This commit was manufactured by cvs2svn to create tag krb5-1.3.4-final
authorno author <devnull@mit.edu>
Fri, 11 Jun 2004 18:58:01 +0000 (18:58 +0000)
committerno author <devnull@mit.edu>
Fri, 11 Jun 2004 18:58:01 +0000 (18:58 +0000)
'krb5-1-3-4-final'.

git-svn-id: svn://anonsvn.mit.edu/krb5/tags/krb5-1-3-4-final@16437 dc483132-0cff-0310-8789-dd5450dbe970

437 files changed:
README
doc/ChangeLog
doc/admin.texinfo
doc/api/ChangeLog
doc/api/krb5.tex
doc/build.texinfo
doc/definitions.texinfo
doc/dnssrv.texinfo
doc/install.texinfo
doc/krb4-xrealm.txt [new file with mode: 0644]
doc/krb425.texinfo
doc/support-enc.texinfo
src/ChangeLog
src/Makefile.in
src/aclocal.m4
src/appl/ChangeLog
src/appl/bsd/ChangeLog
src/appl/bsd/Makefile.in
src/appl/bsd/configure.in
src/appl/bsd/krcp.c
src/appl/bsd/krlogin.c
src/appl/bsd/krlogind.c
src/appl/bsd/krsh.c
src/appl/bsd/krshd.c
src/appl/bsd/login.c
src/appl/configure.in
src/appl/gss-sample/ChangeLog
src/appl/gss-sample/README
src/appl/gss-sample/gss-client.c
src/appl/gss-sample/gss-misc.c
src/appl/gss-sample/gss-server.c
src/appl/gssftp/ChangeLog
src/appl/gssftp/configure.in
src/appl/gssftp/ftp/ChangeLog
src/appl/gssftp/ftp/cmds.c
src/appl/gssftp/ftp/ftp.c
src/appl/gssftp/ftp/ftp_var.h
src/appl/gssftp/ftp/pclose.c
src/appl/gssftp/ftpd/ChangeLog
src/appl/gssftp/ftpd/Makefile.in
src/appl/gssftp/ftpd/ftpd.c
src/appl/gssftp/ftpd/popen.c
src/appl/telnet/libtelnet/ChangeLog
src/appl/telnet/libtelnet/Makefile.in
src/appl/telnet/libtelnet/configure.in
src/appl/telnet/libtelnet/kerberos.c
src/appl/telnet/libtelnet/kerberos5.c
src/appl/telnet/telnet/ChangeLog
src/appl/telnet/telnet/Makefile.in
src/appl/telnet/telnet/externs.h
src/appl/telnet/telnetd/ChangeLog
src/appl/telnet/telnetd/Makefile.in
src/appl/telnet/telnetd/telnetd.h
src/clients/kinit/ChangeLog
src/clients/kinit/Makefile.in
src/clients/kinit/kinit.c
src/clients/ksu/ChangeLog
src/clients/ksu/Makefile.in
src/clients/ksu/heuristic.c
src/clients/ksu/krb_auth_su.c
src/config-files/ChangeLog
src/config-files/kdc.conf
src/config-files/kdc.conf.M
src/config-files/krb5.conf
src/config-files/krb5.conf.M
src/config/ChangeLog
src/config/config.guess
src/config/config.sub
src/config/install-sh
src/config/post.in
src/config/pre.in
src/config/shlib.conf
src/config/win-pre.in
src/include/ChangeLog
src/include/Makefile.in
src/include/configure.in
src/include/fake-addrinfo.h
src/include/foreachaddr.c
src/include/k5-int.h
src/include/k5-platform.h [new file with mode: 0644]
src/include/kerberosIV/ChangeLog
src/include/kerberosIV/krb.h
src/include/krb5.hin
src/include/krb5/ChangeLog
src/include/krb5/kdb.h
src/include/krb5/stock/ChangeLog
src/include/krb5/stock/osconf.h
src/include/port-sockets.h
src/include/win-mac.h
src/kadmin/ChangeLog
src/kadmin/cli/ChangeLog
src/kadmin/cli/kadmin.c
src/kadmin/configure.in
src/kadmin/dbutil/ChangeLog
src/kadmin/dbutil/kdb5_destroy.c
src/kadmin/dbutil/kdb5_stash.c
src/kadmin/ktutil/ChangeLog
src/kadmin/ktutil/Makefile.in
src/kadmin/ktutil/ktutil.c
src/kadmin/passwd/unit-test/ChangeLog
src/kadmin/passwd/unit-test/Makefile.in
src/kadmin/passwd/unit-test/config/unix.exp
src/kadmin/server/ChangeLog
src/kadmin/server/ovsec_kadmd.c
src/kadmin/server/schpw.c
src/kadmin/testing/scripts/ChangeLog
src/kadmin/testing/scripts/env-setup.shin
src/kadmin/testing/util/Makefile.in
src/kadmin/v5passwdd/Makefile.in
src/kdc/ChangeLog
src/kdc/Makefile.in
src/kdc/do_tgs_req.c
src/kdc/extern.h
src/kdc/fakeka.c
src/kdc/kdc_preauth.c
src/kdc/kdc_util.c
src/kdc/kdc_util.h
src/kdc/kerberos_v4.c
src/kdc/main.c
src/kdc/network.c
src/krb5-config.in
src/krb524/.Sanitize
src/krb524/ChangeLog
src/krb524/Makefile.in
src/krb524/cnv_tkt_skey.c
src/krb524/conv_creds.c [deleted file]
src/krb524/conv_princ.c
src/krb524/encode.c [deleted file]
src/krb524/getcred.c [deleted file]
src/krb524/k524init.c
src/krb524/krb524.c [new file with mode: 0644]
src/krb524/krb524.h [deleted file]
src/krb524/krb524d.c
src/krb524/krb524d.h [moved from src/krb524/globals.c with 61% similarity]
src/krb524/test.c
src/lib/ChangeLog
src/lib/Makefile.in
src/lib/crypto/ChangeLog
src/lib/crypto/Makefile.in
src/lib/crypto/aes/ChangeLog
src/lib/crypto/aes/Makefile.in
src/lib/crypto/aes/aes_s2k.c
src/lib/crypto/aes/aesopt.h
src/lib/crypto/aes/uitypes.h
src/lib/crypto/arcfour/Makefile.in
src/lib/crypto/checksum_length.c
src/lib/crypto/cksumtypes.c
src/lib/crypto/combine_keys.c
src/lib/crypto/configure.in
src/lib/crypto/crc32/Makefile.in
src/lib/crypto/des/Makefile.in
src/lib/crypto/dk/ChangeLog
src/lib/crypto/dk/Makefile.in
src/lib/crypto/dk/dk.h
src/lib/crypto/dk/dk_decrypt.c
src/lib/crypto/dk/dk_encrypt.c
src/lib/crypto/enc_provider/ChangeLog
src/lib/crypto/enc_provider/Makefile.in
src/lib/crypto/enc_provider/aes.c
src/lib/crypto/etypes.c
src/lib/crypto/hash_provider/Makefile.in
src/lib/crypto/keyhash_provider/Makefile.in
src/lib/crypto/make_checksum.c
src/lib/crypto/mandatory_sumtype.c [new file with mode: 0644]
src/lib/crypto/md4/Makefile.in
src/lib/crypto/md5/Makefile.in
src/lib/crypto/old/ChangeLog
src/lib/crypto/old/Makefile.in
src/lib/crypto/old/des_stringtokey.c
src/lib/crypto/pbkdf2.c
src/lib/crypto/raw/Makefile.in
src/lib/crypto/sha1/Makefile.in
src/lib/crypto/string_to_key.c
src/lib/crypto/t_cts.c
src/lib/crypto/t_encrypt.c
src/lib/crypto/yarrow/Makefile.in
src/lib/des425/ChangeLog
src/lib/des425/Makefile.in
src/lib/des425/quad_cksum.c
src/lib/des425/t_pcbc.c
src/lib/des425/t_quad.c
src/lib/des425/verify.c
src/lib/gssapi/ChangeLog
src/lib/gssapi/Makefile.in
src/lib/gssapi/generic/ChangeLog
src/lib/gssapi/generic/Makefile.in
src/lib/gssapi/generic/gssapiP_generic.h
src/lib/gssapi/generic/util_ordering.c
src/lib/gssapi/generic/util_token.c
src/lib/gssapi/gss_libinit.c
src/lib/gssapi/krb5/ChangeLog
src/lib/gssapi/krb5/Makefile.in
src/lib/gssapi/krb5/accept_sec_context.c
src/lib/gssapi/krb5/acquire_cred.c
src/lib/gssapi/krb5/delete_sec_context.c
src/lib/gssapi/krb5/gssapiP_krb5.h
src/lib/gssapi/krb5/gssapi_krb5.c
src/lib/gssapi/krb5/gssapi_krb5.h
src/lib/gssapi/krb5/init_sec_context.c
src/lib/gssapi/krb5/inq_cred.c
src/lib/gssapi/krb5/k5seal.c
src/lib/gssapi/krb5/k5sealv3.c [new file with mode: 0644]
src/lib/gssapi/krb5/k5unseal.c
src/lib/gssapi/krb5/rel_cred.c
src/lib/gssapi/krb5/ser_sctx.c
src/lib/gssapi/krb5/set_ccache.c
src/lib/gssapi/krb5/wrap_size_limit.c
src/lib/gssapi32.def
src/lib/kadm5/ChangeLog
src/lib/kadm5/Makefile.in
src/lib/kadm5/alt_prof.c
src/lib/kadm5/clnt/Makefile.in
src/lib/kadm5/configure.in
src/lib/kadm5/srv/ChangeLog
src/lib/kadm5/srv/Makefile.in
src/lib/kadm5/srv/server_kdb.c
src/lib/kadm5/srv/svr_principal.c
src/lib/kadm5/unit-test/ChangeLog
src/lib/kadm5/unit-test/Makefile.in
src/lib/kadm5/unit-test/api.0/init.exp
src/lib/kadm5/unit-test/api.1/lock.exp
src/lib/kadm5/unit-test/api.2/init-v2.exp
src/lib/kadm5/unit-test/api.2/init.exp
src/lib/kadm5/unit-test/config/unix.exp
src/lib/kdb/ChangeLog
src/lib/kdb/Makefile.in
src/lib/kdb/keytab.c
src/lib/krb4/ChangeLog
src/lib/krb4/Makefile.in
src/lib/krb4/RealmsConfig-glue.c
src/lib/krb4/change_password.c
src/lib/krb4/configure.in
src/lib/krb4/err_txt.c
src/lib/krb4/g_ad_tkt.c
src/lib/krb4/g_cnffile.c
src/lib/krb4/g_in_tkt.c
src/lib/krb4/g_pw_in_tkt.c
src/lib/krb4/kadm_stream.c
src/lib/krb4/lifetime.c
src/lib/krb4/mk_auth.c
src/lib/krb4/mk_req.c
src/lib/krb4/password_to_key.c
src/lib/krb4_32.def
src/lib/krb5/Makefile.in
src/lib/krb5/asn.1/ChangeLog
src/lib/krb5/asn.1/Makefile.in
src/lib/krb5/asn.1/asn1_decode.c
src/lib/krb5/asn.1/asn1_decode.h
src/lib/krb5/asn.1/asn1_k_decode.c
src/lib/krb5/asn.1/asn1_k_decode.h
src/lib/krb5/asn.1/asn1_k_encode.c
src/lib/krb5/asn.1/asn1_k_encode.h
src/lib/krb5/asn.1/krb5_decode.c
src/lib/krb5/asn.1/krb5_encode.c
src/lib/krb5/ccache/ChangeLog
src/lib/krb5/ccache/Makefile.in
src/lib/krb5/ccache/cc-int.h [new file with mode: 0644]
src/lib/krb5/ccache/cc_file.c
src/lib/krb5/ccache/cc_memory.c
src/lib/krb5/ccache/cc_mslsa.c [new file with mode: 0644]
src/lib/krb5/ccache/cc_retr.c
src/lib/krb5/ccache/ccbase.c
src/lib/krb5/ccache/ccdefault.c
src/lib/krb5/error_tables/.Sanitize
src/lib/krb5/error_tables/ChangeLog
src/lib/krb5/error_tables/Makefile.in
src/lib/krb5/error_tables/init_ets.c
src/lib/krb5/error_tables/krb524_err.et [moved from src/krb524/krb524_err.et with 95% similarity]
src/lib/krb5/error_tables/krb5_err.et
src/lib/krb5/keytab/ChangeLog
src/lib/krb5/keytab/Makefile.in
src/lib/krb5/keytab/kt_file.c
src/lib/krb5/keytab/ktbase.c
src/lib/krb5/krb/.Sanitize
src/lib/krb5/krb/ChangeLog
src/lib/krb5/krb/Makefile.in
src/lib/krb5/krb/auth_con.c
src/lib/krb5/krb/auth_con.h
src/lib/krb5/krb/chpw.c
src/lib/krb5/krb/conv_creds.c [new file with mode: 0644]
src/lib/krb5/krb/copy_data.c
src/lib/krb5/krb/fwd_tgt.c
src/lib/krb5/krb/gc_frm_kdc.c
src/lib/krb5/krb/gen_seqnum.c
src/lib/krb5/krb/get_in_tkt.c
src/lib/krb5/krb/gic_keytab.c
src/lib/krb5/krb/gic_pwd.c
src/lib/krb5/krb/in_tkt_ktb.c [deleted file]
src/lib/krb5/krb/in_tkt_pwd.c [deleted file]
src/lib/krb5/krb/init_ctx.c
src/lib/krb5/krb/kfree.c
src/lib/krb5/krb/mk_cred.c
src/lib/krb5/krb/mk_priv.c
src/lib/krb5/krb/mk_rep.c
src/lib/krb5/krb/mk_req_ext.c
src/lib/krb5/krb/mk_safe.c
src/lib/krb5/krb/parse.c
src/lib/krb5/krb/preauth2.c
src/lib/krb5/krb/rd_cred.c
src/lib/krb5/krb/rd_priv.c
src/lib/krb5/krb/rd_rep.c
src/lib/krb5/krb/rd_req.c
src/lib/krb5/krb/rd_req_dec.c
src/lib/krb5/krb/rd_safe.c
src/lib/krb5/krb/send_tgs.c
src/lib/krb5/krb/ser_actx.c
src/lib/krb5/krb/serialize.c
src/lib/krb5/krb/srv_rcache.c
src/lib/krb5/krb/unparse.c
src/lib/krb5/krb/v4lifetime.c [new file with mode: 0644]
src/lib/krb5/os/.Sanitize
src/lib/krb5/os/ChangeLog
src/lib/krb5/os/Makefile.in
src/lib/krb5/os/accessor.c
src/lib/krb5/os/an_to_ln.c
src/lib/krb5/os/changepw.c
src/lib/krb5/os/dnssrv.c [new file with mode: 0644]
src/lib/krb5/os/init_os_ctx.c
src/lib/krb5/os/locate_kdc.c
src/lib/krb5/os/read_pwd.c
src/lib/krb5/os/send524.c [moved from src/krb524/sendmsg.c with 83% similarity]
src/lib/krb5/os/sendto_kdc.c
src/lib/krb5/os/t_locate_kdc.c
src/lib/krb5/os/toffset.c
src/lib/krb5/rcache/Makefile.in
src/lib/krb5_32.def
src/lib/rpc/ChangeLog
src/lib/rpc/bindresvport.c
src/lib/rpc/clnt_tcp.c
src/lib/rpc/svc.c
src/lib/rpc/unit-test/ChangeLog
src/lib/rpc/unit-test/Makefile.in
src/lib/rpc/unit-test/config/unix.exp
src/lib/rpc/unit-test/configure.in
src/lib/rpc/xdr_mem.c
src/mac/MacOSX/Headers/Kerberos5Prefix.h
src/mac/MacOSX/Projects/Kerberos5.pbexp
src/mac/MacOSX/Projects/Kerberos5.pbproj/project.pbxproj
src/mac/MacOSX/Scripts/Kerberos5Errors.jam
src/mac/MacOSX/Scripts/Kerberos5Headers.jam
src/mac/MacOSX/Scripts/Kerberos5ServerBuild.jam
src/slave/Makefile.in
src/tests/ChangeLog
src/tests/Makefile.in
src/tests/asn.1/ChangeLog
src/tests/asn.1/Makefile.in
src/tests/asn.1/krb5_decode_test.c
src/tests/asn.1/krb5_encode_test.c
src/tests/asn.1/ktest.c
src/tests/asn.1/ktest.h
src/tests/asn.1/reference_encode.out
src/tests/asn.1/trval_reference.out
src/tests/asn.1/utility.c
src/tests/configure.in
src/tests/create/ChangeLog
src/tests/create/Makefile.in
src/tests/create/kdb5_mkdums.c
src/tests/dejagnu/ChangeLog
src/tests/dejagnu/Makefile.in
src/tests/dejagnu/config/ChangeLog
src/tests/dejagnu/config/default.exp
src/tests/dejagnu/krb-standalone/ChangeLog
src/tests/dejagnu/krb-standalone/gssapi.exp
src/tests/dejagnu/krb-standalone/kadmin.exp
src/tests/dejagnu/krb-standalone/v4gssftp.exp
src/tests/dejagnu/krb-standalone/v4krb524d.exp
src/tests/dejagnu/krb-standalone/v4standalone.exp
src/tests/hammer/Makefile.in
src/tests/verify/Makefile.in
src/util/ChangeLog
src/util/Makefile.in
src/util/db2/ChangeLog
src/util/db2/Makefile.in
src/util/db2/configure.in
src/util/db2/include/ChangeLog
src/util/db2/include/db-int.h
src/util/db2/test/Makefile [deleted file]
src/util/depfix.sed
src/util/et/ChangeLog
src/util/et/compile_et.c
src/util/et/error_table.h
src/util/et/et_c.awk
src/util/et/et_c.pl
src/util/et/et_h.awk
src/util/et/et_h.pl
src/util/et/test_et.c
src/util/mkrel
src/util/profile/ChangeLog
src/util/profile/Makefile.in
src/util/profile/argv_parse.c
src/util/profile/prof_file.c
src/util/profile/prof_get.c
src/util/profile/prof_init.c
src/util/profile/prof_int.h
src/util/profile/prof_parse.c
src/util/profile/prof_set.c
src/util/profile/prof_tree.c
src/util/profile/profile.hin
src/util/profile/test_parse.c
src/util/profile/test_profile.c
src/util/pty/Makefile.in
src/util/reconf
src/util/ss/ChangeLog
src/util/ss/ss.h
src/windows/ChangeLog
src/windows/README
src/windows/cns/ChangeLog
src/windows/cns/cns.c
src/windows/cns/cns.h
src/windows/cns/cns_reg.c
src/windows/cns/cns_reg.h
src/windows/cns/cnsres5.rc
src/windows/cns/options.c
src/windows/gss/ChangeLog
src/windows/gss/Makefile.in
src/windows/gss/gss-client.c
src/windows/gss/gss-misc.c
src/windows/gss/gss-misc.h [moved from src/krb524/misc.c with 63% similarity]
src/windows/gss/gss.c
src/windows/gss/gss.h
src/windows/gss/gss.rc
src/windows/gss/resource.h [new file with mode: 0644]
src/windows/installer/nsis/ChangeLog [new file with mode: 0644]
src/windows/installer/nsis/KfWConfigPage.ini [new file with mode: 0644]
src/windows/installer/nsis/KfWConfigPage2.ini [new file with mode: 0644]
src/windows/installer/nsis/kfw-fixed.nsi [new file with mode: 0644]
src/windows/installer/nsis/kfw.ico [new file with mode: 0644]
src/windows/installer/nsis/kfw.nsi [new file with mode: 0644]
src/windows/installer/nsis/killer.cpp [new file with mode: 0644]
src/windows/installer/nsis/licenses.rtf [new file with mode: 0644]
src/windows/installer/nsis/nsi-includes.nsi [new file with mode: 0644]
src/windows/installer/nsis/site-local.nsi [new file with mode: 0644]
src/windows/installer/nsis/utils.nsi [new file with mode: 0644]
src/windows/ms2mit/ChangeLog
src/windows/ms2mit/Makefile.in
src/windows/ms2mit/ms2mit.c
src/windows/version.rc

diff --git a/README b/README
index a74353d10e9c34a2c70d09e1bb50ee8f7fb5e8f9..56dfed8f5a3c021cdee202b2dc8f4ff895040265 100644 (file)
--- a/README
+++ b/README
@@ -1,43 +1,26 @@
-these were the
-                  Kerberos Version 5, Release 1.2
+                 Kerberos Version 5, Release 1.3.4
 
                            Release Notes
-which are be updated for the next release by
                        The MIT Kerberos Team
 
 Unpacking the Source Distribution
 ---------------------------------
 
-The source distribution of Kerberos 5 comes in three gzipped tarfiles,
-krb5-1.2.src.tar.gz, krb5-1.2.doc.tar.gz, and krb5-1.2.crypto.tar.gz.
-The krb5-1.2.doc.tar.gz contains the doc/ directory and this README
-file.  The krb5-1.2.src.tar.gz contains the src/ directory and this
-README file, except for the crypto library sources, which are in
-krb5-1.2.crypto.tar.gz.
-
-Instruction on how to extract the entire distribution follow.  These
-directions assume that you want to extract into a directory called
-DIST.
+The source distribution of Kerberos 5 comes in a gzipped tarfile,
+krb5-1.3.4.tar.gz.  Instructions on how to extract the entire
+distribution follow.
 
 If you have the GNU tar program and gzip installed, you can simply do:
 
-       mkdir DIST
-       cd DIST
-       gtar zxpf krb5-1.2.src.tar.gz
-       gtar zxpf krb5-1.2.crypto.tar.gz
-       gtar zxpf krb5-1.2.doc.tar.gz
+       gtar zxpf krb5-1.3.4.tar.gz
 
 If you don't have GNU tar, you will need to get the FSF gzip
 distribution and use gzcat:
 
-       mkdir DIST
-       cd DIST
-       gzcat krb5-1.2.src.tar.gz | tar xpf -
-       gzcat krb5-1.2.crypto.tar.gz | tar xpf -
-       gzcat krb5-1.2.doc.tar.gz | tar xpf -
+       gzcat krb5-1.3.4.tar.gz | tar xpf -
 
-Both of these methods will extract the sources into DIST/krb5-1.2/src
-and the documentation into DIST/krb5-1.2/doc.
+Both of these methods will extract the sources into krb5-1.3.4/src and
+the documentation into krb5-1.3.4/doc.
 
 Building and Installing Kerberos 5
 ----------------------------------
@@ -70,8 +53,306 @@ If you are not able to use krb5-send-pr because you haven't been able
 compile and install Kerberos V5 on any platform, you may send mail to
 krb5-bugs@mit.edu.
 
+You may view bug reports by visiting
+
+http://krbdev.mit.edu/rt/
+
+and logging in as "guest" with password "guest".
+
+Major changes in 1.3.4
+----------------------
+
+* [2024, 2583, 2584] Fixed buffer overflows in
+  krb5_aname_to_localname(). [MITKRB-SA-2004-001]
+
+Minor changes in 1.3.4
+----------------------
+
+* [957] The auth_to_local rules now allow for the client realm to be
+  examined.
+
+* [2527, 2528, 2531] Keytab file names lacking a "FILE:" prefix now work
+  under Windows.
+
+* [2533] Updated installer scripts for Windows.
+
+* [2534] Fixed memory leak for when an incorrect password is input to
+  krb5_get_init_creds_password().
+
+* [2535] Added missing newline to dnssrv.c.
+
+* [2551, 2564] Use compile-time checks to determine endianness.
+
+* [2558] krb5_send_tgs() now correctly sets message_type after
+  receiving a KRB_ERROR message.
+
+* [2561, 2574] Fixed memory allocation errors in the MSLSA ccache.
+
+* [2562] The Windows installer works around cases where DLLs cannot be
+  unloaded.
+
+* [2585] Documentation correctly describes AES support in GSSAPI.
+
+Major changes in 1.3.3
+----------------------
+
+* [2284] Fixed accept_sec_context to use a replay cache in the
+  GSS_C_NO_CREDENTIAL case.  Reported by Cesar Garcia.
+
+* [2426] Fixed a spurious SIGPIPE that happened in the TCP sendto_kdc
+  code on AIX.  Thanks to Bill Dodd.
+
+* [2430] Fixed a crash in the MSLSA ccache.
+
+* [2453] The AES string-to-key function no longer returns a pointer to
+  stack memory when given a password longer than 64 characters.
+
+Minor changes in 1.3.3
+----------------------
+
+* [2277] In sendto_kdc, a socket leak on connection failure was fixed.
+  Thanks to Bill Dodd.
+
+* [2384] A memory leak in the TCP handling code in the KDC has been
+  fixed.  Thanks to Will Fiveash.
+
+* [2521] The Windows NSIS installer scripts are in the source tree.
+
+* [2522] The MSLSA ccache now supports Windows 9x.
+
+Major changes in 1.3.2
+----------------------
+
+* [2040, 1471, 2067, 2077, 2079, 2166, 2167, 2220, 2266] Support for
+  AES in GSSAPI has been implemented.  This corresponds to the
+  in-progress work in the IETF (CFX).
+
+* [2049, 2139, 2148, 2153, 2182, 2183, 2184, 2190, 2202] Added a new
+  ccache type "MSLSA:" for read-only access to the MS Windows LSA
+  cache.
+
+* [982] On windows, krb5.exe now has a checkbox to request addressless
+  tickets.
+
+* [2189, 2234] To avoid compatibility problems, unrecognized TGS
+  options will now be ignored.  Thanks to Wyllys Ingersoll for finding
+  a problem with a previous fix.
+
+* [2218] 128-bit AES has been added to the default enctypes.
+
+* [2223, 2229] AES cryptosystem now chains IVs.  This WILL break
+  backwards compatibility for the kcmd applications, if they are using
+  AES session keys.  Thanks to Wyllys Ingersoll for finding a problem
+  with a previous fix.
+
+Minor changes in 1.3.2
+----------------------
+
+* [1437] Applied patch from Stephen Grau so kinit returns non-zero
+  status under certain failure conditions where it had previously
+  returned zero.
+
+* [1586] On Windows, the krb4 CREDENTIALS structure has been changed
+  to align with KfW's version of the structure.
+
+* [1613] Applied patch from Dave Shrimpton to avoid truncation of
+  dates output from the kadmin CLI when long time zone names are
+  used.
+
+* [1622] krshd no longer calls syslog from inside a signal handler, in
+  an effort to avoid deadlocks on exit.
+
+* [1649] A com_err test program compiles properly on Darwin now.
+
+* [1692] A new configuration file tag "master_kdc" has been added to
+  allow master KDCs to be designated separately from admin servers.
+
+* [1702] krb5_get_host_realm() and krb5_free_host_realm() are no
+  longer marked as KRB5_PRIVATE.
+
+* [1711] Applied patch from Harry McGavran Jr to allow fake-addrinfo.h
+  to compile on libc5 Linux platforms.
+
+* [1712] Applied patch from Cesar Garcia to fix lifetime computation
+  in krb524 ticket conversion.
+
+* [1714] Fixed a 64-bit endianness bug in ticket starttime encoding in
+  krb524d.  Found by Cesar Garcia.
+
+* [1715] kadmind4 and v5passwdd are no longer installed on Mac OS X.
+
+* [1718] The krb4 library configure script now recognizes
+  OpenDarwin/x86.  Bug found by Rob Braun.
+
+* [1721] krb5_get_init_creds_password() no longer returns a spurious
+  KRB5_REALM_UNKNOWN if DNS SRV record support is turned off.
+
+* [1730] krb_mk_auth() no longer overzealously clears the key
+  schedule.
+
+* [1731] A double-free related to reading forwarded credentials has
+  been fixed.  Found by Joseph Galbraith.
+
+* [1770] Applied patch from Maurice Massar to fix a foreachaddr()
+  problem that was causing the KDC to segfault on startup.
+
+* [1790] The Linux build uses $(CC) to create shared libraries,
+  avoiding a libgcc problem when building libdb.
+
+* [1792] The lib/kadm5 unit tests now work around a Solaris 9
+  pty-close bug.
+
+* [1793] The test suite works around some Tru64 and Irix RPATH
+  issues, which previously could prevent tests from running on a build
+  with shared libraries enabled.
+
+* [1799] kadmind supports callouts to the Apple password server.
+
+* [1893] KRB-SAFE messages from older releases can now be read
+  successfully.  Prior 1.3.x releases did not save the encoded
+  KRB-SAFE message, and experienced problems when re-encoding.  Found
+  by Scooter Morris.
+
+* [1962] MS LSA tickets with short remaining lifetimes will be
+  rejected in favor of retrieving tickets bypassing the LSA cache.
+
+* [1973] sendto_kdc.c now closes sockets with closesocket() instead of
+  close(), avoiding a descriptor leak on Windows.
+
+* [1979] An erroneously short initial sequence number mask has been
+  fixed.
+
+* [2028] KfW now displays a kinit dialog when GSS fails to find
+  tickets.
+
+* [2051] Missing exports have been added to krb4_32.def on Windows.
+
+* [2058] Some problems with krb4 ticket lifetime backdating have
+  fixed.
+
+* [2060] GSSAPI's idea of the default ccache is less sticky now.
+
+* [2068] The profile library includes prof-int.h before conditionals
+  that rely on it.
+
+* [2084] The resolver library is no longer referenced by library code
+  if not building with DNS SRV record support.
+
+* [2085] Updated Windows README file to reflect current compilation
+  requirements, etc.
+
+* [2104] On Windows, only define strcasecmp and strncasecmp
+  replacement macros if said functions are missing.
+
+* [2106] Return an error for unimplemented ccache functions, rather
+  than calling through a null pointer.
+
+* [2118] Applied patch from Will Fiveash to use correct parameter for
+  KDC TCP listening sockets.
+
+* [2144,2230] Memory management errors in the Windows gss.exe test
+  client have been fixed.
+
+* [2171] krb5_locate_kpasswd() now correctly calls htons() on the
+  kpasswd port number.  Found by Arlene Berry.
+
+* [2180] The profile library now includes pthread.h when compiled with
+  USE_PTHREADS.
+
+* [2181, 2224] A timeout has been added to gss-server, and a missing
+  parameter to sign_server() has been added.
+
+* [2196] config.{guess,sub} have been updated from autoconf-2.59.
+
+* [2204] Windows gss.exe now has support for specifying credentials
+  cache, as well as some minor bugfixes.
+
+* [2210] GSSAPI accept_sec_context() no longer unconditionally sets
+  INTEG and CONF flags in contradiction to what the initiator sent.
+
+* [2212] The GSS sample application has some additional options to
+  support testing of SSPI vs GSSAPI.
+
+* [2217] Windows gss.exe has new UI elements to support more flag
+  settings.
+
+* [2225] In the gss sample client, some extraneous parameters have
+  been removed from client_establish_context().
+
+* [2228] Copyright notices updated in GSS sample apps.
+
+* [2233] On Windows compiles with KRB5_KFW_COMPILE, the lib path for
+  krbcc32.lib is now correct.
+
+* [2195, 2236, 2241, 2245] The Solaris 9 pty-close bug, which was
+  affecting the test suite, has been worked around by hacking
+  scheduler priorities.  See the installation notes for details.
+  Thanks to Bill Sommerfeld for some useful hints.
+
+* [2258] An incorrect memcpy() statement in fakeka has been fixed.
+  Reported by David Thompson.
+
+Notes, Major Changes, and Known Bugs for 1.3.1
+----------------------------------------------
+
+* [1681] The incorrect encoding of the ETYPE-INFO2 preauthentication
+  hint is no longer emitted, and the both the incorrect and the
+  correct encodings of ETYPE-INFO2 are now accepted.  We STRONGLY
+  encourage deploying krb5-1.3.1 in preference to 1.3, especially on
+  client installations, as the 1.3 release did not conform to the
+  internet-draft for the revised Kerberos protocol in its encoding of
+  ETYPE-INFO2.
+
+* [1683] The non-caching getaddrinfo() API on Mac OS X, which was
+  causing significant slowdowns under some circumstances, has been
+  worked around.
+
+Minor changes in 1.3.1
+----------------------
+
+* [1015] gss_accept_sec_context() now passes correct arguments to
+  TREAD_STR() when reading options beyond the forwarded credential
+  option.  Thanks to Emily Ratliff.
+
+* [1365] The GSSAPI initiator credentials are no longer cached inside
+  the GSSAPI library.
+
+* [1651] A buffer overflow in krb_get_admhst() has been fixed.
+
+* [1655] krb5_get_permitted_enctypes() and krb5_set_real_time() are
+  now exported for use by Samba.
+
+* [1656] gss_init_sec_context() no longer leaks credentials under some
+  error conditions.
+
+* [1657] krb_get_lrealm() no longer returns "ATHENA.MIT.EDU"
+  inappropriately.
+
+* [1664] The crypto library no longer has bogus dependencies on
+  com_err.
+
+* [1665] krb5_init_context() no longer multiply registers error tables
+  when called more than once, preventing a memory leak.
+
+* [1666] The GSS_C_NT_* symbols are now exported from gssapi32.dll on
+  Windows.
+
+* [1667] ms2mit now imports any tickets with supported enctypes, and
+  does not import invalid tickets.
+
+* [1677] krb5_gss_register_acceptor_identity() no longer has an
+  off-by-one in its memory allocation.
+
+* [1679] krb5_principal2salt is now exported on all platforms.
+
+* [1684] The file credentials cache is now supported if USE_CCAPI is
+  defined, i.e., for KfM and KfW.
+
+* [1691] Documentation for the obsolete kdc_supported_enctypes config
+  variable has been removed.
+
 Notes, Major Changes, and Known Bugs for 1.3
-------------------------------------
+--------------------------------------------
 
 * We now install the compile_et program, so other packages can use the
   installed com_err library with their own error tables.  (If you use
@@ -83,8 +364,13 @@ Notes, Major Changes, and Known Bugs for 1.3
   that will probably frustrate any attempts to run this code under SunOS
   4 or other pre-C89 systems.
 
-* Some new code, bug fixes, and cleanup for IPv6 support.  [[TODO:
-  Insert list of (non-)supporting programs and libraries here.]]
+* Some new code, bug fixes, and cleanup for IPv6 support.  Most of the
+  code should support IPv6 transparently now.  The RPC code (and
+  therefore the admin system, which is based on it) does not yet
+  support IPv6.  The support for Kerberos 4 may work with IPv6 in very
+  limited ways, if the address checking is turned off.  The FTP client
+  and server do not have support for the new protocol messages needed
+  for IPv6 support (RFC 2428).
 
 * We have upgraded to autoconf 2.52 (or later), and the syntax for
   specifying certain configuration options have changed.  For example,
@@ -96,204 +382,489 @@ Notes, Major Changes, and Known Bugs for 1.3
   may be necessary when talking to Microsoft KDCs (domain controllers),
   if they issue you tickets with lots of PAC data.
 
-* If you have versions of the com_err, ss, or Berkeley DB packages
-  installed locally, you can use the --with-system-et,
-  --with-system-ss, and --with-system-db configure options to use them
-  rather than using the versions supplied here.  Note that the
-  interfaces are assumed to be similar to those we supply; in
+* If you have versions of the com_err or ss installed locally, you can
+  use the --with-system-et and --with-system-ss configure options to
+  use them rather than using the versions supplied here.  Note that
+  the interfaces are assumed to be similar to those we supply; in
   particular, some older, divergent versions of the com_err library
   may not work with the krb5 sources.  Many configure-time variables
   can be used to help the compiler and linker find the installed
   packages; see the build documentation for details.
 
-Notes, Major Changes, and Known Bugs for 1.2, delete before shipping 1.3
-------------------------------------
-
-* Triple DES support, for session keys as well as user or service
-  keys, should be nearly complete in this release.  Much of the work
-  that has been needed is generic multiple-cryptosystem support, so
-  the addition of another cryptosystem should be much easier.
-
-  * GSSAPI support for 3DES has been added.  An Internet Draft is
-    being worked on that will describe how this works; it is not
-    currently standardized.  Some backwards-compatibility issues in
-    this area mean that enabling 3DES support must be done with
-    caution; service keys that are used for GSSAPI must not be updated
-    to 3DES until the services themselves are upgraded to support 3DES
-    under GSSAPI.
-
-* DNS support for locating KDCs is enabled by default.  DNS support
-  for looking up the realm of a host is compiled in but disabled by
-  default (due to some concerns with DNS spoofing).
-
-  We recommend that you publish your KDC information through DNS even
-  if you intend to rely on config files at your own site; otherwise,
-  sites that wish to communicate with you will have to keep their
-  config files updated with your information.  One of the goals of
-  this code is to reduce the client-side configuration maintenance
-  requirements as much as is possible, without compromising security.
-
-  See the administrator's guide for information on setting up DNS
-  information for your realm.
-
-  One important effect of this for developers is that on many systems,
-  "-lresolv" must be added to the compiler command line when linking
-  Kerberos programs.
-
-  Configure-time options are available to control the inclusion of the
-  DNS code and the setting of the defaults.  Entries in krb5.conf will
-  also modify the behavior if the code has been compiled in.
-
-* Numerous buffer-overrun problems have been found and fixed.  Many of
-  these were in locations we don't expect can be exploited in any
-  useful way (for example, overrunning a buffer of MAXPATHLEN bytes if
-  a compiled-in pathname is too long, in a program that has no special
-  privileges).  It may be possible to exploit a few of these to
-  compromise system security.
-
-* Partial support for IPv6 addresses has been added.  It can be
-  enabled or disabled at configure time with --enable-ipv6 or
-  --disable-ipv6; by default, the configure script will search for
-  certain types and macros, and enable the IPv6 code if they're found.
-  The IPv6 support at this time mostly consists of including the
-  addresses in credentials.
-
-* A protocol change has been made to the "rcmd" suite (rlogin, rsh,
-  rcp) to address several security problems described in Kris
-  Hildrum's paper presented at NDSS 2000.  New command-line options
-  have been added to control the selection of protocol, since the
-  revised protocol is not compatible with the old one.
-
-* A security problem in login.krb5 has been fixed.  This problem was
-  only present if the krb4 compatibility code was not compiled in.
-
-* A security problem with ftpd has been fixed.  An error in the in the
-  yacc grammar permitted potential root access.
-
-* The client programs kinit, klist and kdestroy have been changed to
-  incorporate krb4 support.  New command-line options control whether
-  krb4 behavior, krb5 behavior, or both are used.
-
-* Patches from Frank Cusack for much better hardware preauth support
-  have been incorporated.
-
-* Patches from Matt Crawford extend the kadmin ACL syntax so that
-  restrictions can be imposed on what certain administrators may do to
-  certain accounts.
-
-* A KDC on a host with multiple network addresses will now respond to
-  a client from the address that the client used to contact it.  The
-  means used to implement this will however cause the KDC not to
-  listen on network addresses configured after the KDC has started.
-
-Minor changes
--------------
-
-* New software using com_err should use the {add,remove}_error_table
-  interface rather than init_XXX_error_table; in fact, the latter
-  function in the generate C files will now call add_error_table
-  instead of messing with unprotected global variables.
-
-  Karl Ramm has offered to look into reconciling the various
-  extensions and changes that have been made in different versions of
-  the MIT library, and the API used in the Heimdal equivalent.  No
-  timeline is set for this work.
-
-* Some source files (including some header files we install) now have
-  annotations for use with the LCLint package from the University of
-  Virginia.  LCLint, as of version 2.5q, is not capable of handling
-  much of the Kerberos code in its current form, at least not without
-  significantly restructuring the Kerberos code, but it has been used
-  in limited cases and has uncovered some bugs.  We may try adding
-  more annotations in the future.
-
-Minor changes for 1.2, delete this section before shipping 1.3
--------------
-
-* The shell code for searching for the Tcl package at configure time
-  has been modified.  If a tclConfig.sh can be found, the information
-  it contains is used, otherwise the old searching method is tried.
-  Let us know if this new scheme causes any problems.
-
-* Shared library builds may work on HPUX, Rhapsody/MacOS X, and newer
-  Alpha systems now.
-
-* The Windows build will now include kvno and gss-sample.
-
-* The routine krb5_secure_config_files has been disabled.  A new
-  routine, krb5_init_secure_context, has been added in its place.
-
-* The routine decode_krb5_ticket is now being exported as
-  krb5_decode_ticket.  Any programs that used the old name (which
-  should be few) should be changed to use the new name; we will
-  probably eliminate the old name in the future.
-
-* The CCAPI-based credentials cache code has been changed to store the
-  local-clock time of issue and expiration rather than the KDC-clock
-  times.
-
-* On systems with large numbers of IP addresses, "kinit" should do a
-  better job of acquiring those addresses to put in the user's
-  credentials.
-
-* Several memory leaks in error cases in the gssrpc code have been
-  fixed.
+* The AES cryptosystem has been implemented.  However, support in the
+  Kerberos GSSAPI mechanism has not been written (or even fully
+  specified), so it's not fully enabled.  See the documentation for
+  details.
+
+Major changes listed by ticket ID
+---------------------------------
+
+* [492] PRNG breakage on 64-bit platforms no longer an issue due to
+  new PRNG implementation.
+
+* [523] Client library is now compatible with the RC4-based
+  cryptosystem used by Windows 2000.
+
+* [709] krb4 long lifetime support has been implemented.
+
+* [880] krb5_gss_register_acceptor_identity() implemented (is called
+  gsskrb5_register_acceptor_identity() by Heimdal).
+
+* [1087] ftpd no longer requires channel bindings, allowing easier use
+  of ftp from behind a NAT.
+
+* [1156, 1209] It is now possible to use the system com_err to build
+  this release.
+
+* [1174] TCP support added to client library.
+
+* [1175] TCP support added to the KDC, but is disabled by default.
+
+* [1176] autoconf-2.5x is now required by the build system.
 
-* A bug with login clobbering some internal static storage on AIX has
+* [1184] It is now possible to use the system Berkeley/Sleepycat DB
+  library to build this release.
+
+* [1189, 1251] The KfM krb4 library source base has been merged.
+
+* [1190] The default KDC master key type is now triple-DES.  KDCs
+  being updated may need their config files updated if they are not
+  already specifying the master key type.
+
+* [1190] The default ticket lifetime and default maximum renewable
+  ticket lifetime have been extended to one day and one week,
+  respectively.
+
+* [1191] A new script, k5srvutil, may be used to manipulate keytabs in
+  ways similar to the krb4 ksrvutil utility.
+
+* [1281] The "fakeka" program, which emulates the AFS kaserver, has
+  been integrated.  Thanks to Ken Hornstein.
+
+* [1343] The KDC now defaults to not answering krb4 requests.
+
+* [1344] Addressless tickets are requested by default now.
+
+* [1372] There is no longer a need to create a special keytab for
+  kadmind.  The legacy administration daemons "kadmind4" and
+  "v5passwdd" will still require a keytab, though.
+
+* [1377, 1442, 1443] The Microsoft set-password protocol has been
+  implemented.  Thanks to Paul Nelson.
+
+* [1385, 1395, 1410] The krb4 protocol vulnerabilities
+  [MITKRB5-SA-2003-004] have been worked around.  Note that this will
+  disable krb4 cross-realm functionality, as well as krb4 triple-DES
+  functionality.  Please see doc/krb4-xrealm.txt for details of the
+  patch.
+
+* [1393] The xdrmem integer overflows [MITKRB5-SA-2003-003] have
   been fixed.
 
-* Per-library initialization and cleanup functions have been added,
-  for use in configurations that dynamically load and unload these
-  libraries.
+* [1397] The krb5_principal buffer bounds problems
+  [MITKRB5-SA-2003-005] have been fixed.  Thanks to Nalin Dahyabhai.
+
+* [1415] Subsession key negotiation has been fixed to allow for
+  server-selected subsession keys in the future.
 
-* Many compile-time warnings have been fixed.
+* [1418, 1429, 1446, 1484, 1486, 1487, 1535, 1621] The AES
+  cryptosystem has been implemented.  It is not usable for GSSAPI,
+  though.
 
-* The GSS sample programs have been updated to exercise more of the
-  API.
+* [1491] The client-side functionality of the krb524 library has been
+  moved into the krb5 library.
 
