken/dumpdata.c +++ b/source/heimdal/lib/roken/dumpdata.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: dumpdata.c 23412 2008-07-26 18:34:23Z lha $"); +RCSID("$Id$"); #endif #include -#include +#include "roken.h" /* * Write datablob to a filename, don't care about errors. diff --git a/source/heimdal/lib/roken/ecalloc.c b/source/heimdal/lib/roken/ecalloc.c index c9e6b9c6af62..767d383878c9 100644 --- a/source/heimdal/lib/roken/ecalloc.c +++ b/source/heimdal/lib/roken/ecalloc.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: ecalloc.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" /* * Like calloc but never fails. diff --git a/source/heimdal/lib/roken/emalloc.c b/source/heimdal/lib/roken/emalloc.c index 0807da6105de..2384f4c1c961 100644 --- a/source/heimdal/lib/roken/emalloc.c +++ b/source/heimdal/lib/roken/emalloc.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: emalloc.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" /* * Like malloc but never fails. diff --git a/source/heimdal/lib/roken/erealloc.c b/source/heimdal/lib/roken/erealloc.c index cbcfb1b4697b..596f4c6bef12 100644 --- a/source/heimdal/lib/roken/erealloc.c +++ b/source/heimdal/lib/roken/erealloc.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: erealloc.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" /* * Like realloc but never fails. diff --git a/source/heimdal/lib/roken/err.hin b/source/heimdal/lib/roken/err.hin index 2f1232d3e7f8..7abf4a9e16fe 100644 --- a/source/heimdal/lib/roken/err.hin +++ b/source/heimdal/lib/roken/err.hin @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: err.hin 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __ERR_H__ #define __ERR_H__ diff --git a/source/heimdal/lib/roken/estrdup.c b/source/heimdal/lib/roken/estrdup.c index a53c1f7b9d2d..541bb7a33552 100644 --- a/source/heimdal/lib/roken/estrdup.c +++ b/source/heimdal/lib/roken/estrdup.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: estrdup.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" /* * Like strdup but never fails. diff --git a/source/heimdal/lib/roken/freeaddrinfo.c b/source/heimdal/lib/roken/freeaddrinfo.c index 71b5abb38fde..a350edcca2c4 100644 --- a/source/heimdal/lib/roken/freeaddrinfo.c +++ b/source/heimdal/lib/roken/freeaddrinfo.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: freeaddrinfo.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * free the list of `struct addrinfo' starting at `ai' diff --git a/source/heimdal/lib/roken/freehostent.c b/source/heimdal/lib/roken/freehostent.c index e773f07a2255..ca43cf10f11e 100644 --- a/source/heimdal/lib/roken/freehostent.c +++ b/source/heimdal/lib/roken/freehostent.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: freehostent.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * free a malloced hostent diff --git a/source/heimdal/lib/roken/gai_strerror.c b/source/heimdal/lib/roken/gai_strerror.c index 1e563ae28870..061ed0898abe 100644 --- a/source/heimdal/lib/roken/gai_strerror.c +++ b/source/heimdal/lib/roken/gai_strerror.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: gai_strerror.c 15837 2005-08-05 09:31:35Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" static struct gai_error { int code; diff --git a/source/heimdal/lib/roken/get_window_size.c b/source/heimdal/lib/roken/get_window_size.c index fd4e81fd7415..f75b42e2fcc6 100644 --- a/source/heimdal/lib/roken/get_window_size.c +++ b/source/heimdal/lib/roken/get_window_size.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: get_window_size.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include @@ -58,7 +58,7 @@ RCSID("$Id: get_window_size.c 21005 2007-06-08 01:54:35Z lha $"); #include #endif -#include +#include "roken.h" int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *wp) diff --git a/source/heimdal/lib/roken/getaddrinfo.c b/source/heimdal/lib/roken/getaddrinfo.c index 2c232e3a594e..773fddc80a7d 100644 --- a/source/heimdal/lib/roken/getaddrinfo.c +++ b/source/heimdal/lib/roken/getaddrinfo.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getaddrinfo.c 15417 2005-06-16 17:49:29Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * uses hints->ai_socktype and hints->ai_protocol diff --git a/source/heimdal/lib/roken/getarg.c b/source/heimdal/lib/roken/getarg.c index 840febbf2118..db280127675e 100644 --- a/source/heimdal/lib/roken/getarg.c +++ b/source/heimdal/lib/roken/getarg.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getarg.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include #include -#include +#include "roken.h" #include "getarg.h" #define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag) @@ -277,7 +277,7 @@ arg_printusage (struct getargs *args, max_len = max(max_len, len); } if (extra_string) { - col = check_column(stderr, col, strlen(extra_string) + 1, columns); + check_column(stderr, col, strlen(extra_string) + 1, columns); fprintf (stderr, " %s\n", extra_string); } else fprintf (stderr, "\n"); diff --git a/source/heimdal/lib/roken/getarg.h b/source/heimdal/lib/roken/getarg.h index 62d1b6687c36..e559524600ab 100644 --- a/source/heimdal/lib/roken/getarg.h +++ b/source/heimdal/lib/roken/getarg.