-* The telnet server should produce a more meaningful error message if
-  authentication is required but not provided.
+* [1550] SRV record support exists for Kerberos v4.
+
+* [1551] The heuristic for locating the Kerberos v4 KDC by prepending
+  "kerberos." to the realm name if no config file or DNS information
+  is available has been removed.
+
+* [1568, 1067] A krb524 stub library is built on Windows.
+
+Minor changes listed by ticket ID
+---------------------------------
 
-* Changes have been made to ksu to make it more difficult to use it to
-  leak information the user does not have access to.
+* [90] default_principal_flags documented.
 
-* The sample config file information for the CYGNUS.COM realm has been
-  updated, and the GNU.ORG realm has been added.
+* [175] Docs refer to appropriate example domains/IPs now.
 
-* A configure-time option has been added to enable a replay cache in
-  the KDC.  We recommend its use when hardware preauthentication is
-  being used.  It is enabled by default, and can be disabled if
-  desired with the configure-time option --disable-kdc-replay-cache.
+* [299] kadmin no longer complains about missing kdc.conf parameters
+  when it really means krb5.conf parameters.
 
-* Some new routines have been added to the library and krb5.h.
+* [318] Run-time load path for tcl is set now when linking test
+  programs.
 
-* A new routine has been added to the prompter interface to allow the
-  application to determine which of the strings prompted for is the
-  user's password, in case it is needed for other purposes.
+* [443] --includedir honored now.
 
-* The remote kadmin interface has been enhanced to support the
-  specification of key/salt types for a principal.
+* [479] unused argument in try_krb4() in login.c deleted.
 
-* New keytab entries' key values can now be specified manually with a
-  new command in the ktutil program.
+* [590] The des_read_pw_string() function in libdes425 has been
+  aligned with the original krb4 and CNS APIs.
 
-* A longstanding bug where certain krb4 exchanges using the
-  compatibility library between systems with different byte orders
-  would fail half the time has been fixed.
+* [608] login.krb5 handles SIGHUP more sanely now and thus avoids
+  getting the session into a weird state w.r.t. job control.
 
-* A source file under the GPL has been replaced with an equivalent
-  under the BSD license.  The file, strftime.c, was part of one of the
-  OpenVision admin system applications, and was only used on systems
-  that don't have strftime() in their C libraries.
+* [620] krb4 encrypted rcp should work a little better now.  Thanks to
+  Greg Hudson.
 
-* Many bug reports are still outstanding in our database.  We are
-  continuing to work on this backlog.
+* [647] libtelnet/kerberos5.c no longer uses internal include files.
 
+* [673] Weird echoing of admin password in kadmin client worked around
+  by not using buffered stdio calls to read passwords.
+
+* [677] The build system has been reworked to allow the user to set
+  CFLAGS, LDFLAGS, CPPFLAGS, etc. reasonably.
+
+* [680] Related to [673], rewrite krb5_prompter_posix() to no longer
+  use longjmp(), thus avoiding some bugs relating to non-restoration
+  of terminal settings.
+
+* [697] login.krb5 no longer zeroes out the terminal window size.
+
+* [710] decomp_ticket() in libkrb4 now looks up the local realm name
+  more correctly.  Thanks to Booker Bense.
+
+* [771] .rconf files are excluded from the release now.
+
+* [772] LOG_AUTHPRIV syslog facility is now usable for logging on
+  systems that support it.
+
+* [844] krshd now syslogs using the LOG_AUTH facility.
+
+* [850] Berekely DB build is better integrated into the krb5 library
+  build process.
+
+* [866] lib/krb5/os/localaddr.c and kdc/network.c use a common source
+  for local address enumeration now.
+
+* [882] gss-client now correctly deletes the context on error.
+
+* [919] kdc/network.c problems relating to SIOCGIFCONF have been
+  fixed.
+
+* [922] An overflow in the string-to-time conversion routines has been
+  fixed.
+
+* [933] krb524d now handles single-DES session keys other than of type
+  des-cbc-crc.
+
+* [935] des-cbc-md4 now included in default enctypes.
+
+* [939] A minor grammatical error has been fixed in a telnet client
+  error message.
+
+* [953] des3 no longer failing on Windows due to SHA1 implementation
+  problems.
+
+* [964] kdb_init_hist() no longer fails if master_key_enctype is not
+  in supported_enctypes.
+
+* [970] A minor inconsistency in ccache.tex has been fixed.
+
+* [971] option parsing bugs rendered irrelevant by removal of unused
+  gss mechanism.
+
+* [976] make install mentioned in build documentation.
+
+* [986] Related to [677], problems with the ordering of LDFLAGS
+  initialization rendered irrelevant by use of native autoconf
+  idioms.
+
+* [992] Related to [677], quirks with --with-cc no longer relevant as
+  AC_PROG_CC is used instead now.
+
+* [999] The kdc_default_options configuration variable is now honored.
+  Thanks to Emily Ratliff.
+
+* [1006] Client library, as well as KDC, now perform reasonable
+  sorting of ETYPE-INFO preauthentication data.
+
+* [1055] NULL pointer dereferences in code calling
+  krb5_change_password() have been fixed.
+
+* [1063] Initial credentials acquisition failures related to client
+  host having a large number of local network interfaces should be
+  fixed now.
+
+* [1064] Incorrect option parsing in the gssapi library is no longer
+  relevant due to removal of the "v2" mechanism.
+
+* [1065, 1225] krb5_get_init_creds_password() should properly warn about
+  password expiration.
+
+* [1066] printf() argument mismatches in rpc unit tests fixed.
+
+* [1085] The krb5.conf manpage has been re-synchronized with other
+  documentation.
+
+* [1102] gssapi_generic.h should now work with C++.
+
+* [1135] The kadm5 ACL system is better documented.
+
+* [1136] Some documentation for the setup of cross-realm
+  authentication has been added.
+
+* [1164] krb5_auth_con_gen_addrs() now properly returns errno instead
+  of -1 if getpeername() fails.
+
+* [1173] Address-less forwardable tickets will remain address-less
+  when forwarded.
+
+* [1178, 1228, 1244, 1246, 1249] Test suite has been stabilized
+  somewhat.
+
+* [1188] As part of the modernization of our usage of autoconf,
+  AC_CONFIG_FILES is now used instead of passing a list of files to
+  AC_OUTPUT.
+
+* [1194] configure will no longer recurse out of the top of the source
+  tree when attempting to locate the top of the source tree.
+
+* [1192] Documentation for the krb5 afs functionality of krb524d has
+  been written.
+
+* [1195] Example krb5.conf file modified to include all enctypes
+  supported by the release.
+
+* [1202] The KDC no longer rejects unrecognized flags.
+
+* [1203] krb5_get_init_creds_keytab() no longer does a double-free.
+
+* [1211] The ASN.1 code no longer passes (harmless) uninitialized
+  values around.
+
+* [1212] libkadm5 now allows for persistent exclusive database locks.
+
+* [1217] krb5_read_password() and des_read_password() are now
+  implemented via krb5_prompter_posix().
+
+* [1224] For SAM challenges, omitted optional strings are no longer
+  encoded as zero-length strings.
+
+* [1226] Client-side support for SAM hardware-based preauth
+  implemented.
+
+* [1229] The keytab search logic no longer fails prematurely if an
+  incorrect encryption type is found.  Thanks to Wyllys Ingersoll.
+
+* [1232] If the master KDC cannot be resolved, but a slave is
+  reachable, the client library now returns the real error from the
+  slave rather than the resolution failure from the master.  Thanks to
+  Ben Cox.
+
+* [1234] Assigned numbers for SAM preauth have been corrected.
+  sam-pk-for-sad implementation has been aligned.
+
+* [1237] Profile-sharing optimizations from KfM have been merged.
+
+* [1240] Windows calling conventions for krb5int_c_combine_keys() have
+  been aligned.
+
+* [1242] Build system incompatibilities with Debian's chimeric
+  autoconf installation have been worked around.
+
+* [1256] Incorrect sizes passed to memset() in combine_keys()
+  operations have been corrected.
+
+* [1260] Client credential lookup now gets new service tickets in
+  preference to attempting to use expired ticketes.  Thanks to Ben
+  Cox.
+
+* [1262, 1572] Sequence numbers are now unsigned; negative sequence
+  numbers will be accepted for the purposes of backwards
+  compatibility.
+
+* [1263] A heuristic for matching the incorrectly encoded sequence
+  numbers emitted by Heimdal implementations has been written.
+
+* [1284] kshd accepts connections by IPv6 now.
+
+* [1292] kvno manpage title fixed.
+
+* [1293] Source files no longer explicitly attempt to declare errno.
+
+* [1304] kadmind4 no longer leaves sa_flags uninitialized.
+
+* [1305] Expired tickets now cause KfM to pop up a password dialog.
+
+* [1309] krb5_send_tgs() no longer leaks the storage associated with
+  the TGS-REQ.
+
+* [1310] kadm5_get_either() no longer leaks regexp library memory.
+
+* [1311] Output from krb5-config no longer contains spurious uses of
+  $(PURE).
+
+* [1324] The KDC no longer logs an inappropriate "no matching key"
+  error when an encrypted timestamp preauth password is incorrect.
+
+* [1334] The KDC now returns a clockskew error when the timestamp in
+  the encrypted timestamp preauth is out of bounds, rather than just
+  returning a preauthentcation failure.
+
+* [1342] gawk is no longer required for building kerbsrc.zip for the
+  Windows build.
+
+* [1346] gss_krb5_ccache_name() no longer attempts to return a pointer
+  to freed memory.
+
+* [1351] The filename globbing vulnerability [CERT VU#258721] in the
+  ftp client's handling of filenames beginning with "|" or "-"
+  returned from the "mget" command has been fixed.
+
+* [1352] GSS_C_PROT_READY_FLAG is no longer asserted inappropriately
+  during GSSAPI context establishment.
+
+* [1356] krb5_gss_accept_sec_context() no longer attempts to validate
+  a null credential if one is passed in.
+
+* [1362] The "-a user" option to telnetd now does the right thing.
+  Thanks to Nathan Neulinger.
+
+* [1363] ksu no longer inappropriately syslogs to stderr.
+
+* [1357] krb__get_srvtab_name() no longer leaks memory.
+
+* [1370] GSS_C_NO_CREDENTIAL now accepts any principal in the keytab.
+
+* [1373] Handling of SAM preauth no longer attempts to stuff a size_t
+  into an unsigned int.
+
+* [1387] BIND versions later than 8 now supported.
+
+* [1392] The getaddrinfo() wrapper should work better on AIX.
+
+* [1400] If DO_TIME is not set in the auth_context, and no replay
+  cache is available, no replay cache will be used.
+
+* [1406, 1108] libdb is no longer installed.  If you installed
+  krb5-1.3-alpha1, you should ensure that no spurious libdb is left in
+  your install tree.
+
+* [1412] ETYPE_INFO handling no longer goes into an infinite loop.
+
+* [1414] libtelnet is now built using the same library build framework
+  as the rest of the tree.
+
+* [1417] A minor memory leak in krb5_read_password() has been fixed.
+
+* [1419] A memory leak in asn1_decode_kdc_req_body() has been fixed.
+
+* [1435] inet_ntop() is now emulated when needed.
+
+* [1439] krb5_free_pwd_sequences() now correctly frees the entire
+  sequence of elements.
+
+* [1440] errno is no longer explicitly declared.
+
+* [1441] kadmind should now return useful errors if an unrecognized
+  version is received in a changepw request.
+
+* [1454, 1480, 1517, 1525] The etype-info2 preauth type is now
+  supported.
+
+* [1459] (KfM/KLL internal) config file resolution can now be
+  prevented from accessing the user's homedir.
+
+* [1463] Preauth handling in the KDC has been reorganized.
+
+* [1470] Double-free in client-side preauth code fixed.
+
+* [1473] Ticket forwarding when the TGS and the end service have
+  different enctypes should work somewhat better now.
+
+* [1474] ASN.1 testsuite memory management has been cleaned up a
+  little to allow for memory leak checking.
+
+* [1476] Documentation updated to reflect default krb4 mode.
+
+* [1482] RFC-1964 OIDs now provided using the suggested symbolic
+  names.
+
+* [1483, 1528] KRB5_DEPRECATED is now false by default on all
+  platforms.
+
+* [1488] The KDC will now return integrity errors if a decryption
+  error is responsible for preauthentication failure.
+
+* [1492] The autom4te.cache directories are now deleted from the
+  release tarfiles.
+
+* [1501] Writable keytabs are registered by default.
+
+* [1515] The check for cross-realm TGTs no longer reads past the end
+  of an array.
+
+* [1518] The kdc_default_options option is now actually honored.
+
+* [1519] The changepw protocol implementation in kadmind now logs
+  password changes.
+
+* [1520] Documentation of OS-specific build options has been updated.
+
+* [1536] A missing prototype for krb5_db_iterate_ext() has been
+  added.
+
+* [1537] An incorrect path to kdc.conf show in the kdc.conf manpage
+  has been fixed.
+
+* [1540] verify_as_reply() will only check the "renew-till" time
+  against the "till" time if the RENEWABLE is not set in the request.
+
+* [1547] gssftpd no longer uses vfork(), as this was causing problems
+  under RedHat 9.
+
+* [1549] SRV records with a value of "." are now interpreted as a lack
+  of support for the protocol.
+
+* [1553] The undocumented (and confusing!) kdc_supported_enctypes
+  kdc.conf variable is no longer used.
+
+* [1560] Some spurious double-colons in password prompts have been
+  fixed.
+
+* [1571] The test suite tries a little harder to get a root shell.
+
+* [1573] The KfM build process now sets localstatedir=/var/db.
+
+* [1576, 1575] The client library no longer requests RENEWABLE_OK if
+  the renew lifetime is greater than the ticket lifetime.
+
+* [1587] A more standard autoconf test to locate the C compiler allows
+  for gcc to be found by default without additional configuration
+  arguments.
+
+* [1593] Replay cache filenames are now escaped with hyphens, not
+  backslashes.
+
+* [1598] MacOS 9 support removed from in-tree com_err.
+
+* [1602] Fixed a memory leak in make_ap_req_v1().  Thanks to Kent Wu.
+
+* [1604] Fixed a memory leak in krb5_gss_init_sec_context(), and an
+  uninitialized memory reference in kg_unseal_v1().  Thanks to Kent
+  Wu.
+
+* [1607] kerberos-iv SRV records are now documented.
+
+* [1610] Fixed AES credential delegation under GSSAPI.
+
+* [1618] ms2mit no longer inserts local addresses into tickets
+  converted from the MS ccache if they began as addressless tickets.
+
+* [1619] etype_info parser (once again) accepts extra field emitted by
+  Heimdal.
+
+* [1643] Some typos in kdc.conf.M have been fixed.
+
+* [1648] For consistency, leading spaces before preprocessor
+  directives in profile.h have been removed.
 
 Copyright Notice and Legal Administrivia
 ----------------------------------------
 
-Copyright (C) 1985-2000 by the Massachusetts Institute of Technology.
+Copyright (C) 1985-2004 by the Massachusetts Institute of Technology.
 
 All rights reserved.
 
@@ -459,7 +1030,7 @@ Thanks to Doug Engert from ANL for providing many bug fixes, as well
 as testing to ensure DCE interoperability.
 
 Thanks to Ken Hornstein at NRL for providing many bug fixes and
-suggestions.
+suggestions, and for working on SAM preauthentication.
 
 Thanks to Matt Crawford at FNAL for bugfixes and enhancements.
 
@@ -472,11 +1043,15 @@ providing patches for numerous buffer overruns.
 Thanks to Christopher Thompson and Marcus Watts for discovering the
 ftpd security bug.
 
+Thanks to Paul Nelson of Thursby Software Systems for implementing the
+Microsoft set password protocol.
+
 Thanks to the members of the Kerberos V5 development team at MIT, both
-past and present: Danilo Almeida, Jay Berkenbilt, Richard Basch, John
-Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam
-Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic,
-Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott McGuire,
-Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris
-Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Brad Thompson,
-Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.
+past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt,
+Richard Basch, Mitch Berger, John Carr, Don Davis, Alexandra Ellwood,
+Nancy Gilman, Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva
+Jacobus, Miroslav Jurisic, Barry Jaspan, Geoffrey King, John Kohl,
+Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
+Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
+Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall
+Vale, Tom Yu.
index 709c559806f57eeb7defd158951bf27ac36939af..52e2f6945f6dc5e4f8781a9c06f12c4008b2f774 100644 (file)
@@ -1,3 +1,103 @@
+2004-06-10  Ken Raeburn  <raeburn@mit.edu>
+
+       * admin.texinfo (Supported Encryption Types): Reflect new AES
+       support in GSSAPI, but keep a warning about interoperability with
+       old versions.
+
+2004-02-13  Tom Yu  <tlyu@mit.edu>
+
+       * build.texinfo (Solaris 9): Add section describing workaround for
+       Solaris 9 pty-close kernel bug.
+
+2003-07-25  Ken Raeburn  <raeburn@mit.edu>
+
+       * admin.texinfo (realms (krb5.conf)): Add description of
+       master_kdc tag.
+       (Sample krb5.conf File): Add it to the example.
+
+2003-07-24  Sam Hartman  <hartmans@mit.edu>
+
+       * admin.texinfo (realms (kdc.conf)): Remove references to kdc_supported_enctypes
+       (Sample kdc.conf File): Remove kdc_supported_enctypes here too
+
+2003-06-20  Tom Yu  <tlyu@mit.edu>
+
+       * build.texinfo (Installing the Binaries): New node; describe
+       basic "make install", along with "DESTDIR=...".
+
+2003-06-19  Tom Yu  <tlyu@mit.edu>
+
+       * build.texinfo (HPUX): Fix typo.
+       (Options to Configure): Note that --with-system-db is unsupported,
+       concerning possible lossage with loading dumpfiles.
+
+2003-06-18  Tom Yu  <tlyu@mit.edu>
+
+       * dnssrv.texinfo: Add note about _kerberos-iv._udp SRV records.
+
+2003-05-30  Ken Raeburn  <raeburn@mit.edu>
+
+       * definitions.texinfo (DefaultCcacheType, DefaultKDCTimesync,
+       DefaultMasterKeyType, DefaultTktLifetime): Updated for code
+       changes.
+       (DefaultCcacheTypeMac, DefaultKDCTimesyncMac): Deleted.
+
+       * admin.texinfo (libdefaults): Update kdc_timesync and ccache_type
+       descriptions to not separate Mac case.
+
+2003-05-30  Sam Hartman  <hartmans@mit.edu>
+
+       * admin.texinfo (Supported Encryption Types): Document AES interop issues.
+
+       * support-enc.texinfo: Add AES enctypes
+
+2003-05-27  Tom Yu  <tlyu@mit.edu>
+
+       * admin.texinfo (realms (kdc.conf)): Update to reflect that
+       kadm5.keytab is only used by legacy admin daemons.
+
+       * install.texinfo (Create a kadmind Keytab (optional)): Update to
+       reflect that kadm5.keytab is only used by legacy admin daemons.
+
+       * build.texinfo (HPUX): Make HPUX compiler flags simpler.
+
+2003-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * build.texinfo (HPUX, Solaris 2.X, Ultrix 4.2/3 [notdef]):
+       Replace descriptions of old --with- options with VAR=.
+       (Solaris 2.X): Suggest that defining _XOPEN_SOURCE and
+       __EXTENSIONS__ might help for 64-bit mode.
+
+2003-05-23  Tom Yu  <tlyu@mit.edu>
+
+       * admin.texinfo (appdefaults): Clarify afs_krb5 slightly.
+
+2003-05-22  Sam Hartman  <hartmans@mit.edu>
+
+       * admin.texinfo (appdefaults): Describe afs_krb5
+
+       * krb425.texinfo (AFS and the Appdefaults Section): Note about AFS and 2b tokens
+
+2003-05-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * definitions.texinfo: Updated DefaultSupportedEnctypes.
+
+2003-05-12  Sam Hartman  <hartmans@mit.edu>
+
+       * definitions.texinfo: Default v4 mode is now none
+
+2003-04-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * definitions.texinfo (DefaultETypeList,
+       DefaultSupportedEnctypes): Update for AES.
+       * install.texinfo (Client Machine Configuration Files): Fix typo
+       in variable reference.
+
+2003-04-08  Tom Yu  <tlyu@mit.edu>
+
+       * krb4-xrealm.txt: New file.  Describe the krb4 cross-realm
+       patchkit.  Copied from 2003-004-krb4_patchkit.
+
 2003-02-04  Sam Hartman  <hartmans@mit.edu>
 
        * krb425.texinfo (Upgrading KDCs): Note that -4 needs to be specified
index a58cf5675c4cd118d9ed7310edf28b9efba56294..ec20a89d0195f9df6e9c75c172815ae93f9dd1af 100644 (file)
@@ -350,6 +350,22 @@ types can be set to some combination of the following strings.
 
 @include support-enc.texinfo
 
+While aes128-cts and aes256-cts are supported for all Kerberos
+operations, they are not supported by older versions of our GSSAPI
+implementation (krb5-1.3.1 and earlier).
+
+By default, AES is enabled in this release.  Sites wishing to use AES
+encryption types on their KDCs need to be careful not to give GSSAPI
+services AES keys if the servers have not been updated.  If older
+GSSAPI services are given AES keys, then services may fail when
+clients supporting AES for GSSAPI are used.  Sites may wish to use AES
+for user keys and for the ticket granting ticket key, although doing
+so requires specifying what encryption types are used as each
+principal is created.
+
+If all GSSAPI-based services have been updated before or with the KDC,
+this is not an issue.
+
 @node Salts, krb5.conf, Supported Encryption Types, Configuration Files
 @section Salts
 
@@ -425,9 +441,7 @@ If this is set to 1 (for true), then client machines will compute the
 difference between their time and the time returned by the KDC in the
 timestamps in the tickets and use this value to correct for an
 inaccurate system clock.  This corrective factor is only used by the
-Kerberos library.  The default is @value{DefaultKDCTimesyncMac} for
-Macintosh computers and @value{DefaultKDCTimesync} for all other
-platforms.
+Kerberos library.  The default is @value{DefaultKDCTimesync}.
 
 @itemx kdc_req_checksum_type
 @itemx ap_req_checksum_type
@@ -466,9 +480,7 @@ type of cache to be created by kinit, or when forwarded tickets are
 received.  DCE and Kerberos can share the cache, but some versions of
 DCE do not support the default cache as created by this version of
 Kerberos.  Use a value of 1 on DCE 1.0.3a systems, and a value of 2 on
-DCE 1.1 systems.  The default value is @value{DefaultCcacheTypeMac}
-for Macintosh computers and @value{DefaultCcacheType} for other
-platforms.
+DCE 1.1 systems.  The default value is @value{DefaultCcacheType}.
 
 @ignore
 @itemx tkt_lifetime
@@ -610,6 +622,33 @@ The list of specifiable options for each application may be found in
 that application's man pages.  The application defaults specified here
 are overridden by those specified in the [realms] section.
 
+A special application name (afs_krb5) is used by the krb524 service to
+know whether new format AFS tokens based on Kerberos 5 can be used
+rather than the older format which used a converted Kerberos 4 ticket.
+The new format allows for cross-realm authentication without
+introducing a security hole.  It is used by default.  Older AFS
+servers (before OpenAFS 1.2.8) will not support the new format.  If
+servers in your cell do not support the new format, you will need to
+add an @code{afs_krb5} relation to the @code{appdefaults} section.
+The following config file shows how to disable new format AFS tickets
+for the @code{afs.example.com} cell in the @code{EXAMPLE.COM} realm.
+
+@smallexample
+@group
+[appdefaults]
+    afs_krb5 = @{ 
+        EXAMPLE.COM = @{
+            afs/afs.example.com = false
+        @}
+    @}
+
+@end group
+@end smallexample
+
+
+
+
+
 @node login, realms (krb5.conf), appdefaults, krb5.conf
 @subsection [login]
 
@@ -666,6 +705,15 @@ this tag must be given a value in each realm subsection in the
 configuration file, or there must be DNS SRV records specifying the
 KDCs (see @ref{Using DNS}).
 
+@itemx master_kdc
+Identifies the master KDC(s).  Currently, this tag is used in only one
+case: If an attempt to get credentials fails because of an invalid
+password, the client software will attempt to contact the master KDC,
+in case the user's password has just been changed, and the updated
+database has not been propagated to the slave servers yet.  (We don't
+currently check whether the KDC from which the initial response came
+is on the master KDC list.  That may be fixed in the future.)
+
 @itemx admin_server
 Identifies the host where the administration server is running.
 Typically, this is the master Kerberos server.  This tag must be given
@@ -995,6 +1043,7 @@ Here is an example of a generic @code{krb5.conf} file:
         kdc = @value{KDCSLAVE1}.@value{PRIMARYDOMAIN}
         kdc = @value{KDCSLAVE2}.@value{PRIMARYDOMAIN}:750
         admin_server = @value{KDCSERVER}.@value{PRIMARYDOMAIN}
+        master_kdc = @value{KDCSERVER}.@value{PRIMARYDOMAIN}
         default_domain = @value{PRIMARYDOMAIN}
     @}
     @value{SECONDREALM} = @{
@@ -1089,9 +1138,9 @@ uses to determine which principals are allowed which permissions on the
 database.  The default is @code{@value{DefaultAclFile}}.
 
 @itemx admin_keytab
-(String.)  Location of the keytab file that kadmin uses to authenticate
-to the database.  The default is
-@code{@value{DefaultAdminKeytab}}.
+(String.)  Location of the keytab file that the legacy administration
+daemons @code{kadmind4} and @code{v5passwdd} use to authenticate to
+the database.  The default is @code{@value{DefaultAdminKeytab}}.
 
 @itemx database_name
 (String.)  Location of the Kerberos database for this realm.  The
@@ -1222,10 +1271,6 @@ will have keys of these types.  The default value for this tag is
 @value{DefaultSupportedEnctypes}. For lists of possible values, see
 @ref{Supported Encryption Types} and @ref{Salts}.
 
-@itemx kdc_supported_enctypes
-Specifies the permitted key/salt combinations of principals for this
-realm.  The format is the same as @code{supported_enctypes}.
-
 @itemx reject_bad_transit
 A boolean value (@code{true}, @code{false}).  If set to @code{true}, the
 KDC will check the list of transited realms for cross-realm tickets
@@ -1277,7 +1322,6 @@ Here's an example of a @code{kdc.conf} file:
         max_renewable_life = 7d 0h 0m 0s
         master_key_type = des3-hmac-sha1
         supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
-        kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
     @}
 
 [logging]
index 3728895f4b31f8cecd5ca04cb4d713745951de1a..4446ccf26bffce139d2673d997362503b83e64c7 100644 (file)
@@ -1,3 +1,7 @@
+2003-05-09  Tom Yu  <tlyu@mit.edu>
+
+       * krb5.tex: Update subkey-related information to match code.
+
 2002-01-15  Sam Hartman  <hartmans@mit.edu>
 
        * krb5.tex (subsubsection{Principal access functions}): krb5_princ_realm returns a pointer.
index 1574f169b890974515cb5b4bb54a8797b6890b72..d70910ec0769160cf1155a1f9fbed37b1d986caf 100644 (file)
@@ -183,28 +183,45 @@ Retrieves the keyblock stored in \funcparam{auth_context}. The memory
 allocated in this function should be freed with a call to
 \funcname{krb5_free_keyblock}. 
 
-\begin{funcdecl}{krb5_auth_con_getlocalsubkey}{krb5_error_code}{\funcinout}
+\begin{funcdecl}{krb5_auth_con_getrecvsubkey}{krb5_error_code}{\funcinout}
 \funcarg{krb5_context}{context}
 \funcarg{krb5_auth_context}{auth_context}
 \funcout
 \funcarg{krb5_keyblock **}{keyblock}
 \end{funcdecl}
 
-Retrieves the local_subkey keyblock stored in
+Retrieves the recv\_subkey keyblock stored in
 \funcparam{auth_context}. The memory allocated in this function should
 be freed with a call to \funcname{krb5_free_keyblock}.
 
-\begin{funcdecl}{krb5_auth_con_getremotesubkey}{krb5_error_code}{\funcinout}
+\begin{funcdecl}{krb5_auth_con_getsendsubkey}{krb5_error_code}{\funcinout}
 \funcarg{krb5_context}{context}
 \funcarg{krb5_auth_context}{auth_context}
 \funcout
 \funcarg{krb5_keyblock **}{keyblock}
 \end{funcdecl}
 
-Retrieves the remote_subkey keyblock stored in
+Retrieves the send\_subkey keyblock stored in
 \funcparam{auth_context}. The memory allocated in this function should
 be freed with a call to \funcname{krb5_free_keyblock}.
 
+\begin{funcdecl}{krb5_auth_con_setrecvsubkey}{krb5_error_code}{\funcinout}
+\funcarg{krb5_context}{context}
+\funcarg{krb5_auth_context}{auth_context}
+\funcout
+\funcarg{krb5_keyblock *}{keyblock}
+\end{funcdecl}
+
+Sets the recv\_subkey keyblock stored in \funcparam{auth_context}.
+
+\begin{funcdecl}{krb5_auth_con_setsendsubkey}{krb5_error_code}{\funcinout}
+\funcarg{krb5_context}{context}
+\funcarg{krb5_auth_context}{auth_context}
+\funcout
+\funcarg{krb5_keyblock *}{keyblock}
+\end{funcdecl}
+
+Sets the send\_subkey keyblock stored in \funcparam{auth_context}.
 
 \begin{funcdecl}{krb5_auth_setcksumtype}{krb5_error_code}{\funcinout}
 \funcarg{krb5_context}{context}
@@ -1508,9 +1525,9 @@ Parses a KRB_SAFE message from \funcparam{inbuf}, placing the
 data in \funcparam{*outbuf} after verifying its integrity.
 
 The keyblock used for verifying the integrity of the message is taken
-from the \funcparam{auth_context} local_subkey, remote_subkey, or
-keyblock. The keyblock is chosen in the above order by the first one
-which is not NULL.
+from the \funcparam{auth_context} recv\_subkey or keyblock. The
+keyblock is chosen in the above order by the first one which is not
+NULL.
  
 The remote_addr and localaddr portions of the \funcparam{*auth_context}
 specify the full addresses (host and port) of the sender and receiver,
index 1f0ef9687d468b782dc3bacecf8ac2bc3a58a649..14f284d2148c71b7aa93c70ab46c934b299ef09c 100644 (file)
@@ -9,6 +9,7 @@ required in porting Kerberos V5 to a new platform.
                                            build Kerberos.
 * Unpacking the Sources::       Preparing the source tree.
 * Doing the Build::             Compiling Kerberos.
+* Installing the Binaries::     Installing the compiled binaries.
 * Testing the Build::           Making sure Kerberos built correctly.
 * Options to Configure::        Command-line options to Configure
 * osconf.h::                    Header file-specific configurations
@@ -57,15 +58,15 @@ source code for building @value{PRODUCT} on Windows (see windows/README)
 
 @menu
 * The appl Directory::          
-* The clients Directory::
-* The gen-manpages Directory::
-* The include Directory::
+* The clients Directory::       
+* The gen-manpages Directory::  
+* The include Directory::       
 * The kadmin Directory::        
 * The kdc Directory::           
 * The krb524 Directory::        
-* The lib Directory::
-* The prototype Directory::
-* The slave Directory::
+* The lib Directory::           
+* The prototype Directory::     
+* The slave Directory::         
 * The util Directory::          
 @end menu
 
@@ -248,7 +249,7 @@ your current directory is @file{/u1} when you unpack the tarfiles, you
 will get @file{/u1/krb5-@value{RELEASE}/src}, etc.)
 
 
-@node Doing the Build, Testing the Build, Unpacking the Sources, Building Kerberos V5
+@node Doing the Build, Installing the Binaries, Unpacking the Sources, Building Kerberos V5
 @section Doing the Build
 
 You have a number of different options in how to build Kerberos.  If you
@@ -335,7 +336,33 @@ makes it fail for relative pathnames. Note that this version differs
 from the latest version as distributed and installed by the XConsortium
 with X11R6. Either version should be acceptable.
 
-@node Testing the Build, Options to Configure, Doing the Build, Building Kerberos V5
+@node Installing the Binaries, Testing the Build, Doing the Build, Building Kerberos V5
+@section Installing the Binaries
+
+Once you have built Kerberos, you should install the binaries.  You
+can do this by running:
+
+@example
+% make install
+@end example
+
+If you want to install the binaries into a destination directory that
+is not their final destination, which may be convenient if you want to
+build a binary distribution to be deployed on multiple hosts, you may
+use:
+
+@example
+% make install DESTDIR=/path/to/destdir
+@end example
+
+This will install the binaries under @code{DESTDIR/PREFIX}, e.g., the
+user programs will install into @code{DESTDIR/PREFIX/bin}, the
+libraries into @code{DESTDIR/PREFIX/lib}, etc.
+
+Note that if you want to test the build (see @ref{Testing the Build}),
+you usually do not need to do a @code{make install} first.
+
+@node Testing the Build, Options to Configure, Installing the Binaries, Building Kerberos V5
 @section Testing the Build
 
 The Kerberos V5 distribution comes with built-in regression tests.  To
@@ -569,7 +596,10 @@ This option is ignored if @samp{--with-system-ss} is not specified.
 @item --with-system-db
 
 Use an installed version of the Berkeley DB package, which must
-provide an API compatible with version 1.85.
+provide an API compatible with version 1.85.  This option is
+@emph{unsupported} and untested.  In particular, we do not know if the
+database-rename code used in the dumpfile load operation will behave
+properly.
 
 If this option is not given, a version supplied with the Kerberos
 sources will be built and installed.  (We are not updating this
@@ -720,6 +750,7 @@ Thanks!
 * HPUX::                        
 * Solaris versions 2.0 through 2.3::  
 * Solaris 2.X::                 
+* Solaris 9::                   
 * SGI Irix 5.X::                
 * Ultrix 4.2/3::                
 @end menu
@@ -769,11 +800,12 @@ NetBSD and FreeBSD.)
 @node HPUX, Solaris versions 2.0 through 2.3, BSDI, OS Incompatibilities
 @subsection HPUX
 
-The native (bundled) compiler for HPUX currently will not work, because
-it is not a full ANSI C compiler.  The optional compiler (c89) should
-work as long as you give it the @samp{-D_HPUX_SOURCE} flag
-(i.e. @samp{./configure --with-cc='c89 -D_HPUX_SOURCE'}).  This has only
-been tested recently for HPUX 10.20.
+The native (bundled) compiler for HPUX currently will not work,
+because it is not a full ANSI C compiler.  The optional ANSI C
+compiler should work as long as you give it the @samp{-Ae} flag
+(i.e. @samp{./configure CC='cc -Ae'}).  This is equivalent to
+@samp{./configure CC='c89 -D_HPUX_SOURCE'}, which was the previous
+recommendation.  This has only been tested recently for HPUX 10.20.
 
 @node Solaris versions 2.0 through 2.3, Solaris 2.X, HPUX, OS Incompatibilities
 @subsection Solaris versions 2.0 through 2.3
@@ -816,16 +848,38 @@ environment to break or behave differently.
 
 @end enumerate
 
-@node Solaris 2.X, SGI Irix 5.X, Solaris versions 2.0 through 2.3, OS Incompatibilities
+@node Solaris 2.X, Solaris 9, Solaris versions 2.0 through 2.3, OS Incompatibilities
 @subsection Solaris 2.X
 
 You @b{must} compile Kerberos V5 without the UCB compatibility
 libraries.  This means that @file{/usr/ucblib} must not be in the
 LD_LIBRARY_PATH environment variable when you compile it.  Alternatively
 you can use the @code{-i} option to @samp{cc}, by using the specifying
-@code{--with-ccopts=-i} option to @samp{configure}.
+@code{CFLAGS=-i} option to @samp{configure}.
+
+If you are compiling for a 64-bit execution environment, you may need
+to configure with the option @code{CFLAGS="-D_XOPEN_SOURCE=500
+-D__EXTENSIONS__"}.  This is not well tested; at MIT we work primarily
+with the 32-bit execution environment.
+
+@node Solaris 9, SGI Irix 5.X, Solaris 2.X, OS Incompatibilities
+@subsection Solaris 9
+
+Solaris 9 has a kernel race condition which causes the final output
+written to the slave side of a pty to be lost upon the final close()
+of the slave device.  This causes the dejagnu-based tests to fail
+intermittently.  A workaround exists, but requires some help from the
+scheduler, and the ``make check'' must be executed from a shell with
+elevated priority limits.
+
+Run something like
+
+@code{priocntl -s -c FX -m 30 -p 30 -i pid nnnn}
+
+as root, where @code{nnnn} is the pid of the shell whose priority
+limit you wish to raise.
 
-@node SGI Irix 5.X, Ultrix 4.2/3, Solaris 2.X, OS Incompatibilities
+@node SGI Irix 5.X, Ultrix 4.2/3, Solaris 9, OS Incompatibilities
 @subsection SGI Irix 5.X
 
 If you are building in a tree separate from the source tree, the vendors
@@ -852,8 +906,8 @@ GCC instead.
 
 On the DEC MIPS platform, using the native compiler, @file{md4.c} and
 @file{md5.c} can not be compiled with the optimizer set at level 1.
-That is, you must specify either @samp{--with-ccopts=-O} and
-@samp{--with-ccopts=-g} to configure.  If you don't specify either, the
+That is, you must specify either @samp{CFLAGS=-O} and
+@samp{CFLAGS=-g} to configure.  If you don't specify either, the
 compile will never complete.
 
 The optimizer isn't hung; it just takes an exponentially long time.
index 1acf0f4d096290c6509bd98b531d0e465bd74f46..1c5ed88f8da4e80cb8bdd0571db29aa51b6a058d 100644 (file)
@@ -43,7 +43,7 @@ default was set.
 the following should be consistent with the variables set in
 krb5/src/lib/krb5/krb/init_ctx.c
 @end ignore
-@set DefaultETypeList des3-cbc-sha1 arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4 
+@set DefaultETypeList aes256-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4 
 @comment DEFAULT_ETYPE_LIST
 @set DefaultDefaultTgsEnctypes @value{DefaultETypeList}
 @set DefaultDefaultTktEnctypes @value{DefaultETypeList}
@@ -52,14 +52,14 @@ krb5/src/lib/krb5/krb/init_ctx.c
 @comment libdefaults, clockskew
 @set DefaultChecksumType RSA MD5 
 @comment libdefaults, kdc_req_checksum_type, ap_req_checksum_type, safe_checksum_type
-@set DefaultCcacheType 
+@set DefaultCcacheType 4
 @comment DEFAULT_CCACHE_TYPE 
-@set DefaultCcacheTypeMac 4 
-@comment DEFAULT_CCACHE_TYPE
-@set DefaultTktLifetime 10 hours
+@set DefaultTktLifetime 1 day
 @comment libdefaults, tkt_lifetime
-@set DefaultKDCTimesyncMac 1
-@set DefaultKDCTimesync 0
+@comment -- actually, that's not implemented; see
+@comment lib/krb5/krb/get_in_tkt.c, and clients/kinit/kinit.c for krb4
+@comment fallback
+@set DefaultKDCTimesync 1
 @comment DEFAULT_KDC_TIMESYNC
 @set DefaultKDCDefaultOptions KDC_OPT_RENEWABLE_OK
 @comment line 194
@@ -68,7 +68,7 @@ krb5/src/lib/krb5/krb/init_ctx.c
 the following defaults should be consistent with default variables set
 in krb5/src/include/krb5/stock/osconf.h
 @end ignore
-@set DefaultMasterKeyType des-cbc-crc 
+@set DefaultMasterKeyType des3-cbc-sha1
 @comment DEFAULT_KDC_ENCTYPE
 @set DefaultKadmindPort 749 
 @comment DEFAULT_KADM5_PORT
@@ -146,7 +146,7 @@ krb5/src/appl/bsd/login.c
 the following defaults should be consistent with the values set in
 krb5/src/kdc/kerberos_v4
 @end ignore
-@set DefaultV4Mode nopreauth
+@set DefaultV4Mode  none
 @comment KDC_V4_DEFAULT_MODE
 
 @ignore
index 1a401ac14e2ac7ca4bc8967e90803ce2fd463a6a..c969fb2690ca1a0f8c1641fc7a616da923230b56 100644 (file)
@@ -59,6 +59,10 @@ will also need the @code{admin_server} entry in @code{krb5.conf}.
 This should list port @value{DefaultKpasswdPort} on your master KDC.
 It is used when a user changes her password.
 
+@item _kerberos-iv._udp
+This should refer to your KDCs that serve Kerberos version 4 requests,
+if you have Kerberos v4 enabled.
+
 @end table
 
 Be aware, however, that the DNS SRV specification requires that the
index b105435e208171f9bdbfefc71813eade4996756e..f406fdc4aa4db0b09b07aa014b60b440255cf43d 100644 (file)
@@ -374,7 +374,7 @@ first few steps must be done on the master KDC.
 * Create the Database::         
 * Add Administrators to the Acl File::  
 * Add Administrators to the Kerberos Database::  
-* Create a kadmind Keytab::     
+* Create a kadmind Keytab (optional)::  
 * Start the Kerberos Daemons::  
 @end menu
 
@@ -516,7 +516,7 @@ filename should match the value you have set for ``acl_file'' in your
 
 @include kadm5acl.texinfo
 
-@node Add Administrators to the Kerberos Database, Create a kadmind Keytab, Add Administrators to the Acl File, Install the Master KDC
+@node Add Administrators to the Kerberos Database, Create a kadmind Keytab (optional), Add Administrators to the Acl File, Install the Master KDC
 @subsubsection Add Administrators to the Kerberos Database
 
 Next you need to add administrative principals to the Kerberos database.
@@ -551,17 +551,18 @@ kadmin.local:}
 
 
 
-@node Create a kadmind Keytab, Start the Kerberos Daemons, Add Administrators to the Kerberos Database, Install the Master KDC
-@subsubsection Create a kadmind Keytab
+@node Create a kadmind Keytab (optional), Start the Kerberos Daemons, Add Administrators to the Kerberos Database, Install the Master KDC
+@subsubsection Create a kadmind Keytab (optional)
 
-The kadmind keytab is the key that kadmind will use to decrypt
-administrators' Kerberos tickets to determine whether or not it should
-give them access to the database.  You need to create the kadmin keytab
-with entries for the principals @code{kadmin/admin} and
+The kadmind keytab is the key that the legacy admininstration daemons
+@code{kadmind4} and @code{v5passwdd} will use to decrypt
+administrators' or clients' Kerberos tickets to determine whether or
+not they should have access to the database.  You need to create the
+kadmin keytab with entries for the principals @code{kadmin/admin} and
 @code{kadmin/changepw}.  (These principals are placed in the Kerberos
 database automatically when you create it.)  To create the kadmin
-keytab, run @code{kadmin.local} and use the @code{ktadd} command, as in
-the following example.  (The line beginning with @result{} is a
+keytab, run @code{kadmin.local} and use the @code{ktadd} command, as
+in the following example.  (The line beginning with @result{} is a
 continuation of the previous line.):
 
 @smallexample
@@ -593,7 +594,7 @@ The filename you use must be the one specified in your @code{kdc.conf}
 file.
 
 @need 2000
-@node Start the Kerberos Daemons,  , Create a kadmind Keytab, Install the Master KDC
+@node Start the Kerberos Daemons,  , Create a kadmind Keytab (optional), Install the Master KDC
 @subsubsection Start the Kerberos Daemons on the Master KDC
 
 At this point, you are ready to start the Kerberos daemons on the Master
@@ -973,7 +974,7 @@ On the @emph{new} master KDC:
 
 @enumerate
 @item
-Create a database keytab.  (@xref{Create a kadmind Keytab}.)
+Create a database keytab.  (@xref{Create a kadmind Keytab (optional)}.)
 
 @item
 Start the @code{kadmind} daemon.  (@xref{Start the Kerberos Daemons}.)
@@ -1059,8 +1060,8 @@ kerberos      @value{DefaultPort}/udp    kdc    # Kerberos V5 KDC
 kerberos      @value{DefaultPort}/tcp    kdc    # Kerberos V5 KDC
 klogin        @value{DefaultKloginPort}/tcp          # Kerberos authenticated rlogin
 kshell        @value{DefaultKshellPort}/tcp   cmd    # and remote shell
-kerberos-adm  @value{DefaultKamdindPort}/tcp          # Kerberos 5 admin/changepw
-kerberos-adm  @value{DefaultKamdindPort}/udp          # Kerberos 5 admin/changepw
+kerberos-adm  @value{DefaultKadmindPort}/tcp          # Kerberos 5 admin/changepw
+kerberos-adm  @value{DefaultKadmindPort}/udp          # Kerberos 5 admin/changepw
 krb5_prop     @value{DefaultKrbPropPort}/tcp          # Kerberos slave propagation
 @c kpop          1109/tcp         # Pop with Kerberos
 eklogin       @value{DefaultEkloginPort}/tcp         # Kerberos auth. & encrypted rlogin
diff --git a/doc/krb4-xrealm.txt b/doc/krb4-xrealm.txt
new file mode 100644 (file)
index 0000000..f8c4566
--- /dev/null
@@ -0,0 +1,143 @@
+The following text was taken from the patchkit disabling cross-realm
+authentication and triple-DES in krb4.
+
+PATCH KIT DESCRIPTION
+=====================
+
+** FLAG DAY REQUIRED **
+
+One of the things we decided to do (and must do for security reasons)
+was drop support for the 3DES krb4 TGTs.  Unfortunately the current
+code will only accept 3DES TGTs if it issues 3DES TGTs.  Since the new
+code issues only DES TGTs, the old code will not understand its v4
+TGTs if the site has a 3DES key available for the krbtgt principal.
+The new code will understand and accept both DES and 3DES v4 TGTs.
+
+So, the easiest upgrade option is to deploy the code on all KDCs at
+once, being sure to deploy it on the master KDC last.  Under this
+scenario, a brief window exists where slaves may be able to issue
+tickets that the master will not understand.  However, the slaves will
+understand tickets issued by the master throughout the upgrade.
+
+An alternate and more annoying upgrade strategy exists.  At least one
+max TGT life time before the upgrade, the TGT key can be changed to be
+a single-des key.  Since we support adding a new TGT key while
+preserving the old one, this does not create an interruption in
+service.  Since no 3DES key is available then both the old and new
+code will issue and accept DES v4 TGTs.  After the upgrade, the TGT
+key can again be rekeyed to add 3DES keys.  This does require two TGT
+key changes and creates a window where DES is used for the v5 TGT, but
+creates no window in which slaves will issue TGTs the master cannot
+accept.
+
+* What the patch does
+=====================
+
+1) Kerberos 4 cross-realm authentication is disabled by default.  A
+   "-X" switch is added to both krb524d and krb5kdc to enable v4
+   cross-realm.  This switch logs a note that a security hole has been
+   opened in the KDC log.  We said while designing the patch, that we
+   were going to try to allow per-realm configuration; because of a
+   design problem in the kadm5 library, we could not do this without
+   bumping the ABI version of that library.  We are unwilling to bump
+   an ABI version in a security patch release to get that feature, so
+   the configuration of v4 cross-realm is a global switch.
+
+2) Code responsible for v5 TGTs has been changed to require that the
+   enctype of the ticket service key be the same as the enctype that
+   would currently be issued for that kvno.  This means that even if a
+   service has multiple keys, you cannot use a weak key to fake the
+   KDC into accepting tickets for that service.  If you have a non-DES
+   TGT key, this separates keys used for v4 and v5.  We actually relax
+   this requirement for cross-realm TGT keys (which in the new code
+   are only used for v5) because we cannot guarantee other Kerberos
+   implementations will choose keys the same way.
+
+3) We no longer issue 3DES v4 tickets either in the KDC or krb524d.
+   We add code to accept either DES or 3DES tickets for v4.  None of
+   the attacks discovered so far can be implemented given a KDC that
+   accepts but does not issue 3DES tickets, so we believe that leaving
+   this functionality in as compatibility for a version or two is
+   reasonable.  Note however that the attacks described do allow
+   successful attackers to print future tickets, so sites probably
+   want to rekey important keys after installing this update.  Note
+   also that even if issuance of 3DES v4 tickets has been disabled,
+   outstanding tickets may be used to perform the 3DES cut-and-paste
+   attack.
+
+* Test Cases
+============
+
+This code is difficult to test for two reasons.  First, you need a
+cross-realm  relationship between two KDCs.  Secondly, you need a KDC
+that will issue 3DES v4 tickets even though the code  with the patch
+applied can no longer do this.
+
+I propose to meet these requirements by setting up a cross-realm 3DES
+key between  a realm I control and the test environment.  In order to
+provide concrete examples of what I plan to test with the automated
+tests,  I assume a shared key between a realm PREPATCH.KRBTEST.COM and the
+test realm PATCH.
+
+In all of the following tests  I assume the following configuration.
+A principal v4test@PREPATCH.KRBTEST.COM exists with known password and
+without requiring preauthentication.  The PREPATCH.KRBTEST.COM KDC will
+issue v4 tickets for this principal.  A principal test@PATCH exists
+with known password and without requiring preauthentication.    A
+principal service@PATCH exists.  The TGT for the PATCH realm has a
+3des and des key.  The shared TGT keys between PATCH and
+PREPATCH.KRBTEST.COM are identical in both directions (required for v4) and
+support both 3DES and DES keys.
+
+1) Run krb524d and krb5kdc for PATCH with no special options using a
+   krb5.conf without permitted_enctypes (fully permissive).
+
+
+A) Get v4 tickets as v4test@PREPATCH.KRBTEST.COM.  Confirm that  kvno -4
+service@PATCH  fails with an unknown principal error and logs an error
+about cross-realm being denied to the PATCH KDC log. This confirms
+that v4 cross-realm is not accepted.
+
+B) Get v5 tickets as v4test@PREPATCH.KRBTEST.COM.  Confirm that krb524init
+-p service@PATCH fails with a prohibited by policy  error, but that
+klist -5 includes a ticket for service@PATCH.  This confirms that v5
+cross-realm works but the krb524d denies converting such a ticket into
+a cross-realm ticket. Note that the krb524init currently in the
+mainline source tree will not be useful for this test because the
+client denies cross-realm for the simple reason that the v4 ticket
+file format is not flexible enough to support it.  The krb524init in
+the  1.2.x release is useful for this test.
+
+
+2) Restart the krb5kdc and krb524d for PATCH with the -X option
+   enabling v4 cross-realm.
+
+A) Confirm that the security warning is written to kdc.log.
+
+B) Get v4 tickets as v4test@PREPATCH.KRBTEST.COM.  Confirm that kvno -4
+service@PATCH works and leaves a service@PATCH ticket in the cache.
+This confirms that v4 cross-realm works in the KDC.  It also  confirms
+that the KDC can accept 3DES v4 TGTs.  The code path for decrypting a
+TGT is the same for the local realm and for foreign realms, so I don't
+see a need to test local 3DES TGTs in an automated manner although I
+did test it manually.
+
+C) Get v5 tickets as v4test@PREPATCH.KRBTEST.COM.  Confirm that krb524init
+-p service@PATCH works.    This confirms that krb524d will issue
+cross-realm tickets.  They're completely useless because the v4 ticket
+file can't represent them, but that's not our problem today.
+
+3) Start the kdc and krb524d with a krb5.conf that  includes
+   permitted_enctypes only listing des-cbc-crc.  Get tickets as
+   test@PATCH.  Restart the KDC  and confirm that kvno service fails
+   logging an error about permitted enctypes.  This confirms that if
+   you manage to obtain a ticket of the wrong enctype it will not be
+   accepted later.
+
+These tests do not check to make sure that  3DES tickets are not
+issued by the v4 code.  I'm fairly certain that is true as I've
+physically remove the calls to the routine that generates 3DES tickets
+from the code in both the KDC and krb524d.  These tests also do not
+check to make sure that  cross-realm TGTs are not required to follow
+the strict enctype policy.  I've tested that manually  but don't know
+how to test that without  significantly complicating the test setup.
index c239b2f541b22e73d771ecd2448b27e4282e51f5..7a7a808620ca883be3e798d9606bcea129b98eca 100644 (file)
@@ -17,7 +17,7 @@
 
 @include definitions.texinfo
 @set EDITION 1.0
-@set UPDATED October 8, 1996
+@set UPDATED May 22, 2003
 
 @finalout                               @c don't print black warning boxes
 
@@ -101,6 +101,7 @@ nonstandard installations.
 @menu
 * libdefaults::                 
 * realms (krb5.conf)::          
+* AFS and the Appdefaults Section::  
 @end menu
 
 @node libdefaults, realms (krb5.conf), krb5.conf, krb5.conf
@@ -122,7 +123,7 @@ Specifies the location of the Kerberos V4 domain/realm translation
 file.  Default is @value{DefaultKrb4Realms}.
 @end table
 
-@node realms (krb5.conf),  , libdefaults, krb5.conf
+@node realms (krb5.conf), AFS and the Appdefaults Section, libdefaults, krb5.conf
 @subsection [realms]
 
 In the [realms] section, the following Kerberos V4 tags may be used:
@@ -148,6 +149,21 @@ between the realms.
 
 @end table
 
+@node AFS and the Appdefaults Section,  , realms (krb5.conf), krb5.conf
+@subsection AFS and the Appdefaults Section
+
+Many Kerberos 4 sites also run the Andrew File System (AFS).
+
+Modern AFS servers (OpenAFS > 1.2.8) support the AFS 2b token format.
+This allows AFS to use Kerberos 5 tickets rather than version 4
+tickets, enabling cross-realm authentication.  By default, the
+@file{krb524d} service will issue the new AFS 2b tokens.  If you are
+using old AFS servers, you will need to disable these new tokens.
+Please see the documentation of the @code{appdefaults} section of
+@file{krb5.conf} in the Kerberos Administration guide.
+
+
+
 @node kdc.conf,  , krb5.conf, Configuration Files
 @section kdc.conf
 
index 3f030bad9e14050fd2990dc257d30aee6de879fa..ca4e8faab38a8344d69aedfdc4a5b0974e9d1d49 100644 (file)
@@ -16,6 +16,12 @@ DES cbc mode with RSA-MD5
 triple DES cbc mode with HMAC/sha1
 @item des-hmac-sha1 
 DES with HMAC/sha1
+@item aes256-cts-hmac-sha1-96
+@itemx aes256-cts
+AES-256 CTS mode with 96-bit SHA-1 HMAC
+@item aes128-cts-hmac-sha1-96
+@itemx aes128-cts
+AES-128 CTS mode with 96-bit SHA-1 HMAC
 @item arcfour-hmac 
 @itemx rc4-hmac
 @itemx arcfour-hmac-md5
index 1c8eeea1107ac0f8ab57ddfe226ff03bcb929329..e8c543f795c4b0a78a65b93964cbc26a4b49ad16 100644 (file)
@@ -1,3 +1,66 @@
+2004-02-12  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4 (KRB5_AC_PRIOCNTL_HACK): Set PRIOCNTL_HACK=1 on
+       Solaris 9.
+
+2003-05-27  Ken Raeburn  <raeburn@mit.edu>
+
+       * Makefile.in (KRBHDEP): Add krb524_err header.
+
+2003-05-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * aclocal.m4 (WITH_KRB4): Don't set or substitute KRB524_DEPLIB,
+       KRB524_LIB, KRB524_H_DEP, or KRB524_ERR_H_DEP.
+       * Makefile.in (ETOUT): Update location of krb524_err files.
+       (krb524/krb524_err.h, krb524/krb524_err.c): Delete.
+       ($(INC)krb524_err.h, $(ET)krb524_err.c): New targets.
+
+2003-05-22  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4: Add -DKRB5_DEPRECATED=1 so stuff in tree builds.
+
+2003-04-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * aclocal.m4: Require autoconf 2.52 only.
+
+2003-04-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * aclocal.m4: Require autoconf 2.53.
+       (CONFIG_RULES): Always set AUTOCONFINCFLAGS to --include.
+
+2003-04-10  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4: Revert requrement of autoconf-2.53, since MacOS X
+       doesn't have it.
+
+2003-04-01  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4 (KRB5_AC_CHOOSE_DB): Set new variable KDB5_DB_LIB to
+       empty if using in-tree db.  It is now used to pass -ldb to link
+       commands, if needed, when linking programs with libkdb5.  DB_LIB
+       is now only used for programs that explicitly need the actual
+       libdb independently of libkdb5.
+
+       * krb5-config.in: Use $KDB5_DB_LIB instead of "-ldb" for kdb
+       libraries.
+
+2003-03-31  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4: Require autoconf-2.53, since 2.52 generates
+       configure scripts that NetBSD /bin/sh doesn't like.
+
+2003-03-18  Alexandra Ellwood  <lxs@mit.edu>
+
+    * aclocal.m4: Define KRB5_AC_NEED_BIND_8_COMPAT to check for bind 9
+    and higher.  When bind 9 is present, BIND_8_COMPAT needs to be defined to
+    get bind 8 types.
+
+2003-03-12  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in (AWK): Default to awk, not gawk.  User can override
+       on make's command line if necessary.  Still, only really useful
+       for building kerbsrc.zip, etc.
+
 2003-03-05  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.in (WINMAKEFILES): Add lib\crypto\aes\Makefile.
index d236af970ab8310e7cd2efdb39a9a65dfc51dfd3..fa8983410d01186a23714bb8e44f8665a557df65 100644 (file)
@@ -349,7 +349,7 @@ WINBINARYFILES=     windows/*/*.ico windows/*/*.doc windows/*/*.hlp \
 # Part of building the PC release has to be done on Unix. This includes
 # anything the requires awk.
 #
-AWK = gawk
+AWK = awk
 AH  = util/et/et_h.awk
 AC  = util/et/et_c.awk
 INC = include/
@@ -359,11 +359,11 @@ GK  = lib/gssapi/krb5/
 PR  = util/profile/
 
 ETOUT =        \
-       krb524\krb524_err.h krb524\krb524_err.c \
        $(INC)asn1_err.h $(ET)asn1_err.c \
        $(INC)kdb5_err.h $(ET)kdb5_err.c \
        $(INC)krb5_err.h $(ET)krb5_err.c \
        $(INC)kv5m_err.h $(ET)kv5m_err.c \
+       $(INC)krb524_err.h $(ET)krb524_err.c \
        $(INC)/kerberosIV/kadm_err.h lib/krb4/kadm_err.c \
        $(INC)/kerberosIV/krb_err.h lib/krb4/krb_err.c \
        $(PR)prof_err.h $(PR)prof_err.c \
@@ -459,11 +459,6 @@ kerbsrc.mac.tar: awk-windows-mac macfile.list mac-bin-dirs Macfile
        rm -rf bin
        rm -f include/autoconf.h Makefile macsrc* macfile.maclist
 
-krb524/krb524_err.h: $(AH) krb524/krb524_err.et
-       $(AWK) -f $(AH) outfile=$@ krb524/krb524_err.et
-krb524/krb524_err.c: $(AC) krb524/krb524_err.et
-       $(AWK) -f $(AC) outfile=$@ krb524/krb524_err.et
-
 $(INC)asn1_err.h: $(AH) $(ET)asn1_err.et
        $(AWK) -f $(AH) outfile=$@ $(ET)asn1_err.et
 $(INC)kdb5_err.h: $(AH) $(ET)kdb5_err.et
@@ -472,6 +467,8 @@ $(INC)krb5_err.h: $(AH) $(ET)krb5_err.et
        $(AWK) -f $(AH) outfile=$@ $(ET)krb5_err.et
 $(INC)kv5m_err.h: $(AH) $(ET)kv5m_err.et
        $(AWK) -f $(AH) outfile=$@ $(ET)kv5m_err.et
+$(INC)krb524_err.h: $(AH) $(ET)krb524_err.et
+       $(AWK) -f $(AH) outfile=$@ $(ET)krb524_err.et
 $(INC)/kerberosIV/kadm_err.h: $(AH) lib/krb4/kadm_err.et
        $(AWK) -f $(AH) outfile=$@ lib/krb4/kadm_err.et
 $(INC)/kerberosIV/krb_err.h: $(AH) lib/krb4/krb_err.et
@@ -491,6 +488,8 @@ $(ET)krb5_err.c: $(AC) $(ET)krb5_err.et
        $(AWK) -f $(AC) outfile=$@ $(ET)krb5_err.et
 $(ET)kv5m_err.c: $(AC) $(ET)kv5m_err.et
        $(AWK) -f $(AC) outfile=$@ $(ET)kv5m_err.et
+$(ET)krb524_err.c: $(AC) $(ET)krb524_err.et
+       $(AWK) -f $(AC) outfile=$@ $(ET)krb524_err.et
 lib/krb4/kadm_err.c: $(AC) lib/krb4/kadm_err.et
        $(AWK) -f $(AC) outfile=$@ lib/krb4/kadm_err.et
 lib/krb4/krb_err.c: $(AC) lib/krb4/krb_err.et
@@ -507,7 +506,7 @@ lib/krb4/krb_err_txt.c: lib/krb4/krb_err.et
                lib/krb4/krb_err.et
 
 KRBHDEP = $(INC)krb5.hin $(INC)krb5_err.h $(INC)kdb5_err.h \
-       $(INC)kv5m_err.h $(INC)asn1_err.h
+       $(INC)kv5m_err.h $(INC)krb524_err.h $(INC)asn1_err.h
 
 $(INC)krb5.h: $(KRBHDEP)
        rm -f $@
index 3a0895f71c6d06cc8749fe5ecd6c76a79f2edae9..bbb8a5ba2f7b3ddbc1070d0e38967b1530041f64 100644 (file)
@@ -58,6 +58,7 @@ KRB5_AC_CHOOSE_SS dnl
 KRB5_AC_CHOOSE_DB dnl
 dnl allow stuff in tree to access deprecated/private stuff for now
 AC_DEFINE([KRB5_PRIVATE], 1, [Define only if building in-tree])
+AC_DEFINE([KRB5_DEPRECATED], 1, [Define only if building in-tree])
 AC_C_CONST dnl
 WITH_NETLIB dnl
 WITH_HESIOD dnl
@@ -79,9 +80,7 @@ dnl else
        AUTOCONFFLAGS=
        AUTOHEADER=autoheader
        AUTOHEADERFLAGS=
-dnl Autoconf 2.54+ use --include, --localdir is obsolete and removed
-ifdef([AC_MSG_FAILURE],        AUTOCONFINCFLAGS="--include", dnl
-       AUTOCONFINCFLAGS="--localdir")
+       AUTOCONFINCFLAGS="--include"
 dnl fi
 AC_SUBST(AUTOCONF)
 AC_SUBST(AUTOCONFFLAGS)
@@ -394,11 +393,7 @@ if test $withval = no; then
        KRB4_DEPLIB=
        KRB4_INCLUDES=
        KRB4_LIBPATH=
-       KRB524_DEPLIB=
-       KRB524_LIB=
        KRB_ERR_H_DEP=
-       KRB524_H_DEP=
-       KRB524_ERR_H_DEP=
        krb5_cv_build_krb4_libs=no
        krb5_cv_krb4_libdir=
 else
@@ -409,11 +404,7 @@ else
        KRB4_LIB=-lkrb4
        KRB4_INCLUDES='-I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV'
        KRB4_LIBPATH=
-       KRB524_DEPLIB='$(BUILDTOP)/krb524/libkrb524.a'
-       KRB524_LIB='$(BUILDTOP)/krb524/libkrb524.a'
        KRB_ERR_H_DEP='$(BUILDTOP)/include/kerberosIV/krb_err.h'
-       KRB524_H_DEP='$(BUILDTOP)/include/krb524.h'
-       KRB524_ERR_H_DEP='$(BUILDTOP)/include/krb524_err.h'
        krb5_cv_build_krb4_libs=yes
        krb5_cv_krb4_libdir=
  else
@@ -423,8 +414,6 @@ dnl DEPKRB4_LIB="$withval/lib/libkrb.a"
        KRB4_INCLUDES="-I$withval/include"
        KRB4_LIBPATH="-L$withval/lib"
        KRB_ERR_H_DEP=
-       KRB524_H_DEP=
-       KRB524_ERR_H_DEP=
        krb5_cv_build_krb4_libs=no
        krb5_cv_krb4_libdir="$withval/lib"
  fi
@@ -433,11 +422,7 @@ AC_SUBST(KRB4_INCLUDES)
 AC_SUBST(KRB4_LIBPATH)
 AC_SUBST(KRB4_LIB)
 AC_SUBST(KRB4_DEPLIB)
-AC_SUBST(KRB524_DEPLIB)
-AC_SUBST(KRB524_LIB)
 AC_SUBST(KRB_ERR_H_DEP)
-AC_SUBST(KRB524_H_DEP)
-AC_SUBST(KRB524_ERR_H_DEP)
 dnl We always compile the des425 library
 DES425_DEPLIB='$(TOPLIBD)/libdes425$(DEPLIBEXT)'
 DES425_LIB=-ldes425
@@ -1506,16 +1491,54 @@ if test "x$with_system_db" = xyes ; then
   else
     DB_HEADER_VERSION=redirect
   fi
+  KDB5_DB_LIB="$DB_LIB"
 else
   DB_VERSION=k5
   AC_DEFINE(HAVE_BT_RSEQ,1,[Define if bt_rseq is available, for recursive btree traversal.])
   DB_HEADER=db.h
   DB_HEADER_VERSION=k5
+  # libdb gets sucked into libkdb
+  KDB5_DB_LIB=
+  # needed for a couple of things that need libdb for its own sake
   DB_LIB=-ldb
 fi
 AC_SUBST(DB_VERSION)
 AC_SUBST(DB_HEADER)
 AC_SUBST(DB_HEADER_VERSION)
 AC_SUBST(DB_LIB)
+AC_SUBST(KDB5_DB_LIB)
 ])
 dnl
+dnl
+dnl KRB5_AC_NEED_BIND_8_COMPAT --- check to see if we are on a bind 9 system
+dnl
+dnl
+AC_DEFUN(KRB5_AC_NEED_BIND_8_COMPAT,[
+AC_REQUIRE([AC_PROG_CC])dnl
+dnl
+dnl On a bind 9 system, we need to define BIND_8_COMPAT
+dnl
+AC_MSG_CHECKING(for bind 9 or higher)
+AC_CACHE_VAL(krb5_cv_need_bind_8_compat,[
+AC_TRY_COMPILE([#include <arpa/nameser.h>], [HEADER hdr;],
+krb5_cv_need_bind_8_compat=no, 
+[AC_TRY_COMPILE([#define BIND_8_COMPAT
+#include <arpa/nameser.h>], [HEADER hdr;],
+krb5_cv_need_bind_8_compat=yes, krb5_cv_need_bind_8_compat=no)])])
+AC_MSG_RESULT($krb5_cv_need_bind_8_compat)
+test $krb5_cv_need_bind_8_compat = yes && AC_DEFINE(BIND_8_COMPAT,1,[Define if OS has bind 9])
+])
+dnl
+dnl KRB5_AC_PRIOCNTL_HACK
+dnl
+dnl
+AC_DEFUN([KRB5_AC_PRIOCNTL_HACK],
+[case $krb5_cv_host in
+*-*-solaris2.9*)
+       PRIOCNTL_HACK=1
+       ;;
+*)
+       PRIOCNTL_HACK=0
+       ;;
+esac
+AC_SUBST(PRIOCNTL_HACK)])
index 572f2b381068729700ee10af959e36d6680433a3..265179e7831ad2dee128deec7035291d56638c3d 100644 (file)
@@ -1,3 +1,7 @@
+2004-02-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * configure.in: Check for sys/time.h and time.h.
+
 2003-01-10  Ken Raeburn  <raeburn@mit.edu>
 
        * configure.in: Use V5_AC_OUTPUT_MAKEFILE instead of
index 30340017095b1ea71952c57f288a9c8e5cb570fc..d072fa7f19db515cb74da115726bfcad4cc71cf0 100644 (file)
@@ -1,3 +1,32 @@
+2003-08-29  Ken Raeburn  <raeburn@mit.edu>
+
+       * krshd.c (ignore_signals): Split out from cleanup().
+       (doit): Call it when the shell process has completed, before
+       calling syslog.
+
+2003-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * configure.in: Don't use libkrb524.a any more.
+       * login.c: Don't include krb524.h.
+       (try_convert524): Don't call krb524_init_ets.
+
+2003-05-09  Tom Yu  <tlyu@mit.edu>
+
+       * krcp.c (main): Rename getlocalsubkey -> getsendsubkey.
+
+       * krlogin.c (main): Rename getlocalsubkey -> getsendsubkey.
+
+       * krlogind.c (recvauth): Rename getremotesubkey -> getrecvsubkey.
+
+       * krsh.c (main): Rename getlocalsubkey -> getsendsubkey.
+
+       * krshd.c (recvauth): Rename getremotesubkey -> getrecvsubkey.
+
+2003-04-08  Ken Raeburn  <raeburn@mit.edu>
+
+       * krshd.c (main): Use LOG_AUTH syslog facility, not LOG_DAEMON,
+       for consistency with krlogind.c.
+
 2003-03-04  Ken Raeburn  <raeburn@mit.edu>
 
        * compat_recv.c: Only include krb.h if KRB5_KRB4_COMPAT.
index 0b08025c338a9267877c688497ff7f2ae1a8ac23..5abbaba5e20af4e850bc74212491dd391a99dbdc 100644 (file)
@@ -105,56 +105,60 @@ $(OUTPRE)krcp.$(OBJEXT): krcp.c $(BUILDTOP)/include/krb5.h \
   $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
   $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h defines.h \
   $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h
 $(OUTPRE)krlogin.$(OBJEXT): krlogin.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(BUILDTOP)/include/profile.h defines.h $(SRCTOP)/include/fake-addrinfo.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h rpaths.h
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h \
+  rpaths.h
 $(OUTPRE)krsh.$(OBJEXT): krsh.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(BUILDTOP)/include/profile.h defines.h $(SRCTOP)/include/fake-addrinfo.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h
 $(OUTPRE)kcmd.$(OBJEXT): kcmd.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(BUILDTOP)/include/profile.h defines.h $(SRCTOP)/include/fake-addrinfo.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h
 $(OUTPRE)forward.$(OBJEXT): forward.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h defines.h $(SRCTOP)/include/fake-addrinfo.h
+  defines.h $(SRCTOP)/include/fake-addrinfo.h
 $(OUTPRE)compat_recv.$(OBJEXT): compat_recv.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krb.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  defines.h $(SRCTOP)/include/fake-addrinfo.h
+  $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+  $(KRB_ERR_H_DEP) defines.h $(SRCTOP)/include/fake-addrinfo.h
 $(OUTPRE)login.$(OBJEXT): login.c $(BUILDTOP)/include/libpty.h \
   $(SRCTOP)/include/syslog.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krb.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  $(KRB524_H_DEP) $(KRB524_ERR_H_DEP) loginpaths.h
+  $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+  $(KRB_ERR_H_DEP) loginpaths.h
 $(OUTPRE)krshd.$(OBJEXT): krshd.c $(BUILDTOP)/include/libpty.h \
   $(SRCTOP)/include/syslog.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) loginpaths.h $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \
   $(BUILDTOP)/include/krb5/autoconf.h defines.h $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/k5-platform.h
 $(OUTPRE)krlogind.$(OBJEXT): krlogind.c $(SRCTOP)/include/syslog.h \
   $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/libpty.h \
   $(SRCTOP)/include/k5-util.h defines.h
index 8f4a16bd6137a9690cccaebf81c1c93938c0221f..7bfc68e3bb5f3f3d2a44561af371423e421474bd 100644 (file)
@@ -62,8 +62,7 @@ if test $withval = no; then
        V4RCP=
        V4RCPO=
 else 
-       AC_MSG_RESULT(Adding in krb4 support)
-       LOGINLIBS="../../krb524/libkrb524.a $LOGINLIBS"
+       AC_MSG_RESULT(Adding in krb4 rcp support)
        V4RCP=v4rcp
        V4RCPO=v4rcp.o
 fi
index 5ad6a25a1e50a1704b99da838939b2e20883b03a..707985a5a873716ecc3b74feb32947414d66c640 100644 (file)
@@ -480,9 +480,9 @@ int main(argc, argv)
                            try_normal(orig_argv); /* doesn't return */
 
                        if (!similar) {
-                           status = krb5_auth_con_getlocalsubkey (bsd_context,
-                                                                  auth_context,
-                                                                  &key);
+                           status = krb5_auth_con_getsendsubkey (bsd_context,
+                                                                 auth_context,
+                                                                 &key);
                            if ((status || !key) && encryptflag)
                                try_normal(orig_argv);
                        }
@@ -599,9 +599,9 @@ int main(argc, argv)
                    krb5_keyblock *key = &cred->keyblock;
 
                    if (kcmd_proto == KCMD_NEW_PROTOCOL) {
-                       status = krb5_auth_con_getlocalsubkey (bsd_context,
-                                                              auth_context,
-                                                              &key);
+                       status = krb5_auth_con_getsendsubkey (bsd_context,
+                                                             auth_context,
+                                                             &key);
                        if (status) {
                            com_err (argv[0], status,
                                     "determining subkey for session");
index c497dc2fb6fe08853f330d5171472cbecd789c0b..a1e63a64502bc9ae5fdf9e6b2dcc515e6df1a32b 100644 (file)
@@ -702,8 +702,8 @@ main(argc, argv)
        if (kcmd_proto == KCMD_NEW_PROTOCOL) {
            do_inband = 1;
 
-           status = krb5_auth_con_getlocalsubkey (bsd_context, auth_context,
-                                                  &key);
+           status = krb5_auth_con_getsendsubkey (bsd_context, auth_context,
+                                                 &key);
            if ((status || !key) && encrypt_flag)
                try_normal(orig_argv);
        }
index 82e560143dd43fa81b63c8bb38e321713ca5d0ad..d2979e1416331f977b3958287b13d708a2df1a86 100644 (file)
@@ -1537,7 +1537,7 @@ recvauth(valid_checksum)
        return status;
 
     key = 0;
-    status = krb5_auth_con_getremotesubkey (bsd_context, auth_context, &key);
+    status = krb5_auth_con_getrecvsubkey (bsd_context, auth_context, &key);
     if (status)
        fatal (netf, "Server can't get session subkey");
     if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL)
index 3f8273ec0b73a4af2667a47c8e353fa2f78b4cc3..bd9c20572412015a35d9424fa1aac55dd54e0007 100644 (file)
@@ -411,8 +411,8 @@ main(argc, argv0)
        krb5_keyblock *key = &cred->keyblock;
 
        if (kcmd_proto == KCMD_NEW_PROTOCOL) {
-           status = krb5_auth_con_getlocalsubkey (bsd_context, auth_context,
-                                                  &key);
+           status = krb5_auth_con_getsendsubkey (bsd_context, auth_context,
+                                                 &key);
            if (status) {
                com_err (argv[0], status, "determining subkey for session");
                exit (1);
index 2a67b761308f4fc61baa8cb3af113f99bcec3edd..9fde43d6eddea24b48428c5f4abb5ec9a1ee51d9 100644 (file)
@@ -303,10 +303,10 @@ int main(argc, argv)
 #ifndef LOG_ODELAY /* 4.2 syslog */
     openlog(progname, LOG_PID);
 #else
-#ifndef LOG_DAEMON
-#define LOG_DAEMON 0
+#ifndef LOG_AUTH
+#define LOG_AUTH 0
 #endif
-    openlog(progname, LOG_PID | LOG_ODELAY, LOG_DAEMON);       
+    openlog(progname, LOG_PID | LOG_ODELAY, LOG_AUTH);
 #endif /* 4.2 syslog */
     
 #ifdef KERBEROS
@@ -535,9 +535,8 @@ int auth_sys = 0;   /* Which version of Kerberos used to authenticate */
 #define KRB5_RECVAUTH_V4       4
 #define KRB5_RECVAUTH_V5       5
 
-static krb5_sigtype
-cleanup(signumber)
-     int signumber;
+static void
+ignore_signals()
 {
 #ifdef POSIX_SIGNALS
     struct sigaction sa;
@@ -561,6 +560,13 @@ cleanup(signumber)
     
     killpg(pid, SIGTERM);
 #endif
+}
+
+static krb5_sigtype
+cleanup(signumber)
+     int signumber;
+{
+    ignore_signals();
     wait(0);
     
     pty_logwtmp(ttyn,"","");
@@ -1302,13 +1308,14 @@ void doit(f, fromp)
                        } else if (wcc != cc) {
                          syslog(LOG_INFO, "only wrote %d/%d to child", 
                                 wcc, cc);
-               }
-               }
+                       }
+                   }
                }
            } while ((port&&FD_ISSET(s, &readfrom)) ||
                     FD_ISSET(f, &readfrom) ||
                     (port&&FD_ISSET(pv[0], &readfrom) )||
                     FD_ISSET(pw[0], &readfrom));
+           ignore_signals();
 #ifdef KERBEROS
            syslog(LOG_INFO ,
                   "Shell process completed.");
@@ -1962,8 +1969,8 @@ recvauth(netfd, peersin, valid_checksum)
 
     {
        krb5_keyblock *key;
-       status = krb5_auth_con_getremotesubkey (bsd_context, auth_context,
-                                               &key);
+       status = krb5_auth_con_getrecvsubkey (bsd_context, auth_context,
+                                             &key);
        if (status)
            fatal (netfd, "Server can't get session subkey");
        if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL)
index 5b5603793df269ba5394499fe4b9312f8c02c151..8259046d60971a437f81d698eaa9fb840609a82c 100644 (file)
@@ -181,10 +181,6 @@ typedef sigtype (*handler)();
 #include <arpa/resolv.h>
 #endif /* BIND_HACK */
 
-#ifdef KRB4_CONVERT
-#include <krb524.h>
-#endif
-
 /* Hacks to maintain compatability with Athena libkrb*/
 #ifndef HAVE_KRB_SAVE_CREDENTIALS
 #define krb_save_credentials save_credentials
@@ -654,9 +650,6 @@ try_convert524(kctx, me, use_ccache)
     CREDENTIALS v4creds;
 
 
-    /* or do this directly with krb524_convert_creds_kdc */
-    krb524_init_ets(kctx);
-
     /* If we have forwarded v5 tickets, retrieve the credentials from
      * the cache; otherwise, the v5 credentials are in my_creds.
      */
index ab7559f5e35e09c87e04538ac53a74a12657d619..abee28d482ba98c295f68d573fffa3cb2cdadf18 100644 (file)
@@ -3,6 +3,8 @@ CONFIG_RULES
 AC_PROG_INSTALL
 AC_CHECK_HEADERS(unistd.h stdlib.h string.h)
 AC_C_CONST
+dnl gss-misc.c needs this:
+AC_CHECK_HEADERS(sys/time.h time.h)
 dnl
 dnl Kludge for simple server --- FIXME is this the best way to do this?
 dnl
index 50b003c044a9db75a9aecc85d50c4e82a7c8406f..fae96843211d71c330b9f12f0fc4fcc6129b3b2c 100644 (file)
@@ -1,8 +1,35 @@
+2004-02-10  Jeffrey Altman <jaltman@mit.edu>
+
+    * gss-client.c: Remove extraneous parameters from 
+      client_establish_context()
+
+2004-02-06  Jeffrey Altman <jaltman@mit.edu>
+
+    * Update usage() for gss-client
+
+2004-02-06  Jeffrey Altman <jaltman@mit.edu>
+
+    * Add new command line switches to the gss-client
+      to support the use of GSS_C_SEQUENCE_FLAG or to 
+      disable the use of either GSS_C_MUTUAL_FLAG or 
+      GSS_C_REPLAY_FLAG
+
+2004-01-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * gss-misc.c: Include sys/time.h or time.h, to get struct timeval
+       declaration.
+
+2004-01-30  Jeffrey Altman <jaltman@mit.edu>
+
+    * gss-misc.c (read_all): Add call to select() so we don't block forever
+
+    * gss-server.c (main): Add missing "export" parameter to second sign_server()
+
 2003-01-08  Sam Hartman  <hartmans@mit.edu>
 
        * gss-misc.c (recv_token): Support reading 0 token flags as part of length
 
-       * gss-client.c :  Support a -v1 argument meaning that no token flags are used o,
+       * gss-client.c :  Support a -v1 argument meaning that no token flags are used,
 
        * gss-misc.c (send_token): If token flags are null, do not send them.
 
index 8fc7cfee4789201c37cd0d312496b05919928848..dc51fca1bb1aa7829a5503daad25c1b3575cb4fa 100644 (file)
@@ -84,7 +84,8 @@ is used).  The command-line options have the following meanings:
 The client's command line usage is
 
        gss-client [-port port] [-mech mechanism] [-d] [-f] [-q]
-               [-ccount count] [-mcount count] [-na] [-nw] [-nx] [-nm]
+        [-seq] [-noreplay] [-nomutual]         
+        [-ccount count] [-mcount count] [-na] [-nw] [-nx] [-nm]
                host service_name msg
 
 where host is the host running the server, service_name is the service
@@ -105,6 +106,14 @@ the following meanings:
        credential cache (you must have acquired your tickets with
        "kinit -f" for this to work).
 
+-seq Tells the client to enforce ordered message delivery via
+    sequencing.  
+
+-noreplay Tells the client to disable the use of replay
+    detection.
+
+-nomutual Tells the client to disable the use of mutual authentication.
+
 -f     Tells the client that the "msg" argument is actually the name
        of a file whose contents should be used as the message.
 
index a66c0c9fefdb0a0b73dcc85770b20a61d3f62a4d..93b5eb35e0f3d45272d055378e4809a1468aa54c 100644 (file)
  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  * PERFORMANCE OF THIS SOFTWARE.
  */
+/*
+ * Copyright (C) 2003, 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -46,6 +69,7 @@ static int verbose = 1;
 static void usage()
 {
      fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n");
+     fprintf(stderr, "       [-seq] [-noreplay] [-nomutual]\n");
      fprintf(stderr, "       [-f] [-q] [-ccount count] [-mcount count]\n");
      fprintf(stderr, "       [-v1] [-na] [-nw] [-nx] [-nm] host service msg\n");
      exit(1);
@@ -106,11 +130,12 @@ static int connect_to_server(host, port)
  *
  * Arguments:
  *
- *     s               (r) an established TCP connection to the service
- *     service_name    (r) the ASCII service name of the service
- *     deleg_flag      (r) GSS-API delegation flag (if any)
+ *     s                   (r) an established TCP connection to the service
+ *     service_name(r) the ASCII service name of the service
+ *     gss_flags       (r) GSS-API delegation flag (if any)
  *     auth_flag       (r) whether to actually do authentication
- *     oid             (r) OID of the mechanism to use
+ *  v1_format   (r) whether the v1 sample protocol should be used
+ *     oid                 (r) OID of the mechanism to use
  *     context         (w) the established GSS-API context
  *     ret_flags       (w) the returned flags from init_sec_context
  *
@@ -128,12 +153,12 @@ static int connect_to_server(host, port)
  * unsuccessful, the GSS-API error messages are displayed on stderr
  * and -1 is returned.
  */
-static int client_establish_context(s, service_name, deleg_flag, auth_flag,
+static int client_establish_context(s, service_name, gss_flags, auth_flag,
                                    v1_format, oid, gss_context, ret_flags)
      int s;
      char *service_name;
      gss_OID oid;
-     OM_uint32 deleg_flag;
+     OM_uint32 gss_flags;
      int auth_flag;
      int v1_format;
      gss_ctx_id_t *gss_context;
@@ -191,8 +216,7 @@ static int client_establish_context(s, service_name, deleg_flag, auth_flag,
                                gss_context,
                                target_name,
                                oid,
-                               GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
-                               deleg_flag,
+                               gss_flags,
                                0,
                                NULL,   /* no channel bindings */
                                token_ptr,
@@ -301,7 +325,7 @@ static void read_file(file_name, in_buf)
  *     host            (r) the host providing the service
  *     port            (r) the port to connect to on host
  *     service_name    (r) the GSS-API service name to authenticate to
- *     deleg_flag      (r) GSS-API delegation flag (if any)
+ *     gss_flags       (r) GSS-API delegation flag (if any)
  *     auth_flag       (r) whether to do authentication
  *     wrap_flag       (r) whether to do message wrapping at all
  *     encrypt_flag    (r) whether to do encryption while wrapping
@@ -320,14 +344,14 @@ static void read_file(file_name, in_buf)
  * reads back a GSS-API signature block for msg from the server, and
  * verifies it with gss_verify.  -1 is returned if any step fails,
  * otherwise 0 is returned.  */
-static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
+static int call_server(host, port, oid, service_name, gss_flags, auth_flag,
                       wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
                       mcount)
      char *host;
      u_short port;
      gss_OID oid;
      char *service_name;
-     OM_uint32 deleg_flag;
+     OM_uint32 gss_flags;
      int auth_flag, wrap_flag, encrypt_flag, mic_flag;
      int v1_format;
      char *msg;
@@ -357,7 +381,7 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
          return -1;
 
      /* Establish context */
-     if (client_establish_context(s, service_name, deleg_flag, auth_flag,
+     if (client_establish_context(s, service_name, gss_flags, auth_flag,
                                  v1_format, oid, &context,
                                  &ret_flags) < 0) {
          (void) close(s);
@@ -581,7 +605,8 @@ int main(argc, argv)
      char *mechanism = 0;
      u_short port = 4444;
      int use_file = 0;
-     OM_uint32 deleg_flag = 0, min_stat;
+     OM_uint32 gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+     OM_uint32 min_stat;
      gss_OID oid = GSS_C_NULL_OID;
      int mcount = 1, ccount = 1;
      int i;
@@ -603,7 +628,13 @@ int main(argc, argv)
               if (!argc) usage();
               mechanism = *argv;
           } else if (strcmp(*argv, "-d") == 0) {
-              deleg_flag = GSS_C_DELEG_FLAG;
+              gss_flags |= GSS_C_DELEG_FLAG;
+          } else if (strcmp(*argv, "-seq") == 0) {
+              gss_flags |= GSS_C_SEQUENCE_FLAG;
+          } else if (strcmp(*argv, "-noreplay") == 0) {
+              gss_flags &= ~GSS_C_REPLAY_FLAG;
+          } else if (strcmp(*argv, "-nomutual") == 0) {
+              gss_flags &= ~GSS_C_MUTUAL_FLAG;
          } else if (strcmp(*argv, "-f") == 0) {
               use_file = 1;
          } else if (strcmp(*argv, "-q") == 0) {
@@ -644,7 +675,7 @@ int main(argc, argv)
 
      for (i = 0; i < ccount; i++) {
        if (call_server(server_host, port, oid, service_name,
-                      deleg_flag, auth_flag, wrap_flag, encrypt_flag, mic_flag,
+                      gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
                       v1_format,                      msg, use_file, mcount) < 0)
         exit(1);
      }
index 183306c2907fe32cb766a885c7e4ae75d31460f1..1347a547b337e9003fa4711b9470b989231db40c 100644 (file)
  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  * PERFORMANCE OF THIS SOFTWARE.
  */
+/*
+ * Copyright (C) 2003, 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
 
 #if !defined(lint) && !defined(__CODECENTER__)
 static char *rcsid = "$Header$";
@@ -39,6 +62,13 @@ static char *rcsid = "$Header$";
 #endif
 #include <string.h>
 
+/* need struct timeval */
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
 #include <gssapi/gssapi_generic.h>
 #include "gss-misc.h"
 
@@ -77,21 +107,31 @@ static int write_all(int fildes, char *buf, unsigned int nbyte)
 
 static int read_all(int fildes, char *buf, unsigned int nbyte)
 {
-     int ret;
-     char *ptr;
+    int ret;
+    char *ptr;
+    fd_set rfds;
+    struct timeval tv;
 
-     for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
-         ret = recv(fildes, ptr, nbyte, 0);
-         if (ret < 0) {
-              if (errno == EINTR)
-                   continue;
-              return(ret);
-         } else if (ret == 0) {
-              return(ptr-buf);
-         }
-     }
+    FD_ZERO(&rfds);
+    FD_SET(fildes, &rfds);
+    tv.tv_sec = 10;
+    tv.tv_usec = 0;
 