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: getarg.h 14776 2005-04-13 05:52:27Z lha $ */ +/* $Id$ */ #ifndef __GETARG_H__ #define __GETARG_H__ diff --git a/source/heimdal/lib/roken/getipnodebyaddr.c b/source/heimdal/lib/roken/getipnodebyaddr.c index 7e370d5f587b..69195d30534d 100644 --- a/source/heimdal/lib/roken/getipnodebyaddr.c +++ b/source/heimdal/lib/roken/getipnodebyaddr.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getipnodebyaddr.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * lookup `src, len' (address family `af') in DNS and return a pointer diff --git a/source/heimdal/lib/roken/getipnodebyname.c b/source/heimdal/lib/roken/getipnodebyname.c index 04f12509abf2..e8f6a1fdbd45 100644 --- a/source/heimdal/lib/roken/getipnodebyname.c +++ b/source/heimdal/lib/roken/getipnodebyname.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getipnodebyname.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #ifndef HAVE_H_ERRNO static int h_errno = NO_RECOVERY; diff --git a/source/heimdal/lib/roken/getnameinfo.c b/source/heimdal/lib/roken/getnameinfo.c index 04c5e1cdc94e..b0545be50979 100644 --- a/source/heimdal/lib/roken/getnameinfo.c +++ b/source/heimdal/lib/roken/getnameinfo.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getnameinfo.c 15412 2005-06-16 16:53:09Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" static int doit (int af, diff --git a/source/heimdal/lib/roken/getprogname.c b/source/heimdal/lib/roken/getprogname.c index 19f161831c87..1f365fc845b8 100644 --- a/source/heimdal/lib/roken/getprogname.c +++ b/source/heimdal/lib/roken/getprogname.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getprogname.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #ifndef HAVE___PROGNAME const char *__progname; diff --git a/source/heimdal/lib/roken/h_errno.c b/source/heimdal/lib/roken/h_errno.c index 11dcb08ac243..96fda0fc6afb 100644 --- a/source/heimdal/lib/roken/h_errno.c +++ b/source/heimdal/lib/roken/h_errno.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: h_errno.c 10442 2001-08-08 03:47:23Z assar $"); +RCSID("$Id$"); #endif #ifndef HAVE_H_ERRNO diff --git a/source/heimdal/lib/roken/hex.c b/source/heimdal/lib/roken/hex.c index 994d89484e29..2daf247e9043 100644 --- a/source/heimdal/lib/roken/hex.c +++ b/source/heimdal/lib/roken/hex.c @@ -33,9 +33,9 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: hex.c 16504 2006-01-09 17:09:29Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #include #include "hex.h" diff --git a/source/heimdal/lib/roken/hex.h b/source/heimdal/lib/roken/hex.h index 4c4b8508ed4d..037bf650d6ad 100644 --- a/source/heimdal/lib/roken/hex.h +++ b/source/heimdal/lib/roken/hex.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hex.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef _rk_HEX_H_ #define _rk_HEX_H_ 1 diff --git a/source/heimdal/lib/roken/hostent_find_fqdn.c b/source/heimdal/lib/roken/hostent_find_fqdn.c index 4e583a1d20c4..60d9428ccd7c 100644 --- a/source/heimdal/lib/roken/hostent_find_fqdn.c +++ b/source/heimdal/lib/roken/hostent_find_fqdn.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: hostent_find_fqdn.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * Try to find a fqdn (with `.') in he if possible, else return h_name diff --git a/source/heimdal/lib/roken/inet_aton.c b/source/heimdal/lib/roken/inet_aton.c index 176aed1f2b64..79af5e57be0d 100644 --- a/source/heimdal/lib/roken/inet_aton.c +++ b/source/heimdal/lib/roken/inet_aton.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_aton.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* Minimal implementation of inet_aton. * Cannot distinguish between failure and a local broadcast address. */ diff --git a/source/heimdal/lib/roken/inet_ntop.c b/source/heimdal/lib/roken/inet_ntop.c index 430c0044c3af..f2d81d93a50e 100644 --- a/source/heimdal/lib/roken/inet_ntop.c +++ b/source/heimdal/lib/roken/inet_ntop.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_ntop.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * diff --git a/source/heimdal/lib/roken/inet_pton.c b/source/heimdal/lib/roken/inet_pton.c index e0e5ca74b238..e55630aea0ce 100644 --- a/source/heimdal/lib/roken/inet_pton.c +++ b/source/heimdal/lib/roken/inet_pton.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_pton.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" int ROKEN_LIB_FUNCTION inet_pton(int af, const char *src, void *dst) diff --git a/source/heimdal/lib/roken/issuid.c b/source/heimdal/lib/roken/issuid.c index ea09d3a9ad43..bcd478c8e83a 100644 --- a/source/heimdal/lib/roken/issuid.c +++ b/source/heimdal/lib/roken/issuid.