-     return(ptr-buf);
+    for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
+       if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0
+           || !FD_ISSET(fildes, &rfds))
+           return(ptr-buf);
+       ret = recv(fildes, ptr, nbyte, 0);
+       if (ret < 0) {
+           if (errno == EINTR)
+               continue;
+           return(ret);
+       } else if (ret == 0) {
+           return(ptr-buf);
+       }
+    }
+
+    return(ptr-buf);
 }
 
 /*
index b3229f1be74a68493c4e42d176fdafbd38b10540..e5adc618bf86f6c129e550035261bede99921d04 100644 (file)
  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  * PERFORMANCE OF THIS SOFTWARE.
  */
+/*
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
 
 #include <stdio.h>
 #ifdef _WIN32
@@ -388,147 +411,147 @@ static int sign_server(s, server_creds, export)
      gss_cred_id_t server_creds;
      int export;
 {
-     gss_buffer_desc client_name, xmit_buf, msg_buf;
-     gss_ctx_id_t context;
-     OM_uint32 maj_stat, min_stat;
-     int i, conf_state, ret_flags;
-     char      *cp;
-     int token_flags;
-
-     /* Establish a context with the client */
-     if (server_establish_context(s, server_creds, &context,
-                                 &client_name, &ret_flags) < 0)
-       return(-1);
-
-     if (context == GSS_C_NO_CONTEXT) {
-       printf("Accepted unauthenticated connection.\n");
-     }
-     else {
-       printf("Accepted connection: \"%.*s\"\n",
-             (int) client_name.length, (char *) client_name.value);
-       (void) gss_release_buffer(&min_stat, &client_name);
-
-       if (export) {
-        for (i=0; i < 3; i++)
-          if (test_import_export_context(&context))
-            return -1;
-       }
-     }
-
-     do {
-       /* Receive the message token */
-       if (recv_token(s, &token_flags, &xmit_buf) < 0)
-        return(-1);
-
-       if (token_flags & TOKEN_NOOP) {
-        if (log)
-          fprintf(log, "NOOP token\n");
-        if(xmit_buf.value) {
-            free(xmit_buf.value);
-            xmit_buf.value = 0;
-        }
-        break;
-       }
-
-       if (verbose && log) {
-        fprintf(log, "Message token (flags=%d):\n", token_flags);
-        print_token(&xmit_buf);
-       }
-
-       if ((context == GSS_C_NO_CONTEXT) &&
-          (token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) {
-        if (log)
-          fprintf(log,
-                  "Unauthenticated client requested authenticated services!\n");
-        if(xmit_buf.value) {
-            free (xmit_buf.value);
-            xmit_buf.value = 0;
-        }
-        return(-1);
-       }
-
-       if (token_flags & TOKEN_WRAPPED) {
-        maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
-                              &conf_state, (gss_qop_t *) NULL);
-        if (maj_stat != GSS_S_COMPLETE) {
-          display_status("unsealing message", maj_stat, min_stat);
-          if(xmit_buf.value) {
-              free (xmit_buf.value);
-              xmit_buf.value = 0;
-          }
-          return(-1);
-        } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) {
-          fprintf(stderr, "Warning!  Message not encrypted.\n");
-        }
-
-        if(xmit_buf.value) {
-            free (xmit_buf.value);
-            xmit_buf.value = 0;
-        }
-       }
-       else {
-        msg_buf = xmit_buf;
-       }
-
-       if (log) {
-        fprintf(log, "Received message: ");
-        cp = msg_buf.value;
-        if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
-           (isprint((int) cp[1]) || isspace((int) cp[1]))) {
-          fprintf(log, "\"%.*s\"\n", (int) msg_buf.length, 
-                  (char *) msg_buf.value);
-        } else {
-          fprintf(log, "\n");
-          print_token(&msg_buf);
-        }
-       }
-
-       if (token_flags & TOKEN_SEND_MIC) {
-        /* Produce a signature block for the message */
-        maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
-                               &msg_buf, &xmit_buf);
-        if (maj_stat != GSS_S_COMPLETE) {
-          display_status("signing message", maj_stat, min_stat);
-          return(-1);
-        }
-
-        if(msg_buf.value) {
-            free (msg_buf.value);
-            msg_buf.value = 0;
-        }
-
-        /* Send the signature block to the client */
-        if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
-          return(-1);
-
-        if(xmit_buf.value) {
-            free (xmit_buf.value);
-            xmit_buf.value = 0;
-        }
-       }
-       else {
-        if(msg_buf.value) {
-            free (msg_buf.value);
-            msg_buf.value = 0;
-        }
-        if (send_token(s, TOKEN_NOOP, empty_token) < 0)
-          return(-1);
-       }
-     } while (1 /* loop will break if NOOP received */);
-
-     if (context != GSS_C_NO_CONTEXT) {
-       /* Delete context */
-       maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
-       if (maj_stat != GSS_S_COMPLETE) {
-        display_status("deleting context", maj_stat, min_stat);
-        return(-1);
-       }
-     }
-
-     if (log)
-       fflush(log);
-
-     return(0);
+    gss_buffer_desc client_name, xmit_buf, msg_buf;
+    gss_ctx_id_t context;
+    OM_uint32 maj_stat, min_stat;
+    int i, conf_state, ret_flags;
+    char       *cp;
+    int token_flags;
+
+    /* Establish a context with the client */
+    if (server_establish_context(s, server_creds, &context,
+                                  &client_name, &ret_flags) < 0)
+        return(-1);
+
+    if (context == GSS_C_NO_CONTEXT) {
+        printf("Accepted unauthenticated connection.\n");
+    }
+    else {
+        printf("Accepted connection: \"%.*s\"\n",
+                (int) client_name.length, (char *) client_name.value);
+        (void) gss_release_buffer(&min_stat, &client_name);
+
+        if (export) {
+            for (i=0; i < 3; i++)
+                if (test_import_export_context(&context))
+                    return -1;
+        }
+    }
+
+    do {
+        /* Receive the message token */
+        if (recv_token(s, &token_flags, &xmit_buf) < 0)
+            return(-1);
+
+        if (token_flags & TOKEN_NOOP) {
+            if (log)
+                fprintf(log, "NOOP token\n");
+            if(xmit_buf.value) {
+                free(xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+            break;
+        }
+
+        if (verbose && log) {
+            fprintf(log, "Message token (flags=%d):\n", token_flags);
+            print_token(&xmit_buf);
+        }
+
+        if ((context == GSS_C_NO_CONTEXT) &&
+             (    token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) {
+            if (log)
+                fprintf(log,
+                         "Unauthenticated client requested authenticated services!\n");
+            if(xmit_buf.value) {
+                free (xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+            return(-1);
+        }
+
+        if (token_flags & TOKEN_WRAPPED) {
+            maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
+                                   &conf_state, (gss_qop_t *) NULL);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("unsealing message", maj_stat, min_stat);
+                if(xmit_buf.value) {
+                    free (xmit_buf.value);
+                    xmit_buf.value = 0;
+                }
+                return(-1);
+            } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) {
+                fprintf(stderr, "Warning!  Message not encrypted.\n");
+            }
+
+            if(xmit_buf.value) {
+                free (xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+        }
+        else {
+            msg_buf = xmit_buf;
+        }
+
+        if (log) {
+            fprintf(log, "Received message: ");
+            cp = msg_buf.value;
+            if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
+                 (isprint((int) cp[1]) || isspace((int) cp[1]))) {
+                fprintf(log, "\"%.*s\"\n", (int) msg_buf.length, 
+                         (char *) msg_buf.value);
+                 } else {
+                     fprintf(log, "\n");
+                     print_token(&msg_buf);
+                 }
+        }
+
+        if (token_flags & TOKEN_SEND_MIC) {
+            /* Produce a signature block for the message */
+            maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
+                                    &msg_buf, &xmit_buf);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("signing message", maj_stat, min_stat);
+                return(-1);
+            }
+
+            if(msg_buf.value) {
+                free (msg_buf.value);
+                msg_buf.value = 0;
+            }
+
+            /* Send the signature block to the client */
+            if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
+                return(-1);
+
+            if(xmit_buf.value) {
+                free (xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+        }
+        else {
+            if(msg_buf.value) {
+                free (msg_buf.value);
+                msg_buf.value = 0;
+            }
+            if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+                return(-1);
+        }
+    } while (1 /* loop will break if NOOP received */);
+
+    if (context != GSS_C_NO_CONTEXT) {
+        /* Delete context */
+        maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("deleting context", maj_stat, min_stat);
+            return(-1);
+        }
+    }
+
+    if (log)
+        fflush(log);
+
+    return(0);
 }
 
 int
@@ -612,7 +635,7 @@ main(argc, argv)
                 }
                 /* this return value is not checked, because there's
                    not really anything to do if it fails */
-                sign_server(s, server_creds);
+                sign_server(s, server_creds, export);
                 close(s);
             } while (!once);
  
index 9f184f73c16441ef58169e8c5756dffac851e0e5..2a6a5fdb739f2cb2d2385c72143dbbcdf1736fe1 100644 (file)
@@ -1,3 +1,13 @@
+2003-06-05  Sam Hartman  <hartmans@mit.edu>
+
+       * configure.in: Don't check for vfork as we no longer use it
+
+2003-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * configure.in: Don't use libkrb524.a any more.
+       * ftpd.c: Don't include krb524.h.
+       (main): Don't call krb524_init_ets.
+
 2003-01-10  Ken Raeburn  <raeburn@mit.edu>
 
        * configure.in: Use V5_AC_OUTPUT_MAKEFILE instead of
index 35ca40eb029e0510c082742f40d912c88d860d26..bf6d3b832f79fc8e2c19a1f7a1bc656ed9b772b4 100644 (file)
@@ -12,7 +12,6 @@ DECLARE_SYS_ERRLIST
 AC_CHECK_SIZEOF(short)
 AC_CHECK_SIZEOF(int)
 AC_CHECK_SIZEOF(long)
-AC_FUNC_VFORK
 AC_HEADER_STDARG
 AC_CHECK_HEADER(termios.h,[AC_CHECK_FUNC(cfsetispeed,AC_DEFINE(POSIX_TERMIOS))])
 AC_CHECK_HEADERS(unistd.h stdlib.h string.h sys/select.h sys/sockio.h paths.h)
@@ -53,19 +52,6 @@ AC_MSG_RESULT($krb5_cv_shadow_pwd)
 if test $krb5_cv_shadow_pwd = yes; then
 AC_DEFINE(HAVE_SHADOW)
 fi
-AC_ARG_WITH([krb4],
-[  --without-krb4          don't include Kerberos V4 backwards compatibility
-  --with-krb4             use V4 libraries included with V5 (default)
-  --with-krb4=KRB4DIR     use preinstalled V4 libraries],
-,
-withval=yes
-)dnl
-if test $withval = no; then
-       AC_MSG_RESULT(no krb4 support)
-else 
-       AC_MSG_RESULT(Adding in krb4 support)
-       FTPD_LIBS="../../../krb524/libkrb524.a"
-fi
 case $krb5_cv_host in
 alpha*-dec-osf*)
        AC_CHECK_LIB(security,setluid,
index ba67eb5738d80da538f64afd0bac2e4f3eaee6a4..445734fb2640afd00cc1830b1d747de69a640410 100644 (file)
@@ -1,3 +1,16 @@
+2003-06-16  Ken Raeburn  <raeburn@mit.edu>
+
+       * ftp.c (recvrequest): Add new argument indicating whether "-" and
+       "|..." special treatment should be disabled.
+       * ftp_var.h (recvrequest): Update declaration.
+       * cmds.c (remglob, ls, mls): Pass 0 as the extra argument.
+       (mget): Pass 1.
+       (getit): Pass 1 iff only one filename was supplied.
+
+2003-06-05  Sam Hartman  <hartmans@mit.edu>
+
+       * pclose.c (mypopen): use fork not vfork
+
 2003-01-09  Ken Raeburn  <raeburn@mit.edu>
 
        * ftp.c (hookup, initconn, dataconn): Use socklen_t when passing
index 38d72147352a1dc4b01c08748b7cf351a8bf5cdd..b9cb2a2a2cb8016daefe9476f558182b95c31ce7 100644 (file)
@@ -940,7 +940,7 @@ usage:
        }
 
        recvrequest("RETR", argv[2], argv[1], rmode,
-           argv[1] != oldargv1 || argv[2] != oldargv2);
+           argv[1] != oldargv1 || argv[2] != oldargv2, loc);
        restart_point = 0;
        return (0);
 }
@@ -1017,7 +1017,7 @@ void mget(argc, argv)
                                tp = domap(tp);
                        }
                        recvrequest("RETR", tp, cp, "w",
-                           tp != cp || !interactive);
+                           tp != cp || !interactive, 1);
                        if (!mflag && fromatty) {
                                ointer = interactive;
                                interactive = 1;
@@ -1085,7 +1085,7 @@ remglob(argv,doswitch)
                        pswitch(!proxy);
                }
                for (rmode = "w"; *++argv != NULL; rmode = "a")
-                       recvrequest ("NLST", temp, *argv, rmode, 0);
+                       recvrequest ("NLST", temp, *argv, rmode, 0, 0);
                if (doswitch) {
                        pswitch(!proxy);
                }
@@ -1455,7 +1455,7 @@ void ls(argc, argv)
                        code = -1;
                        return;
        }
-       recvrequest(cmd, argv[2], argv[1], "w", 0);
+       recvrequest(cmd, argv[2], argv[1], "w", 0, 0);
 }
 
 /*
@@ -1493,7 +1493,7 @@ usage:
        (void) setjmp(jabort);
        for (i = 1; mflag && i < argc-1; ++i) {
                *rmode = (i == 1) ? 'w' : 'a';
-               recvrequest(cmd, dest, argv[i], rmode, 0);
+               recvrequest(cmd, dest, argv[i], rmode, 0, 0);
                if (!mflag && fromatty) {
                        ointer = interactive;
                        interactive = 1;
index ffbb42cd586b3dc47ba6836264ae84107fc19c59..155f857925d0857c9c6adc7538029eb3a9fa4a58 100644 (file)
@@ -1103,7 +1103,7 @@ abortrecv(int sig)
 }
 
 void recvrequest(char *cmd, char *volatile local, char *remote, char *lmode,
-                int printnames)
+                int printnames, int fnameonly)
 {
        FILE *volatile fout, *volatile din = 0, *popen();
        int (*volatile closefunc)(), pclose(), fclose();
@@ -1149,7 +1149,7 @@ void recvrequest(char *cmd, char *volatile local, char *remote, char *lmode,
                return;
        }
        oldintr = signal(SIGINT, abortrecv);
-       if (strcmp(local, "-") && *local != '|') {
+       if (fnameonly || (strcmp(local, "-") && *local != '|')) {
                if (access(local, 2) < 0) {
                        char *dir = strrchr(local, '/');
 
@@ -1223,9 +1223,9 @@ void recvrequest(char *cmd, char *volatile local, char *remote, char *lmode,
        din = dataconn("r");
        if (din == NULL)
                goto die;
-       if (strcmp(local, "-") == 0)
+       if (strcmp(local, "-") == 0 && !fnameonly)
                fout = stdout;
-       else if (*local == '|') {
+       else if (*local == '|' && !fnameonly) {
 #ifdef SIGPIPE
                oldintp = signal(SIGPIPE, SIG_IGN);
 #endif
index 4448448aa3b26a891515148dfd9e1ea0bb4f65e9..9baa047300f5e9d84b8cdf628cad0e6f1ee5665c 100644 (file)
@@ -249,7 +249,7 @@ void setpassive (void);
 
 /* ftp.c */
 void sendrequest (char *, char *, char *, int);
-void recvrequest (char *, char *volatile, char *, char *, int);
+void recvrequest (char *, char *volatile, char *, char *, int, int);
 int login (char *);
 void setpbsz (unsigned int);
 void pswitch (int);
index 04e481b1920434b100ec4aebf6a6f23c36883068..5d6a5aa57fa2affc879d8994b35455253eb198b6 100644 (file)
@@ -15,9 +15,6 @@ static        char sccsid[] = "@(#)pclose.c 1.1 90/04/28 SMI"; /* from UCB 1.2 3/7/86 *
 #include <signal.h>
 #include <sys/param.h>
 #include <sys/wait.h>
-#ifdef HAVE_VFORK_H
-#include <vfork.h>
-#endif
 #define sig_t my_sig_t
 #define sigtype krb5_sigtype
 typedef sigtype (*sig_t)();
@@ -60,7 +57,7 @@ mypopen(cmd,mode)
                return (NULL);
        myside = tst(p[WTR], p[RDR]);
        hisside = tst(p[RDR], p[WTR]);
-       if ((pid = vfork()) == 0) {
+       if ((pid = fork()) == 0) {
                /* myside and hisside reverse roles in child */
                (void) close(myside);
                if (hisside != tst(0, 1)) {
index c940e015cfc01911b04af85483f18f1362825ff4..73814761b6ff6bc745061bd4d4b0ad3bacb330ad 100644 (file)
@@ -1,3 +1,11 @@
+2003-06-05  Sam Hartman  <hartmans@mit.edu>
+
+       * popen.c (ftpd_popen): Use fork not vfork
+
+2003-04-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * ftpd.c: Don't declare errno.
+
 2003-01-03  Ken Raeburn  <raeburn@mit.edu>
 
        * ftpd.c (auth_data): Kerberos v4 checksum must be a 32-bit
index e62ae104aa17c8d45b3b5598296e559283c6ff31..ba68b2229ac7516c0d638b635fd55630a30f019d 100644 (file)
@@ -85,8 +85,7 @@ $(OUTPRE)ftpd.$(OBJEXT): ftpd.c $(srcdir)/../arpa/ftp.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  $(BUILDTOP)/include/profile.h $(KRB524_H_DEP) $(KRB524_ERR_H_DEP) \
-  $(SRCTOP)/include/socket-utils.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
   ftpd_var.h secure.h
 $(OUTPRE)ftpcmd.$(OBJEXT): ftpcmd.c $(srcdir)/../arpa/ftp.h \
index 7fd78991ed301a825ce2cf67736c5b25e960ed6b..2a09bf3d08031f2c8c167070186787886d79cee2 100644 (file)
@@ -130,7 +130,6 @@ extern int yyparse(void);
 #ifdef KRB5_KRB4_COMPAT
 #include <krb5.h>
 #include <krb.h>
-#include <krb524.h>
 
 AUTH_DAT kdata;
 KTEXT_ST ticket;
@@ -170,7 +169,6 @@ int have_creds;             /* User has credentials on disk */
 #include "ftpd_var.h"
 #include "secure.h"
 
-extern int errno;
 extern char *crypt();
 extern char version[];
 extern char *home;             /* pointer to home directory for glob */
@@ -315,9 +313,6 @@ main(argc, argv, envp)
 
 #ifdef GSSAPI
        krb5_init_context(&kcontext);
-#ifdef KRB5_KRB4_COMPAT
-       krb524_init_ets(kcontext);
-#endif
 #endif
 
        while ((c = getopt(argc, argv, option_string)) != -1) {
index 317b6fa568dcf9f4dd6d0634a87a62da2052136d..e9e589594c4bd7227bae0ab46eb5644dd4c8d143 100644 (file)
@@ -46,9 +46,6 @@ static char sccsid[] = "@(#)popen.c   5.9 (Berkeley) 2/25/91";
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef HAVE_VFORK_H
-#include <vfork.h>
-#endif
 #include "ftpd_var.h"
 
 /*
@@ -109,7 +106,7 @@ ftpd_popen(program, type)
        gargv[gargc] = NULL;
 
        iop = NULL;
-       switch(pid = vfork()) {
+       switch(pid = fork()) {
        case -1:                        /* error */
                (void)close(pdes[0]);
                (void)close(pdes[1]);
index 8999274466dc399092fdc3d0564c7c0cda43e0c6..4f9de7ade67f10e1259470d0526325e91735b89e 100644 (file)
@@ -1,3 +1,29 @@
+2003-05-09  Tom Yu  <tlyu@mit.edu>
+
+       * kerberos5.c (kerberos5_send): Rename getlocalsubkey ->
+       getsendsubkey.
+       (kerberos5_is): Rename getremotesubkey -> getrecvsubkey.
+
+2003-04-10  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in: Use library build framework.
+
+       * configure.in: Add support for library build framework.  Remove
+       old explicit checks for ranlib, etc.
+
+2003-04-09  Tom Yu  <tlyu@mit.edu>
+
+       * kerberos.c (kerberos4_status): Always copy in username if
+       present.  Patch from Nathan Neulinger to make "-a user" work.
+
+       * kerberos5.c (kerberos5_status): Always copy in username if
+       present.  Patch from Nathan Neulinger to make "-a user" work.
+
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kerberos5.c (kerberos5_is): Check principal name length before
+       examining components.
+
 2003-01-07  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.orig: Deleted.
index 93986e00575d1f5fda23c635de6c4d0c7dc1e9fa..783415b3183874561120c6f8f025364a59033736 100644 (file)
@@ -32,7 +32,12 @@ LIBOBJS=@LIBOBJS@
 SETENVSRC=@SETENVSRC@
 SETENVOBJ=@SETENVOBJ@
 
-LIB=    libtelnet.a
+LIB=telnet
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../../../appl/telnet/libtelnet
+STOBJLISTS=OBJS.ST
+
 SRCS=   $(srcdir)/auth.c \
        $(srcdir)/encrypt.c \
        $(srcdir)/genget.c \
@@ -52,20 +57,15 @@ SRCS=   $(srcdir)/auth.c \
        $(srcdir)/strftime.c \
        $(srcdir)/strerror.c
 
-OBJS=   auth.o encrypt.o genget.o \
+STLIBOBJS=   auth.o encrypt.o genget.o \
        misc.o kerberos.o kerberos5.o forward.o spx.o enc_des.o \
        $(LIBOBJS) getent.o $(SETENVOBJ)
 
 TELNET_H= $(srcdir)/../arpa/telnet.h
 
-all:: $(LIB)
-$(LIB): $(OBJS)
-       $(RM) $(LIB)
-       $(ARADD) $@ $(OBJS)
-       $(RANLIB) $@
+all:: all-libs
 
-clean::
-       $(RM) $(LIB)
+clean:: clean-libs clean-libobjs
 
 auth.o: $(TELNET_H)
 auth.o: encrypt.h
@@ -88,40 +88,44 @@ enc_des.o: encrypt.h
 enc_des.o: key-proto.h
 enc_des.o: misc-proto.h
 install::
+
+# @lib_frag@
+# @libobj_frag@
+
 # +++ Dependency line eater +++
 # 
 # Makefile dependencies follow.  This must be the last section in
 # the Makefile.in file
 #
-$(OUTPRE)auth.$(OBJEXT): auth.c $(srcdir)/../arpa/telnet.h \
+auth.so auth.po $(OUTPRE)auth.$(OBJEXT): auth.c $(srcdir)/../arpa/telnet.h \
   encrypt.h enc-proto.h auth.h auth-proto.h misc-proto.h
-$(OUTPRE)encrypt.$(OBJEXT): encrypt.c $(srcdir)/../arpa/telnet.h \
+encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): encrypt.c $(srcdir)/../arpa/telnet.h \
   encrypt.h enc-proto.h misc.h misc-proto.h
-$(OUTPRE)genget.$(OBJEXT): genget.c misc.h misc-proto.h
-$(OUTPRE)misc.$(OBJEXT): misc.c misc.h misc-proto.h \
+genget.so genget.po $(OUTPRE)genget.$(OBJEXT): genget.c misc.h misc-proto.h
+misc.so misc.po $(OUTPRE)misc.$(OBJEXT): misc.c misc.h misc-proto.h \
   auth.h auth-proto.h encrypt.h enc-proto.h
-$(OUTPRE)kerberos.$(OBJEXT): kerberos.c $(BUILDTOP)/include/krb5.h \
+kerberos.so kerberos.po $(OUTPRE)kerberos.$(OBJEXT): kerberos.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(srcdir)/../arpa/telnet.h $(SRCTOP)/include/kerberosIV/des.h \
   $(SRCTOP)/include/kerberosIV/krb.h $(KRB_ERR_H_DEP) \
   $(BUILDTOP)/include/profile.h encrypt.h enc-proto.h \
   auth.h auth-proto.h misc.h misc-proto.h
-$(OUTPRE)kerberos5.$(OBJEXT): kerberos5.c $(srcdir)/../arpa/telnet.h \
+kerberos5.so kerberos5.po $(OUTPRE)kerberos5.$(OBJEXT): kerberos5.c $(srcdir)/../arpa/telnet.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/syslog.h \
   encrypt.h enc-proto.h auth.h auth-proto.h misc.h misc-proto.h \
   krb5forw.h
-$(OUTPRE)forward.$(OBJEXT): forward.c $(BUILDTOP)/include/krb5.h \
+forward.so forward.po $(OUTPRE)forward.$(OBJEXT): forward.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) krb5forw.h
-$(OUTPRE)spx.$(OBJEXT): spx.c misc-proto.h
-$(OUTPRE)enc_des.$(OBJEXT): enc_des.c $(BUILDTOP)/include/krb5.h \
+spx.so spx.po $(OUTPRE)spx.$(OBJEXT): spx.c misc-proto.h
+enc_des.so enc_des.po $(OUTPRE)enc_des.$(OBJEXT): enc_des.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(srcdir)/../arpa/telnet.h encrypt.h \
   enc-proto.h key-proto.h misc-proto.h
-$(OUTPRE)setenv.$(OBJEXT): setenv.c misc-proto.h
-$(OUTPRE)getent.$(OBJEXT): getent.c gettytab.h
-$(OUTPRE)parsetos.$(OBJEXT): parsetos.c misc-proto.h
-$(OUTPRE)strdup.$(OBJEXT): strdup.c
-$(OUTPRE)strcasecmp.$(OBJEXT): strcasecmp.c
-$(OUTPRE)strchr.$(OBJEXT): strchr.c
-$(OUTPRE)strrchr.$(OBJEXT): strrchr.c
-$(OUTPRE)strftime.$(OBJEXT): strftime.c
-$(OUTPRE)strerror.$(OBJEXT): strerror.c
+setenv.so setenv.po $(OUTPRE)setenv.$(OBJEXT): setenv.c misc-proto.h
+getent.so getent.po $(OUTPRE)getent.$(OBJEXT): getent.c gettytab.h
+parsetos.so parsetos.po $(OUTPRE)parsetos.$(OBJEXT): parsetos.c misc-proto.h
+strdup.so strdup.po $(OUTPRE)strdup.$(OBJEXT): strdup.c
+strcasecmp.so strcasecmp.po $(OUTPRE)strcasecmp.$(OBJEXT): strcasecmp.c
+strchr.so strchr.po $(OUTPRE)strchr.$(OBJEXT): strchr.c
+strrchr.so strrchr.po $(OUTPRE)strrchr.$(OBJEXT): strrchr.c
+strftime.so strftime.po $(OUTPRE)strftime.$(OBJEXT): strftime.c
+strerror.so strerror.po $(OUTPRE)strerror.$(OBJEXT): strerror.c
 
index 8f2434eaaf9cb1179d9506d46e42d6511d95c62e..8767cd7d0d6848edc19d91df74cf223f18e88cb4 100644 (file)
@@ -1,8 +1,5 @@
 AC_INIT(auth.c)
 CONFIG_RULES
-AC_PROG_ARCHIVE
-AC_PROG_ARCHIVE_ADD
-AC_PROG_RANLIB
 AC_REPLACE_FUNCS([strcasecmp strdup setsid strerror strftime getopt herror parsetos])
 AC_CHECK_FUNCS(setenv unsetenv getenv gettosbyname cgetent)
 AC_CHECK_HEADERS(stdlib.h string.h unistd.h)
@@ -23,4 +20,6 @@ else
        AC_MSG_RESULT(Kerberos 4 authentication enabled)
        AC_DEFINE(KRB4)
 fi
+KRB5_BUILD_LIBRARY_STATIC
+KRB5_BUILD_LIBOBJS
 V5_AC_OUTPUT_MAKEFILE
index 56a07319101b55e4e5e87bc472325c82001c2a53..8d4c7f330cc7a89077c91033a686c320edcaf76c 100644 (file)
@@ -612,10 +612,17 @@ kerberos4_status(ap, kname, level)
        if (level < AUTH_USER)
                return(level);
 
-       if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
+       /*
+        * Always copy in UserNameRequested if the authentication
+        * is valid, because the higher level routines need it.
+        */
+       if (UserNameRequested) {
                /* the name buffer comes from telnetd/telnetd{-ktd}.c */
                strncpy(kname, UserNameRequested, 255);
                name[255] = '\0';
+       }
+
+       if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
                return(AUTH_VALID);
        } else
                return(AUTH_USER);
index 3a1c8f24e49a6c87dc9074dee634bc71802cf822..ad36aedda24a8658f2469cfdedf3ffbbd593f02b 100644 (file)
@@ -327,7 +327,7 @@ kerberos5_send(ap)
                                 &check_data, new_creds, &auth);
 
 #ifdef ENCRYPTION
-       krb5_auth_con_getlocalsubkey(telnet_context, auth_context, &newkey);
+       krb5_auth_con_getsendsubkey(telnet_context, auth_context, &newkey);
        if (session_key) {
                krb5_free_keyblock(telnet_context, session_key);
                session_key = 0;
@@ -446,6 +446,10 @@ kerberos5_is(ap, data, cnt)
                 * first component of a service name especially since
                 * the default is of length 4.
                 */
+               if (krb5_princ_size(telnet_context,ticket->server) < 1) {
+                   (void) strcpy(errbuf, "malformed service name");
+                   goto errout;
+               }
                if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) {
                    char princ[256];
                    strncpy(princ,      
@@ -548,7 +552,7 @@ kerberos5_is(ap, data, cnt)
                
                if (name)
                    free(name);
-               krb5_auth_con_getremotesubkey(telnet_context, auth_context,
+               krb5_auth_con_getrecvsubkey(telnet_context, auth_context,
                                              &newkey);
                if (session_key) {
                    krb5_free_keyblock(telnet_context, session_key);
@@ -727,13 +731,20 @@ kerberos5_status(ap, name, level)
        if (level < AUTH_USER)
                return(level);
 
+       /*
+        * Always copy in UserNameRequested if the authentication
+        * is valid, because the higher level routines need it.
+        * the name buffer comes from telnetd/telnetd{-ktd}.c
+        */
+       if (UserNameRequested) {
+               strncpy(name, UserNameRequested, 255);
+               name[255] = '\0';
+       }
+
        if (UserNameRequested &&
            krb5_kuserok(telnet_context, ticket->enc_part2->client, 
                         UserNameRequested))
        {
-               /* the name buffer comes from telnetd/telnetd{-ktd}.c */
-               strncpy(name, UserNameRequested, 255);
-               name[255] = '\0';
                return(AUTH_VALID);
        } else
                return(AUTH_USER);
index bcc3617503e9cbfe58d33bc02d3b8fda03029be8..60f9bf1f06781ac2caaa3f519ba75db5d689060b 100644 (file)
@@ -1,3 +1,7 @@
+2003-04-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * externs.h: Don't declare errno.
+
 2003-01-07  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.orig: Deleted.
index 31fb87a31a0fb6477899154407214912c682fa63..20a9ae75506f84c3ccff8ee344259f6944f611bc 100644 (file)
@@ -84,7 +84,8 @@ $(OUTPRE)commands.$(OBJEXT): commands.c $(srcdir)/../arpa/telnet.h \
   $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/encrypt.h \
   $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/misc-proto.h \
   $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/port-sockets.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/k5-platform.h
 $(OUTPRE)main.$(OBJEXT): main.c $(srcdir)/../libtelnet/auth.h \
   $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/encrypt.h \
   $(srcdir)/../libtelnet/enc-proto.h ring.h externs.h \
index 65a1c67c04f070d3adab28a11bc25cdff959fb5c..dccb424f050d8ba00a16c4742b9f15c1110597bb 100644 (file)
@@ -111,10 +111,6 @@ extern char *malloc(), *calloc(), *realloc();
 
 #define        SUBBUFSIZE      256
 
-#ifndef CRAY
-extern int errno;              /* outside this world */
-#endif /* !CRAY */
-
 extern int
     autologin,         /* Autologin enabled */
     skiprc,            /* Don't process the ~/.telnetrc file */
index c380d11f87397849eb0e354dc93231cf393a4c01..b343e9cc0d7733b3d4c2babc24567f71ea94f8df 100644 (file)
@@ -1,3 +1,7 @@
+2003-04-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * telnetd.h: Don't declare errno.
+
 2003-01-09  Ken Raeburn  <raeburn@mit.edu>
 
        * telnetd.c (main): Use socklen_t when passing address to socket
index 4a3e0a67cf97ebbb0b2e4e2484cf99cadfaf298d..ecf235c117058cc9aee9f7550944295902bc6a2b 100644 (file)
@@ -90,9 +90,10 @@ $(OUTPRE)telnetd.$(OBJEXT): telnetd.c telnetd.h defs.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/syslog.h \
   ext.h pathnames.h $(BUILDTOP)/include/libpty.h $(COM_ERR_DEPS) \
   $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/port-sockets.h \
-  $(BUILDTOP)/include/krb5.h $(srcdir)/../libtelnet/auth.h \
-  $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/encrypt.h \
-  $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/misc-proto.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/auth-proto.h \
+  $(srcdir)/../libtelnet/encrypt.h $(srcdir)/../libtelnet/enc-proto.h \
+  $(srcdir)/../libtelnet/misc-proto.h
 $(OUTPRE)termio-tn.$(OBJEXT): termio-tn.c
 $(OUTPRE)termios-tn.$(OBJEXT): termios-tn.c
 $(OUTPRE)state.$(OBJEXT): state.c telnetd.h defs.h \
@@ -113,8 +114,9 @@ $(OUTPRE)sys_term.$(OBJEXT): sys_term.c telnetd.h defs.h \
   ext.h pathnames.h $(COM_ERR_DEPS) $(BUILDTOP)/include/libpty.h \
   $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/auth-proto.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/krb5/kdb.h
 $(OUTPRE)utility.$(OBJEXT): utility.c telnetd.h defs.h \
   $(srcdir)/../arpa/telnet.h $(SRCTOP)/include/socket-utils.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/syslog.h \
index 234b9739e7580322ccc3c2dfa953dc96b64b20a2..f21f617e532f496cef047b0be1a1369ccc2167ef 100644 (file)
@@ -45,5 +45,4 @@
 
 /* other external variables */
 extern char **environ;
-extern int errno;
 
index 802ab3e0148d84412a61636174c0959373cce2e3..bf365e02f74e00cc0cbe54d93b3180f35206bc6c 100644 (file)
@@ -1,3 +1,18 @@
+2003-08-01  Tom Yu  <tlyu@mit.edu>
+
+       * kinit.c (main): Apply patch from Stephen Grau to correctly
+       return non-zero for certain error conditions.
+
+2003-05-29  Ken Raeburn  <raeburn@mit.edu>
+
+       * kinit.c (KRB4_BACKUP_DEFAULT_LIFE_SECS): Update to one day.
+
+2003-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * Makefile.in (kinit): Don't use krb524 library.
+       * kinit.c: Don't include krb524.h.
+       (try_convert524): Don't call krb524_init_ets.
+
 2002-11-05  Tom Yu  <tlyu@mit.edu>
 
        * kinit.c (k4_kinit): Remove trailing colon, as new implementation
index d7d5b9547811b21d968aded94c14533edcf9bb8f..1d2a6e436f529faee283f419c6d108a87a540468 100644 (file)
@@ -13,8 +13,8 @@ all-unix:: kinit
 all-windows:: $(OUTPRE)kinit.exe
 all-mac::
 
-kinit: kinit.o $(KRB4COMPAT_DEPLIBS) $(KRB524_DEPLIB)
-       $(CC_LINK) -o $@ kinit.o $(KRB524_LIB) $(KRB4COMPAT_LIBS)
+kinit: kinit.o $(KRB4COMPAT_DEPLIBS)
+       $(CC_LINK) -o $@ kinit.o $(KRB4COMPAT_LIBS)
 
 $(OUTPRE)kinit.exe: $(OUTPRE)kinit.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(KLIB) $(CLIB)
        link $(EXE_LINKOPTS) -out:$@ $** advapi32.lib
index 740b0302ac887586f8ee735a8a2cc6ca9b21a5e2..422c87d7de701054f718cfd70f2d3169ae99fa41 100644 (file)
@@ -55,10 +55,6 @@ extern int getopt();
 #endif /* HAVE_UNISTD_H */
 #endif /* GETOPT_LONG */
 
-#ifdef HAVE_KRB524
-#include "krb524.h"
-#endif
-
 #ifndef _WIN32
 #define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x))
 #else
@@ -117,7 +113,7 @@ static int default_k4 = 0;
 static int authed_k5 = 0;
 static int authed_k4 = 0;
 
-#define KRB4_BACKUP_DEFAULT_LIFE_SECS 10*60*60 /* 10 hours */
+#define KRB4_BACKUP_DEFAULT_LIFE_SECS 24*60*60 /* 1 day */
 
 typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type;
 
@@ -994,9 +990,6 @@ static int try_convert524(k5)
       initialized.
     */
 
-    /* or do this directly with krb524_convert_creds_kdc */
-    krb524_init_ets(k5->ctx);
-
     if ((code = krb5_build_principal(k5->ctx,
                                     &kpcserver, 
                                     krb5_princ_realm(k5->ctx, k5->me)->length,
@@ -1130,7 +1123,8 @@ main(argc, argv)
     k5_end(&k5);
     k4_end(&k4);
 
-    if ((got_k5 && !authed_k5) || (got_k4 && !authed_k4))
+    if ((got_k5 && !authed_k5) || (got_k4 && !authed_k4) ||
+       (!got_k5 && !got_k4))
        exit(1);
     return 0;
 }
index 44415a033edaf0370dea247415fdcff43fda9997..17a1dffe88cf783f4c48137acc6a6e923aa2593e 100644 (file)
@@ -1,3 +1,10 @@
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * heuristic.c (get_closest_principal): Don't try to examine
+       principal name components after the last.
+       * krb_auth_su.c (get_best_principal): Check principal name length
+       before examining components.
+
 2002-12-23  Ezra Peisach  <epeisach@bu.edu>
 
        * authorization.c, heuristic.c, ksu.h: Use uid_t instead of int in
index 5669d79baed6413f9296d05f861b1525eb104fd9..88c052cc4e4eda42fe09eb1abd0b49a287c539bc 100644 (file)
@@ -47,39 +47,43 @@ install::
 #
 $(OUTPRE)krb_auth_su.$(OBJEXT): krb_auth_su.c ksu.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/k5-util.h \
+  $(SRCTOP)/include/syslog.h
 $(OUTPRE)ccache.$(OBJEXT): ccache.c ksu.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/syslog.h $(SRCTOP)/include/krb5/adm_proto.h
+  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h \
+  $(SRCTOP)/include/krb5/adm_proto.h
 $(OUTPRE)authorization.$(OBJEXT): authorization.c ksu.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/k5-util.h \
+  $(SRCTOP)/include/syslog.h
 $(OUTPRE)main.$(OBJEXT): main.c ksu.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/syslog.h $(SRCTOP)/include/krb5/adm_proto.h
+  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h \
+  $(SRCTOP)/include/krb5/adm_proto.h
 $(OUTPRE)heuristic.$(OBJEXT): heuristic.c ksu.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/syslog.h
+  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h
 $(OUTPRE)xmalloc.$(OBJEXT): xmalloc.c ksu.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/syslog.h
+  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h
 $(OUTPRE)setenv.$(OBJEXT): setenv.c
 
index c79f943699aad56436c160dccafb48050dbf07fd..85b94b5e250d38c50e2bccd8a77e0f0f8c5141ea 100644 (file)
@@ -364,7 +364,7 @@ krb5_error_code get_closest_principal(context, plist, client, found)
                krb5_data *p2 =
                    krb5_princ_component(context, temp_client, j);
                
-               if ((p1->length != p2->length) ||
+               if (!p1 || !p2 || (p1->length != p2->length) ||
                    memcmp(p1->data,p2->data,p1->length)){
                    got_one = FALSE;
                    break;
index 6e76149c1f9e4ca732b069d76dab000ab8eea56f..8e1834240e2e7f04ed85acc9202a84c6add0edd3 100644 (file)
@@ -547,7 +547,9 @@ krb5_error_code get_best_principal(context, plist, client)
                         krb5_princ_realm(context, temp_client)->length))){
            
            
-           if(nelem){ 
+           if (nelem &&
+               krb5_princ_size(context, *client) > 0 &&
+               krb5_princ_size(context, temp_client) > 0) {
                krb5_data *p1 =
                    krb5_princ_component(context, *client, 0);
                krb5_data *p2 = 
index 0c038012d25def04bb14f09d2da95bbc65c6d15b..502fc4b7d0165b028660538c72947a101b91f720 100644 (file)
@@ -1,3 +1,30 @@
+2003-06-27  Jen Selby <jenselby@mit.edu>
+
+       * kdc.conf.M: replaced the @LOCALSTATEDIR typos with
+       /usr/local/var
+
+2003-06-20  Tom Yu  <tlyu@mit.edu>
+
+       * krb5.conf.M: Sync with doc/krb5conf.texinfo.
+
+2003-05-30  Ken Raeburn  <raeburn@mit.edu>
+
+       * kdc.conf: Delete supported and master key type specs.
+
+       * krb5.conf: Delete Athena KDC specifications.  Delete Cygnus
+       realm info.  Replace CLUB.CC.CMU.EDU info with ANDREW.CMU.EDU,
+       which has SRV records and thus doesn't need KDC specs.  Provide a
+       commented-out example of a [logging] spec.  Delete commented-out
+       enctype specs.
+
+       * krb5.conf.M: Remove "kdc =" lines from "realms" section example,
+       and recommend not using it unless DNS info isn't available.
+
+2003-05-29  Ken Raeburn  <raeburn@mit.edu>
+
+       * kdc.conf.M (FILES): Refer to correct location for kdc.conf in
+       the default installation path.
+
 2002-09-24  Sam Hartman  <hartmans@mit.edu>
 
        * krb5.conf: Update enctypes and add club.cc.cmu.edu
index cf8cbe1fd96b9d551f39132933b818ecbe1a0d65..3355699ff84efff3dbaeb5f249c665506e9125b7 100644 (file)
@@ -10,6 +10,4 @@
                kdc_ports = 750,88
                max_life = 10h 0m 0s
                max_renewable_life = 7d 0h 0m 0s
-               master_key_type = des-cbc-crc
-               supported_enctypes = des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
        }
index 103be2a0f12d087b04b5453cfbe3bae48a0f58b3..0c1735f3c76fce33abfe12087005dcb866c2dd89 100644 (file)
@@ -78,14 +78,14 @@ This
 .B string
 specifies the location of the access control list (acl) file that
 kadmin uses to determine which principals are allowed which permissions
-on the database. The default value is @LOCALSTATEDIR/krb5kdc/kadm5.acl.
+on the database. The default value is /usr/local/var/krb5kdc/kadm5.acl.
 
 .IP admin_keytab
 This
 .B string
 Specifies the location of the keytab file that kadmin uses to
 authenticate to the database.  The default value is
-@LOCALSTATEDIR/krb5kdc/kadm5.keytab.
+/usr/local/var/krb5kdc/kadm5.keytab.
 
 .IP database_name
 This
@@ -235,7 +235,7 @@ tickets should be checked against the transit path computed from the
 realm names and the [capaths] section of its krb5.conf file
 
 .SH FILES 
-/usr/local/lib/krb5kdc/kdc.conf
+/usr/local/var/krb5kdc/kdc.conf
 
 .SH SEE ALSO
 krb5.conf(5), krb5kdc(8)
index 51f6aa8e5c8af4cfcd8158a283ef0e07537f2ea8..efc19e45d5177fd053ee89dec3ef62a6053e8043 100644 (file)
@@ -1,16 +1,10 @@
 [libdefaults]
        default_realm = ATHENA.MIT.EDU
-# You don't actually need enctype lines
-# By default all enctypes are allowed.
-#      default_tgs_enctypes = des3-hmac-sha1 arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4
        krb4_config = /usr/kerberos/lib/krb.conf
        krb4_realms = /usr/kerberos/lib/krb.realms
 
 [realms]
        ATHENA.MIT.EDU = {
-               kdc = KERBEROS-2.MIT.EDU:88
-               kdc = KERBEROS.MIT.EDU
-               kdc = KERBEROS-1.MIT.EDU
                admin_server = KERBEROS.MIT.EDU
                default_domain = MIT.EDU
                v4_instance_convert = {
                        lithium = lithium.lcs.mit.edu
                }
        }
-       CYGNUS.COM = {
-               kdc = KERBEROS.CYGNUS.COM
-               kdc = KERBEROS-1.CYGNUS.COM
-               admin_server = KERBEROS.MIT.EDU
+       ANDREW.CMU.EDU = {
+               admin_server = vice28.fs.andrew.cmu.edu
        }
+# use "kdc =" if realm admins haven't put SRV records into DNS
         GNU.ORG = {
                 kdc = kerberos.gnu.org
                 kdc = kerberos-2.gnu.org
                 admin_server = kerberos.gnu.org
         }
-CLUB.CC.CMU.EDU = {
-       kdc = kerberos.club.cc.cmu.edu
-       kdc = kerberos-1.club.cc.cmu.edu
-       admin_server = kerberos-admin.club.cc.cmu.edu
-       default_domain = club.cc.cmu.edu
-}
 
 [domain_realm]
        .mit.edu = ATHENA.MIT.EDU
@@ -42,3 +29,5 @@ CLUB.CC.CMU.EDU = {
        media.mit.edu = MEDIA-LAB.MIT.EDU
        .ucsc.edu = CATS.UCSC.EDU
 
+[logging]
+#      kdc = CONSOLE
index 61545f302f666cf1785f445d7e1e1097f061b2f0..87582c0b4fa7529c7ab6f80a6970f2a8db923281 100644 (file)
@@ -128,10 +128,10 @@ that the library will tolerate before assuming that a Kerberos message
 is invalid.  The default value is 300 seconds, or five minutes.
 
 .IP kdc_timesync 
-If the value of this relation is non-zero, the library will compute the
-difference between the system clock and the time returned by the KDC and
-in order to correct for an inaccurate system clock.  This corrective
-factor is only used by the Kerberos library.
+If the value of this relation is non-zero (the default), the library
+will compute the difference between the system clock and the time
+returned by the KDC and in order to correct for an inaccurate system
+clock.  This corrective factor is only used by the Kerberos library.
 
 .IP kdc_req_checksum_type
 For compatability with DCE security servers which do not support the
@@ -164,6 +164,18 @@ do not support the default cache as created by this version of
 Kerberos. Use a value of 1 on DCE 1.0.3a systems, and a value of 2 on
 DCE 1.1 systems.
 
+.IP krb4_srvtab 
+Specifies the location of the Kerberos V4 srvtab file.  Default is
+"/etc/srvtab".
+
+.IP krb4_config
+Specifies the location of hte Kerberos V4 configuration file.  Default
+is "/etc/krb.conf".
+
+.IP krb4_realms
+Specifies the location of the Kerberos V4 domain/realm translation
+file.  Default is "/etc/krb.realms".
+
 .IP dns_lookup_kdc
 Indicate whether DNS SRV records shoud be used to locate the KDCs and 
 other servers for a realm, if they are not listed in the information 
@@ -182,6 +194,34 @@ This allows a computer to use multiple local addresses, in order to
 allow Kerberos to work in a network that uses NATs.  The addresses should
 be in a comma-separated list.
 
+.IP udp_preference_limit
+When sending a message to the KDC, the library will try using TCP
+before UDP if the size of the message is above "udp_preference_list".
+If the message is smaller than "udp_preference_list", then UDP will be
+tried before TCP.  Regardless of the size, both protocols will be
+tried if the first attempt fails.
+
+.IP verify_ap_req_nofail
+If this flag is set, then an attempt to get initial credentials will
+fail if the client machine does not have a keytab.  The default for the
+flag is false.
+
+.IP renew_lifetime
+The value of this tag is the default renewable lifetime for initial
+tickets.  The default value for the tag is 0.
+
+.IP noaddresses
+Setting this flag causes the initial Kerberos ticket to be addressless.
+The default for the flag is true.
+
+.IP forwardable
+If this flag is set, initial tickets by default will be forwardable.
+The default value for this flag is false.
+
+.IP proxiable
+If this flag is set, initial tickets by default will be proxiable.
+The default value for this flag is false.
+
 .SH APPDEFAULTS SECTION
 
 Each tag in the [appdefaults] section names a Kerberos V5 application
@@ -233,9 +273,6 @@ subsection define the properties of that particular realm.  For example:
 .in +1i
 [realms]
        ATHENA.MIT.EDU = {
-               kdc = KERBEROS.MIT.EDU
-               kdc = KERBEROS-1.MIT.EDU:750
-               kdc = KERBEROS-2.MIT.EDU:88
                admin_server = KERBEROS.MIT.EDU
                default_domain = MIT.EDU
                v4_instance_convert = {
@@ -254,7 +291,8 @@ subsection:
 .IP kdc
 The value of this relation is the name of a host running a KDC for that
 realm.  An optional port number (preceded by a colon) may be appended to
-the hostname.
+the hostname.  This tag should generally be used only if the realm
+administrator has not made the information available through DNS.
 
 .IP admin_server
 This relation identifies the host where the administration server is
index 7a0623513654a2f36b5ad60ccfdff349ae9edc8e..2175ec699800f76aea5d78fa717bc8c3cf69f53e 100644 (file)
@@ -1,3 +1,56 @@
+2004-02-12  Tom Yu  <tlyu@mit.edu>
+
+       * pre.in (FAKEDEST, FAKEPREFIX, FAKELIBDIR): Support variables for
+       the _RLD_ROOT hack.
+
+       * shlib.conf: For alpha/Tru64 and Irix, construct _RLD_ROOT values
+       pointing to a fake destdir, as well as to the real root directory.
+       Previously, pointing _RLD_ROOT at a non-existent directory and
+       putting everything in LD_LIBRARY_PATH caused other installed
+       utilities with RPATHs which were run by the test suite to fail to
+       run.
+
+2004-02-09  Tom Yu  <tlyu@mit.edu>
+
+       * config.guess: Update from autoconf-2.59.
+
+       * config.sub: Update from autoconf-2.59.
+
+       * install-sh: Update from autoconf-2.59.
+
+2003-11-26  Jeffrey Altman <jaltman@mit.edu>
+
+    * win-pre.in (KFWFLAGS): conditionally define USE_LEASH=1
+      to enable access to Leash apis for kinit dialogs within 
+      gssapi32.dll
+
+2003-09-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * shlib.conf (*-*-linux*): Use $(CC) for linking shared libraries,
+       and -Wl to pass linker flags in, so it can supply the necessary
+       support libraries.
+
+2003-05-27  Ken Raeburn  <raeburn@mit.edu>
+
+       * win-pre.in (CPPFLAGS): Define KRB5_DEPRECATED=1.
+
+2003-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * pre.in (KRB524_H_DEP, KRB524_ERR_H_DEP, KRB524_LIB,
+       KRB524_DEPLIB): Deleted.
+
+2003-04-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * post.in (configure): Try running autoconf with --include, and if
+       that doesn't work, try --localdir.  Don't use AUTOCONFINCFLAGS.
+
+2003-04-01  Tom Yu  <tlyu@mit.edu>
+
+       * pre.in (KDB5_DEPLIBS): Don't depend on $(DB_DEPLIB) anymore.
+       (KDB5_DB_LIB): New variable; is empty if not building with system
+       libdb.
+       (KDB5_LIBS): Use $(KDB5_DB_LIB) instead of $(DB_LIB).
+
 2003-03-03  Tom Yu  <tlyu@mit.edu>
 
        * libobj.in: Change .c.so and .c.po rules to use ALL_CFLAGS.
index b4faaedca09e18d70bd66fdf2bed48bc798b91f7..500ee74b047e6c6ea95e13d9786e01defba86328 100644 (file)
@@ -1,9 +1,9 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
-#   Free Software Foundation, Inc.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003 Free Software Foundation, Inc.
 
-version='2000-05-30'
+timestamp='2003-10-03'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -24,38 +24,50 @@ version='2000-05-30'
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.
 
-# Written by Per Bothner <bothner@cygnus.com>.
-# Please send patches to <config-patches@gnu.org>.
+# Originally written by Per Bothner <per@bothner.com>.
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
 #
 # This script attempts to guess a canonical system name similar to
 # config.sub.  If it succeeds, it prints the system name on stdout, and
 # exits with 0.  Otherwise, it exits with 1.
 #
 # The plan is that this can be called by configure scripts if you
-# don't specify an explicit system type (host/target name).
-#
-# Only a few systems have been added to this list; please add others
-# (but try to keep the structure clean).
-#
+# don't specify an explicit build system type.
 
 me=`echo "$0" | sed -e 's,.*/,,'`
 
 usage="\
 Usage: $0 [OPTION]
 
-Output the configuration name of this system.
+Output the configuration name of the system \`$me' is run on.
 
 Operation modes:
-  -h, --help               print this help, then exit
-  -V, --version            print version number, then exit"
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
 
 help="
 Try \`$me --help' for more information."
 
 # Parse command line
 while test $# -gt 0 ; do
-  case "$1" in
-    --version | --vers* | -V )
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit 0 ;;
+    --version | -v )
        echo "$version" ; exit 0 ;;
     --help | --h* | -h )
        echo "$usage"; exit 0 ;;
@@ -64,9 +76,7 @@ while test $# -gt 0 ; do
     - )        # Use stdin as input.
        break ;;
     -* )
-       exec >&2
-       echo "$me: invalid option $1"
-       echo "$help"
+       echo "$me: invalid option $1$help" >&2
        exit 1 ;;
     * )
        break ;;
@@ -78,133 +88,204 @@ if test $# != 0; then
   exit 1
 fi
 
-# Use $HOST_CC if defined. $CC may point to a cross-compiler
-if test x"$CC_FOR_BUILD" = x; then
-  if test x"$HOST_CC" != x; then
-    CC_FOR_BUILD="$HOST_CC"
-  else
-    if test x"$CC" != x; then
-      CC_FOR_BUILD="$CC"
-    else
-      CC_FOR_BUILD=cc
-    fi
-  fi
-fi
+trap 'exit 1' 1 2 15
 
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+       for c in cc gcc c89 c99 ; do
+         if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+            CC_FOR_BUILD="$c"; break ;
+         fi ;
+       done ;
+       if test x"$CC_FOR_BUILD" = x ; then
+         CC_FOR_BUILD=no_compiler_found ;
+       fi
+       ;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ;'
 
 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
-# (ghazi@noc.rutgers.edu 8/24/94.)
+# (ghazi@noc.rutgers.edu 1994-08-24)
 if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
        PATH=$PATH:/.attbin ; export PATH
 fi
 
 UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
 UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
-UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
 UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
 
-dummy=dummy-$$
-trap 'rm -f $dummy.c $dummy.o $dummy; exit 1' 1 2 15
-
 # Note: order is significant - the case branches are not exclusive.
 
 case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     *:NetBSD:*:*)
-       # Netbsd (nbsd) targets should (where applicable) match one or
+       # NetBSD (nbsd) targets should (where applicable) match one or
        # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
        # *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
        # switched to ELF, *-*-netbsd* would select the old
        # object file format.  This provides both forward
        # compatibility and a consistent mechanism for selecting the
        # object file format.
-       # Determine the machine/vendor (is the vendor relevant).
-       case "${UNAME_MACHINE}" in
-           amiga) machine=m68k-cbm ;;
-           arm32) machine=arm-unknown ;;
-           atari*) machine=m68k-atari ;;
-           sun3*) machine=m68k-sun ;;
-           mac68k) machine=m68k-apple ;;
-           macppc) machine=powerpc-apple ;;
-           hp3[0-9][05]) machine=m68k-hp ;;
-           ibmrt|romp-ibm) machine=romp-ibm ;;
-           *) machine=${UNAME_MACHINE}-unknown ;;
+       #
+       # Note: NetBSD doesn't particularly care about the vendor
+       # portion of the name.  We always set it to "unknown".
+       sysctl="sysctl -n hw.machine_arch"
+       UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+           /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+       case "${UNAME_MACHINE_ARCH}" in
+           armeb) machine=armeb-unknown ;;
+           arm*) machine=arm-unknown ;;
+           sh3el) machine=shl-unknown ;;
+           sh3eb) machine=sh-unknown ;;
+           *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+       esac
+       # The Operating System including object format, if it has switched
+       # to ELF recently, or will in the future.
+       case "${UNAME_MACHINE_ARCH}" in
+           arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+               eval $set_cc_for_build
+               if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+                       | grep __ELF__ >/dev/null
+               then
+                   # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+                   # Return netbsd for either.  FIX?
+                   os=netbsd
+               else
+                   os=netbsdelf
+               fi
+               ;;
+           *)
+               os=netbsd
+               ;;
        esac
-       # The Operating System including object format.
-       if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
-               | grep __ELF__ >/dev/null
-       then
-           # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
-           # Return netbsd for either.  FIX?
-           os=netbsd
-       else
-           os=netbsdelf
-       fi
        # The OS release
-       release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+       # Debian GNU/NetBSD machines have a different userland, and
+       # thus, need a distinct triplet. However, they do not need
+       # kernel version information, so it can be replaced with a
+       # suitable tag, in the style of linux-gnu.
+       case "${UNAME_VERSION}" in
+           Debian*)
+               release='-gnu'
+               ;;
+           *)
+               release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+               ;;
+       esac
        # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
        # contains redundant information, the shorter form:
        # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
        echo "${machine}-${os}${release}"
        exit 0 ;;
+    amiga:OpenBSD:*:*)
+       echo m68k-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    arc:OpenBSD:*:*)
+       echo mipsel-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    hp300:OpenBSD:*:*)
+       echo m68k-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    mac68k:OpenBSD:*:*)
+       echo m68k-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    macppc:OpenBSD:*:*)
+       echo powerpc-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    mvme68k:OpenBSD:*:*)
+       echo m68k-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    mvme88k:OpenBSD:*:*)
+       echo m88k-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    mvmeppc:OpenBSD:*:*)
+       echo powerpc-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    pmax:OpenBSD:*:*)
+       echo mipsel-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    sgi:OpenBSD:*:*)
+       echo mipseb-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    sun3:OpenBSD:*:*)
+       echo m68k-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    wgrisc:OpenBSD:*:*)
+       echo mipsel-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
+    *:OpenBSD:*:*)
+       echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
+       exit 0 ;;
     alpha:OSF1:*:*)
        if test $UNAME_RELEASE = "V4.0"; then
                UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
        fi
+       # According to Compaq, /usr/sbin/psrinfo has been available on
+       # OSF/1 and Tru64 systems produced since 1995.  I hope that
+       # covers most systems running today.  This code pipes the CPU
+       # types through head -n 1, so we only detect the type of CPU 0.
+       ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+       case "$ALPHA_CPU_TYPE" in
+           "EV4 (21064)")
+               UNAME_MACHINE="alpha" ;;
+           "EV4.5 (21064)")
+               UNAME_MACHINE="alpha" ;;
+           "LCA4 (21066/21068)")
+               UNAME_MACHINE="alpha" ;;
+           "EV5 (21164)")
+               UNAME_MACHINE="alphaev5" ;;
+           "EV5.6 (21164A)")
+               UNAME_MACHINE="alphaev56" ;;
+           "EV5.6 (21164PC)")
+               UNAME_MACHINE="alphapca56" ;;
+           "EV5.7 (21164PC)")
+               UNAME_MACHINE="alphapca57" ;;
+           "EV6 (21264)")
+               UNAME_MACHINE="alphaev6" ;;
+           "EV6.7 (21264A)")
+               UNAME_MACHINE="alphaev67" ;;
+           "EV6.8CB (21264C)")
+               UNAME_MACHINE="alphaev68" ;;
+           "EV6.8AL (21264B)")
+               UNAME_MACHINE="alphaev68" ;;
+           "EV6.8CX (21264D)")
+               UNAME_MACHINE="alphaev68" ;;
+           "EV6.9A (21264/EV69A)")
+               UNAME_MACHINE="alphaev69" ;;
+           "EV7 (21364)")
+               UNAME_MACHINE="alphaev7" ;;
+           "EV7.9 (21364A)")
+               UNAME_MACHINE="alphaev79" ;;
+       esac
        # A Vn.n version is a released version.
        # A Tn.n version is a released field test version.
        # A Xn.n version is an unreleased experimental baselevel.
        # 1.2 uses "1.2" for uname -r.
-       cat <<EOF >$dummy.s
-       .data
-\$Lformat:
-       .byte 37,100,45,37,120,10,0     # "%d-%x\n"
-
-       .text
-       .globl main
-       .align 4
-       .ent main
-main:
-       .frame \$30,16,\$26,0
-       ldgp \$29,0(\$27)
-       .prologue 1
-       .long 0x47e03d80 # implver \$0
-       lda \$2,-1
-       .long 0x47e20c21 # amask \$2,\$1
-       lda \$16,\$Lformat
-       mov \$0,\$17
-       not \$1,\$18
-       jsr \$26,printf
-       ldgp \$29,0(\$26)
-       mov 0,\$16
-       jsr \$26,exit
-       .end main
-EOF
-       $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
-       if test "$?" = 0 ; then
-               case `./$dummy` in
-                       0-0)
-                               UNAME_MACHINE="alpha"
-                               ;;
-                       1-0)
-                               UNAME_MACHINE="alphaev5"
-                               ;;
-                       1-1)
-                               UNAME_MACHINE="alphaev56"
-                               ;;
-                       1-101)
-                               UNAME_MACHINE="alphapca56"
-                               ;;
-                       2-303)
-                               UNAME_MACHINE="alphaev6"
-                               ;;
-                       2-307)
-                               UNAME_MACHINE="alphaev67"
-                               ;;
-               esac
-       fi
-       rm -f $dummy.s $dummy
        echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
        exit 0 ;;
+    Alpha*:OpenVMS:*:*)
+       echo alpha-hp-vms
+       exit 0 ;;
     Alpha\ *:Windows_NT*:*)
        # How do we know it's Interix rather than the generic POSIX subsystem?
        # Should we change UNAME_MACHINE based on the output of uname instead
@@ -215,31 +296,13 @@ EOF
        echo alpha-dec-winnt3.5
        exit 0 ;;
     Amiga*:UNIX_System_V:4.0:*)
-       echo m68k-cbm-sysv4
+       echo m68k-unknown-sysv4
        exit 0;;
-    amiga:OpenBSD:*:*)
-       echo m68k-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
     *:[Aa]miga[Oo][Ss]:*:*)
        echo ${UNAME_MACHINE}-unknown-amigaos
        exit 0 ;;
-    arc64:OpenBSD:*:*)
-       echo mips64el-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
-    arc:OpenBSD:*:*)
-       echo mipsel-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
-    hkmips:OpenBSD:*:*)
-       echo mips-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
-    pmax:OpenBSD:*:*)
-       echo mipsel-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
-    sgi:OpenBSD:*:*)
-       echo mips-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
-    wgrisc:OpenBSD:*:*)
-       echo mipsel-unknown-openbsd${UNAME_RELEASE}
+    *:[Mm]orph[Oo][Ss]:*:*)
+       echo ${UNAME_MACHINE}-unknown-morphos
        exit 0 ;;
     *:OS/390:*:*)
        echo i370-ibm-openedition
@@ -247,7 +310,7 @@ EOF
     arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
        echo arm-acorn-riscix${UNAME_RELEASE}
        exit 0;;
-    SR2?01:HI-UX/MPP:*:*)
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
        echo hppa1.1-hitachi-hiuxmpp
        exit 0;;
     Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
@@ -261,6 +324,13 @@ EOF
     NILE*:*:*:dcosx)
        echo pyramid-pyramid-svr4
        exit 0 ;;
+    DRS?6000:unix:4.0:6*)
+       echo sparc-icl-nx6
+       exit 0 ;;
+    DRS?6000:UNIX_SV:4.2*:7*)
+       case `/usr/bin/uname -p` in
+           sparc) echo sparc-icl-nx7 && exit 0 ;;
+       esac ;;
     sun4H:SunOS:5.*:*)
        echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
        exit 0 ;;
@@ -289,7 +359,7 @@ EOF
        echo m68k-sun-sunos${UNAME_RELEASE}
        exit 0 ;;
     sun*:*:4.2BSD:*)
-       UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+       UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
        test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
        case "`/bin/arch`" in
            sun3)
@@ -303,9 +373,6 @@ EOF
     aushp:SunOS:*:*)
        echo sparc-auspex-sunos${UNAME_RELEASE}
        exit 0 ;;
-    atari*:OpenBSD:*:*)
-       echo m68k-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
     # The situation for MiNT is a little confusing.  The machine name
     # can be virtually everything (everything which is not
     # "atarist" or "atariste" at least should have a processor
@@ -332,18 +399,6 @@ EOF
     *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
         echo m68k-unknown-mint${UNAME_RELEASE}
         exit 0 ;;
-    sun3*:OpenBSD:*:*)
-       echo m68k-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
-    mac68k:OpenBSD:*:*)
-       echo m68k-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
-    mvme68k:OpenBSD:*:*)
-       echo m68k-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
-    mvme88k:OpenBSD:*:*)
-       echo m88k-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
     powerpc:machten:*:*)
        echo powerpc-apple-machten${UNAME_RELEASE}
        exit 0 ;;
@@ -360,6 +415,7 @@ EOF
        echo clipper-intergraph-clix${UNAME_RELEASE}
        exit 0 ;;
     mips:*:*:UMIPS | mips:*:*:RISCos)
+       eval $set_cc_for_build
        sed 's/^        //' << EOF >$dummy.c
 #ifdef __cplusplus
 #include <stdio.h>  /* for printf() prototype */
@@ -381,12 +437,20 @@ EOF
          exit (-1);
        }
 EOF
-       $CC_FOR_BUILD $dummy.c -o $dummy \
-         && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
-         && rm $dummy.c $dummy && exit 0
-       rm -f $dummy.c $dummy
+       $CC_FOR_BUILD -o $dummy $dummy.c \
+         && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
+         && exit 0
        echo mips-mips-riscos${UNAME_RELEASE}
        exit 0 ;;
+    Motorola:PowerMAX_OS:*:*)
+       echo powerpc-motorola-powermax
+       exit 0 ;;
+    Motorola:*:4.3:PL8-*)
+       echo powerpc-harris-powermax
+       exit 0 ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+       echo powerpc-harris-powermax
+       exit 0 ;;
     Night_Hawk:Power_UNIX:*:*)
        echo powerpc-harris-powerunix
        exit 0 ;;
@@ -434,11 +498,20 @@ EOF
     ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
        echo romp-ibm-aix      # uname -m gives an 8 hex-code CPU id
        exit 0 ;;              # Note that: echo "'`uname -s`'" gives 'AIX '
-    i?86:AIX:*:*)
+    i*86:AIX:*:*)
        echo i386-ibm-aix
        exit 0 ;;
+    ia64:AIX:*:*)
+       if [ -x /usr/bin/oslevel ] ; then
+               IBM_REV=`/usr/bin/oslevel`
+       else
+               IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+       fi
+       echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+       exit 0 ;;
     *:AIX:2:3)
        if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+               eval $set_cc_for_build
                sed 's/^                //' << EOF >$dummy.c
                #include <sys/systemcfg.h>
 
@@ -450,8 +523,7 @@ EOF
                        exit(0);
                        }
 EOF
-               $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm $dummy.c $dummy && exit 0
-               rm -f $dummy.c $dummy
+               $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
                echo rs6000-ibm-aix3.2.5
        elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
                echo rs6000-ibm-aix3.2.4
@@ -459,9 +531,9 @@ EOF
                echo rs6000-ibm-aix3.2
        fi
        exit 0 ;;
-    *:AIX:*:4)
-       IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'`
-       if /usr/sbin/lsattr -EHl ${IBM_CPU_ID} | grep POWER >/dev/null 2>&1; then
+    *:AIX:*:[45])
+       IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+       if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
                IBM_ARCH=rs6000
        else
                IBM_ARCH=powerpc
@@ -469,7 +541,7 @@ EOF
        if [ -x /usr/bin/oslevel ] ; then
                IBM_REV=`/usr/bin/oslevel`
        else
-               IBM_REV=4.${UNAME_RELEASE}
+               IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
        fi
        echo ${IBM_ARCH}-ibm-aix${IBM_REV}
        exit 0 ;;
@@ -495,11 +567,28 @@ EOF
        echo m68k-hp-bsd4.4
        exit 0 ;;
     9000/[34678]??:HP-UX:*:*)
+       HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
        case "${UNAME_MACHINE}" in
            9000/31? )            HP_ARCH=m68000 ;;
            9000/[34]?? )         HP_ARCH=m68k ;;
            9000/[678][0-9][0-9])
-              sed 's/^              //' << EOF >$dummy.c
+               if [ -x /usr/bin/getconf ]; then
+                   sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+                         '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+               fi
+               if [ "${HP_ARCH}" = "" ]; then
+                   eval $set_cc_for_build
+                   sed 's/^              //' << EOF >$dummy.c
 
               #define _HPUX_SOURCE
               #include <stdlib.h>
@@ -532,13 +621,29 @@ EOF
                   exit (0);
               }
 EOF
-       (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null ) && HP_ARCH=`./$dummy`
-       rm -f $dummy.c $dummy
+                   (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+                   test -z "$HP_ARCH" && HP_ARCH=hppa
+               fi ;;
        esac
-       HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+       if [ ${HP_ARCH} = "hppa2.0w" ]
+       then
+           # avoid double evaluation of $set_cc_for_build
+           test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
+           if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
+           then
+               HP_ARCH="hppa2.0w"
+           else
+               HP_ARCH="hppa64"
+           fi
+       fi
        echo ${HP_ARCH}-hp-hpux${HPUX_REV}
        exit 0 ;;
+    ia64:HP-UX:*:*)
+       HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+       echo ia64-hp-hpux${HPUX_REV}
+       exit 0 ;;
     3050*:HI-UX:*:*)
+       eval $set_cc_for_build
        sed 's/^        //' << EOF >$dummy.c
        #include <unistd.h>
        int
@@ -564,8 +669,7 @@ EOF
          exit (0);
        }
 EOF
-       $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm $dummy.c $dummy && exit 0
-       rm -f $dummy.c $dummy
+       $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
        echo unknown-hitachi-hiuxwe2
        exit 0 ;;
     9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
@@ -574,7 +678,7 @@ EOF
     9000/8??:4.3bsd:*:*)
        echo hppa1.0-hp-bsd
        exit 0 ;;
-    *9??*:MPE/iX:*:*)
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
        echo hppa1.0-hp-mpeix
        exit 0 ;;
     hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
@@ -583,7 +687,7 @@ EOF
     hp8??:OSF1:*:*)
        echo hppa1.0-hp-osf
        exit 0 ;;
-    i?86:OSF1:*:*)
+    i*86:OSF1:*:*)
        if [ -x /usr/sbin/sysversion ] ; then
            echo ${UNAME_MACHINE}-unknown-osf1mk
        else
@@ -593,9 +697,6 @@ EOF
     parisc*:Lites*:*:*)
        echo hppa1.1-hp-lites
        exit 0 ;;
-    hppa*:OpenBSD:*:*)
-       echo hppa-unknown-openbsd
-       exit 0 ;;
     C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
        echo c1-convex-bsd
         exit 0 ;;
@@ -614,41 +715,34 @@ EOF
     C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
        echo c4-convex-bsd
         exit 0 ;;
-    CRAY*X-MP:*:*:*)
-       echo xmp-cray-unicos
-        exit 0 ;;
     CRAY*Y-MP:*:*:*)
-       echo ymp-cray-unicos${UNAME_RELEASE}
+       echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
        exit 0 ;;
     CRAY*[A-Z]90:*:*:*)
        echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
        | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-             -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/
+             -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+             -e 's/\.[^.]*$/.X/'
        exit 0 ;;
     CRAY*TS:*:*:*)
        echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
        exit 0 ;;
     CRAY*T3E:*:*:*)
-       echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+       echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
        exit 0 ;;
     CRAY*SV1:*:*:*)
        echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
        exit 0 ;;
-    CRAY-2:*:*:*)
-       echo cray2-cray-unicos
-        exit 0 ;;
-    F300:UNIX_System_V:*:*)
+    *:UNICOS/mp:*:*)
+       echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+       exit 0 ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+       FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
         FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
         FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
-        echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
         exit 0 ;;
-    F301:UNIX_System_V:*:*)
-       echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'`
-       exit 0 ;;
-    hp300:OpenBSD:*:*)
-       echo m68k-unknown-openbsd${UNAME_RELEASE}
-       exit 0 ;;
-    i?86:BSD/386:*:* | i?86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
        echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
        exit 0 ;;
     sparc*:BSD/OS:*:*)
@@ -657,11 +751,22 @@ EOF
     *:BSD/OS:*:*)
        echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
        exit 0 ;;
-    *:FreeBSD:*:*)
-       echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
-       exit 0 ;;
-    *:OpenBSD:*:*)
-       echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+    *:FreeBSD:*:*|*:GNU/FreeBSD:*:*)
+       # Determine whether the default compiler uses glibc.
+       eval $set_cc_for_build
+       sed 's/^        //' << EOF >$dummy.c
+       #include <features.h>
+       #if __GLIBC__ >= 2
+       LIBC=gnu
+       #else
+       LIBC=
+       #endif
+EOF
+       eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+       # GNU/FreeBSD systems have a "k" prefix to indicate we are using
+       # FreeBSD's kernel, but not the complete OS.
+       case ${LIBC} in gnu) kernel_only='k' ;; esac
+       echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
        exit 0 ;;
     i*:CYGWIN*:*)
        echo ${UNAME_MACHINE}-pc-cygwin
@@ -669,11 +774,20 @@ EOF
     i*:MINGW*:*)
        echo ${UNAME_MACHINE}-pc-mingw32
        exit 0 ;;
+    i*:PW*:*)
+       echo ${UNAME_MACHINE}-pc-pw32
+       exit 0 ;;
+    x86:Interix*:[34]*)
+       echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
+       exit 0 ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+       echo i${UNAME_MACHINE}-pc-mks
+       exit 0 ;;
     i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
        # How do we know it's Interix rather than the generic POSIX subsystem?
        # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
        # UNAME_MACHINE based on the output of uname instead of i386?
-       echo i386-pc-interix
+       echo i586-pc-interix
        exit 0 ;;
     i*:UWIN*:*)
        echo ${UNAME_MACHINE}-pc-uwin
@@ -687,223 +801,168 @@ EOF
     *:GNU:*:*)
        echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
        exit 0 ;;
-    *:Linux:*:*)
-
+    i*86:Minix:*:*)
+       echo ${UNAME_MACHINE}-pc-minix
+       exit 0 ;;
+    arm*:Linux:*:*)
+       echo ${UNAME_MACHINE}-unknown-linux-gnu
+       exit 0 ;;
+    cris:Linux:*:*)
+       echo cris-axis-linux-gnu
+       exit 0 ;;
+    ia64:Linux:*:*)
+       echo ${UNAME_MACHINE}-unknown-linux-gnu
+       exit 0 ;;
+    m68*:Linux:*:*)
+       echo ${UNAME_MACHINE}-unknown-linux-gnu
+       exit 0 ;;
+    mips:Linux:*:*)
+       eval $set_cc_for_build
+       sed 's/^        //' << EOF >$dummy.c
+       #undef CPU
+       #undef mips
+       #undef mipsel
+       #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+       CPU=mipsel
+       #else
+       #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+       CPU=mips
+       #else
+       CPU=
+       #endif
+       #endif
+EOF
+       eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+       test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+       ;;
+    mips64:Linux:*:*)
+       eval $set_cc_for_build
+       sed 's/^        //' << EOF >$dummy.c
+       #undef CPU
+       #undef mips64
+       #undef mips64el
+       #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+       CPU=mips64el
+       #else
+       #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+       CPU=mips64
+       #else
+       CPU=
+       #endif
+       #endif
+EOF
+       eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+       test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+       ;;
+    ppc:Linux:*:*)
+       echo powerpc-unknown-linux-gnu
+       exit 0 ;;
+    ppc64:Linux:*:*)
+       echo powerpc64-unknown-linux-gnu
+       exit 0 ;;
+    alpha:Linux:*:*)
+       case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+         EV5)   UNAME_MACHINE=alphaev5 ;;
+         EV56)  UNAME_MACHINE=alphaev56 ;;
+         PCA56) UNAME_MACHINE=alphapca56 ;;
+         PCA57) UNAME_MACHINE=alphapca56 ;;
+         EV6)   UNAME_MACHINE=alphaev6 ;;
+         EV67)  UNAME_MACHINE=alphaev67 ;;
+         EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+       objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+       if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+       echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+       exit 0 ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+       # Look for CPU level
+       case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+         PA7*) echo hppa1.1-unknown-linux-gnu ;;
+         PA8*) echo hppa2.0-unknown-linux-gnu ;;
+         *)    echo hppa-unknown-linux-gnu ;;
+       esac
+       exit 0 ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+       echo hppa64-unknown-linux-gnu
+       exit 0 ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+       echo ${UNAME_MACHINE}-ibm-linux
+       exit 0 ;;
+    sh64*:Linux:*:*)
+       echo ${UNAME_MACHINE}-unknown-linux-gnu
+       exit 0 ;;
+    sh*:Linux:*:*)
+       echo ${UNAME_MACHINE}-unknown-linux-gnu
+       exit 0 ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+       echo ${UNAME_MACHINE}-unknown-linux-gnu
+       exit 0 ;;
+    x86_64:Linux:*:*)
+       echo x86_64-unknown-linux-gnu
+       exit 0 ;;
+    i*86:Linux:*:*)
        # The BFD linker knows what the default object file format is, so
        # first see if it will tell us. cd to the root directory to prevent
        # problems with other programs or directories called `ld' in the path.
-       ld_help_string=`cd /; ld --help 2>&1`
-       ld_supported_emulations=`echo $ld_help_string \
-                        | sed -ne '/supported emulations:/!d
+       # Set LC_ALL=C to ensure ld outputs messages in English.
+       ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+                        | sed -ne '/supported targets:/!d
                                    s/[         ][      ]*/ /g
-                                   s/.*supported emulations: *//
+                                   s/.*supported targets: *//
                                    s/ .*//
                                    p'`
-        case "$ld_supported_emulations" in
-         *ia64)
-               echo "${UNAME_MACHINE}-unknown-linux"
-               exit 0
+        case "$ld_supported_targets" in
+         elf32-i386)
+               TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
                ;;
-         i?86linux)
+         a.out-i386-linux)
                echo "${UNAME_MACHINE}-pc-linux-gnuaout"
-               exit 0
-               ;;
-         elf_i?86)
-               echo "${UNAME_MACHINE}-pc-linux"
-               exit 0
-               ;;
-         i?86coff)
+               exit 0 ;;
+         coff-i386)
                echo "${UNAME_MACHINE}-pc-linux-gnucoff"
-               exit 0
-               ;;
-         sparclinux)
-               echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
-               exit 0
-               ;;
-         armlinux)
-               echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
-               exit 0
-               ;;
-         elf32arm*)
-               echo "${UNAME_MACHINE}-unknown-linux-gnuoldld"
-               exit 0
-               ;;
-         armelf_linux*)
-               echo "${UNAME_MACHINE}-unknown-linux-gnu"
-               exit 0
-               ;;
-         m68klinux)
-               echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
-               exit 0
-               ;;
-         elf32ppc | elf32ppclinux)
-               # Determine Lib Version
-               cat >$dummy.c <<EOF
-#include <features.h>
-#if defined(__GLIBC__)
-extern char __libc_version[];
-extern char __libc_release[];
-#endif
-main(argc, argv)
-     int argc;
-     char *argv[];
-{
-#if defined(__GLIBC__)
-  printf("%s %s\n", __libc_version, __libc_release);
-#else
-  printf("unkown\n");
-#endif
-  return 0;
-}
-EOF
-               LIBC=""
-               $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null
-               if test "$?" = 0 ; then
-                       ./$dummy | grep 1\.99 > /dev/null
-                       if test "$?" = 0 ; then
-                               LIBC="libc1"
-                       fi
-               fi
-               rm -f $dummy.c $dummy
-               echo powerpc-unknown-linux-gnu${LIBC}
-               exit 0
-               ;;
-         shelf_linux)
-               echo "${UNAME_MACHINE}-unknown-linux-gnu"
-               exit 0
-               ;;
+               exit 0 ;;
+         "")
+               # Either a pre-BFD a.out linker (linux-gnuoldld) or
+               # one that does not give us useful --help.
+               echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+               exit 0 ;;
        esac
-
-       if test "${UNAME_MACHINE}" = "alpha" ; then
-               cat <<EOF >$dummy.s
-                       .data
-               \$Lformat:
-                       .byte 37,100,45,37,120,10,0     # "%d-%x\n"
-
-                       .text
-                       .globl main
-                       .align 4
-                       .ent main
-               main:
-                       .frame \$30,16,\$26,0
-                       ldgp \$29,0(\$27)
-                       .prologue 1
-                       .long 0x47e03d80 # implver \$0
-                       lda \$2,-1
-                       .long 0x47e20c21 # amask \$2,\$1
-                       lda \$16,\$Lformat
-                       mov \$0,\$17
-                       not \$1,\$18
-                       jsr \$26,printf
-                       ldgp \$29,0(\$26)
-                       mov 0,\$16
-                       jsr \$26,exit
-                       .end main
-EOF
-               LIBC=""
-               $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
-               if test "$?" = 0 ; then
-                       case `./$dummy` in
-                       0-0)
-                               UNAME_MACHINE="alpha"
-                               ;;
-                       1-0)
-                               UNAME_MACHINE="alphaev5"
-                               ;;
-                       1-1)
-                               UNAME_MACHINE="alphaev56"
-                               ;;
-                       1-101)
-                               UNAME_MACHINE="alphapca56"
-                               ;;
-                       2-303)
-                               UNAME_MACHINE="alphaev6"
-                               ;;
-                       2-307)
-                               UNAME_MACHINE="alphaev67"
-                               ;;
-                       esac
-
-                       objdump --private-headers $dummy | \
-                         grep ld.so.1 > /dev/null
-                       if test "$?" = 0 ; then
-                               LIBC="libc1"
-                       fi
-               fi
-               rm -f $dummy.s $dummy
-               echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ; exit 0
-       elif test "${UNAME_MACHINE}" = "mips" ; then
-         cat >$dummy.c <<EOF
-#ifdef __cplusplus
-#include <stdio.h>  /* for printf() prototype */
-       int main (int argc, char *argv[]) {
-#else
-       int main (argc, argv) int argc; char *argv[]; {
-#endif
-#ifdef __MIPSEB__
-  printf ("%s-unknown-linux-gnu\n", argv[1]);
-#endif
-#ifdef __MIPSEL__
-  printf ("%sel-unknown-linux-gnu\n", argv[1]);
-#endif
-  return 0;
-}
-EOF
-         $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm $dummy.c $dummy && exit 0
-         rm -f $dummy.c $dummy
-       elif test "${UNAME_MACHINE}" = "s390"; then
-         echo s390-ibm-linux && exit 0
-       else
-         # Either a pre-BFD a.out linker (linux-gnuoldld)
-         # or one that does not give us useful --help.
-         # GCC wants to distinguish between linux-gnuoldld and linux-gnuaout.
-         # If ld does not provide *any* "supported emulations:"
-         # that means it is gnuoldld.
-         echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations:"
-         test $? != 0 && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0
-
-         case "${UNAME_MACHINE}" in
-         i?86)
-           VENDOR=pc;
-           ;;
-         *)
-           VENDOR=unknown;
-           ;;
-         esac
-         # Determine whether the default compiler is a.out or elf
-         cat >$dummy.c <<EOF
-#include <features.h>
-#ifdef __cplusplus
-#include <stdio.h>  /* for printf() prototype */
-       int main (int argc, char *argv[]) {
-#else
-       int main (argc, argv) int argc; char *argv[]; {
-#endif
-#ifdef __ELF__
-# ifdef __GLIBC__
-#  if __GLIBC__ >= 2
-    printf ("%s-${VENDOR}-linux-gnu\n", argv[1]);
-#  else
-    printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]);
-#  endif
-# else
-   printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]);
-# endif
-#else
-  printf ("%s-${VENDOR}-linux-gnuaout\n", argv[1]);
-#endif
-  return 0;
-}
+       # Determine whether the default compiler is a.out or elf
+       eval $set_cc_for_build
+       sed 's/^        //' << EOF >$dummy.c
+       #include <features.h>
+       #ifdef __ELF__
+       # ifdef __GLIBC__
+       #  if __GLIBC__ >= 2
+       LIBC=gnu
+       #  else
+       LIBC=gnulibc1
+       #  endif
+       # else
+       LIBC=gnulibc1
+       # endif
+       #else
+       #ifdef __INTEL_COMPILER
+       LIBC=gnu
+       #else
+       LIBC=gnuaout
+       #endif
+       #endif
+       #ifdef __dietlibc__
+       LIBC=dietlibc
+       #endif
 EOF
-         $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm $dummy.c $dummy && exit 0
-         rm -f $dummy.c $dummy
-       fi ;;
-# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.  earlier versions
-# are messed up and put the nodename in both sysname and nodename.
-    i?86:DYNIX/ptx:4*:*)
+       eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+       test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
+       test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
+       ;;
+    i*86:DYNIX/ptx:4*:*)
+       # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+       # earlier versions are messed up and put the nodename in both
+       # sysname and nodename.
        echo i386-sequent-sysv4
        exit 0 ;;
-    i?86:UNIX_SV:4.2MP:2.*)
+    i*86:UNIX_SV:4.2MP:2.*)
         # Unixware is an offshoot of SVR4, but it has its own version
         # number series starting with 2...
         # I am not positive that other SVR4 systems won't match this,
@@ -911,7 +970,24 @@ EOF
         # Use sysv4.2uw... so that sysv4* matches it.
        echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
        exit 0 ;;
-    i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*)
+    i*86:OS/2:*:*)
+       # If we were able to find `uname', then EMX Unix compatibility
+       # is probably installed.
+       echo ${UNAME_MACHINE}-pc-os2-emx
+       exit 0 ;;
+    i*86:XTS-300:*:STOP)
+       echo ${UNAME_MACHINE}-unknown-stop
+       exit 0 ;;
+    i*86:atheos:*:*)
+       echo ${UNAME_MACHINE}-unknown-atheos
+       exit 0 ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+       echo i386-unknown-lynxos${UNAME_RELEASE}
+       exit 0 ;;
+    i*86:*DOS:*:*)
+       echo ${UNAME_MACHINE}-pc-msdosdjgpp
+       exit 0 ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
        UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
        if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
                echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
@@ -919,36 +995,32 @@ EOF
                echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
        fi
        exit 0 ;;
-    i?86:*:5:7*)
-        # Fixed at (any) Pentium or better
-        UNAME_MACHINE=i586
-        if [ ${UNAME_SYSTEM} = "UnixWare" ] ; then
-           echo ${UNAME_MACHINE}-sco-sysv${UNAME_RELEASE}uw${UNAME_VERSION}
-       else
-           echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE}
-       fi
+    i*86:*:5:[78]*)
+       case `/bin/uname -X | grep "^Machine"` in
+           *486*)           UNAME_MACHINE=i486 ;;
+           *Pentium)        UNAME_MACHINE=i586 ;;
+           *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+       esac
+       echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
        exit 0 ;;
-    i?86:*:3.2:*)
+    i*86:*:3.2:*)
        if test -f /usr/options/cb.name; then
                UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
                echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
        elif /bin/uname -X 2>/dev/null >/dev/null ; then
-               UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')`
-               (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
-               (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
+               UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+               (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+               (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
                        && UNAME_MACHINE=i586
-               (/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \
+               (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
                        && UNAME_MACHINE=i686
-               (/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \
+               (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
                        && UNAME_MACHINE=i686
                echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
        else
                echo ${UNAME_MACHINE}-pc-sysv32
        fi
        exit 0 ;;
-    i?86:*DOS:*:*)
-       echo ${UNAME_MACHINE}-pc-msdosdjgpp
-       exit 0 ;;
     pc:*:*:*)
        # Left here for compatibility:
         # uname -m prints for DJGPP always 'pc', but it prints nothing about
@@ -972,9 +1044,15 @@ EOF
        # "miniframe"
        echo m68010-convergent-sysv
        exit 0 ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+       echo m68k-convergent-sysv
+       exit 0 ;;
+    M680?0:D-NIX:5.3:*)
+       echo m68k-diab-dnix
+       exit 0 ;;
     M68*:*:R3V[567]*:*)
        test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
-    3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0)
+    3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0)
        OS_REL=''
        test -r /etc/.relid \
        && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
@@ -985,21 +1063,21 @@ EOF
     3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
         /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
           && echo i486-ncr-sysv4 && exit 0 ;;
-    m68*:LynxOS:2.*:*)
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
        echo m68k-unknown-lynxos${UNAME_RELEASE}
        exit 0 ;;
     mc68030:UNIX_System_V:4.*:*)
        echo m68k-atari-sysv4
        exit 0 ;;
-    i?86:LynxOS:2.*:* | i?86:LynxOS:3.[01]*:*)
-       echo i386-unknown-lynxos${UNAME_RELEASE}
-       exit 0 ;;
     TSUNAMI:LynxOS:2.*:*)
        echo sparc-unknown-lynxos${UNAME_RELEASE}
        exit 0 ;;
-    rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*)
+    rs6000:LynxOS:2.*:*)
        echo rs6000-unknown-lynxos${UNAME_RELEASE}
        exit 0 ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+       echo powerpc-unknown-lynxos${UNAME_RELEASE}
+       exit 0 ;;
     SM[BE]S:UNIX_SV:*:*)
        echo mips-dde-sysv${UNAME_RELEASE}
        exit 0 ;;
@@ -1017,8 +1095,8 @@ EOF
                echo ns32k-sni-sysv
        fi
        exit 0 ;;
-    PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
-                           # says <Richard.M.Bartel@ccMail.Census.GOV>
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
         echo i586-unisys-sysv4
         exit 0 ;;
     *:UNIX_System_V:4*:FTX*)
@@ -1030,10 +1108,14 @@ EOF
        # From seanf@swdc.stratus.com.
        echo i860-stratus-sysv4
        exit 0 ;;
+    *:VOS:*:*)
+       # From Paul.Green@stratus.com.
+       echo hppa1.1-stratus-vos
+       exit 0 ;;
     mc68*:A/UX:*:*)
        echo m68k-apple-aux${UNAME_RELEASE}
        exit 0 ;;
-    news*:NEWS-OS:*:6*)
+    news*:NEWS-OS:6*:*)
        echo mips-sony-newsos6
        exit 0 ;;
     R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
@@ -1058,6 +1140,9 @@ EOF
     SX-5:SUPER-UX:*:*)
        echo sx5-nec-superux${UNAME_RELEASE}
        exit 0 ;;
+    SX-6:SUPER-UX:*:*)
+       echo sx6-nec-superux${UNAME_RELEASE}
+       exit 0 ;;
     Power*:Rhapsody:*:*)
        echo powerpc-apple-rhapsody${UNAME_RELEASE}
        exit 0 ;;
@@ -1065,31 +1150,73 @@ EOF
        echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
        exit 0 ;;
     *:Darwin:*:*)
-       echo `uname -p`-apple-darwin${UNAME_RELEASE}
+       case `uname -p` in
+           *86) UNAME_PROCESSOR=i686 ;;
+           powerpc) UNAME_PROCESSOR=powerpc ;;
+       esac
+       echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
        exit 0 ;;
     *:procnto*:*:* | *:QNX:[0123456789]*:*)
-       if test "${UNAME_MACHINE}" = "x86pc"; then
+       UNAME_PROCESSOR=`uname -p`
+       if test "$UNAME_PROCESSOR" = "x86"; then
+               UNAME_PROCESSOR=i386
                UNAME_MACHINE=pc
        fi
-       echo `uname -p`-${UNAME_MACHINE}-nto-qnx
+       echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
        exit 0 ;;
     *:QNX:*:4*)
        echo i386-pc-qnx
        exit 0 ;;
-    NSR-W:NONSTOP_KERNEL:*:*)
+    NSR-[DGKLNPTVWY]:NONSTOP_KERNEL:*:*)
        echo nsr-tandem-nsk${UNAME_RELEASE}
        exit 0 ;;
+    *:NonStop-UX:*:*)
+       echo mips-compaq-nonstopux
+       exit 0 ;;
     BS2000:POSIX*:*:*)
        echo bs2000-siemens-sysv
        exit 0 ;;
     DS/*:UNIX_System_V:*:*)
        echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
        exit 0 ;;
+    *:Plan9:*:*)
+       # "uname -m" is not consistent, so use $cputype instead. 386
+       # is converted to i386 for consistency with other x86
+       # operating systems.
+       if test "$cputype" = "386"; then
+           UNAME_MACHINE=i386
+       else
+           UNAME_MACHINE="$cputype"
+       fi
+       echo ${UNAME_MACHINE}-unknown-plan9
+       exit 0 ;;
+    *:TOPS-10:*:*)
+       echo pdp10-unknown-tops10
+       exit 0 ;;
+    *:TENEX:*:*)
+       echo pdp10-unknown-tenex
+       exit 0 ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+       echo pdp10-dec-tops20
+       exit 0 ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+       echo pdp10-xkl-tops20
+       exit 0 ;;
+    *:TOPS-20:*:*)
+       echo pdp10-unknown-tops20
+       exit 0 ;;
+    *:ITS:*:*)
+       echo pdp10-unknown-its
+       exit 0 ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+       exit 0 ;;
 esac
 