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: issuid.c 15131 2005-05-13 07:42:03Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" int ROKEN_LIB_FUNCTION issuid(void) diff --git a/source/heimdal/lib/roken/net_read.c b/source/heimdal/lib/roken/net_read.c index ef01f018d80d..f1c96d116ac6 100644 --- a/source/heimdal/lib/roken/net_read.c +++ b/source/heimdal/lib/roken/net_read.c @@ -33,14 +33,14 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: net_read.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include #include -#include +#include "roken.h" /* * Like read but never return partial data. diff --git a/source/heimdal/lib/roken/net_write.c b/source/heimdal/lib/roken/net_write.c index e379caa750a9..e557332a72f5 100644 --- a/source/heimdal/lib/roken/net_write.c +++ b/source/heimdal/lib/roken/net_write.c @@ -33,14 +33,14 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: net_write.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include #include -#include +#include "roken.h" /* * Like write but never return partial data. diff --git a/source/heimdal/lib/roken/parse_bytes.h b/source/heimdal/lib/roken/parse_bytes.h index 1998f70736ad..391925467d4c 100644 --- a/source/heimdal/lib/roken/parse_bytes.h +++ b/source/heimdal/lib/roken/parse_bytes.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_bytes.h 14787 2005-04-13 13:19:07Z lha $ */ +/* $Id$ */ #ifndef __PARSE_BYTES_H__ #define __PARSE_BYTES_H__ diff --git a/source/heimdal/lib/roken/parse_time.c b/source/heimdal/lib/roken/parse_time.c index 1c39bde4e8a0..4ae448135a6c 100644 --- a/source/heimdal/lib/roken/parse_time.c +++ b/source/heimdal/lib/roken/parse_time.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_time.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif #include diff --git a/source/heimdal/lib/roken/parse_time.h b/source/heimdal/lib/roken/parse_time.h index 4dc2da08bcb2..dce50772f5e3 100644 --- a/source/heimdal/lib/roken/parse_time.h +++ b/source/heimdal/lib/roken/parse_time.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_time.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __PARSE_TIME_H__ #define __PARSE_TIME_H__ diff --git a/source/heimdal/lib/roken/parse_units.c b/source/heimdal/lib/roken/parse_units.c index 8cc6850c1f25..28d357ee46cb 100644 --- a/source/heimdal/lib/roken/parse_units.c +++ b/source/heimdal/lib/roken/parse_units.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_units.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include #include -#include +#include "roken.h" #include "parse_units.h" /* @@ -270,7 +270,7 @@ void ROKEN_LIB_FUNCTION print_units_table (const struct units *units, FILE *f) { const struct units *u, *u2; - unsigned max_sz = 0; + int max_sz = 0; for (u = units; u->name; ++u) { max_sz = max(max_sz, strlen(u->name)); diff --git a/source/heimdal/lib/roken/parse_units.h b/source/heimdal/lib/roken/parse_units.h index a42154d4869f..2f903072cc5b 100644 --- a/source/heimdal/lib/roken/parse_units.h +++ b/source/heimdal/lib/roken/parse_units.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_units.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __PARSE_UNITS_H__ #define __PARSE_UNITS_H__ diff --git a/source/heimdal/lib/roken/resolve.c b/source/heimdal/lib/roken/resolve.c index bf064e8aae9f..4a121216dab0 100644 --- a/source/heimdal/lib/roken/resolve.c +++ b/source/heimdal/lib/roken/resolve.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include #endif -#include +#include "roken.h" #ifdef HAVE_ARPA_NAMESER_H #include #endif @@ -45,7 +45,7 @@ #include -RCSID("$Id: resolve.c 22873 2008-04-07 18:50:39Z lha $"); +RCSID("$Id$"); #ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH diff --git a/source/heimdal/lib/roken/resolve.h b/source/heimdal/lib/roken/resolve.h index fe83115b1ec2..bf8829b361a3 100644 --- a/source/heimdal/lib/roken/resolve.h +++ b/source/heimdal/lib/roken/resolve.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: resolve.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __RESOLVE_H__ #define __RESOLVE_H__ diff --git a/source/heimdal/lib/roken/roken-common.h b/source/heimdal/lib/roken/roken-common.h index f943202c45db..18c510f7f4bc 100644 --- a/source/heimdal/lib/roken/roken-common.h +++ b/source/heimdal/lib/roken/roken-common.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: roken-common.h 23468 2008-07-27 12:16:56Z lha $ */ +/* $Id$ */ #ifndef __ROKEN_COMMON_H__ #define __ROKEN_COMMON_H__ diff --git a/source/heimdal/lib/roken/roken.h.in b/source/heimdal/lib/roken/roken.h.in index cf2ee9ed7bdb..04392fe2f007 100644 --- a/source/heimdal/lib/roken/roken.h.in +++ b/source/heimdal/lib/roken/roken.h.in @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: roken.h.in 18612 2006-10-19 16:35:16Z lha $ */ +/* $Id$ */ #include #include diff --git a/source/heimdal/lib/roken/roken_gethostby.c b/source/heimdal/lib/roken/roken_gethostby.c index 0b25fbdb3daa..562834b6efd4 100644 --- a/source/heimdal/lib/roken/roken_gethostby.c +++ b/source/heimdal/lib/roken/roken_gethostby.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: roken_gethostby.c 21157 2007-06-18 22:03:13Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #undef roken_gethostbyname #undef roken_gethostbyaddr diff --git a/source/heimdal/lib/roken/rtbl.c b/source/heimdal/lib/roken/rtbl.c index 50ab50903f37..cac886870f76 100644 --- a/source/heimdal/lib/roken/rtbl.c +++ b/source/heimdal/lib/roken/rtbl.c @@ -33,9 +33,9 @@ #ifdef HAVE_CONFIG_H #include -RCSID ("$Id: rtbl.c 17758 2006-06-30 13:41:40Z lha $"); +RCSID ("$Id$"); #endif -#include +#include "roken.h" #include "rtbl.h" struct column_entry { diff --git a/source/heimdal/lib/roken/rtbl.h b/source/heimdal/lib/roken/rtbl.h index 9b168c7e7306..ddc1c9b475f8 100644 --- a/source/heimdal/lib/roken/rtbl.h +++ b/source/heimdal/lib/roken/rtbl.h @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: rtbl.h 17760 2006-06-30 13:42:39Z lha $ */ +/* $Id$ */ #ifndef __rtbl_h__ #define __rtbl_h__ diff --git a/source/heimdal/lib/roken/setprogname.c b/source/heimdal/lib/roken/setprogname.c index 3213c1c7a5ad..4544ea664bda 100644 --- a/source/heimdal/lib/roken/setprogname.c +++ b/source/heimdal/lib/roken/setprogname.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: setprogname.c 15955 2005-08-23 10:19:20Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #ifndef HAVE___PROGNAME extern const char *__progname; diff --git a/source/heimdal/lib/roken/signal.c b/source/heimdal/lib/roken/signal.c index d5ea6fb86a58..f38de50f6583 100644 --- a/source/heimdal/lib/roken/signal.c +++ b/source/heimdal/lib/roken/signal.c @@ -33,11 +33,11 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: signal.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif #include -#include +#include "roken.h" /* * We would like to always use this signal but there is a link error diff --git a/source/heimdal/lib/roken/simple_exec.c b/source/heimdal/lib/roken/simple_exec.c index c4359f421ee3..e45ba6b6b928 100644 --- a/source/heimdal/lib/roken/simple_exec.c +++ b/source/heimdal/lib/roken/simple_exec.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: simple_exec.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include @@ -49,7 +49,7 @@ RCSID("$Id: simple_exec.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include -#include +#include "roken.h" #define EX_NOEXEC 126 #define EX_NOTFOUND 127 diff --git a/source/heimdal/lib/roken/socket.c b/source/heimdal/lib/roken/socket.c index 91316dfbd892..61e3fe1f6867 100644 --- a/source/heimdal/lib/roken/socket.c +++ b/source/heimdal/lib/roken/socket.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: socket.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #include /* diff --git a/source/heimdal/lib/roken/strcollect.c b/source/heimdal/lib/roken/strcollect.c index c431e18f3d38..e17befd00041 100644 --- a/source/heimdal/lib/roken/strcollect.c +++ b/source/heimdal/lib/roken/strcollect.c @@ -33,14 +33,14 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strcollect.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include #include #include -#include +#include "roken.h" enum { initial = 10, increment = 5 }; diff --git a/source/heimdal/lib/roken/strlwr.c b/source/heimdal/lib/roken/strlwr.c index 356c8d2e9abc..121424115230 100644 --- a/source/heimdal/lib/roken/strlwr.c +++ b/source/heimdal/lib/roken/strlwr.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strlwr.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" #ifndef HAVE_STRLWR char * ROKEN_LIB_FUNCTION diff --git a/source/heimdal/lib/roken/strpool.c b/source/heimdal/lib/roken/strpool.c index d47580ff8da4..9b869708930c 100644 --- a/source/heimdal/lib/roken/strpool.c +++ b/source/heimdal/lib/roken/strpool.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strpool.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" struct rk_strpool { char *str; diff --git a/source/heimdal/lib/roken/strsep.c b/source/heimdal/lib/roken/strsep.c index b1ad87de27e3..93acf0c8011f 100644 --- a/source/heimdal/lib/roken/strsep.c +++ b/source/heimdal/lib/roken/strsep.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strsep.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif #include -#include +#include "roken.h" #ifndef HAVE_STRSEP diff --git a/source/heimdal/lib/roken/strsep_copy.c b/source/heimdal/lib/roken/strsep_copy.c index aeade2957f0e..34117d2c0d14 100644 --- a/source/heimdal/lib/roken/strsep_copy.c +++ b/source/heimdal/lib/roken/strsep_copy.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strsep_copy.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif #include -#include +#include "roken.h" #ifndef HAVE_STRSEP_COPY diff --git a/source/heimdal/lib/roken/strupr.c b/source/heimdal/lib/roken/strupr.c index fadfacbb371f..b40b768be261 100644 --- a/source/heimdal/lib/roken/strupr.c +++ b/source/heimdal/lib/roken/strupr.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strupr.