 #echo '(No uname command or uname output not recognized.)' 1>&2
 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
 
+eval $set_cc_for_build
 cat >$dummy.c <<EOF
 #ifdef _SEQUENT_
 # include <sys/types.h>
@@ -1176,11 +1303,24 @@ main ()
 #endif
 
 #if defined (vax)
-#if !defined (ultrix)
-  printf ("vax-dec-bsd\n"); exit (0);
-#else
-  printf ("vax-dec-ultrix\n"); exit (0);
-#endif
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
 #endif
 
 #if defined (alliant) && defined (i860)
@@ -1191,8 +1331,7 @@ main ()
 }
 EOF
 
-$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm $dummy.c $dummy && exit 0
-rm -f $dummy.c $dummy
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
 
 # Apollos put the system type in the environment.
 
@@ -1227,8 +1366,9 @@ fi
 cat >&2 <<EOF
 $0: unable to guess system type
 
-The $version version of this script cannot recognize your system type.
-Please download the most up to date version of the config scripts:
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
 
     ftp://ftp.gnu.org/pub/gnu/config/
 
@@ -1237,7 +1377,7 @@ send the following data and any information you think might be
 pertinent to <config-patches@gnu.org> in order to provide the needed
 information to handle your system.
 
-config.guess version = $version
+config.guess timestamp = $timestamp
 
 uname -m = `(uname -m) 2>/dev/null || echo unknown`
 uname -r = `(uname -r) 2>/dev/null || echo unknown`
@@ -1264,7 +1404,7 @@ exit 1
 
 # Local variables:
 # eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "version='"
+# time-stamp-start: "timestamp='"
 # time-stamp-format: "%:y-%02m-%02d"
 # time-stamp-end: "'"
 # End:
index cb86fe1ef70f8b1ea96ce2bce0ea7c9fff52209d..1f31816b97a13e14c63f276bea226a8dde6887b5 100644 (file)
@@ -1,9 +1,9 @@
 #! /bin/sh
-# Configuration validation subroutine script, version 1.1.
-#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
-#   Free Software Foundation, Inc.
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003 Free Software Foundation, Inc.
 
-version='2000-05-31'
+timestamp='2003-08-18'
 
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@@ -29,8 +29,8 @@ version='2000-05-31'
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.
 
-# Written by Per Bothner <bothner@cygnus.com>.
-# Please send patches to <config-patches@gnu.org>.
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
 #
 # Configuration subroutine to validate and canonicalize a configuration type.
 # Supply the specified configuration type as an argument.
@@ -61,16 +61,30 @@ Usage: $0 [OPTION] CPU-MFR-OPSYS
 Canonicalize a configuration name.
 
 Operation modes:
-  -h, --help               print this help, then exit
-  -V, --version            print version number, then exit"
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
 
 help="
 Try \`$me --help' for more information."
 
 # Parse command line
 while test $# -gt 0 ; do
-  case "$1" in
-    --version | --vers* | -V )
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit 0 ;;
+    --version | -v )
        echo "$version" ; exit 0 ;;
     --help | --h* | -h )
        echo "$usage"; exit 0 ;;
@@ -79,9 +93,7 @@ while test $# -gt 0 ; do
     - )        # Use stdin as input.
        break ;;
     -* )
-       exec >&2
-       echo "$me: invalid option $1"
-       echo "$help"
+       echo "$me: invalid option $1$help"
        exit 1 ;;
 
     *local*)
@@ -106,7 +118,7 @@ esac
 # Here we must recognize all the valid KERNEL-OS combinations.
 maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
 case $maybe_os in
-  nto-qnx* | linux-gnu*)
+  nto-qnx* | linux-gnu* | linux-dietlibc | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
     os=-$maybe_os
     basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
     ;;
@@ -132,7 +144,7 @@ case $os in
        -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
        -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
        -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-       -apple)
+       -apple | -axis)
                os=
                basic_machine=$1
                ;;
@@ -146,6 +158,14 @@ case $os in
                os=-vxworks
                basic_machine=$1
                ;;
+       -chorusos*)
+               os=-chorusos
+               basic_machine=$1
+               ;;
+       -chorusrdb)
+               os=-chorusrdb
+               basic_machine=$1
+               ;;
        -hiux*)
                os=-hiuxwe2
                ;;
@@ -204,30 +224,64 @@ esac
 case $basic_machine in
        # Recognize the basic CPU types without company name.
        # Some are omitted here because they have special meanings below.
-       tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \
-               | arme[lb] | pyramid | mn10200 | mn10300 | tron | a29k \
-               | 580 | i960 | h8300 \
-               | x86 | ppcbe | mipsbe | mipsle | shbe | shle | armbe | armle \
-               | hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \
-               | hppa64 \
-               | alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \
-               | alphaev6[78] \
-               | we32k | ns16k | clipper | i370 | sh | powerpc | powerpcle \
-               | 1750a | dsp16xx | pdp11 | mips16 | mips64 | mipsel | mips64el \
-               | mips64orion | mips64orionel | mipstx39 | mipstx39el \
-               | mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \
-               | mips64vr5000 | miprs64vr5000el | mcore \
-               | sparc | sparclet | sparclite | sparc64 | sparcv9 | v850 | c4x \
-               | thumb | d10v | fr30 | avr)
+       1750a | 580 \
+       | a29k \
+       | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+       | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+       | am33_2.0 \
+       | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+       | c4x | clipper \
+       | d10v | d30v | dlx | dsp16xx \
+       | fr30 | frv \
+       | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+       | i370 | i860 | i960 | ia64 \
+       | ip2k | iq2000 \
+       | m32r | m68000 | m68k | m88k | mcore \
+       | mips | mipsbe | mipseb | mipsel | mipsle \
+       | mips16 \
+       | mips64 | mips64el \
+       | mips64vr | mips64vrel \
+       | mips64orion | mips64orionel \
+       | mips64vr4100 | mips64vr4100el \
+       | mips64vr4300 | mips64vr4300el \
+       | mips64vr5000 | mips64vr5000el \
+       | mipsisa32 | mipsisa32el \
+       | mipsisa32r2 | mipsisa32r2el \
+       | mipsisa64 | mipsisa64el \
+       | mipsisa64r2 | mipsisa64r2el \
+       | mipsisa64sb1 | mipsisa64sb1el \
+       | mipsisa64sr71k | mipsisa64sr71kel \
+       | mipstx39 | mipstx39el \
+       | mn10200 | mn10300 \
+       | msp430 \
+       | ns16k | ns32k \
+       | openrisc | or32 \
+       | pdp10 | pdp11 | pj | pjl \
+       | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+       | pyramid \
+       | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+       | sh64 | sh64le \
+       | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
+       | strongarm \
+       | tahoe | thumb | tic4x | tic80 | tron \
+       | v850 | v850e \
+       | we32k \
+       | x86 | xscale | xstormy16 | xtensa \
+       | z8k)
+               basic_machine=$basic_machine-unknown
+               ;;
+       m6811 | m68hc11 | m6812 | m68hc12)
+               # Motorola 68HC11/12.
                basic_machine=$basic_machine-unknown
+               os=-none
                ;;
-       m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | h8500 | w65 | pj | pjl)
+       m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
                ;;
 
        # We use `pc' rather than `unknown'
        # because (1) that's what they normally are, and
        # (2) the word "unknown" tends to confuse beginning users.
-       i[34567]86)
+       i*86 | x86_64)
          basic_machine=$basic_machine-pc
          ;;
        # Object if more than one company name word.
@@ -236,28 +290,61 @@ case $basic_machine in
                exit 1
                ;;
        # Recognize the basic CPU types with company name.
-       # FIXME: clean up the formatting here.
-       vax-* | tahoe-* | i[34567]86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \
-             | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | arm-* | c[123]* \
-             | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \
-             | power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \
-             | xmp-* | ymp-* \
-             | x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* | armbe-* | armle-* \
-             | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \
-             | hppa2.0n-* | hppa64-* \
-             | alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \
-             | alphaev6[78]-* \
-             | we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \
-             | clipper-* | orion-* \
-             | sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \
-             | sparc64-* | sparcv9-* | sparc86x-* | mips16-* | mips64-* | mipsel-* \
-             | mips64el-* | mips64orion-* | mips64orionel-* \
-             | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \
-             | mipstx39-* | mipstx39el-* | mcore-* \
-             | f301-* | armv*-* | s390-* | sv1-* | t3e-* \
-             | m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \
-             | thumb-* | v850-* | d30v-* | tic30-* | c30-* | fr30-* \
-             | bs2000-*)
+       580-* \
+       | a29k-* \
+       | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+       | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+       | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+       | arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+       | avr-* \
+       | bs2000-* \
+       | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+       | clipper-* | cydra-* \
+       | d10v-* | d30v-* | dlx-* \
+       | elxsi-* \
+       | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+       | h8300-* | h8500-* \
+       | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+       | i*86-* | i860-* | i960-* | ia64-* \
+       | ip2k-* | iq2000-* \
+       | m32r-* \
+       | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+       | m88110-* | m88k-* | mcore-* \
+       | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+       | mips16-* \
+       | mips64-* | mips64el-* \
+       | mips64vr-* | mips64vrel-* \
+       | mips64orion-* | mips64orionel-* \
+       | mips64vr4100-* | mips64vr4100el-* \
+       | mips64vr4300-* | mips64vr4300el-* \
+       | mips64vr5000-* | mips64vr5000el-* \
+       | mipsisa32-* | mipsisa32el-* \
+       | mipsisa32r2-* | mipsisa32r2el-* \
+       | mipsisa64-* | mipsisa64el-* \
+       | mipsisa64r2-* | mipsisa64r2el-* \
+       | mipsisa64sb1-* | mipsisa64sb1el-* \
+       | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+       | mipstx39-* | mipstx39el-* \
+       | msp430-* \
+       | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
+       | orion-* \
+       | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+       | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+       | pyramid-* \
+       | romp-* | rs6000-* \
+       | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+       | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+       | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
+       | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
+       | tahoe-* | thumb-* \
+       | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+       | tron-* \
+       | v850-* | v850e-* | vax-* \
+       | we32k-* \
+       | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
+       | xtensa-* \
+       | ymp-* \
+       | z8k-*)
                ;;
        # Recognize the various machine names and aliases which stand
        # for a CPU type and a company and sometimes even an OS.
@@ -289,19 +376,22 @@ case $basic_machine in
                basic_machine=a29k-none
                os=-bsd
                ;;
+       amd64)
+               basic_machine=x86_64-pc
+               ;;
        amdahl)
                basic_machine=580-amdahl
                os=-sysv
                ;;
        amiga | amiga-*)
-               basic_machine=m68k-cbm
+               basic_machine=m68k-unknown
                ;;
        amigaos | amigados)
-               basic_machine=m68k-cbm
+               basic_machine=m68k-unknown
                os=-amigaos
                ;;
        amigaunix | amix)
-               basic_machine=m68k-cbm
+               basic_machine=m68k-unknown
                os=-sysv4
                ;;
        apollo68)
@@ -320,6 +410,10 @@ case $basic_machine in
                basic_machine=ns32k-sequent
                os=-dynix
                ;;
+       c90)
+               basic_machine=c90-cray
+               os=-unicos
+               ;;
        convex-c1)
                basic_machine=c1-convex
                os=-bsd
@@ -340,27 +434,30 @@ case $basic_machine in
                basic_machine=c38-convex
                os=-bsd
                ;;
-       cray | ymp)
-               basic_machine=ymp-cray
-               os=-unicos
-               ;;
-       cray2)
-               basic_machine=cray2-cray
-               os=-unicos
-               ;;
-       [ctj]90-cray)
-               basic_machine=c90-cray
+       cray | j90)
+               basic_machine=j90-cray
                os=-unicos
                ;;
        crds | unos)
                basic_machine=m68k-crds
                ;;
+       cris | cris-* | etrax*)
+               basic_machine=cris-axis
+               ;;
        da30 | da30-*)
                basic_machine=m68k-da30
                ;;
        decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
                basic_machine=mips-dec
                ;;
+       decsystem10* | dec10*)
+               basic_machine=pdp10-dec
+               os=-tops10
+               ;;
+       decsystem20* | dec20*)
+               basic_machine=pdp10-dec
+               os=-tops20
+               ;;
        delta | 3300 | motorola-3300 | motorola-delta \
              | 3300-motorola | delta-motorola)
                basic_machine=m68k-motorola
@@ -402,6 +499,10 @@ case $basic_machine in
                basic_machine=tron-gmicro
                os=-sysv
                ;;
+       go32)
+               basic_machine=i386-pc
+               os=-go32
+               ;;
        h3050r* | hiux*)
                basic_machine=hppa1.1-hitachi
                os=-hiuxwe2
@@ -477,19 +578,19 @@ case $basic_machine in
                basic_machine=i370-ibm
                ;;
 # I'm not sure what "Sysv32" means.  Should this be sysv3.2?
-       i[34567]86v32)
+       i*86v32)
                basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
                os=-sysv32
                ;;
-       i[34567]86v4*)
+       i*86v4*)
                basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
                os=-sysv4
                ;;
-       i[34567]86v)
+       i*86v)
                basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
                os=-sysv
                ;;
-       i[34567]86sol2)
+       i*86sol2)
                basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
                os=-solaris2
                ;;
@@ -501,14 +602,6 @@ case $basic_machine in
                basic_machine=i386-unknown
                os=-vsta
                ;;
-       i386-go32 | go32)
-               basic_machine=i386-unknown
-               os=-go32
-               ;;
-       i386-mingw32 | mingw32)
-               basic_machine=i386-unknown
-               os=-mingw32
-               ;;
        iris | iris4d)
                basic_machine=mips-sgi
                case $os in
@@ -534,6 +627,10 @@ case $basic_machine in
                basic_machine=ns32k-utek
                os=-sysv
                ;;
+       mingw32)
+               basic_machine=i386-pc
+               os=-mingw32
+               ;;
        miniframe)
                basic_machine=m68000-convergent
                ;;
@@ -541,14 +638,6 @@ case $basic_machine in
                basic_machine=m68k-atari
                os=-mint
                ;;
-       mipsel*-linux*)
-               basic_machine=mipsel-unknown
-               os=-linux-gnu
-               ;;
-       mips*-linux*)
-               basic_machine=mips-unknown
-               os=-linux-gnu
-               ;;
        mips3*-*)
                basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
                ;;
@@ -563,8 +652,12 @@ case $basic_machine in
                basic_machine=m68k-rom68k
                os=-coff
                ;;
+       morphos)
+               basic_machine=powerpc-unknown
+               os=-morphos
+               ;;
        msdos)
-               basic_machine=i386-unknown
+               basic_machine=i386-pc
                os=-msdos
                ;;
        mvs)
@@ -628,9 +721,17 @@ case $basic_machine in
                basic_machine=i960-intel
                os=-mon960
                ;;
+       nonstopux)
+               basic_machine=mips-compaq
+               os=-nonstopux
+               ;;
        np1)
                basic_machine=np1-gould
                ;;
+       nv1)
+               basic_machine=nv1-cray
+               os=-unicosmp
+               ;;
        nsr-tandem)
                basic_machine=nsr-tandem
                ;;
@@ -638,6 +739,10 @@ case $basic_machine in
                basic_machine=hppa1.1-oki
                os=-proelf
                ;;
+       or32 | or32-*)
+               basic_machine=or32-unknown
+               os=-coff
+               ;;
        OSE68000 | ose68000)
                basic_machine=m68000-ericsson
                os=-ose
@@ -660,45 +765,65 @@ case $basic_machine in
        pbb)
                basic_machine=m68k-tti
                ;;
-        pc532 | pc532-*)
+       pc532 | pc532-*)
                basic_machine=ns32k-pc532
                ;;
-       pentium | p5 | k5 | k6 | nexen)
+       pentium | p5 | k5 | k6 | nexgen | viac3)
                basic_machine=i586-pc
                ;;
-       pentiumpro | p6 | 6x86 | athlon)
+       pentiumpro | p6 | 6x86 | athlon | athlon_*)
+               basic_machine=i686-pc
+               ;;
+       pentiumii | pentium2 | pentiumiii | pentium3)
                basic_machine=i686-pc
                ;;
-       pentiumii | pentium2)
+       pentium4)
                basic_machine=i786-pc
                ;;
-       pentium-* | p5-* | k5-* | k6-* | nexen-*)
+       pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
                basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
                ;;
        pentiumpro-* | p6-* | 6x86-* | athlon-*)
                basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
                ;;
-       pentiumii-* | pentium2-*)
+       pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+               basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+               ;;
+       pentium4-*)
                basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
                ;;
        pn)
                basic_machine=pn-gould
                ;;
-       power)  basic_machine=rs6000-ibm
+       power)  basic_machine=power-ibm
                ;;
        ppc)    basic_machine=powerpc-unknown
-               ;;
+               ;;
        ppc-*)  basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
                ;;
        ppcle | powerpclittle | ppc-le | powerpc-little)
                basic_machine=powerpcle-unknown
-               ;;
+               ;;
        ppcle-* | powerpclittle-*)
                basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
                ;;
+       ppc64)  basic_machine=powerpc64-unknown
+               ;;
+       ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+               ;;
+       ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+               basic_machine=powerpc64le-unknown
+               ;;
+       ppc64le-* | powerpc64little-*)
+               basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+               ;;
        ps2)
                basic_machine=i386-ibm
                ;;
+       pw32)
+               basic_machine=i586-unknown
+               os=-pw32
+               ;;
        rom68k)
                basic_machine=m68k-rom68k
                os=-coff
@@ -709,10 +834,26 @@ case $basic_machine in
        rtpc | rtpc-*)
                basic_machine=romp-ibm
                ;;
+       s390 | s390-*)
+               basic_machine=s390-ibm
+               ;;
+       s390x | s390x-*)
+               basic_machine=s390x-ibm
+               ;;
        sa29200)
                basic_machine=a29k-amd
                os=-udi
                ;;
+       sb1)
+               basic_machine=mipsisa64sb1-unknown
+               ;;
+       sb1el)
+               basic_machine=mipsisa64sb1el-unknown
+               ;;
+       sei)
+               basic_machine=mips-sei
+               os=-seiux
+               ;;
        sequent)
                basic_machine=i386-sequent
                ;;
@@ -720,7 +861,10 @@ case $basic_machine in
                basic_machine=sh-hitachi
                os=-hms
                ;;
-       sparclite-wrs)
+       sh64)
+               basic_machine=sh64-unknown
+               ;;
+       sparclite-wrs | simso-wrs)
                basic_machine=sparclite-wrs
                os=-vxworks
                ;;
@@ -787,15 +931,35 @@ case $basic_machine in
                os=-dynix
                ;;
        t3e)
-               basic_machine=t3e-cray
+               basic_machine=alphaev5-cray
+               os=-unicos
+               ;;
+       t90)
+               basic_machine=t90-cray
                os=-unicos
                ;;
+       tic54x | c54x*)
+               basic_machine=tic54x-unknown
+               os=-coff
+               ;;
+       tic55x | c55x*)
+               basic_machine=tic55x-unknown
+               os=-coff
+               ;;
+       tic6x | c6x*)
+               basic_machine=tic6x-unknown
+               os=-coff
+               ;;
        tx39)
                basic_machine=mipstx39-unknown
                ;;
        tx39el)
                basic_machine=mipstx39el-unknown
                ;;
+       toad1)
+               basic_machine=pdp10-xkl
+               os=-tops20
+               ;;
        tower | tower-32)
                basic_machine=m68k-ncr
                ;;
@@ -820,8 +984,8 @@ case $basic_machine in
                os=-vms
                ;;
        vpp*|vx|vx-*)
-               basic_machine=f301-fujitsu
-               ;;
+               basic_machine=f301-fujitsu
+               ;;
        vxworks960)
                basic_machine=i960-wrs
                os=-vxworks
@@ -842,13 +1006,13 @@ case $basic_machine in
                basic_machine=hppa1.1-winbond
                os=-proelf
                ;;
-       xmp)
-               basic_machine=xmp-cray
-               os=-unicos
-               ;;
-        xps | xps100)
+       xps | xps100)
                basic_machine=xps100-honeywell
                ;;
+       ymp)
+               basic_machine=ymp-cray
+               os=-unicos
+               ;;
        z8k-*-coff)
                basic_machine=z8k-unknown
                os=-sim
@@ -869,13 +1033,6 @@ case $basic_machine in
        op60c)
                basic_machine=hppa1.1-oki
                ;;
-       mips)
-               if [ x$os = x-linux-gnu ]; then
-                       basic_machine=mips-unknown
-               else
-                       basic_machine=mips-mips
-               fi
-               ;;
        romp)
                basic_machine=romp-ibm
                ;;
@@ -885,16 +1042,26 @@ case $basic_machine in
        vax)
                basic_machine=vax-dec
                ;;
+       pdp10)
+               # there are many clones, so DEC is not a safe bet
+               basic_machine=pdp10-unknown
+               ;;
        pdp11)
                basic_machine=pdp11-dec
                ;;
        we32k)
                basic_machine=we32k-att
                ;;
-       sparc | sparcv9)
+       sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
+               basic_machine=sh-unknown
+               ;;
+       sh64)
+               basic_machine=sh64-unknown
+               ;;
+       sparc | sparcv9 | sparcv9b)
                basic_machine=sparc-sun
                ;;
-        cydra)
+       cydra)
                basic_machine=cydra-cydrome
                ;;
        orion)
@@ -909,9 +1076,8 @@ case $basic_machine in
        pmac | pmac-mpw)
                basic_machine=powerpc-apple
                ;;
-       c4x*)
-               basic_machine=c4x-none
-               os=-coff
+       *-unknown)
+               # Make sure to match an already-canonicalized machine name.
                ;;
        *)
                echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
@@ -965,27 +1131,34 @@ case $os in
              | -aos* \
              | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
              | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
-             | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
+             | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \
              | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
              | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
              | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+             | -chorusos* | -chorusrdb* \
              | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
              | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
-             | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
-             | -openstep* | -oskit*)
+             | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+             | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+             | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+             | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+             | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+             | -powermax* | -dnix* | -nx6 | -nx7 | -sei*)
        # Remember, each alternative MUST END IN *, to match a version number.
                ;;
        -qnx*)
                case $basic_machine in
-                   x86-* | i[34567]86-*)
+                   x86-* | i*86-*)
                        ;;
                    *)
                        os=-nto$os
                        ;;
                esac
                ;;
+       -nto-qnx*)
+               ;;
        -nto*)
-               os=-nto-qnx
+               os=`echo $os | sed -e 's|nto|nto-qnx|'`
                ;;
        -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
              | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
@@ -994,6 +1167,9 @@ case $os in
        -mac*)
                os=`echo $os | sed -e 's|mac|macos|'`
                ;;
+       -linux-dietlibc)
+               os=-linux-dietlibc
+               ;;
        -linux*)
                os=`echo $os | sed -e 's|linux|linux-gnu|'`
                ;;
@@ -1024,16 +1200,22 @@ case $os in
        -acis*)
                os=-aos
                ;;
+       -atheos*)
+               os=-atheos
+               ;;
        -386bsd)
                os=-bsd
                ;;
        -ctix* | -uts*)
                os=-sysv
                ;;
+       -nova*)
+               os=-rtmk-nova
+               ;;
        -ns2 )
-               os=-nextstep2
+               os=-nextstep2
                ;;
-       -nsk)
+       -nsk*)
                os=-nsk
                ;;
        # Preserve the version number of sinix5.
@@ -1070,8 +1252,14 @@ case $os in
        -xenix)
                os=-xenix
                ;;
-        -*mint | -*MiNT)
-               os=-mint
+       -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+               os=-mint
+               ;;
+       -aros*)
+               os=-aros
+               ;;
+       -kaos*)
+               os=-kaos
                ;;
        -none)
                ;;
@@ -1104,7 +1292,14 @@ case $basic_machine in
        arm*-semi)
                os=-aout
                ;;
-        pdp11-*)
+    c4x-* | tic4x-*)
+        os=-coff
+        ;;
+       # This must come before the *-dec entry.
+       pdp10-*)
+               os=-tops20
+               ;;
+       pdp11-*)
                os=-none
                ;;
        *-dec | vax-*)
@@ -1131,6 +1326,9 @@ case $basic_machine in
        mips*-*)
                os=-elf
                ;;
+       or32-*)
+               os=-coff
+               ;;
        *-tti)  # must be before sparc entry or we get the wrong os.
                os=-sysv3
                ;;
@@ -1194,25 +1392,25 @@ case $basic_machine in
        *-next)
                os=-nextstep3
                ;;
-        *-gould)
+       *-gould)
                os=-sysv
                ;;
-        *-highlevel)
+       *-highlevel)
                os=-bsd
                ;;
        *-encore)
                os=-bsd
                ;;
-        *-sgi)
+       *-sgi)
                os=-irix
                ;;
-        *-siemens)
+       *-siemens)
                os=-sysv4
                ;;
        *-masscomp)
                os=-rtu
                ;;
-       f301-fujitsu)
+       f30[01]-fujitsu | f700-fujitsu)
                os=-uxpv
                ;;
        *-rom68k)
@@ -1278,7 +1476,7 @@ case $basic_machine in
                        -ptx*)
                                vendor=sequent
                                ;;
-                       -vxsim* | -vxworks*)
+                       -vxsim* | -vxworks* | -windiss*)
                                vendor=wrs
                                ;;
                        -aux*)
@@ -1290,9 +1488,12 @@ case $basic_machine in
                        -mpw* | -macos*)
                                vendor=apple
                                ;;
-                       -*mint | -*MiNT)
+                       -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
                                vendor=atari
                                ;;
+                       -vos*)
+                               vendor=stratus
+                               ;;
                esac
                basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
                ;;
@@ -1303,7 +1504,7 @@ exit 0
 
 # Local variables:
 # eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "version='"
+# time-stamp-start: "timestamp='"
 # time-stamp-format: "%:y-%02m-%02d"
 # time-stamp-end: "'"
 # End:
index e9de23842dcd44d2953129c866b1ad25f7e1f1d9..f5061e7e2696cfc2c6d1e5c03935c7eebbf4ca0b 100644 (file)
@@ -1,19 +1,38 @@
 #!/bin/sh
-#
 # install - install a program, script, or datafile
-# This comes from X11R5 (mit/util/scripts/install.sh).
+
+scriptversion=2003-09-24.23
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
 #
-# Copyright 1991 by the Massachusetts Institute of Technology
 #
-# Permission to use, copy, modify, distribute, and sell this software and its
-# documentation for any purpose is hereby granted without fee, provided that
-# the above copyright notice appear in all copies and that both that
-# copyright notice and this permission notice appear in supporting
-# documentation, and that the name of M.I.T. not be used in advertising or
-# publicity pertaining to distribution of the software without specific,
-# written prior permission.  M.I.T. makes no representations about the
-# suitability of this software for any purpose.  It is provided "as is"
-# without express or implied warranty.
+# FSF changes to this file are in the public domain.
 #
 # Calling this script install-sh is preferred over install.sh, to prevent
 # `make' implicit rules from creating a file called install from it
 # from scratch.  It can only install one file at a time, a restriction
 # shared with many OS's install programs.
 
-
 # set DOITPROG to echo to test this script
 
 # Don't use :- since 4.3BSD and earlier shells don't like it.
 doit="${DOITPROG-}"
 
-
 # put in absolute paths if you don't have them in your path; or use env. vars.
 
 mvprog="${MVPROG-mv}"
@@ -41,211 +58,238 @@ stripprog="${STRIPPROG-strip}"
 rmprog="${RMPROG-rm}"
 mkdirprog="${MKDIRPROG-mkdir}"
 
-transformbasename=""
-transform_arg=""
+transformbasename=
+transform_arg=
 instcmd="$mvprog"
 chmodcmd="$chmodprog 0755"
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
+chowncmd=
+chgrpcmd=
+stripcmd=
 rmcmd="$rmprog -f"
 mvcmd="$mvprog"
-src=""
-dst=""
-dir_arg=""
-
-while [ x"$1" != x ]; do
-    case $1 in
-       -c) instcmd="$cpprog"
-           shift
-           continue;;
-
-       -d) dir_arg=true
-           shift
-           continue;;
-
-       -m) chmodcmd="$chmodprog $2"
-           shift
-           shift
-           continue;;
-
-       -o) chowncmd="$chownprog $2"
-           shift
-           shift
-           continue;;
-
-       -g) chgrpcmd="$chgrpprog $2"
-           shift
-           shift
-           continue;;
-
-       -s) stripcmd="$stripprog"
-           shift
-           continue;;
-
-       -t=*) transformarg=`echo $1 | sed 's/-t=//'`
-           shift
-           continue;;
-
-       -b=*) transformbasename=`echo $1 | sed 's/-b=//'`
-           shift
-           continue;;
-
-       *)  if [ x"$src" = x ]
-           then
-               src=$1
-           else
-               # this colon is to work around a 386BSD /bin/sh bug
-               :
-               dst=$1
-           fi
-           shift
-           continue;;
-    esac
+src=
+dst=
+dir_arg=
+
+usage="Usage: $0 [OPTION]... SRCFILE DSTFILE
+   or: $0 -d DIR1 DIR2...
+
+In the first form, install SRCFILE to DSTFILE, removing SRCFILE by default.
+In the second, create the directory path DIR.
+
+Options:
+-b=TRANSFORMBASENAME
+-c         copy source (using $cpprog) instead of moving (using $mvprog).
+-d         create directories instead of installing files.
+-g GROUP   $chgrp installed files to GROUP.
+-m MODE    $chmod installed files to MODE.
+-o USER    $chown installed files to USER.
+-s         strip installed files (using $stripprog).
+-t=TRANSFORM
+--help     display this help and exit.
+--version  display version info and exit.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
+"
+
+while test -n "$1"; do
+  case $1 in
+    -b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+        shift
+        continue;;
+
+    -c) instcmd=$cpprog
+        shift
+        continue;;
+
+    -d) dir_arg=true
+        shift
+        continue;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+        shift
+        shift
+        continue;;
+
+    --help) echo "$usage"; exit 0;;
+
+    -m) chmodcmd="$chmodprog $2"
+        shift
+        shift
+        continue;;
+
+    -o) chowncmd="$chownprog $2"
+        shift
+        shift
+        continue;;
+
+    -s) stripcmd=$stripprog
+        shift
+        continue;;
+
+    -t=*) transformarg=`echo $1 | sed 's/-t=//'`
+        shift
+        continue;;
+
+    --version) echo "$0 $scriptversion"; exit 0;;
+
+    *)  if test -z "$src"; then
+          src=$1
+        else
+          # this colon is to work around a 386BSD /bin/sh bug
+          :
+          dst=$1
+        fi
+        shift
+        continue;;
+  esac
 done
 
-if [ x"$src" = x ]
-then
-       echo "install:  no input file specified"
-       exit 1
-else
-       true
+if test -z "$src"; then
+  echo "$0: no input file specified." >&2
+  exit 1
 fi
 
-if [ x"$dir_arg" != x ]; then
-       dst=$src
-       src=""
-       
-       if [ -d $dst ]; then
-               instcmd=:
-               chmodcmd=""
-       else
-               instcmd=mkdir
-       fi
+# Protect names starting with `-'.
+case $src in
+  -*) src=./$src ;;
+esac
+
+if test -n "$dir_arg"; then
+  dst=$src
+  src=
+
+  if test -d "$dst"; then
+    instcmd=:
+    chmodcmd=
+  else
+    instcmd=$mkdirprog
+  fi
 else
-
-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
-# might cause directories to be created, which would be especially bad 
-# if $src (and thus $dsttmp) contains '*'.
-
-       if [ -f $src -o -d $src ]
-       then
-               true
-       else
-               echo "install:  $src does not exist"
-               exit 1
-       fi
-       
-       if [ x"$dst" = x ]
-       then
-               echo "install:  no destination specified"
-               exit 1
-       else
-               true
-       fi
-
-# If destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
-       if [ -d $dst ]
-       then
-               dst="$dst"/`basename $src`
-       else
-               true
-       fi
+  # Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+  # might cause directories to be created, which would be especially bad
+  # if $src (and thus $dsttmp) contains '*'.
+  if test ! -f "$src" && test ! -d "$src"; then
+    echo "$0: $src does not exist." >&2
+    exit 1
+  fi
+
+  if test -z "$dst"; then
+    echo "$0: no destination specified." >&2
+    exit 1
+  fi
+
+  # Protect names starting with `-'.
+  case $dst in
+    -*) dst=./$dst ;;
+  esac
+
+  # If destination is a directory, append the input filename; won't work
+  # if double slashes aren't ignored.
+  if test -d "$dst"; then
+    dst=$dst/`basename "$src"`
+  fi
 fi
 
-## this sed command emulates the dirname command
-dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+# This sed command emulates the dirname command.
+dstdir=`echo "$dst" | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
 
 # Make sure that the destination directory exists.
-#  this part is taken from Noah Friedman's mkinstalldirs script
 
 # Skip lots of stat calls in the usual case.
-if [ ! -d "$dstdir" ]; then
-defaultIFS='   
-'
-IFS="${IFS-${defaultIFS}}"
-
-oIFS="${IFS}"
-# Some sh's can't handle IFS=/ for some reason.
-IFS='%'
-set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
-IFS="${oIFS}"
-
-pathcomp=''
-
-while [ $# -ne 0 ] ; do
-       pathcomp="${pathcomp}${1}"
-       shift
-
-       if [ ! -d "${pathcomp}" ] ;
-        then
-               $mkdirprog "${pathcomp}"
-       else
-               true
-       fi
-
-       pathcomp="${pathcomp}/"
-done
+if test ! -d "$dstdir"; then
+  defaultIFS='
+       '
+  IFS="${IFS-$defaultIFS}"
+
+  oIFS=$IFS
+  # Some sh's can't handle IFS=/ for some reason.
+  IFS='%'
+  set - `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'`
+  IFS=$oIFS
+
+  pathcomp=
+
+  while test $# -ne 0 ; do
+    pathcomp=$pathcomp$1
+    shift
+    test -d "$pathcomp" || $mkdirprog "$pathcomp"
+    pathcomp=$pathcomp/
+  done
 fi
 
-if [ x"$dir_arg" != x ]
-then
-       $doit $instcmd $dst &&
+if test -n "$dir_arg"; then
+  $doit $instcmd "$dst" \
+    && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \
+    && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \
+    && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \
+    && { test -z "$chmodcmd" || $doit $chmodcmd "$dst"; }
 
-       if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
-       if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
-       if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
-       if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
 else
-
-# If we're going to rename the final executable, determine the name now.
-
-       if [ x"$transformarg" = x ] 
-       then
-               dstfile=`basename $dst`
-       else
-               dstfile=`basename $dst $transformbasename | 
-                       sed $transformarg`$transformbasename
-       fi
-
-# don't allow the sed command to completely eliminate the filename
-
-       if [ x"$dstfile" = x ] 
-       then
-               dstfile=`basename $dst`
-       else
-               true
-       fi
-
-# Make a temp file name in the proper directory.
-
-       dsttmp=$dstdir/#inst.$$#
-
-# Move or copy the file name to the temp name
-
-       $doit $instcmd $src $dsttmp &&
-
-       trap "rm -f ${dsttmp}" 0 &&
-
-# and set any options; do chmod last to preserve setuid bits
-
-# If any of these fail, we abort the whole thing.  If we want to
-# ignore errors from any of these, just make sure not to ignore
-# errors from the above "$doit $instcmd $src $dsttmp" command.
-
-       if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
-       if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
-       if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
-       if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
-
-# Now rename the file to the real destination.
-
-       $doit $rmcmd -f $dstdir/$dstfile &&
-       $doit $mvcmd $dsttmp $dstdir/$dstfile 
-
+  # If we're going to rename the final executable, determine the name now.
+  if test -z "$transformarg"; then
+    dstfile=`basename "$dst"`
+  else
+    dstfile=`basename "$dst" $transformbasename \
+             | sed $transformarg`$transformbasename
+  fi
+
+  # don't allow the sed command to completely eliminate the filename.
+  test -z "$dstfile" && dstfile=`basename "$dst"`
+
+  # Make a couple of temp file names in the proper directory.
+  dsttmp=$dstdir/_inst.$$_
+  rmtmp=$dstdir/_rm.$$_
+
+  # Trap to clean up those temp files at exit.
+  trap 'status=$?; rm -f "$dsttmp" "$rmtmp" && exit $status' 0
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Move or copy the file name to the temp name
+  $doit $instcmd "$src" "$dsttmp" &&
+
+  # and set any options; do chmod last to preserve setuid bits.
+  #
+  # If any of these fail, we abort the whole thing.  If we want to
+  # ignore errors from any of these, just make sure not to ignore
+  # errors from the above "$doit $instcmd $src $dsttmp" command.
+  #
+  { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
+    && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
+    && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
+    && { test -z "$chmodcmd" || $doit $chmodcmd "$dsttmp"; } &&
+
+  # Now remove or move aside any old file at destination location.  We
+  # try this two ways since rm can't unlink itself on some systems and
+  # the destination file might be busy for other reasons.  In this case,
+  # the final cleanup might fail but the new file should still install
+  # successfully.
+  {
+    if test -f "$dstdir/$dstfile"; then
+      $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null \
+      || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null \
+      || {
+         echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2
+         (exit 1); exit
+      }
+    else
+      :
+    fi
+  } &&
+
+  # Now rename the file to the real destination.
+  $doit $mvcmd "$dsttmp" "$dstdir/$dstfile"
 fi &&
 
-
-exit 0
+# The final little trick to "correctly" pass the exit status to the exit trap.
+{
+  (exit 0); exit
+}
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
index 2c49dd304f3c23ddc45d2231816af5df5e63bc09..0a14ce8529df0aa2994c6199722a501ec3ecdb45 100644 (file)
@@ -149,7 +149,8 @@ $(srcdir)/$(thisconfigdir)/configure: $(srcdir)/$(thisconfigdir)/configure.in \
                $(SRCTOP)/aclocal.m4
        -$(RM) -r $(srcdir)/$(thisconfigdir)/autom4te.cache
        cd $(srcdir)/$(thisconfigdir) && \
-               $(AUTOCONF) ${AUTOCONFINCFLAGS}=$(CONFIG_RELTOPDIR) $(AUTOCONFFLAGS)
+               ($(AUTOCONF) --include=$(CONFIG_RELTOPDIR) $(AUTOCONFFLAGS) || \
+                $(AUTOCONF) --localdir=$(CONFIG_RELTOPDIR) $(AUTOCONFFLAGS))
        -$(RM) -r $(srcdir)/$(thisconfigdir)/autom4te.cache
 
 RECURSE_TARGETS=all-recurse clean-recurse distclean-recurse install-recurse \
index c36b4ee8bc4e2d2ee1418779af503813eac8383e..34f91b7e09e0fb27f17c63d2bed882c942d4fec0 100644 (file)
@@ -123,6 +123,10 @@ SRCTOP = @srcdir@/$(BUILDTOP)
 VPATH = @srcdir@
 CONFIG_RELTOPDIR = @CONFIG_RELTOPDIR@
 
+FAKEDEST=$(BUILDTOP)/util/fakedest
+FAKEPREFIX=$(FAKEDEST)/$(prefix)
+FAKELIBDIR=$(FAKEPREFIX)/lib
+
 # DEFS         set by configure
 # DEFINES      set by local Makefile.in
 # LOCALINCLUDES        set by local Makefile.in
@@ -291,12 +295,11 @@ COM_ERR_DEPLIB-k5 = $(TOPLIBD)/libcom_err$(DEPLIBEXT)
 SS_DEPLIB      = $(SS_DEPLIB-@SS_VERSION@)
 SS_DEPLIB-k5   = $(TOPLIBD)/libss.a
 SS_DEPLIB-sys  =
-KRB524_DEPLIB  = @KRB524_DEPLIB@
 PTY_DEPLIB     = $(TOPLIBD)/libpty.a
 
 KRB5_BASE_DEPLIBS      = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB)
 KRB4COMPAT_DEPLIBS     = $(KRB4_DEPLIB) $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS)
-KDB5_DEPLIBS           = $(KDB5_DEPLIB) $(DB_DEPLIB)
+KDB5_DEPLIBS           = $(KDB5_DEPLIB)
 GSS_DEPLIBS            = $(GSS_DEPLIB)
 GSSRPC_DEPLIBS         = $(GSSRPC_DEPLIB) $(GSS_DEPLIBS)
 KADM_COMM_DEPLIBS      = $(GSSRPC_DEPLIBS) $(KDB5_DEPLIBS) $(GSSRPC_DEPLIBS)
@@ -325,8 +328,6 @@ DB_DEPS-redirect = $(BUILDTOP)/include/db.h
 # is compiled.
 