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" #ifndef HAVE_STRUPR char * ROKEN_LIB_FUNCTION diff --git a/source/heimdal/lib/roken/vis.c b/source/heimdal/lib/roken/vis.c index 5dedb793cc5b..43705e4d50d9 100644 --- a/source/heimdal/lib/roken/vis.c +++ b/source/heimdal/lib/roken/vis.c @@ -1,4 +1,4 @@ -/* $NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $ */ +/* $NetBSD: vis.c,v 1.37 2008/07/25 22:29:23 dsl Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -30,7 +30,8 @@ */ /*- - * Copyright (c) 1999 The NetBSD Foundation, Inc. + * Copyright (c) 1999, 2005 The NetBSD Foundation, Inc. + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -40,47 +41,38 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ - #if 1 #ifdef HAVE_CONFIG_H #include -RCSID("$Id: vis.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #ifndef _DIAGASSERT #define _DIAGASSERT(X) #endif -#else +#else /* heimdal */ #include -#if !defined(lint) -__RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $"); -#endif /* not lint */ -#endif +#if defined(LIBC_SCCS) && !defined(lint) +__RCSID("$NetBSD: vis.c,v 1.37 2008/07/25 22:29:23 dsl Exp $"); +#endif /* LIBC_SCCS and not lint */ -#if 0 #include "namespace.h" -#endif +#endif /* heimdal */ + #include #include @@ -89,6 +81,7 @@ __RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $"); #include #include #include +#include #if 0 #ifdef __weak_alias @@ -101,6 +94,14 @@ __weak_alias(vis,_vis) #endif #endif +#if !HAVE_VIS || !HAVE_SVIS +#include +#include +#include +#include + +static char *do_svis(char *, int, int, int, const char *); + #undef BELL #if defined(__STDC__) #define BELL '\a' @@ -108,10 +109,10 @@ __weak_alias(vis,_vis) #define BELL '\007' #endif -char ROKEN_LIB_FUNCTION - *rk_vis (char *, int, int, int); -char ROKEN_LIB_FUNCTION - *rk_svis (char *, int, int, int, const char *); +char * ROKEN_LIB_FUNCTION + rk_vis (char *, int, int, int); +char * ROKEN_LIB_FUNCTION + rk_svis (char *, int, int, int, const char *); int ROKEN_LIB_FUNCTION rk_strvis (char *, const char *, int); int ROKEN_LIB_FUNCTION @@ -125,22 +126,47 @@ int ROKEN_LIB_FUNCTION #define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') #define iswhite(c) (c == ' ' || c == '\t' || c == '\n') #define issafe(c) (c == '\b' || c == BELL || c == '\r') +#define xtoa(c) "0123456789abcdef"[c] -#define MAXEXTRAS 5 - +#define MAXEXTRAS 5 -#define MAKEEXTRALIST(flag, extra) \ +#define MAKEEXTRALIST(flag, extra, orig_str) \ do { \ - char *pextra = extra; \ - if (flag & VIS_SP) *pextra++ = ' '; \ - if (flag & VIS_TAB) *pextra++ = '\t'; \ - if (flag & VIS_NL) *pextra++ = '\n'; \ - if ((flag & VIS_NOSLASH) == 0) *pextra++ = '\\'; \ - *pextra = '\0'; \ + const char *orig = orig_str; \ + const char *o = orig; \ + char *e; \ + while (*o++) \ + continue; \ + extra = malloc((size_t)((o - orig) + MAXEXTRAS)); \ + if (!extra) break; \ + for (o = orig, e = extra; (*e++ = *o++) != '\0';) \ + continue; \ + e--; \ + if (flag & VIS_SP) *e++ = ' '; \ + if (flag & VIS_TAB) *e++ = '\t'; \ + if (flag & VIS_NL) *e++ = '\n'; \ + if ((flag & VIS_NOSLASH) == 0) *e++ = '\\'; \ + *e = '\0'; \ } while (/*CONSTCOND*/0) /* - * This is SVIS, the central macro of vis. + * This is do_hvis, for HTTP style (RFC 1808) + */ +static char * +do_hvis(char *dst, int c, int flag, int nextc, const char *extra) +{ + if (!isascii(c) || !isalnum(c) || strchr("$-_.+!*'(),", c) != NULL) { + *dst++ = '%'; + *dst++ = xtoa(((unsigned int)c >> 4) & 0xf); + *dst++ = xtoa((unsigned int)c & 0xf); + } else { + dst = do_svis(dst, c, flag, nextc, extra); + } + return dst; +} + +/* + * This is do_vis, the central code of vis. * dst: Pointer to the destination buffer * c: Character to encode * flag: Flag word @@ -148,90 +174,103 @@ do { \ * extra: Pointer to the list of extra characters to be * backslash-protected. */ -#define SVIS(dst, c, flag, nextc, extra) \ -do { \ - int isextra, isc; \ - isextra = strchr(extra, c) != NULL; \ - if (!isextra && \ - isascii((unsigned char)c) && \ - (isgraph((unsigned char)c) || iswhite(c) || \ - ((flag & VIS_SAFE) && issafe(c)))) { \ - *dst++ = c; \ - break; \ - } \ - isc = 0; \ - if (flag & VIS_CSTYLE) { \ - switch (c) { \ - case '\n': \ - isc = 1; *dst++ = '\\'; *dst++ = 'n'; \ - break; \ - case '\r': \ - isc = 1; *dst++ = '\\'; *dst++ = 'r'; \ - break; \ - case '\b': \ - isc = 1; *dst++ = '\\'; *dst++ = 'b'; \ - break; \ - case BELL: \ - isc = 1; *dst++ = '\\'; *dst++ = 'a'; \ - break; \ - case '\v': \ - isc = 1; *dst++ = '\\'; *dst++ = 'v'; \ - break; \ - case '\t': \ - isc = 1; *dst++ = '\\'; *dst++ = 't'; \ - break; \ - case '\f': \ - isc = 1; *dst++ = '\\'; *dst++ = 'f'; \ - break; \ - case ' ': \ - isc = 1; *dst++ = '\\'; *dst++ = 's'; \ - break; \ - case '\0': \ - isc = 1; *dst++ = '\\'; *dst++ = '0'; \ - if (isoctal(nextc)) { \ - *dst++ = '0'; \ - *dst++ = '0'; \ - } \ - } \ - } \ - if (isc) break; \ - if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) { \ - *dst++ = '\\'; \ - *dst++ = (u_char)(((unsigned)(u_char)c >> 6) & 03) + '0'; \ - *dst++ = (u_char)(((unsigned)(u_char)c >> 3) & 07) + '0'; \ - *dst++ = (c & 07) + '0'; \ - } else { \ - if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\'; \ - if (c & 0200) { \ - c &= 0177; *dst++ = 'M'; \ - } \ - if (iscntrl((unsigned char)c)) { \ - *dst++ = '^'; \ - if (c == 0177) \ - *dst++ = '?'; \ - else \ - *dst++ = c + '@'; \ - } else { \ - *dst++ = '-'; *dst++ = c; \ - } \ - } \ -} while (/*CONSTCOND*/0) +static char * +do_svis(char *dst, int c, int flag, int nextc, const char *extra) +{ + int isextra; + isextra = strchr(extra, c) != NULL; + if (!isextra && isascii(c) && (isgraph(c) || iswhite(c) || + ((flag & VIS_SAFE) && issafe(c)))) { + *dst++ = c; + return dst; + } + if (flag & VIS_CSTYLE) { + switch (c) { + case '\n': + *dst++ = '\\'; *dst++ = 'n'; + return dst; + case '\r': + *dst++ = '\\'; *dst++ = 'r'; + return dst; + case '\b': + *dst++ = '\\'; *dst++ = 'b'; + return dst; + case BELL: + *dst++ = '\\'; *dst++ = 'a'; + return dst; + case '\v': + *dst++ = '\\'; *dst++ = 'v'; + return dst; + case '\t': + *dst++ = '\\'; *dst++ = 't'; + return dst; + case '\f': + *dst++ = '\\'; *dst++ = 'f'; + return dst; + case ' ': + *dst++ = '\\'; *dst++ = 's'; + return dst; + case '\0': + *dst++ = '\\'; *dst++ = '0'; + if (isoctal(nextc)) { + *dst++ = '0'; + *dst++ = '0'; + } + return dst; + default: + if (isgraph(c)) { + *dst++ = '\\'; *dst++ = c; + return dst; + } + } + } + if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) { + *dst++ = '\\'; + *dst++ = (u_char)(((u_int32_t)(u_char)c >> 6) & 03) + '0'; + *dst++ = (u_char)(((u_int32_t)(u_char)c >> 3) & 07) + '0'; + *dst++ = (c & 07) + '0'; + } else { + if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\'; + if (c & 0200) { + c &= 0177; *dst++ = 'M'; + } + if (iscntrl(c)) { + *dst++ = '^'; + if (c == 0177) + *dst++ = '?'; + else + *dst++ = c + '@'; + } else { + *dst++ = '-'; *dst++ = c; + } + } + return dst; +} /* * svis - visually encode characters, also encoding the characters - * pointed to by `extra' + * pointed to by `extra' */ - char * ROKEN_LIB_FUNCTION rk_svis(char *dst, int c, int flag, int nextc, const char *extra) { + char *nextra = NULL; + _DIAGASSERT(dst != NULL); _DIAGASSERT(extra != NULL); - - SVIS(dst, c, flag, nextc, extra); + MAKEEXTRALIST(flag, nextra, extra); + if (!nextra) { + *dst = '\0'; /* can't create nextra, return "" */ + return dst; + } + if (flag & VIS_HTTPSTYLE) + dst = do_hvis(dst, c, flag, nextc, nextra); + else + dst = do_svis(dst, c, flag, nextc, nextra); + free(nextra); *dst = '\0'; - return(dst); + return dst; } @@ -242,94 +281,144 @@ rk_svis(char *dst, int c, int flag, int nextc, const char *extra) * be encoded, too. These functions are useful e. g. to * encode strings in such a way so that they are not interpreted * by a shell. - * + * * Dst must be 4 times the size of src to account for possible * expansion. The length of dst, not including the trailing NULL, - * is returned. + * is returned. * * Strsvisx encodes exactly len bytes from src into dst. * This is useful for encoding a block of data. */ - int ROKEN_LIB_FUNCTION -rk_strsvis(char *dst, const char *src, int flag, const char *extra) +rk_strsvis(char *dst, const char *csrc, int flag, const char *extra) { - char c; + int c; char *start; + char *nextra = NULL; + const unsigned char *src = (const unsigned char *)csrc; _DIAGASSERT(dst != NULL); _DIAGASSERT(src != NULL); _DIAGASSERT(extra != NULL); - - for (start = dst; (c = *src++) != '\0'; /* empty */) - SVIS(dst, c, flag, *src, extra); + MAKEEXTRALIST(flag, nextra, extra); + if (!nextra) { + *dst = '\0'; /* can't create nextra, return "" */ + return 0; + } + if (flag & VIS_HTTPSTYLE) { + for (start = dst; (c = *src++) != '\0'; /* empty */) + dst = do_hvis(dst, c, flag, *src, nextra); + } else { + for (start = dst; (c = *src++) != '\0'; /* empty */) + dst = do_svis(dst, c, flag, *src, nextra); + } + free(nextra); *dst = '\0'; return (dst - start); } int ROKEN_LIB_FUNCTION -rk_strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra) +rk_strsvisx(char *dst, const char *csrc, size_t len, int flag, const char *extra) { - char c; + unsigned char c; char *start; + char *nextra = NULL; + const unsigned char *src = (const unsigned char *)csrc; _DIAGASSERT(dst != NULL); _DIAGASSERT(src != NULL); _DIAGASSERT(extra != NULL); + MAKEEXTRALIST(flag, nextra, extra); + if (! nextra) { + *dst = '\0'; /* can't create nextra, return "" */ + return 0; + } - for (start = dst; len > 0; len--) { - c = *src++; - SVIS(dst, c, flag, len ? *src : '\0', extra); + if (flag & VIS_HTTPSTYLE) { + for (start = dst; len > 0; len--) { + c = *src++; + dst = do_hvis(dst, c, flag, len ? *src : '\0', nextra); + } + } else { + for (start = dst; len > 0; len--) { + c = *src++; + dst = do_svis(dst, c, flag, len ? *src : '\0', nextra); + } } + free(nextra); *dst = '\0'; return (dst - start); } +#endif - +#if !HAVE_VIS /* * vis - visually encode characters */ char * ROKEN_LIB_FUNCTION rk_vis(char *dst, int c, int flag, int nextc) { - char extra[MAXEXTRAS]; + char *extra = NULL; + unsigned char uc = (unsigned char)c; _DIAGASSERT(dst != NULL); - MAKEEXTRALIST(flag, extra); - SVIS(dst, c, flag, nextc, extra); + MAKEEXTRALIST(flag, extra, ""); + if (! extra) { + *dst = '\0'; /* can't create extra, return "" */ + return dst; + } + if (flag & VIS_HTTPSTYLE) + dst = do_hvis(dst, uc, flag, nextc, extra); + else + dst = do_svis(dst, uc, flag, nextc, extra); + free(extra); *dst = '\0'; - return (dst); + return dst; } /* * strvis, strvisx - visually encode characters from src into dst - * + * * Dst must be 4 times the size of src to account for possible * expansion. The length of dst, not including the trailing NULL, - * is returned. + * is returned. * * Strvisx encodes exactly len bytes from src into dst. * This is useful for encoding a block of data. */ - int ROKEN_LIB_FUNCTION rk_strvis(char *dst, const char *src, int flag) { - char extra[MAXEXTRAS]; + char *extra = NULL; + int rv; - MAKEEXTRALIST(flag, extra); - return (rk_strsvis(dst, src, flag, extra)); + MAKEEXTRALIST(flag, extra, ""); + if (!extra) { + *dst = '\0'; /* can't create extra, return "" */ + return 0; + } + rv = strsvis(dst, src, flag, extra); + free(extra); + return rv; } int ROKEN_LIB_FUNCTION rk_strvisx(char *dst, const char *src, size_t len, int flag) { - char extra[MAXEXTRAS]; + char *extra = NULL; + int rv; - MAKEEXTRALIST(flag, extra); - return (rk_strsvisx(dst, src, len, flag, extra)); + MAKEEXTRALIST(flag, extra, ""); + if (!extra) { + *dst = '\0'; /* can't create extra, return "" */ + return 0; + } + rv = strsvisx(dst, src, len, flag, extra); + free(extra); + return rv; } +#endif diff --git a/source/heimdal/lib/roken/vis.hin b/source/heimdal/lib/roken/vis.hin index 224870b00af1..64274526e47a 100644 --- a/source/heimdal/lib/roken/vis.hin +++ b/source/heimdal/lib/roken/vis.hin @@ -1,5 +1,4 @@ -/* $NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $ */ -/* $Id: vis.hin 19341 2006-12-15 11:53:09Z lha $ */ +/* $NetBSD: vis.h,v 1.16 2005/09/13 01:44:32 christos Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -43,6 +42,8 @@ #endif #endif +#include + /* * to select alternate encoding format */ @@ -63,6 +64,7 @@ * other */ #define VIS_NOSLASH 0x40 /* inhibit printing '\' */ +#define VIS_HTTPSTYLE 0x80 /* http-style escape % HEX HEX */ /* * unvis return codes @@ -78,22 +80,28 @@ */ #define UNVIS_END 1 /* no more characters */ -char ROKEN_LIB_FUNCTION - *rk_vis (char *, int, int, int); -char ROKEN_LIB_FUNCTION - *rk_svis (char *, int, int, int, const char *); +#include + +__BEGIN_DECLS +char * ROKEN_LIB_FUNCTION + rk_vis(char *, int, int, int); +char * ROKEN_LIB_FUNCTION + rk_svis(char *, int, int, int, const char *); +int ROKEN_LIB_FUNCTION + rk_strvis(char *, const char *, int); int ROKEN_LIB_FUNCTION - rk_strvis (char *, const char *, int); + rk_strsvis(char *, const char *, int, const char *); int ROKEN_LIB_FUNCTION - rk_strsvis (char *, const char *, int, const char *); + rk_strvisx(char *, const char *, size_t, int); int ROKEN_LIB_FUNCTION - rk_strvisx (char *, const char *, size_t, int); + rk_strsvisx(char *, const char *, size_t, int, const char *); int ROKEN_LIB_FUNCTION - rk_strsvisx (char *, const char *, size_t, int, const char *); + rk_strunvis(char *, const char *); int ROKEN_LIB_FUNCTION - rk_strunvis (char *, const char *); + rk_strunvisx(char *, const char *, int); int ROKEN_LIB_FUNCTION - rk_unvis (char *, int, int *, int); + rk_unvis(char *, int, int *, int); +__END_DECLS #undef vis #define vis(a,b,c,d) rk_vis(a,b,c,d) diff --git a/source/heimdal/lib/roken/xfree.c b/source/heimdal/lib/roken/xfree.c index 7bc21af0b864..c4f62f954b23 100644 --- a/source/heimdal/lib/roken/xfree.c +++ b/source/heimdal/lib/roken/xfree.c @@ -38,7 +38,7 @@ RCSID("$Id$"); #include -#include +#include "roken.h" void ROKEN_LIB_FUNCTION rk_xfree (void *buf) diff --git a/source/heimdal/lib/vers/print_version.c b/source/heimdal/lib/vers/print_version.c index 325f3fa046ff..5b2009c8118f 100644 --- a/source/heimdal/lib/vers/print_version.c +++ b/source/heimdal/lib/vers/print_version.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: print_version.c 22428 2008-01-13 09:58:05Z lha $"); +RCSID("$Id$"); #endif #include "roken.h" diff --git a/source/heimdal/lib/wind/UnicodeData.py b/source/heimdal/lib/wind/UnicodeData.py index fcb9f1dc9ee4..2040e8bc4cfa 100644 --- a/source/heimdal/lib/wind/UnicodeData.py +++ b/source/heimdal/lib/wind/UnicodeData.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: UnicodeData.py 22551 2008-02-01 16:22:22Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/gen-bidi.py b/source/heimdal/lib/wind/gen-bidi.py index 983eb618ffce..c1473d7df830 100755 --- a/source/heimdal/lib/wind/gen-bidi.py +++ b/source/heimdal/lib/wind/gen-bidi.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: gen-bidi.py 23332 2008-06-27 14:42:17Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/gen-combining.py b/source/heimdal/lib/wind/gen-combining.py index 33fe3447722f..98754656893b 100755 --- a/source/heimdal/lib/wind/gen-combining.py +++ b/source/heimdal/lib/wind/gen-combining.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: gen-combining.py 23332 2008-06-27 14:42:17Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/gen-errorlist.py b/source/heimdal/lib/wind/gen-errorlist.py index f3ab907d335d..8ccbcfdaf795 100755 --- a/source/heimdal/lib/wind/gen-errorlist.py +++ b/source/heimdal/lib/wind/gen-errorlist.