 KRB_ERR_H_DEP  = @KRB_ERR_H_DEP@
-KRB524_H_DEP   = @KRB524_H_DEP@
-KRB524_ERR_H_DEP= @KRB524_ERR_H_DEP@
 
 # LIBS gets substituted in... e.g. -lnsl -lsocket
 
@@ -338,6 +339,7 @@ SS_LIB-sys  = @SS_LIB@
 SS_LIB-k5      = $(TOPLIBD)/libss.a
 KDB5_LIB       = -lkdb5
 DB_LIB         = @DB_LIB@
+KDB5_DB_LIB    = @KDB5_DB_LIB@
 
 KRB5_LIB                       = -lkrb5
 K5CRYPTO_LIB                   = -lk5crypto
@@ -352,16 +354,12 @@ KRB4_LIB  = @KRB4_LIB@
 # needs fixing if ever used on Mac OS X!
 DES425_LIB     = @DES425_LIB@
 
-# KRB524_LIB is $(BUILDTOP)/krb524/libkrb524.a if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-KRB524_LIB     = @KRB524_LIB@
-
 # HESIOD_LIBS is -lhesiod...
 HESIOD_LIBS    = @HESIOD_LIBS@
 
 KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(GEN_LIB) $(LIBS)
 KRB4COMPAT_LIBS        = $(KRB4_LIB) $(DES425_LIB) $(KRB5_BASE_LIBS)
-KDB5_LIBS      = $(KDB5_LIB) $(DB_LIB)
+KDB5_LIBS      = $(KDB5_LIB) $(KDB5_DB_LIB)
 GSS_LIBS       = $(GSS_KRB5_LIB)
 # needs fixing if ever used on Mac OS X!
 GSSRPC_LIBS    = -lgssrpc $(GSS_LIBS)
index 156495f646c105354a66245923453c98059dc9d8..ed41bd8fcec028d1134ab4ec6e64bc603a08ff29 100644 (file)
@@ -30,13 +30,20 @@ alpha*-dec-osf*)
        PROFFLAGS=-pg
        RPATH_FLAG='-Wl,-rpath -Wl,'
        CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)'
-       # Need -oldstyle_liblookup to avoid picking up shared libs from
-       # other builds.  OSF/1 / Tru64 ld programs look through the entire
-       # library path for shared libs prior to looking through the
-       # entire library path for static libs.
-       CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) -Wl,-oldstyle_liblookup $(CFLAGS) $(LDFLAGS)'
-       # $(PROG_RPATH) is here to handle things like a shared tcl library
-       RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`:$(PROG_RPATH):/usr/shlib:/usr/ccs/lib:/usr/lib/cmplrs/cc:/usr/lib:/usr/local/lib; export LD_LIBRARY_PATH; _RLD_ROOT=/dev/dummy/d; export _RLD_ROOT;'
+       if test "$krb5_cv_prog_gcc" = yes; then
+               # Really should check for gnu ld vs system ld, too.
+               CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+       else
+               # Need -oldstyle_liblookup to avoid picking up shared libs from
+               # other builds.  OSF/1 / Tru64 ld programs look through the entire
+               # library path for shared libs prior to looking through the
+               # entire library path for static libs.
+               CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) -Wl,-oldstyle_liblookup $(CFLAGS) $(LDFLAGS)'
+       fi
+       # _RLD_ROOT hack needed to repoint "root" directory for purposes
+       # of searching for shared libs, since RPATHs take precedence over
+       # LD_LIBRARY_PATH.
+       RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`$${LD_LIBRARY_PATH+:$$LD_LIBRARY_PATH}; export LD_LIBRARY_PATH; _RLD_ROOT=$(FAKEDEST):$${_RLD_ROOT+$$_RLD_ROOT}$${_RLD_ROOT-/}; export _RLD_ROOT;'
        ;;
 
 # HPUX *seems* to work under 10.20.
@@ -93,11 +100,17 @@ mips-sgi-irix6.3)  # This is a Kludge; see below
        # supported ABIs on Irix, and the precedence of the rpath over
        # LD_LIBRARY*_PATH.  Like OSF/1, _RLD*_ROOT needs to be set to
        # work around this lossage.
-       add='`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
-       dummy=/dev/dummmy/d
+       #
        # Set the N32 and 64 variables first because the unqualified
        # variables affect all three and can cause the sed command to fail.
-       RUN_ENV="LD_LIBRARYN32_PATH=$add:/usr/lib32:/usr/lib32/internal:/lib32:/opt/lib32; export LD_LIBRARYN32_PATH; _RLDN32_ROOT=$dummy; export _RLDN32_ROOT; LD_LIBRARY64_PATH=$add:/usr/lib64:/usr/lib64/internal:/lib64:/opt/lib64; export LD_LIBRARY64_PATH; _RLD64_ROOT=$dummy; export _RLD64_ROOT; LD_LIBRARY_PATH=$add:/usr/lib:/usr/lib/internal:/lib:/lib/cmplrs/cc:/usr/lib/cmplrs/cc:/opt/lib; export LD_LIBRARY_PATH; _RLD_ROOT=$dummy; export _RLD_ROOT;"
+       #
+       # This loop is to reduce the clutter a slight bit.
+       add='`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+       RUN_ENV=
+       for i in N32 64 ''; do
+               RUN_ENV="${RUN_ENV+ $RUN_ENV}LD_LIBRARY${i}_PATH=$add\$\${LD_LIBRARY${i}_PATH+:\$\$LD_LIBRARY${i}_PATH}; export LD_LIBRARY${i}_PATH;"
+               RUN_ENV="${RUN_ENV} _RLD${i}_ROOT=\$(FAKEDEST):\$\${_RLD${i}_ROOT+\$\${_RLD${i}_ROOT}}\$\${_RLD${i}_ROOT-/}; export _RLD${i}_ROOT;"
+       done
        ;;
 
 mips-sgi-irix*)
@@ -116,11 +129,17 @@ mips-sgi-irix*)
        # supported ABIs on Irix, and the precedence of the rpath over
        # LD_LIBRARY*_PATH.  Like OSF/1, _RLD*_ROOT needs to be set to
        # work around this lossage.
-       add='`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
-       dummy=/dev/dummmy/d
+       #
        # Set the N32 and 64 variables first because the unqualified
        # variables affect all three and can cause the sed command to fail.
-       RUN_ENV="LD_LIBRARYN32_PATH=$add:/usr/lib32:/usr/lib32/internal:/lib32:/opt/lib32; export LD_LIBRARYN32_PATH; _RLDN32_ROOT=$dummy; export _RLDN32_ROOT; LD_LIBRARY64_PATH=$add:/usr/lib64:/usr/lib64/internal:/lib64:/opt/lib64; export LD_LIBRARY64_PATH; _RLD64_ROOT=$dummy; export _RLD64_ROOT; LD_LIBRARY_PATH=$add:/usr/lib:/usr/lib/internal:/lib:/lib/cmplrs/cc:/usr/lib/cmplrs/cc:/opt/lib; export LD_LIBRARY_PATH; _RLD_ROOT=$dummy; export _RLD_ROOT;"
+       #
+       # This loop is to reduce the clutter a slight bit.
+       add='`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+       RUN_ENV=
+       for i in N32 64 ''; do
+               RUN_ENV="${RUN_ENV+ $RUN_ENV}LD_LIBRARY${i}_PATH=$add\$\${LD_LIBRARY${i}_PATH+:\$\$LD_LIBRARY${i}_PATH}; export LD_LIBRARY${i}_PATH;"
+               RUN_ENV="${RUN_ENV} _RLD${i}_ROOT=\$(FAKEDEST):\$\${_RLD${i}_ROOT+\$\${_RLD${i}_ROOT}}\$\${_RLD${i}_ROOT-/}; export _RLD${i}_ROOT;"
+       done
        ;;
 
 # untested...
@@ -263,21 +282,27 @@ mips-*-netbsd*)
        SHLIBEXT=.so
        # Linux ld doesn't default to stuffing the SONAME field...
        # Use objdump -x to examine the fields of the library
-       LDCOMBINE='ld -shared -h lib$(LIB)$(SHLIBSEXT)'
-       # Linux libc does weird stuff at shlib link time, must be
-       # explicitly listed here.  This also makes it get used even
-       # for the libraries marked as not having any dependencies; while
-       # that's not strictly correct, the resulting behavior -- not adding
-       # extra -R directories -- is still what we want.
-       LDCOMBINE_TAIL="-lc"
+       LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,lib$(LIB)$(SHLIBSEXT)'
+       LDCOMBINE_TAIL=''
        # For cases where we do have dependencies on other libraries
        # built in this tree...
-       SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+       SHLIB_EXPFLAGS='-Wl,-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
        PROFFLAGS=-pg
        RPATH_FLAG='-Wl,-rpath -Wl,'
        CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)'
        CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
        RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;'
+
+       ## old version:
+       # Linux libc does weird stuff at shlib link time, must be
+       # explicitly listed here.  This also makes it get used even
+       # for the libraries marked as not having any dependencies; while
+       # that's not strictly correct, the resulting behavior -- not adding
+       # extra -R directories -- is still what we want.
+       #LDCOMBINE='ld -shared -h lib$(LIB)$(SHLIBSEXT)'
+       #LDCOMBINE_TAIL="-lc"
+       #SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+
        ;;
 
 *-*-aix*)
index b6cfd0bc4f8ce5afe18ee3a54702c3827a2cf63d..75904624107cd8350b931cf945132be15e524630 100644 (file)
@@ -116,13 +116,17 @@ DNSLIBS=
 DNSFLAGS=
 !endif
 
+!if defined(KRB5_KFW_COMPILE)
+KFWFLAGS=-DUSE_LEASH=1
+!endif
+
 #
 # The name of the C compiler for the target
 #
 CC=cl
 
 PDB_OPTS=-Fd$(OUTPRE)\ -FD
-CPPFLAGS=-I$(SRCTOP)\include -I$(SRCTOP)\include\krb5 $(DNSFLAGS) -DKRB5_PRIVATE=1 -DWIN32_LEAN_AND_MEAN
+CPPFLAGS=-I$(SRCTOP)\include -I$(SRCTOP)\include\krb5 $(DNSFLAGS) -DKRB5_PRIVATE=1 -DWIN32_LEAN_AND_MEAN -DKRB5_DEPRECATED=1 $(KFWFLAGS)
 CCOPTS=-nologo /W3 $(PDB_OPTS) $(DLL_FILE_DEF)
 LOPTS=-nologo -incremental:no
 
index a8e7726f5e4e72736b4039092a146df1f931e21c..f7283b900fa95d7c11b022c17129a1f74ee27acd 100644 (file)
@@ -1,3 +1,244 @@
+2004-01-04 Jeffrey Altman <jaltman@mit.edu>
+
+    * win-mac.h: conditionally define strcasecmp/strncasecmp macros 
+      only if they do not already exist.
+
+2003-12-18  Jeffrey Altman <jaltman@mit.edu>
+
+    * k5-int.h: add new functions to krb5int_access for use by gssapi
+
+2003-12-15  Ken Raeburn  <raeburn@mit.edu>
+
+       * k5-platform.h (SIZE_MAX): Provide default definition if stdint.h
+       doesn't define it.
+
+2003-12-15  Jeffrey Altman <jaltman@mit.edu>
+
+  * win-mac.h: source code written to the C99 standard assumes there
+    are standard definitions for the MAX sizes of C types including
+    size_t.  The MAX preprocessor variables are declared in limits.h
+    but limits.h is not included by any of the other header files.
+    We will therefore include it via win-mac.h.  We must also add a
+    declaration of SIZE_MAX (for size_t) because Microsoft does not
+    provide one.  
+
+2003-12-15  Jeffrey Altman <jaltman@mit.edu>
+
+  * k5-platform.h: apply casts (unsigned char) to the assignments from
+    64-bit ints to unsigned char fields to avoid warnings 
+
+2003-12-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb5.hin (KRB5_AUTH_CONTEXT_USE_SUBKEY): New macro.
+
+       * k5-int.h (struct krb5_keytypes): Added field required_ctype.
+       (krb5int_c_mandatory_cksumtype): New declaration.
+       (krb5int_generate_and_set_subkey): Declare.
+       (memset) [__GNUC__ && __GLIBC__]: Undef, to reduce compilation
+       warnings in zap() macro with volatile pointer.
+
+       * k5-platform.h: New header file.  Manages inline-function and
+       64-bit support, in platform-specific ways.
+       * fake-addrinfo.h: Include k5-platform.h.
+       (inline): Don't define here.
+       * k5-int.h: Include k5-platform.h.
+       (krb5_ui_8, krb5_int64): New typedefs.
+       (krb5_ser_pack_int64, krb5_ser_unpack_int64): New function decls.
+
+2003-10-08  Tom Yu  <tlyu@mit.edu>
+
+       * k5-int.h: Add prototypes for decode_krb5_safe_with_body and
+       encode_krb5_safe_with_body.
+
+2003-08-29  Ken Raeburn  <raeburn@mit.edu>
+
+       * fake-addrinfo.h (WRAP_GETADDRINFO, COPY_FIRST_CANONNAME): Don't
+       define on Linux unless HAVE_GETADDRINFO is defined, for libc5
+       compatibility.
+
+2003-08-26  Ken Raeburn  <raeburn@mit.edu>
+
+       * foreachaddr.c (foreach_localaddr) [HAVE_IFADDRS_H]: Skip over
+       any returned data structure with a NULL ifa_addr field.
+
+2003-07-31  Jeffrey Altman  <jaltman@mit.edu>
+
+       * krb5.hin: krb5_get_host_realm and krb5_free_host_realm should
+       not be labeled as KRB5_PRIVATE.  They are required for many
+       applications including OpenAFS and UMich's Kx509.  1.2.8 had them
+       public but the change was never reflected on the trunk.
+
+2003-07-22  Alexandra Ellwood  <lxs@mit.edu>
+
+        * fake-addrinfo.h: Don't use broken getaddrinfo on Mac OS X
+
+2003-07-22  Ken Raeburn  <raeburn@mit.edu>
+
+       * k5-int.h (krb5int_zap_data, zap): New macros; call memset with
+       volatile cast for now.
+
+2003-07-21  Alexandra Ellwood  <lxs@mit.edu>
+
+        * krb5_32.def: Export krb5_principal2salt.
+
+2003-07-09  Alexandra Ellwood  <lxs@mit.edu>
+
+        * krb5.hin: Export krb5_get_permitted_enctypes and 
+        krb5_set_real_time for Samba.
+
+2003-06-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * k5-int.h (struct krb5_cksumtypes): Add new field trunc_size.
+
+2003-06-12  Tom Yu  <tlyu@mit.edu>
+
+       * krb5.hin: krb524_init_ets() takes one argument.
+
+2003-06-06  Ken Raeburn  <raeburn@mit.edu>
+
+       * k5-int.h (struct srv_dns_entry): Declare.
+       (krb5int_make_srv_query_realm, krb5int_free_srv_dns_data):
+       Declare.
+       (struct _krb5int_access): Add make_srv_query_realm and
+       free_srv_dns_data fields.
+
+2003-06-03  Ken Raeburn  <raeburn@mit.edu>
+
+       * k5-int.h (struct _krb5int_access): Add locate_server back in.
+
+2003-05-27  Ken Raeburn  <raeburn@mit.edu>
+
+       * k5-int.h (KRB524_SERVICE, KRB524_PORT): Moved here...
+       * krb5.h: ...from here.
+       (krb5_524_convert_creds): Renamed from krb524_convert_creds_kdc,
+       fixed calling convention spec.
+       (krb524_convert_creds_kdc, krb524_init_ets) [KRB5_DEPRECATED]: New
+       macros.
+
+       * Makefile.in (clean-windows): Remove new "timestamp" file when
+       cleaning up.
+
+2003-05-25  Ezra Peisach  <epeisach@mit.edu>
+
+       * krb5.hin: Sequence number of krb5_replay_data should be unsigned.
+
+2003-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * Makefile.in (krb5.h): Include krb524_err.h.
+       (krb524_err.h): Depend on rebuild-error-tables like krb5_err.h and
+       friends.  Add a null command to cause make to recheck the
+       timestamp on the files possibly updated.
+       (clean-unix): Get rid of it.
+       * k5-int.h (KRb5INT_ACCESS_STRUCT_VERSION): Update to 7.
+       (struct ktext) [!defined(ANAME_SZ)]: Declare forward.
+       (krb5int_access): Delete krb5_locate_kdc, krb5_locate_server,
+       krb5_max_dgram_size and timeout fields.  Add krb_life_to_time,
+       krb_time_to_life, and krb524_encode_v4tkt function pointer
+       fields.  Reorder fields, and add comments.
+       (krb5int_krb_life_to_time, krb5int_krb_time_to_life,
+       krb5int_encode_v4tkt, krb5int_524_sendto_kdc): Declare.
+       * krb5.hin (KRB524_SERVICE, KRB524_PORT): New macros.
+       (struct credentials): Declare forward.
+       (krb524_convert_creds_kdc): Declare.
+
+2003-05-22  Tom Yu  <tlyu@mit.edu>
+
+       * k5-int.h: Add prototype for krb5int_auth_con_chkseqnum.
+
+       * krb5.hin: Default KRB5_DEPRECATED to 0.  Default KRB5_PRIVATE to
+       0 on all platforms.
+
+2003-05-22  Sam Hartman  <hartmans@mit.edu>
+
+       * k5-int.h: krb5int_populate_gic_opt returns void
+
+2003-05-19  Sam Hartman  <hartmans@mit.edu>
+
+       * k5-int.h: Prototype krb5int_populate_gic_opt
+
+2003-05-18  Tom Yu  <tlyu@mit.edu>
+
+       * k5-int.h: Sequence numbers are now unsigned.
+
+       * krb5.hin: Sequence numbers are now unsigned.
+
+2003-05-16  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb5.hin (KRB5_KPASSWD_ACCESSDENIED): New macro.
+       (KRB5_KPASSWD_BAD_VERSION, KRB5_KPASSWD_INITIAL_FLAG_NEEDED): New
+       macros.
+
+2003-05-13  Sam Hartman  <hartmans@mit.edu>
+
+       * k5-int.h: Add krb5int_copy_data_contents
+
+2003-05-08  Sam Hartman  <hartmans@mit.edu>
+
+       * krb5.hin: Add prototype for krb5_c_string_to_key_with_params
+
+       * k5-int.h: Add s2kparams to krb5_gic_get_as_key_fct
+
+2003-05-07  Sam Hartman  <hartmans@mit.edu>
+
+       * krb5.hin: Add KRB5_PADATA_ETYPE_INFO2
+
+2003-05-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * k5-int.h (struct _krb5_context): New fields conf_tgs_ktypes,
+       conf_tgs_ktypes_count, use_conf_ktypes.
+
+2003-05-09  Tom Yu  <tlyu@mit.edu>
+
+       * krb5.hin: Add krb5_auth_con_getsendsubkey,
+       krb5_auth_con_getrecvsubkey, krb5_auth_con_setsendsubkey,
+       krb5_auth_con_setrecvsubkey.  Mark krb5_auth_con_getlocalsubkey
+       and krb5_auth_con_getremotesubkey as deprecated.
+
+2003-05-06  Sam Hartman  <hartmans@mit.edu>
+
+       * k5-int.h: Add s2kparams to 
+       krb5_etype_info_entry
+       Add encode_etype_info2 and decode_etype_info2
+
+2003-05-02  Ken Raeburn  <raeburn@mit.edu>
+
+       * port-sockets.h (inet_ntop) [!_WIN32 && !HAVE_MACSOCK_H]: Define
+       as a macro if not provided by the OS.
+
+2003-04-17  Sam Hartman  <hartmans@mit.edu>
+
+       * k5-int.h: Add encode_krb5_setpw_req
+
+2003-04-15  Sam Hartman  <hartmans@mit.edu>
+
+       * krb5.hin: Add krb5_set_password
+       Move krb5*_chpw internals to k5int.h
+
+       * k5-int.h: Add prototypes for set-password helper functions
+
+2003-04-07  Ken Raeburn  <raeburn@mit.edu>
+
+       * fake-addrinfo.h (getaddrinfo) [NUMERIC_SERVICE_BROKEN]:
+       Overwrite the port number only if a numeric service port was
+       supplied.
+
+2003-04-01  Ken Raeburn  <raeburn@mit.edu>
+
+       * fake-addrinfo.h (COPY_FIRST_CANONNAME) [_AIX]: Define.
+       (GET_HOST_BY_NAME) [_AIX]: New version for AIX version of
+       gethostbyname_r.
+       (getaddrinfo) [NUMERIC_SERVICE_BROKEN]: Use "discard" as a dummy
+       service name instead of none at all.  Don't check for unsigned
+       value less than zero.
+       (getaddrinfo) [COPY_FIRST_CANONNAME]: Set any ai_canonname fields
+       other than the first one to null.
+
+2003-03-18  Alexandra Ellwood  <lxs@mit.edu>
+
+    * configure.in: Use KRB5_AC_NEED_BIND_8_COMPAT to check for bind 9
+    and higher.  When bind 9 is present, BIND_8_COMPAT needs to be 
+    defined to get bind 8 types.
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
     
     * krb5.h: Removed enumsalwaysint because there are no typed
index df810299f79ba89edf8f7f9390b0ef0fe3af0740..6674a7c94bb09d367ca59d0890c630471713e316 100644 (file)
@@ -31,18 +31,19 @@ $(srcdir)/krb5/autoconf.stmp: $(srcdir)/configure.in
        cd $(srcdir) && $(AUTOHEADER) --localdir=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS)
        touch $(srcdir)/krb5/autoconf.stmp
 
-krb5.h: krb5/autoconf.h $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h \
+krb5.h: krb5/autoconf.h $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \
                asn1_err.h
        echo "/* This file is generated, please don't edit it directly.  */" > krb5.h
        grep SIZEOF krb5/autoconf.h >> krb5.h
-       cat $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h \
+       cat $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \
                asn1_err.h >> krb5.h
 
 #
 # Build the error table include files:
-# asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h
+# asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h
 
-asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h: rebuild-error-tables
+asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h: rebuild-error-tables
+       : $@
 rebuild-error-tables:
        (cd ../lib/krb5/error_tables && $(MAKE) includes)
 
@@ -53,9 +54,10 @@ asn1_err.h: $(SRCTOP)/lib/krb5/error_tables/asn1_err.et
 kdb5_err.h: $(SRCTOP)/lib/krb5/error_tables/kdb5_err.et
 krb5_err.h: $(SRCTOP)/lib/krb5/error_tables/krb5_err.et        
 kv5m_err.h: $(SRCTOP)/lib/krb5/error_tables/kv5m_err.et
+krb524_err.h: $(SRCTOP)/lib/krb5/error_tables/krb524_err.et
 
 clean-unix::
-       $(RM) krb5.h krb5_err.h kdb5_err.h kv5m_err.h \
+       $(RM) krb5.h krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \
                asn1_err.h
 
 clean-mac::
index 7287f153e8f5486d51017b8b33470c6aeb70adce..71b47ff3d410716dc174ee9aa657f7f72e3c7483 100644 (file)
@@ -181,6 +181,9 @@ if test $krb5_cv_has_type_socklen_t = yes; then
 fi
 dnl
 dnl
+KRB5_AC_NEED_BIND_8_COMPAT
+dnl
+dnl
 AC_ARG_ENABLE([athena],
 [  --enable-athena         build with MIT Project Athena configuration],
 AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),)
index d32802a77528645bf7eb7a8b552400a9e8bf8737..79133c2788f952e3c86a47c99c8e1c48cda29c1f 100644 (file)
 #define FAI_DEFINED
 #include "port-sockets.h"
 #include "socket-utils.h"
+#include "k5-platform.h"
 
 #ifdef S_SPLINT_S
+/*@-incondefs@*/
 extern int
 getaddrinfo (/*@in@*/ /*@null@*/ const char *,
             /*@in@*/ /*@null@*/ const char *,
@@ -108,23 +110,28 @@ getnameinfo (const struct sockaddr *addr, socklen_t addrsz,
     /*@requires (maxSet(h)+1) >= hsz /\ (maxSet(s)+1) >= ssz @*/
     /* too hard: maxRead(addr) >= (addrsz-1) */
     /*@modifies *h, *s@*/;
-extern /*@dependent@*/ char *
-gai_strerror (int code) /*@*/;
+extern /*@dependent@*/ char *gai_strerror (int code) /*@*/;
+/*@=incondefs@*/
 #endif
 
 
-#if defined (__linux__) || defined (_AIX)
+#if defined (__APPLE__) && defined (__MACH__)
+#undef HAVE_GETADDRINFO
+#endif
+
+#if (defined (__linux__) && defined(HAVE_GETADDRINFO)) || defined (_AIX)
 /* See comments below.  */
 #  define WRAP_GETADDRINFO
 /* #  define WRAP_GETNAMEINFO */
 #endif
 
-#ifdef __linux__
+#if defined (__linux__) && defined(HAVE_GETADDRINFO)
 # define COPY_FIRST_CANONNAME
 #endif
 
 #ifdef _AIX
 # define NUMERIC_SERVICE_BROKEN
+# define COPY_FIRST_CANONNAME
 #endif
 
 
@@ -152,6 +159,29 @@ gai_strerror (int code) /*@*/;
 #define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR) \
     { (HP) = gethostbyaddr ((ADDR), (ADDRLEN), (FAMILY)); (ERR) = h_errno; }
 #else
+#ifdef _AIX /* XXX should have a feature test! */
+#define GET_HOST_BY_NAME(NAME, HP, ERR) \
+    {                                                                  \
+       struct hostent my_h_ent;                                        \
+       struct hostent_data my_h_ent_data;                              \
+       (HP) = (gethostbyname_r((NAME), &my_h_ent, &my_h_ent_data)      \
+               ? 0                                                     \
+               : &my_h_ent);                                           \
+       (ERR) = h_errno;                                                \
+    }
+/*
+#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR) \
+    {                                                                  \
+       struct hostent my_h_ent;                                        \
+       struct hostent_data my_h_ent_data;                              \
+       (HP) = (gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &my_h_ent, \
+                               &my_h_ent_data)                         \
+               ? 0                                                     \
+               : &my_h_ent);                                           \
+       (ERR) = my_h_err;                                               \
+    }
+*/
+#else
 #ifdef GETHOSTBYNAME_R_RETURNS_INT
 #define GET_HOST_BY_NAME(NAME, HP, ERR) \
     {                                                                  \
@@ -196,7 +226,8 @@ gai_strerror (int code) /*@*/;
                               my_h_buf, sizeof (my_h_buf), &my_h_err); \
        (ERR) = my_h_err;                                               \
     }
-#endif
+#endif /* returns int? */
+#endif /* _AIX */
 #endif
 
 /* Now do the same for getservby* functions.  */
@@ -898,19 +929,19 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint,
     /* AIX 4.3.3 is broken.  (Or perhaps out of date?)
 
        If a numeric service is provided, and it doesn't correspond to
-       a known service name, an error code (for "host not found") is
-       returned.  If the port maps to a known service, all is
-       well.  */
+       a known service name for tcp or udp (as appropriate), an error
+       code (for "host not found") is returned.  If the port maps to a
+       known service for both udp and tcp, all is well.  */
     if (serv && serv[0] && isdigit(serv[0])) {
        unsigned long lport;
        char *end;
        lport = strtoul(serv, &end, 10);
        if (!*end) {
-           if (lport < 0 || lport > 65535)
+           if (lport > 65535)
                return EAI_SOCKTYPE;
            service_is_numeric = 1;
            service_port = htons(lport);
-           serv = 0;
+           serv = "discard";   /* defined for both udp and tcp */
            if (hint)
                socket_type = hint->ai_socktype;
        }
@@ -948,7 +979,10 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint,
        approach: If getaddrinfo sets ai_canonname, we'll replace the
        *first* one with allocated storage, and free up that pointer in
        freeaddrinfo if it's set; the other ai_canonname fields will be
-       left untouched.
+       left untouched.  And we'll just pray that the application code
+       won't mess around with the list structure; if we start doing
+       that, we'll have to start replacing and freeing all of the
+       ai_canonname fields.
 
        Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=133668 .
 
@@ -961,7 +995,9 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint,
        set, the returned ai_canonname field can be null.  The NetBSD
        1.5 implementation also does this, if the input hostname is a
        numeric host address string.  That case isn't handled well at
-       the moment.  */
+       the moment.
+
+       Libc version 5 didn't have getaddrinfo at all.  */
 
 #ifdef COPY_FIRST_CANONNAME
     /*
@@ -1017,20 +1053,28 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint,
 #endif
            return EAI_MEMORY;
        }
+       /* Zap the remaining ai_canonname fields glibc fills in, in
+          case the application messes around with the list
+          structure.  */
+       while ((ai = ai->ai_next) != NULL)
+           ai->ai_canonname = 0;
     }
 #endif
 
 #ifdef NUMERIC_SERVICE_BROKEN
-    for (ai = *result; ai; ai = ai->ai_next) {
-       if (socket_type != 0 && ai->ai_socktype == 0)
-           ai->ai_socktype = socket_type;
-       switch (ai->ai_family) {
-       case AF_INET:
-           ((struct sockaddr_in *)ai->ai_addr)->sin_port = service_port;
-           break;
-       case AF_INET6:
-           ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port = service_port;
-           break;
+    if (service_port != 0) {
+       for (ai = *result; ai; ai = ai->ai_next) {
+           if (socket_type != 0 && ai->ai_socktype == 0)
+               /* Is this check actually needed?  */
+               ai->ai_socktype = socket_type;
+           switch (ai->ai_family) {
+           case AF_INET:
+               ((struct sockaddr_in *)ai->ai_addr)->sin_port = service_port;
+               break;
+           case AF_INET6:
+               ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port = service_port;
+               break;
+           }
        }
     }
 #endif
index 101f8efca97371a248fe204d97746fada9ac0530..f91034a77b4373d05c12b12d59652f98c80af035 100644 (file)
@@ -383,6 +383,20 @@ foreach_localaddr (/*@null@*/ void *data,
        if ((ifp->ifa_flags & IFF_UP) == 0)
            continue;
        if (ifp->ifa_flags & IFF_LOOPBACK) {
+           /* Pretend it's not up, so the second pass will skip
+              it.  */
+           ifp->ifa_flags &= ~IFF_UP;
+           continue;
+       }
+       if (ifp->ifa_addr == NULL) {
+           /* Can't use an interface without an address.  Linux
+              apparently does this sometimes.  [RT ticket 1770 from
+              Maurice Massar, also Debian bug 206851, shows the
+              problem with a PPP link on a newer kernel than I'm
+              running.]
+
+              Pretend it's not up, so the second pass will skip
+              it.  */
            ifp->ifa_flags &= ~IFF_UP;
            continue;
        }
index 41c325da1ebea95b3c4c2ad93e8506fbcf8ca748..61333e4533fc2498538a10bd6c2d6cb87c34b23a 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001 by the Massachusetts Institute of Technology,
+ * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
  * 
  * This software is being provided to you, the LICENSEE, by the 
@@ -138,6 +138,13 @@ typedef unsigned char      u_char;
 #endif /* HAVE_SYS_TYPES_H */
 #endif /* KRB5_SYSTYPES__ */
 
+
+#include "k5-platform.h"
+/* not used in krb5.h (yet) */
+typedef UINT64_TYPE krb5_ui_8;
+typedef INT64_TYPE krb5_int64;
+
+
 #define DEFAULT_PWD_STRING1 "Enter password"
 #define DEFAULT_PWD_STRING2 "Re-enter password for verification"
 
@@ -282,12 +289,15 @@ typedef struct _krb5_alt_method {
  * A null-terminated array of this structure is returned by the KDC as
  * the data part of the ETYPE_INFO preauth type.  It informs the
  * client which encryption types are supported.
+ * The  same data structure is used by both etype-info and etype-info2
+ * but s2kparams must be null when encoding etype-info.
  */
 typedef struct _krb5_etype_info_entry {
        krb5_magic      magic;
        krb5_enctype    etype;
        unsigned int    length;
        krb5_octet      *salt;
+    krb5_data s2kparams;
 } krb5_etype_info_entry;
 
 /* 
@@ -638,6 +648,7 @@ struct krb5_keytypes {
     krb5_crypt_func encrypt;
     krb5_crypt_func decrypt;
     krb5_str2key_func str2key;
+    krb5_cksumtype required_ctype;
 };
 
 struct krb5_cksumtypes {
@@ -657,6 +668,12 @@ struct krb5_cksumtypes {
        kind of messy, but so is the krb5 api. */
     const struct krb5_keyhash_provider *keyhash;
     const struct krb5_hash_provider *hash;
+    /* This just gets uglier and uglier.  In the key derivation case,
+       we produce an hmac.  To make the hmac code work, we can't hack
+       the output size indicated by the hash provider, but we may want
+       a truncated hmac.  If we want truncation, this is the number of
+       bytes we truncate to; it should be 0 otherwise.  */
+    unsigned int trunc_size;
 };
 
 #define KRB5_CKSUMFLAG_DERIVE          0x0001
@@ -679,6 +696,10 @@ krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *, unsigned long,
                                          const krb5_data *,
                                          const krb5_data *);
 
+/* Make this a function eventually?  */
+#define krb5int_zap_data(ptr, len) memset((volatile void *)ptr, 0, len)
+#define zap(p,l) krb5int_zap_data(p,l)
+
 /* A definition of init_state for DES based encryption systems.
  * sets up an 8-byte IV of all zeros
  */
@@ -903,6 +924,8 @@ void krb5_free_etype_info
 /*
  * End "preauth.h"
  */
+krb5_error_code
+krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *);
 
 typedef krb5_error_code (*krb5_gic_get_as_key_fct)
     (krb5_context,
@@ -911,6 +934,7 @@ typedef krb5_error_code (*krb5_gic_get_as_key_fct)
                     krb5_prompter_fct,
                     void *prompter_data,
                     krb5_data *salt,
+     krb5_data *s2kparams,
                     krb5_keyblock *as_key,
                     void *gak_data);
 
@@ -929,11 +953,17 @@ krb5_get_init_creds
                int master,
                krb5_kdc_rep **as_reply);
 
+void krb5int_populate_gic_opt (
+    krb5_context, krb5_get_init_creds_opt *,
+    krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
+    krb5_preauthtype *pre_auth_types);
+
 
 krb5_error_code krb5_do_preauth
 (krb5_context, krb5_kdc_req *,
                krb5_pa_data **, krb5_pa_data ***,
-               krb5_data *, krb5_enctype *,
+               krb5_data *salt, krb5_data *s2kparams,
+ krb5_enctype *,
                krb5_keyblock *,
                krb5_prompter_fct, void *,
                krb5_gic_get_as_key_fct, void *);
@@ -1005,6 +1035,17 @@ struct _krb5_context {
           absolute limit on the UDP packet size.  */
        int             udp_pref_limit;
 
+       /* This is the tgs_ktypes list as read from the profile, or
+          set to compiled-in defaults.  The application code cannot
+          override it.  This is used for session keys for
+          intermediate ticket-granting tickets used to acquire the
+          requested ticket (the session key of which may be
+          constrained by tgs_ktypes above).  */
+       krb5_enctype    *conf_tgs_ktypes;
+       int             conf_tgs_ktypes_count;
+       /* Use the _configured version?  */
+       krb5_boolean    use_conf_ktypes;
+
 #ifdef KRB5_DNS_LOOKUP
         krb5_boolean    profile_in_memory;
 #endif /* KRB5_DNS_LOOKUP */
@@ -1023,7 +1064,7 @@ typedef struct _krb5_safe {
     krb5_timestamp timestamp;          /* client time, optional */
     krb5_int32 usec;                   /* microsecond portion of time,
                                           optional */
-    krb5_int32 seq_number;             /* sequence #, optional */
+    krb5_ui_4 seq_number;              /* sequence #, optional */
     krb5_address *s_address;   /* sender address */
     krb5_address *r_address;   /* recipient address, optional */
     krb5_checksum *checksum;   /* data integrity checksum */
@@ -1039,7 +1080,7 @@ typedef struct _krb5_priv_enc_part {
     krb5_data user_data;               /* user data */
     krb5_timestamp timestamp;          /* client time, optional */
     krb5_int32 usec;                   /* microsecond portion of time, opt. */
-    krb5_int32 seq_number;             /* sequence #, optional */
+    krb5_ui_4 seq_number;              /* sequence #, optional */
     krb5_address *s_address;   /* sender address */
     krb5_address *r_address;   /* recipient address, optional */
 } krb5_priv_enc_part;
@@ -1189,6 +1230,9 @@ krb5_error_code encode_krb5_kdc_req_body
 krb5_error_code encode_krb5_safe
        (const krb5_safe *rep, krb5_data **code);
 
+krb5_error_code encode_krb5_safe_with_body
+       (const krb5_safe *rep, const krb5_data *body, krb5_data **code);
+
 krb5_error_code encode_krb5_priv
        (const krb5_priv *rep, krb5_data **code);
 
@@ -1221,6 +1265,8 @@ krb5_error_code encode_krb5_alt_method
 
 krb5_error_code encode_krb5_etype_info
        (const krb5_etype_info_entry **, krb5_data **code);
+krb5_error_code encode_krb5_etype_info2
+       (const krb5_etype_info_entry **, krb5_data **code);
 
 krb5_error_code encode_krb5_enc_data
        (const krb5_enc_data *, krb5_data **);
@@ -1270,6 +1316,9 @@ krb5_error_code encode_krb5_sam_response
 krb5_error_code encode_krb5_predicted_sam_response
        (const krb5_predicted_sam_response * , krb5_data **);
 
+krb5_error_code encode_krb5_setpw_req
+(const krb5_principal target, char *password, krb5_data **code);
+
 /*************************************************************************
  * End of prototypes for krb5_encode.c
  *************************************************************************/
@@ -1363,6 +1412,9 @@ krb5_error_code decode_krb5_kdc_req_body
 krb5_error_code decode_krb5_safe
        (const krb5_data *output, krb5_safe **rep);
 
+krb5_error_code decode_krb5_safe_with_body
+       (const krb5_data *output, krb5_safe **rep, krb5_data *body);
+
 krb5_error_code decode_krb5_priv
        (const krb5_data *output, krb5_priv **rep);
 
@@ -1396,6 +1448,9 @@ krb5_error_code decode_krb5_alt_method
 krb5_error_code decode_krb5_etype_info
        (const krb5_data *output, krb5_etype_info_entry ***rep);
 
+krb5_error_code decode_krb5_etype_info2
+       (const krb5_data *output, krb5_etype_info_entry ***rep);
+
 krb5_error_code decode_krb5_enc_data
        (const krb5_data *output, krb5_enc_data **rep);
 
@@ -1448,6 +1503,8 @@ krb5_error_code krb5_encode_kdc_rep
 krb5_error_code krb5_validate_times
        (krb5_context, 
                krb5_ticket_times *);
+krb5_boolean krb5int_auth_con_chkseqnum
+       (krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq);
 /*
  * [De]Serialization Handle and operations.
  */
@@ -1537,6 +1594,11 @@ krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32
        (krb5_int32 *,
                krb5_octet **,
                size_t *);
+/* [De]serialize 8-byte integer */
+krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64
+       (krb5_int64, krb5_octet **, size_t *);
+krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64
+       (krb5_int64 *, krb5_octet **, size_t *);
 /* [De]serialize byte string */
 krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes
        (krb5_octet *,
@@ -1559,7 +1621,46 @@ krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default
 void krb5int_set_prompt_types
        (krb5_context, krb5_prompt_type *);
 
-
+krb5_error_code
+krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context,
+                                 krb5_keyblock * /* Old keyblock, not new!  */);
+
+/* set and change password helpers */
+
+krb5_error_code krb5int_mk_chpw_req
+       (krb5_context context, krb5_auth_context auth_context,
+                       krb5_data *ap_req, char *passwd, krb5_data *packet);
+krb5_error_code krb5int_rd_chpw_rep
+       (krb5_context context, krb5_auth_context auth_context,
+                      krb5_data *packet, int *result_code,
+                      krb5_data *result_data);
+krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string
+       (krb5_context context, int result_code,
+                       char **result_codestr);
+krb5_error_code  krb5int_mk_setpw_req
+       (krb5_context context, krb5_auth_context auth_context,
+                       krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet);
+krb5_error_code krb5int_rd_setpw_rep
+       (krb5_context context, krb5_auth_context auth_context,
+                      krb5_data *packet, int *result_code,
+                      krb5_data *result_data);
+krb5_error_code krb5int_setpw_result_code_string
+       (krb5_context context, int result_code,
+                       const char **result_codestr);
+
+struct srv_dns_entry {
+    struct srv_dns_entry *next;
+    int priority;
+    int weight;
+    unsigned short port;
+    char *host;
+};
+krb5_error_code
+krb5int_make_srv_query_realm(const krb5_data *realm,
+                            const char *service,
+                            const char *protocol,
+                            struct srv_dns_entry **answers);
+void krb5int_free_srv_dns_data(struct srv_dns_entry *);
 
 #if defined(macintosh) && defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__)
 #pragma import reset
@@ -1577,26 +1678,24 @@ void krb5int_set_prompt_types
 /* To keep happy libraries which are (for now) accessing internal stuff */
 
 /* Make sure to increment by one when changing the struct */
-#define KRB5INT_ACCESS_STRUCT_VERSION 6
+#define KRB5INT_ACCESS_STRUCT_VERSION 8
 