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: gen-errorlist.py 23242 2008-06-01 22:27:54Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/gen-map.py b/source/heimdal/lib/wind/gen-map.py index 08f171ad859b..9a9904217d6d 100755 --- a/source/heimdal/lib/wind/gen-map.py +++ b/source/heimdal/lib/wind/gen-map.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: gen-map.py 23242 2008-06-01 22:27:54Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/gen-normalize.py b/source/heimdal/lib/wind/gen-normalize.py index e2b987f96b28..d771db30fa6a 100755 --- a/source/heimdal/lib/wind/gen-normalize.py +++ b/source/heimdal/lib/wind/gen-normalize.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: gen-normalize.py 23332 2008-06-27 14:42:17Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/generate.py b/source/heimdal/lib/wind/generate.py index 4e70c16778cc..68ed5830822a 100644 --- a/source/heimdal/lib/wind/generate.py +++ b/source/heimdal/lib/wind/generate.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: generate.py 23242 2008-06-01 22:27:54Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/map.c b/source/heimdal/lib/wind/map.c index ae6d10e5126f..2bbb74d76f5f 100644 --- a/source/heimdal/lib/wind/map.c +++ b/source/heimdal/lib/wind/map.c @@ -40,7 +40,7 @@ #include "map_table.h" -RCSID("$Id: map.c 22556 2008-02-01 16:38:46Z lha $"); +RCSID("$Id$"); static int translation_cmp(const void *key, const void *data) diff --git a/source/heimdal/lib/wind/normalize.c b/source/heimdal/lib/wind/normalize.c index d1b440513a32..bee9a9e5d83a 100644 --- a/source/heimdal/lib/wind/normalize.c +++ b/source/heimdal/lib/wind/normalize.c @@ -42,7 +42,7 @@ #include "normalize_table.h" -RCSID("$Id: normalize.c 22581 2008-02-11 20:42:25Z lha $"); +RCSID("$Id$"); static int translation_cmp(const void *key, const void *data) diff --git a/source/heimdal/lib/wind/rfc3454.py b/source/heimdal/lib/wind/rfc3454.py index 32dc0c54928b..3c16f9475d26 100644 --- a/source/heimdal/lib/wind/rfc3454.py +++ b/source/heimdal/lib/wind/rfc3454.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: rfc3454.py 22551 2008-02-01 16:22:22Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/rfc4518.py b/source/heimdal/lib/wind/rfc4518.py index b3946f5aa6e8..2dac91bcc793 100644 --- a/source/heimdal/lib/wind/rfc4518.py +++ b/source/heimdal/lib/wind/rfc4518.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: rfc4518.py 22551 2008-02-01 16:22:22Z lha $ +# $Id$ # Copyright (c) 2004, 2008 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/stringprep.c b/source/heimdal/lib/wind/stringprep.c index 7c28fdae1f18..7be5b2c5108b 100644 --- a/source/heimdal/lib/wind/stringprep.c +++ b/source/heimdal/lib/wind/stringprep.c @@ -39,7 +39,7 @@ #include #include -RCSID("$Id: stringprep.c 23063 2008-04-21 11:18:04Z lha $"); +RCSID("$Id$"); /** * Process a input UCS4 string according a string-prep profile. diff --git a/source/heimdal/lib/wind/stringprep.py b/source/heimdal/lib/wind/stringprep.py index d897691a0fcd..f2423fee965d 100644 --- a/source/heimdal/lib/wind/stringprep.py +++ b/source/heimdal/lib/wind/stringprep.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: stringprep.py 22551 2008-02-01 16:22:22Z lha $ +# $Id$ # Copyright (c) 2008 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/utf8.c b/source/heimdal/lib/wind/utf8.c index 544e0fe00d28..e9e63421f399 100644 --- a/source/heimdal/lib/wind/utf8.c +++ b/source/heimdal/lib/wind/utf8.c @@ -36,7 +36,7 @@ #endif #include "windlocl.h" -RCSID("$Id: utf8.c 23246 2008-06-01 22:29:04Z lha $"); +RCSID("$Id$"); static int utf8toutf32(const unsigned char **pp, uint32_t *out) diff --git a/source/heimdal/lib/wind/util.py b/source/heimdal/lib/wind/util.py index 3aee3eaf68f1..fb5953953894 100644 --- a/source/heimdal/lib/wind/util.py +++ b/source/heimdal/lib/wind/util.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: util.py 22551 2008-02-01 16:22:22Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source/heimdal/lib/wind/wind.h b/source/heimdal/lib/wind/wind.h index 3120e87da5ce..23528c85cffa 100644 --- a/source/heimdal/lib/wind/wind.h +++ b/source/heimdal/lib/wind/wind.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: wind.h 23233 2008-06-01 22:25:25Z lha $ */ +/* $Id$ */ #ifndef _WIND_H_ #define _WIND_H_ diff --git a/source/heimdal/lib/wind/wind_err.et b/source/heimdal/lib/wind/wind_err.et index 65bdff992fb6..f90c252e7dd8 100644 --- a/source/heimdal/lib/wind/wind_err.et +++ b/source/heimdal/lib/wind/wind_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: wind_err.et 23233 2008-06-01 22:25:25Z lha $" +id "$Id$" error_table wind diff --git a/source/heimdal/lib/wind/windlocl.h b/source/heimdal/lib/wind/windlocl.h index 009a4ae94afd..5d5a1650324c 100644 --- a/source/heimdal/lib/wind/windlocl.h +++ b/source/heimdal/lib/wind/windlocl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: windlocl.h 23187 2008-05-23 15:04:07Z lha $ */ +/* $Id$ */ #ifndef _WINDLOCL_H_ #define _WINDLOCL_H_