+#ifndef ANAME_SZ
+struct ktext;                  /* from krb.h, for krb524 support */
+#endif
 typedef struct _krb5int_access {
-    krb5_error_code (*krb5_locate_kdc) (krb5_context, const krb5_data *,
-                                       struct addrlist *, int, int, int);
-    krb5_error_code (*krb5_locate_server) (krb5_context, const krb5_data *,
-                                          struct addrlist *, int,
-                                          const char *, const char *,
-                                          int, int, int, int);
-    void (*free_addrlist) (struct addrlist *);
-    unsigned int krb5_max_skdc_timeout;
-    unsigned int krb5_skdc_timeout_shift;
-    unsigned int krb5_skdc_timeout_1;
-    unsigned int krb5_max_dgram_size;
+    /* crypto stuff */
     const struct krb5_hash_provider *md5_hash_provider;
     const struct krb5_enc_provider *arcfour_enc_provider;
     krb5_error_code (* krb5_hmac) (const struct krb5_hash_provider *hash,
                                   const krb5_keyblock *key,
                                   unsigned int icount, const krb5_data *input,
                                   krb5_data *output);
+    /* service location and communication */
+    krb5_error_code (*locate_server) (krb5_context, const krb5_data *,
+                                     struct addrlist *, int,
+                                     const char *, const char *,
+                                     int, int, int, int);
     krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg,
                                   const struct addrlist *, krb5_data *reply,
                                   struct sockaddr *, socklen_t *);
@@ -1604,6 +1703,24 @@ typedef struct _krb5int_access {
                                        const char *hostname,
                                        int port, int secport,
                                        int socktype, int family);
+    void (*free_addrlist) (struct addrlist *);
+
+    krb5_error_code (*make_srv_query_realm)(const krb5_data *realm,
+                                           const char *service,
+                                           const char *protocol,
+                                           struct srv_dns_entry **answers);
+    void (*free_srv_dns_data)(struct srv_dns_entry *);
+
+    /* krb4 compatibility stuff -- may be null if not enabled */
+    krb5_int32 (*krb_life_to_time)(krb5_int32, int);
+    int (*krb_time_to_life)(krb5_int32, krb5_int32);
+    int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *);
+    krb5_error_code (*krb5int_c_mandatory_cksumtype)
+        (krb5_context, krb5_enctype, krb5_cksumtype *);
+    krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64)
+        (krb5_int64, krb5_octet **, size_t *);
+    krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64)
+        (krb5_int64 *, krb5_octet **, size_t *);
 } krb5int_access;
 
 #define KRB5INT_ACCESS_VERSION \
@@ -1613,6 +1730,29 @@ typedef struct _krb5int_access {
 krb5_error_code KRB5_CALLCONV krb5int_accessor
        (krb5int_access*, krb5_int32);
 
+/* Ick -- some krb524 and krb4 support placed in the krb5 library,
+   because AFS (and potentially other applications?) use the krb4
+   object as an opaque token, which (in some implementations) is not
+   in fact a krb4 ticket, so we don't want to drag in the krb4 support
+   just to enable this.  */
+
+#define KRB524_SERVICE "krb524"
+#define KRB524_PORT 4444
+
+/* v4lifetime.c */
+extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int);
+extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32);
+
+/* conv_creds.c */
+int krb5int_encode_v4tkt
+       (struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
+
+/* send524.c */
+int krb5int_524_sendto_kdc
+        (krb5_context context, const krb5_data * message, 
+        const krb5_data * realm, krb5_data * reply,
+        struct sockaddr *, socklen_t *);
+
 /* temporary -- this should be under lib/krb5/ccache somewhere */
 
 struct _krb5_ccache {
@@ -1744,4 +1884,8 @@ extern const krb5_kt_ops krb5_kt_dfl_ops;
 
 extern krb5_error_code krb5int_translate_gai_error (int);
 
+/* Not sure it's ready for exposure just yet.  */
+extern krb5_error_code
+krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *);
+
 #endif /* _KRB5_INT_H */
diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h
new file mode 100644 (file)
index 0000000..c4cc7bb
--- /dev/null
@@ -0,0 +1,170 @@
+/*
+ * k5-platform.h
+ *
+ * Copyright 2003  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * Some platform-dependent definitions to sync up the C support level.
+ * Some to a C99-ish level, some related utility code.
+ *
+ * Currently: make "static inline" work; 64-bit types and load/store
+ * code; SIZE_MAX.
+ */
+
+#ifndef K5_PLATFORM_H
+#define K5_PLATFORM_H
+
+#if !defined(inline)
+# if __STDC_VERSION__ >= 199901L
+/* C99 supports inline, don't do anything.  */
+# elif defined(__GNUC__)
+#  define inline __inline__ /* this form silences -pedantic warnings */
+# elif defined(__mips) && defined(__sgi)
+#  define inline __inline /* IRIX used at MIT does inline but not c99 yet */
+# elif defined(__sun) && __SUNPRO_C >= 0x540
+/* The Forte Developer 7 C compiler supports "inline".  */
+# elif defined(_WIN32)
+#  define inline __inline
+# else
+#  define inline /* nothing, just static */
+# endif
+#endif
+
+#include "autoconf.h"
+
+/* 64-bit support: krb5_ui_8 and krb5_int64.
+
+   This should move to krb5.h eventually, but without the namespace
+   pollution from the autoconf macros.  */
+#if defined(HAVE_STDINT_H) || defined(HAVE_INTTYPES_H)
+# ifdef HAVE_STDINT_H
+#  include <stdint.h>
+# endif
+# ifdef HAVE_INTTYPES_H
+#  include <inttypes.h>
+# endif
+# define INT64_TYPE int64_t
+# define UINT64_TYPE uint64_t
+#elif defined(_WIN32)
+# define INT64_TYPE signed __int64
+# define UINT64_TYPE unsigned __int64
+#else /* not Windows, and neither stdint.h nor inttypes.h */
+# define INT64_TYPE signed long long
+# define UINT64_TYPE unsigned long long
+#endif
+
+#ifndef SIZE_MAX
+# define SIZE_MAX ((size_t)((size_t)0 - 1))
+#endif
+
+/* Read and write integer values as (unaligned) octet strings in
+   specific byte orders.
+
+   Add per-platform optimizations later if needed.  (E.g., maybe x86
+   unaligned word stores and gcc/asm instructions for byte swaps,
+   etc.)  */
+
+static inline void
+store_16_be (unsigned int val, unsigned char *p)
+{
+    p[0] = (val >>  8) & 0xff;
+    p[1] = (val      ) & 0xff;
+}
+static inline void
+store_16_le (unsigned int val, unsigned char *p)
+{
+    p[1] = (val >>  8) & 0xff;
+    p[0] = (val      ) & 0xff;
+}
+static inline void
+store_32_be (unsigned int val, unsigned char *p)
+{
+    p[0] = (val >> 24) & 0xff;
+    p[1] = (val >> 16) & 0xff;
+    p[2] = (val >>  8) & 0xff;
+    p[3] = (val      ) & 0xff;
+}
+static inline void
+store_32_le (unsigned int val, unsigned char *p)
+{
+    p[3] = (val >> 24) & 0xff;
+    p[2] = (val >> 16) & 0xff;
+    p[1] = (val >>  8) & 0xff;
+    p[0] = (val      ) & 0xff;
+}
+static inline void
+store_64_be (UINT64_TYPE val, unsigned char *p)
+{
+    p[0] = (unsigned char)((val >> 56) & 0xff);
+    p[1] = (unsigned char)((val >> 48) & 0xff);
+    p[2] = (unsigned char)((val >> 40) & 0xff);
+    p[3] = (unsigned char)((val >> 32) & 0xff);
+    p[4] = (unsigned char)((val >> 24) & 0xff);
+    p[5] = (unsigned char)((val >> 16) & 0xff);
+    p[6] = (unsigned char)((val >>  8) & 0xff);
+    p[7] = (unsigned char)((val      ) & 0xff);
+}
+static inline void
+store_64_le (UINT64_TYPE val, unsigned char *p)
+{
+    p[7] = (unsigned char)((val >> 56) & 0xff);
+    p[6] = (unsigned char)((val >> 48) & 0xff);
+    p[5] = (unsigned char)((val >> 40) & 0xff);
+    p[4] = (unsigned char)((val >> 32) & 0xff);
+    p[3] = (unsigned char)((val >> 24) & 0xff);
+    p[2] = (unsigned char)((val >> 16) & 0xff);
+    p[1] = (unsigned char)((val >>  8) & 0xff);
+    p[0] = (unsigned char)((val      ) & 0xff);
+}
+static inline unsigned short
+load_16_be (unsigned char *p)
+{
+    return (p[1] | (p[0] << 8));
+}
+static inline unsigned short
+load_16_le (unsigned char *p)
+{
+    return (p[0] | (p[1] << 8));
+}
+static inline unsigned int
+load_32_be (unsigned char *p)
+{
+    return (p[3] | (p[2] << 8) | (p[1] << 16) | (p[0] << 24));
+}
+static inline unsigned int
+load_32_le (unsigned char *p)
+{
+    return (p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24));
+}
+static inline UINT64_TYPE
+load_64_be (unsigned char *p)
+{
+    return ((UINT64_TYPE)load_32_be(p) << 32) | load_32_be(p+4);
+}
+static inline UINT64_TYPE
+load_64_le (unsigned char *p)
+{
+    return ((UINT64_TYPE)load_32_le(p+4) << 32) | load_32_le(p);
+}
+
+#endif /* K5_PLATFORM_H */
index baa927a2b5a98de7b68027de0dd86b51a856005f..226443b38b7535de311ebfb0fc21c8a99bb605f5 100644 (file)
@@ -1,3 +1,8 @@
+2003-09-23  Jeffrey Altman  <jaltman@mit.edu>
+
+       * krb.h: Modify the declaration of the CREDENTIALS structure to
+       support the additional address field used on Windows.
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
     * des.h, krb.h: Removed deprecated KfM functions.  They will be 
     exported but not in the headers to discourage new callers. Removed 
index 26ac08647266f4c78d838deca6147a7a7e746618..a79df13b6b4a29c6d2b584262bcfaa28fa23a719 100644 (file)
@@ -122,6 +122,7 @@ extern const char * const krb_err_txt[MAX_KRB_ERRORS];
 #define                REALM_SZ        40
 #define                SNAME_SZ        40
 #define                INST_SZ         40
+#define     ADDR_SZ     40
 /*
  * NB: This overcounts due to NULs.
  */
@@ -209,6 +210,9 @@ struct credentials {
     KRB_UINT32 address;                        /* Address in ticket */
     KRB_UINT32 stk_type;               /* string_to_key function needed */
 #endif
+#ifdef _WIN32
+    char    address[ADDR_SZ];   /* Address in ticket */
+#endif
 };
 
 typedef struct credentials CREDENTIALS;
index eece828f1f8e36e10ba703be0be6a83d3f1b5843..ea2fcd647543d98c7f4b772f965640c918e4f9fd 100644 (file)
 #ifndef KRB5_GENERAL__
 #define KRB5_GENERAL__
 
+/* By default, do not expose deprecated interfaces. */
 #ifndef KRB5_DEPRECATED
-#define KRB5_DEPRECATED 1 /* Expose deprecated things for now. */
+#define KRB5_DEPRECATED 0
+#endif
+/* Do not expose private interfaces.  Build system will override. */
+#ifndef KRB5_PRIVATE
+#define KRB5_PRIVATE 0
 #endif
 
 #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
 #    if TARGET_RT_MAC_CFM
 #      error "Use KfM 4.0 SDK headers for CFM compilation."
 #    endif
-
-#      ifndef KRB5_PRIVATE /* Allow e.g. build system to override */
-#              define KRB5_PRIVATE 0
-#      endif
-#else
-#if defined(_WIN32)
-#      ifndef KRB5_PRIVATE
-#              define KRB5_PRIVATE 0
-#      endif
-#else
-#      ifndef KRB5_PRIVATE
-#              define KRB5_PRIVATE 1
-#      endif
-#endif
 #endif
 
 #if defined(_MSDOS) || defined(_WIN32)
@@ -491,6 +482,13 @@ krb5_error_code KRB5_CALLCONV
     (krb5_context context, krb5_enctype enctype,
                    const krb5_data *string, const krb5_data *salt,
                    krb5_keyblock *key);
+krb5_error_code KRB5_CALLCONV
+krb5_c_string_to_key_with_params(krb5_context context,
+                                krb5_enctype enctype,
+                                const krb5_data *string,
+                                const krb5_data *salt,
+                                const krb5_data *params,
+                                krb5_keyblock *key);
 
 krb5_error_code KRB5_CALLCONV
     krb5_c_enctype_compare
@@ -874,7 +872,7 @@ krb5_error_code krb5_decrypt_data
 #define KRB5_PADATA_SAM_RESPONSE       13 /* draft challenge system response */
 #define KRB5_PADATA_PK_AS_REQ          14 /* PKINIT */
 #define KRB5_PADATA_PK_AS_REP          15 /* PKINIT */
-
+#define KRB5_PADATA_ETYPE_INFO2 19
 #define KRB5_PADATA_SAM_CHALLENGE_2    30 /* draft challenge system, updated */
 #define KRB5_PADATA_SAM_RESPONSE_2     31 /* draft challenge system, updated */
     
@@ -902,6 +900,11 @@ krb5_error_code krb5_decrypt_data
 #define KRB5_KPASSWD_HARDERROR         2
 #define KRB5_KPASSWD_AUTHERROR         3
 #define KRB5_KPASSWD_SOFTERROR         4
+/* These are Microsoft's extensions in RFC 3244, and it looks like
+   they'll become standardized, possibly with other additions.  */
+#define KRB5_KPASSWD_ACCESSDENIED      5       /* unused */
+#define KRB5_KPASSWD_BAD_VERSION       6
+#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7     /* unused */
 
 /*
  * end "proto.h"
@@ -962,7 +965,7 @@ typedef struct _krb5_authenticator {
     krb5_int32 cusec;                  /* client usec portion */
     krb5_timestamp ctime;              /* client sec portion */
     krb5_keyblock *subkey;             /* true session key, optional */
-    krb5_int32 seq_number;             /* sequence #, optional */
+    krb5_ui_4 seq_number;              /* sequence #, optional */
     krb5_authdata **authorization_data; /* New add by Ari, auth data */
 } krb5_authenticator;
 
@@ -1088,7 +1091,7 @@ typedef struct _krb5_ap_rep_enc_part {
     krb5_timestamp ctime;              /* client time, seconds portion */
     krb5_int32 cusec;                  /* client time, microseconds portion */
     krb5_keyblock *subkey;             /* true session key, optional */
-    krb5_int32 seq_number;             /* sequence #, optional */
+    krb5_ui_4 seq_number;              /* sequence #, optional */
 } krb5_ap_rep_enc_part;
 
 typedef struct _krb5_response {
@@ -1152,11 +1155,12 @@ typedef struct _krb5_pwd_data {
 #define KRB5_AUTH_CONTEXT_DO_SEQUENCE  0x00000004
 #define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008
 #define KRB5_AUTH_CONTEXT_PERMIT_ALL   0x00000010
+#define KRB5_AUTH_CONTEXT_USE_SUBKEY   0x00000020
  
 typedef struct krb5_replay_data { 
     krb5_timestamp     timestamp; 
     krb5_int32         usec;
-    krb5_int32         seq; 
+    krb5_ui_4          seq; 
 } krb5_replay_data;
 
 /* flags for krb5_auth_con_genaddrs() */
@@ -1166,7 +1170,7 @@ typedef struct krb5_replay_data {
 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR    0x00000008
 
 /* type of function used as a callback to generate checksum data for
      * mk_req*/
* mk_req */
 
 typedef krb5_error_code 
 (KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *,
@@ -1407,9 +1411,12 @@ krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes
        (krb5_context,
                krb5_const_principal,
                krb5_enctype **);
+#endif
 
-krb5_error_code krb5_get_permitted_enctypes
+krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes
        (krb5_context, krb5_enctype **);
+
+#if KRB5_PRIVATE
 void KRB5_CALLCONV krb5_free_ktypes
        (krb5_context, krb5_enctype *);
 
@@ -1632,7 +1639,7 @@ krb5_error_code krb5_generate_subkey
                const krb5_keyblock *, krb5_keyblock **);
 krb5_error_code krb5_generate_seq_number
        (krb5_context,
-               const krb5_keyblock *, krb5_int32 *);
+               const krb5_keyblock *, krb5_ui_4 *);
 #endif
 krb5_error_code KRB5_CALLCONV krb5_get_server_rcache
        (krb5_context,
@@ -1658,17 +1665,13 @@ krb5_error_code KRB5_CALLCONV krb5_524_conv_principal
        (krb5_context context, krb5_const_principal princ, 
                char *name, char *inst, char *realm);
 
-#if KRB5_PRIVATE
-krb5_error_code KRB5_CALLCONV krb5_mk_chpw_req
-       (krb5_context context, krb5_auth_context auth_context,
-                       krb5_data *ap_req, char *passwd, krb5_data *packet);
-krb5_error_code KRB5_CALLCONV krb5_rd_chpw_rep
-       (krb5_context context, krb5_auth_context auth_context,
-                      krb5_data *packet, int *result_code,
-                      krb5_data *result_data);
-krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string
-       (krb5_context context, int result_code,
-                       char **result_codestr);
+struct credentials;
+int KRB5_CALLCONV krb5_524_convert_creds
+       (krb5_context context, krb5_creds *v5creds,
+        struct credentials *v4creds);
+#if KRB5_DEPRECATED
+#define krb524_convert_creds_kdc krb5_524_convert_creds
+#define krb524_init_ets(x) (0)
 #endif
 
 /* libkt.spec */
@@ -1708,10 +1711,10 @@ krb5_error_code KRB5_CALLCONV krb5_kt_add_entry
        (krb5_context,
                krb5_keytab,
                krb5_keytab_entry * );
-#if KRB5_PRIVATE
 krb5_error_code krb5_principal2salt
        (krb5_context,
                krb5_const_principal, krb5_data *);
+#if KRB5_PRIVATE
 krb5_error_code krb5_principal2salt_norealm
        (krb5_context,
                krb5_const_principal, krb5_data *);
@@ -1871,6 +1874,14 @@ krb5_change_password
        (krb5_context context, krb5_creds *creds, char *newpw,
                        int *result_code, krb5_data *result_code_string,
                        krb5_data *result_string);
+krb5_error_code KRB5_CALLCONV
+krb5_set_password
+       (krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for,
+                       int *result_code, krb5_data *result_code_string, krb5_data *result_string);
+krb5_error_code KRB5_CALLCONV
+krb5_set_password_using_ccache
+       (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for,
+                       int *result_code, krb5_data *result_code_string, krb5_data *result_string);
 
 #if KRB5_PRIVATE
 #ifndef macintosh
@@ -2152,11 +2163,30 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey
                krb5_auth_context,
                krb5_keyblock **);
 
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey(
+    krb5_context, krb5_auth_context, krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey(
+    krb5_context, krb5_auth_context, krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey(
+    krb5_context, krb5_auth_context, krb5_keyblock *);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey(
+    krb5_context, krb5_auth_context, krb5_keyblock *);
+
+#if KRB5_DEPRECATED
 krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey
        (krb5_context,
                krb5_auth_context,
                krb5_keyblock **);
 
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey
+       (krb5_context,
+               krb5_auth_context,
+               krb5_keyblock **);
+#endif
+
 #if KRB5_PRIVATE
 krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype
        (krb5_context,
@@ -2224,11 +2254,6 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator
                krb5_auth_context,
                krb5_authenticator **);
 
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey
-       (krb5_context,
-               krb5_auth_context,
-               krb5_keyblock **);
-
 #define KRB5_REALM_BRANCH_CHAR '.'
 
 /*
@@ -2257,7 +2282,6 @@ krb5_error_code KRB5_CALLCONV krb5_aname_to_localname
                krb5_const_principal,
                int,
                char * );
-#if KRB5_PRIVATE
 krb5_error_code KRB5_CALLCONV krb5_get_host_realm
        (krb5_context,
                const char *,
@@ -2265,6 +2289,7 @@ krb5_error_code KRB5_CALLCONV krb5_get_host_realm
 krb5_error_code KRB5_CALLCONV krb5_free_host_realm
        (krb5_context,
                char * const * );
+#if KRB5_PRIVATE
 krb5_error_code KRB5_CALLCONV krb5_get_realm_domain
        (krb5_context,
                const char *,
@@ -2293,9 +2318,12 @@ krb5_error_code krb5_make_fulladdr
                krb5_address *,
                krb5_address *,
                krb5_address *);
+#endif
 
-krb5_error_code krb5_set_real_time
+krb5_error_code KRB5_CALLCONV krb5_set_real_time
        (krb5_context, krb5_int32, krb5_int32);
+
+#if KRB5_PRIVATE
 krb5_error_code krb5_set_debugging_time
        (krb5_context, krb5_int32, krb5_int32);
 krb5_error_code krb5_use_natural_time
index ff3d7b3012da6c0a15f2140012460c0257412d88..72dc6e4c4293188b3ce5614092348ee91c972d6e 100644 (file)
@@ -1,3 +1,7 @@
+2003-05-25  Ezra Peisach  <epeisach@mit.edu>
+
+       * kdb.h: Add prototype for krb5_db_iterate_ext.
+
 2003-03-05  Tom Yu  <tlyu@mit.edu>
 
        * kdb_kt.h: Add krb5_ktkdb_set_context.  Update prototype of
index 1670b54369051e02ae956bad4595ae1b4d60951f..73a3972aaa3a2f41b78a27b65f3bdd1ce75790f7 100644 (file)
@@ -212,6 +212,10 @@ krb5_error_code krb5_db_iterate (krb5_context,
                                 krb5_error_code (* ) (krb5_pointer,
                                                       krb5_db_entry *),
                                 krb5_pointer);
+krb5_error_code krb5_db_iterate_ext (krb5_context,
+                                    krb5_error_code (* ) (krb5_pointer,
+                                                          krb5_db_entry *),
+                                    krb5_pointer, int, int);
 krb5_error_code krb5_db_verify_master_key (krb5_context, krb5_principal, 
                                           krb5_keyblock *);
 krb5_error_code krb5_db_store_mkey (krb5_context, char *, krb5_principal,
index 3c7bb4f6196f5c1baa15259dde83a682bdc8a1e0..bd0d76f0fd83fbc812b15204d34cb926f980b887 100644 (file)
@@ -1,3 +1,7 @@
+2003-05-29  Ken Raeburn  <raeburn@mit.edu>
+
+       * osconf.h (DEFAULT_KDC_ENCTYPE): Default to des3 now.
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
 
     * osconf.h: Added DEFAULT_SECURE_PROFILE_PATH so that KfM will only
index b56d057482105f832a313366fcf24cd2648ebae4..876e9f245a20a02e1a28e15cc1efb485821b5254 100644 (file)
@@ -64,7 +64,7 @@
 #define        DEFAULT_KDC_PROFILE     "@LOCALSTATEDIR/krb5kdc/kdc.conf"
 #define        KDC_PROFILE_ENV         "KRB5_KDC_PROFILE"
 
-#define        DEFAULT_KDC_ENCTYPE     ENCTYPE_DES_CBC_CRC
+#define        DEFAULT_KDC_ENCTYPE     ENCTYPE_DES3_CBC_SHA1
 #define KDCRCACHE              "dfl:krb5kdc_rcache"
 
 #define KDC_PORTNAME           "kerberos" /* for /etc/services or equiv. */
index 34489669b9fd293f9b996b31e6d50c8520d0cd0a..eb87bc1c904c2837f08abd82e02a89741b82ef8e 100644 (file)
@@ -153,6 +153,21 @@ typedef struct iovec sg_buf;
 #define SHUTDOWN_WRITE 1
 #define SHUTDOWN_BOTH  2
 
+#ifndef HAVE_INET_NTOP
+#define inet_ntop(AF,SRC,DST,CNT)                                          \
+    ((AF) == AF_INET                                                       \
+     ? ((CNT) < 16                                                         \
+       ? (SOCKET_SET_ERRNO(ENOSPC), NULL)                                  \
+       : (sprintf((DST), "%d.%d.%d.%d",                                    \
+                  ((const unsigned char *)(const void *)(SRC))[0] & 0xff,  \
+                  ((const unsigned char *)(const void *)(SRC))[1] & 0xff,  \
+                  ((const unsigned char *)(const void *)(SRC))[2] & 0xff,  \
+                  ((const unsigned char *)(const void *)(SRC))[3] & 0xff), \
+          (DST)))                                                          \
+     : (SOCKET_SET_ERRNO(EAFNOSUPPORT), NULL))
+#define HAVE_INET_NTOP
+#endif
+
 #endif /* HAVE_MACSOCK_H */
 
 #endif /* _WIN32 */
index b6cf96dfa532ad90b93b52e09f46f72b299e5414..4cf155e620c7da2a1b65f74a7de231d12d126fa8 100644 (file)
 #define SIZEOF_LONG     4
 
 #include <windows.h>
+#include <limits.h>
 
 #define HAVE_LABS
 
+#ifndef SIZE_MAX    /* in case Microsoft defines max size of size_t */
+#define SIZE_MAX UINT_MAX
+#endif
+
 #ifndef KRB5_CALLCONV
 #  define KRB5_CALLCONV __stdcall
 #  define KRB5_CALLCONV_C __cdecl
@@ -145,8 +150,12 @@ typedef unsigned char      u_char;
 /*
  * Functions with slightly different names on the PC
  */
+#ifndef strcasecmp
 #define strcasecmp   stricmp
+#endif
+#ifndef strncasecmp
 #define strncasecmp  strnicmp
+#endif
 
 HINSTANCE get_lib_instance(void);
 
index b16d87642747aa9caefbf2345f8bae5baa2566db..5631e61cb9a1dea744af1260c805dfe8873347c2 100644 (file)
@@ -1,3 +1,7 @@
+2004-02-16  Tom Yu  <tlyu@mit.edu>
+
+       * configure.in: Invoke KRB5_AC_PRIOCNTL_HACK.
+
 2003-01-10  Ken Raeburn  <raeburn@mit.edu>
 
        * configure.in: Use V5_AC_OUTPUT_MAKEFILE instead of
index aa463ba12052bca30550de252a304298740bec53..2c54a53263a7cdea8288a52057aa3f0252d8cff1 100644 (file)
@@ -1,3 +1,12 @@
+2003-06-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * kadmin.c (strdate): Increase size of buffer to 40.  Use sizeof
+       for length passed to strftime.
+
+2003-05-19  Sam Hartman  <hartmans@mit.edu>
+
+       * kadmin.c (kadmin_startup): Don't register writable keytabs as this is always done by the library now.
+
 2003-02-07  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in (install): Fix typo in k5srvutil.M install rule.
index 189938e65767c03244687effc1005d3310fc1c7b..eb5468dde57a833c591539444ae611b04a33c174 100644 (file)
@@ -132,11 +132,11 @@ static char *strdate(when)
     krb5_timestamp when;
 {
     struct tm *tm;
-    static char out[30];
+    static char out[40];
     
     time_t lcltim = when;
     tm = localtime(&lcltim);
-    strftime(out, 30, "%a %b %d %H:%M:%S %Z %Y", tm);
+    strftime(out, sizeof(out), "%a %b %d %H:%M:%S %Z %Y", tm);
     return out;
 }
 
@@ -175,7 +175,6 @@ char *kadmin_startup(argc, argv)
     int argc;
     char *argv[];
 {
-    extern krb5_kt_ops krb5_ktf_writable_ops;
     extern char *optarg;
     char *princstr = NULL, *keytab_name = NULL, *query = NULL;
     char *password = NULL;
@@ -449,11 +448,6 @@ char *kadmin_startup(argc, argv)
     }
 
     /* register the WRFILE keytab type and set it as the default */
-    if ((retval = krb5_kt_register(context, &krb5_ktf_writable_ops))) {
-        com_err(whoami, retval,
-                "while registering writable key table functions");
-        exit(1);
-    }
     {
 #define DEFAULT_KEYTAB "WRFILE:/etc/krb5.keytab"
         /* XXX krb5_defkeyname is an internal library global and
index 48eb0c32ad55ba50ad0b4091bdbbbd1afd741866..1bb2dc13a6b746f8060fc87f2f25e4a56b9305d4 100644 (file)
@@ -71,6 +71,7 @@ fi
 AC_SUBST(V4SERVER)
 dnl
 KRB5_BUILD_PROGRAM
+KRB5_AC_PRIOCNTL_HACK
 dnl
 K5_GEN_FILE(testing/scripts/env-setup.sh:testing/scripts/env-setup.shin)
 V5_AC_OUTPUT_MAKEFILE(. cli dbutil passwd passwd/unit-test ktutil server v4server v4server/unit-test v5passwdd testing testing/scripts testing/util)
index 5f32c1eee410aa54971a3f80c4624e7ef3c226a1..7113025004d916708c58e944dfac7c231f52e9fb 100644 (file)
@@ -1,3 +1,7 @@
+2003-04-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * kdb5_destroy.c, kdb5_stash.c: Don't declare errno.
+
 2003-01-07  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.ov: Deleted.
index 62d65ed4985d6fb2e12460bc0ff9d813788f7175..2545bdb5d1dfa0f89baa62bb2f5c19bf82c86b51 100644 (file)
@@ -36,7 +36,6 @@
 #include <kadm5/adb.h>
 #include "kdb5_util.h"
 
-extern int errno;
 extern int exit_status;
 extern krb5_boolean dbactive;
 extern kadm5_config_params global_params;
index 37db048ac8ab6748a72a951da3634e612d7e1f70..6d7251541bdcff53e6eb770f1cd1dd2d24710f07 100644 (file)
@@ -59,8 +59,6 @@
 #include <stdio.h>
 #include "kdb5_util.h"
 
-extern int errno;
-
 extern krb5_keyblock master_keyblock;
 extern krb5_principal master_princ;
 extern kadm5_config_params global_params;
index cccc4936334a04ef5de0f89851751c798b7d5eaa..0202686b794921027784812bc14fec0aff9aac4d 100644 (file)
@@ -1,3 +1,8 @@
+2003-05-19  Sam Hartman  <hartmans@mit.edu>
+
+       * ktutil.c (main): Don't register writable keytab ops as they are
+       registered by the library now  
+
 2002-11-05  Tom Yu  <tlyu@mit.edu>
 
        * ktutil_funcs.c (ktutil_add): Remove trailing colon, as new
index fb21d7f439f4570be02712072a042ad03d8b183e..fe5c4273fb67ce5157a63aff7c7d9a0b35f43e9a 100644 (file)
@@ -42,16 +42,17 @@ clean::
 #
 $(OUTPRE)ktutil.$(OBJEXT): ktutil.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h ktutil.h $(SRCTOP)/include/krb5/adm_proto.h \
-  $(SS_DEPS)
+  ktutil.h $(SRCTOP)/include/krb5/adm_proto.h $(SS_DEPS)
 $(OUTPRE)ktutil_ct.$(OBJEXT): ktutil_ct.c $(SS_DEPS) \
   $(COM_ERR_DEPS)
 $(OUTPRE)ktutil_funcs.$(OBJEXT): ktutil_funcs.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h ktutil.h $(SRCTOP)/include/kerberosIV/krb.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP)
+  ktutil.h $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+  $(KRB_ERR_H_DEP)
 
index e01bbdbef77cfe5008d3491d256ef7e0bb8098db..e2464e8535703a7d2aff248329676c588464fb02 100644 (file)
@@ -45,7 +45,6 @@ int main(argc, argv)
     char *argv[];
 {
     krb5_error_code retval;
-    extern krb5_kt_ops krb5_ktf_writable_ops;
     int sci_idx;
 
     retval = krb5_init_context(&kcontext);
@@ -53,12 +52,6 @@ int main(argc, argv)
         com_err(argv[0], retval, "while initializing krb5");
        exit(1);
     }
-    retval = krb5_kt_register(kcontext, &krb5_ktf_writable_ops);
-    if (retval) {
-       com_err(argv[0], retval,
-               "while registering writable key table functions");
-       exit(1);
-    }
     sci_idx = ss_create_invocation("ktutil", "5.0", (char *)NULL,
                                   &ktutil_cmds, &retval);
     if (retval) {
index f934277decbad5d9096fb92fa199e883f26293d9..54a0e5b958bbad90f96bf0f5f8dee9e0c4e6298d 100644 (file)
@@ -1,3 +1,9 @@
+2004-02-16  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in (unit-test-body): Add PRIOCNTL_HACK.
+
+       * config/unix.exp: Add PRIOCNTL_HACK.
+
 2003-01-07  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.ov: Deleted.
index 2a9fbee7c1f879ef7b16c92168724849f7a60273..5445a2811e49eefe0eac9842555f4c56c31ea10b 100644 (file)
@@ -15,7 +15,8 @@ unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup
 unit-test-body::       
        $(ENV_SETUP) $(RUNTEST) --tool kpasswd KPASSWD=../kpasswd \
                KINIT=$(BUILDTOP)/clients/kinit/kinit \
-               KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy
+               KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
+               PRIOCNTL_HACK=@PRIOCNTL_HACK@
 
 unit-test-setup::
        $(ENV_SETUP) $(START_SERVERS)
index c77aa016a363d077a272b9fd3d057939bf259e1d..bd8382e19e222289b667a112460e8f033cd8dc3b 100644 (file)
@@ -1,3 +1,41 @@
+# Hack around Solaris 9 kernel race condition that causes last output
+# from a pty to get dropped.
+if { $PRIOCNTL_HACK } {
+    catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
+    rename spawn oldspawn
+    proc spawn { args } {
+       upvar 1 spawn_id spawn_id
+       set newargs {}
+       set inflags 1
+       set eatnext 0
+       foreach arg $args {
+           if { $arg == "-ignore" \
+                    || $arg == "-open" \
+                    || $arg == "-leaveopen" } {
+               lappend newargs $arg
+               set eatnext 1
+               continue
+           }
+           if [string match "-*" $arg] {
+               lappend newargs $arg
+               continue
+           }
+           if { $eatnext } {
+               set eatnext 0
+               lappend newargs $arg
+               continue
+           }
+           if { $inflags } {
+               set inflags 0
+               set newargs [concat $newargs {priocntl -e -c FX -p 0}]
+           }
+           lappend newargs $arg
+       }
+       set pid [eval oldspawn $newargs]
+       return $pid
+    }
+}
+
 #
 # kpasswd_version -- extract and print the version number of kpasswd
 #
index 6c3d72be0511da910d4665abceba08ae9e719c1a..66fad7429ed915f6057ed8a8344c310c4ec2e155 100644 (file)
@@ -1,3 +1,16 @@
+2003-09-02  Alexandra Ellwood  <lxs@mit.edu>
+
+       * ovsec_kadmd.c: Added Apple password server support.
+
+2003-05-27  Tom Yu  <tlyu@mit.edu>
+
+       * schpw.c (process_chpw_request): Log chpw requests.
+
+2003-05-16  Ken Raeburn  <raeburn@mit.edu>
+
+       * schpw.c (process_chpw_request): Return KRB5_KPASSWD_BAD_VERSION
+       if the version number isn't 1.
+
 2003-03-07  Tom Yu  <tlyu@mit.edu>
 
        * ovsec_kadmd.c (REQUIRED_PARAMS): Remove
index 290af20eebbc2774459a4ff51de39f3a58034477..4510b1bb7a8784d14db99bfbccc670b6da2e6ae4 100644 (file)
@@ -113,6 +113,10 @@ void log_badauth_display_status_1(char *m, OM_uint32 code, int type,
 int schpw;
 void do_schpw(int s, kadm5_config_params *params);
 
+#ifdef USE_PASSWORD_SERVER
+void kadm5_set_use_password_server (void);
+#endif
+
 /*
  * Function: usage
  * 
@@ -127,6 +131,9 @@ void do_schpw(int s, kadm5_config_params *params);
 static void usage()
 {
      fprintf(stderr, "Usage: kadmind [-r realm] [-m] [-nofork] "
+#ifdef USE_PASSWORD_SERVER
+             "[-passwordserver] "
+#endif
             "[-port port-number]\n");
      exit(1);
 }
@@ -242,6 +249,10 @@ int main(int argc, char *argv[])
               params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
          } else if (strcmp(*argv, "-nofork") == 0) {
               nofork = 1;
+#ifdef USE_PASSWORD_SERVER
+          } else if (strcmp(*argv, "-passwordserver") == 0) {
+              kadm5_set_use_password_server ();
+#endif              
          } else if(strcmp(*argv, "-port") == 0) {
            argc--; argv++;
            if(!argc)
index ddf6238862356ec6c45b464b1694f0f1a50ae087..2a0fe9d87b002f3efd3269d4b40de76839d0d9f4 100644 (file)
@@ -1,7 +1,8 @@
 #define NEED_SOCKETS
 #include "k5-int.h"
 #include <kadm5/admin.h>
-
+#include <syslog.h>
+#include <krb5/adm_proto.h>    /* krb5_klog_syslog */
 #include <stdio.h>
 #include <errno.h>
 
@@ -39,6 +40,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
     krb5_error krberror;
     int numresult;
     char strresult[1024];
+    char *clientstr;
 
     ret = 0;
     rep->length = 0;
@@ -76,7 +78,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
 
     if (vno != 1) {
        ret = KRB5KDC_ERR_BAD_PVNO;
-       numresult = KRB5_KPASSWD_MALFORMED;
+       numresult = KRB5_KPASSWD_BAD_VERSION;
        sprintf(strresult,
                "Request contained unknown protocol version number %d", vno);
        goto chpwfail;
@@ -235,6 +237,12 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
        goto chpwfail;
     }
 
+    ret = krb5_unparse_name(context, ticket->enc_part2->client, &clientstr);
+    if (ret) {
+       numresult = KRB5_KPASSWD_HARDERROR;
+       strcpy(strresult, "Failed unparsing client name for log");
+       goto chpwfail;
+    }
     /* change the password */
 
     ptr = (char *) malloc(clear.length+1);
@@ -251,6 +259,11 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
     free(ptr);
     clear.length = 0;
 
+    krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %s: %s",
+                    inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr),
+                    clientstr, ret ? error_message(ret) : "success");
+    krb5_free_unparsed_name(context, clientstr);
+
     if (ret) {
        if ((ret != KADM5_PASS_Q_TOOSHORT) && 
            (ret != KADM5_PASS_REUSE) && (ret != KADM5_PASS_Q_CLASS) && 
index 4a4031e57e7ce51ae80d6094487f0f19a9aac840..ea795bcde77fd0fdbbcb9058887a05fdeca121a3 100644 (file)
@@ -1,3 +1,7 @@
+2004-02-12  Tom Yu  <tlyu@mit.edu>
+
+       * env-setup.shin: Substitute FAKEDEST.  Substitue "$" for "$$".
+
 2003-01-07  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.ov: Deleted.
index 5dfd0c10a4b5c9c4eee4bb57e52a8f680585545f..98e8d391c7838a768a6cd650ace1eb1b793578f6 100644 (file)
@@ -21,12 +21,14 @@ TOPLIBD=@RBUILD@/lib
 PROG_LIBPATH=-L@RBUILD@/lib
 # XXX kludge!
 PROG_RPATH=@RBUILD@/lib
+# XXX more kludge!
+FAKEDEST=@RBUILD@/util/fakedest
 # This converts $(TOPLIBD) to $TOPLIBD
 cat > /tmp/env_setup$$ <<\EOF
 @KRB5_RUN_ENV@
 EOF
 
-foo=`sed -e 's/(//g' -e 's/)//g' /tmp/env_setup$$`
+foo=`sed -e 's/(//g' -e 's/)//g' -e 's/\\\$\\\$/\$/g' /tmp/env_setup$$`
 eval $foo
 
 # This will get put in setup.csh for convenience
index b065ab0f01ad2fa025a76a573c409f4c8cb2c9bf..38fb30c5ace6f36a6667aeaa5c6bd810970bc12d 100644 (file)
@@ -53,10 +53,11 @@ $(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): tcl_ovsec_kadm.c \
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h tcl_kadm5.h
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  tcl_kadm5.h
 $(OUTPRE)tcl_kadm5.$(OBJEXT): tcl_kadm5.c $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
@@ -64,10 +65,10 @@ $(OUTPRE)tcl_kadm5.$(OBJEXT): tcl_kadm5.c $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  tcl_kadm5.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h tcl_kadm5.h
 $(OUTPRE)test.$(OBJEXT): test.c tcl_kadm5.h
 
index 4f1f76b659183fe042b05eb2c89337a99225fe37..9a4a9211b106c2182f430febbfd05ba0b8fd9475 100644 (file)
@@ -57,37 +57,40 @@ $(OUTPRE)main.$(OBJEXT): main.c $(SRCTOP)/include/syslog.h \
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h \
-  kadm5_defs.h
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(SRCTOP)/include/krb5/adm_proto.h kadm5_defs.h
 $(OUTPRE)srv_net.$(OBJEXT): srv_net.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h kadm5_defs.h $(SRCTOP)/include/krb5/adm.h
+  kadm5_defs.h $(SRCTOP)/include/krb5/adm.h
 $(OUTPRE)proto_serv.$(OBJEXT): proto_serv.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h kadm5_defs.h $(SRCTOP)/include/krb5/adm.h \
-  $(SRCTOP)/include/krb5/adm_proto.h
+  kadm5_defs.h $(SRCTOP)/include/krb5/adm.h $(SRCTOP)/include/krb5/adm_proto.h
 $(OUTPRE)adm_rw.$(OBJEXT): adm_rw.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/adm_proto.h
+  $(SRCTOP)/include/krb5/adm_proto.h
 $(OUTPRE)kpasswd.$(OBJEXT): kpasswd.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/adm_defs.h \
-  $(SRCTOP)/include/krb5/adm.h $(SRCTOP)/include/krb5/adm_proto.h
+  $(SRCTOP)/include/krb5/adm_defs.h $(SRCTOP)/include/krb5/adm.h \
+  $(SRCTOP)/include/krb5/adm_proto.h
 $(OUTPRE)adm_conn.$(OBJEXT): adm_conn.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/adm.h \
-  $(SRCTOP)/include/krb5/adm_proto.h
+  $(SRCTOP)/include/krb5/adm.h $(SRCTOP)/include/krb5/adm_proto.h
 
index eb4273615c0aa7f663caa35431c8189a1888a6c9..5114e6a2df23ad80a319b32492621477ad136171 100644 (file)
@@ -1,3 +1,133 @@
+2004-03-22  Ken Raeburn  <raeburn@mit.edu>
+
+       * network.c (delete_fd): Free pointed-to data after removing it
+       from the connection set.
+       (kill_tcp_connection): Move delete_fd call to the end.
+       (accept_tcp_connection): Decrement connection counter again if we
+       drop the incoming connection for lack of buffer space.
+
+2004-02-19  Ken Hornstein  <kenh@mit.edu>
+
+       * fakeka.c (main): Bug from David Thompson <thomas@cs.wisc.edu>.
+       Bug originally introduced during conversion from bcopy() to
+       memcpy().
+
+2004-02-12  Sam Hartman  <hartmans@mit.edu>
+
+       * kdc_util.c (validate_tgs_request): Fix logic error
+
+2004-02-09  Tom Yu  <tlyu@mit.edu>
+
+       * main.c (init_realm): Apply patch from Will Fiveash to use
+       correct TCP listening ports.
+
+2004-02-06  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * kdc_util.c:  Ignore unknown TGS options
+
+2004-01-05  Sam Hartman  <hartmans@mit.edu>
+
+       * kerberos_v4.c (kerberos_v4): Only backdate the rquest in the
+       issued ticket.  Client libraries tend to verify that the
+       backdating falls within clockskew.  a
+
+2003-06-03  Tom Yu  <tlyu@mit.edu>
+
+       * extern.h (master_princ): Remove realm_mkvno, realm_tgskey,
+       realm_tgskvno, realm_kstypes, realm_nkstypes.  They're not needed
+       anymore.
+
+       * main.c (finish_realm): Remove references to realm_kstypes,
+       realm_tgskey.
+       (init_realm): Don't bother with realm_kstypes.  Don't bother
+       looking up the master kvno.  Don't bother caching the TGS key.
+       None of these were being used.
+
+2003-05-30  Ken Raeburn  <raeburn@mit.edu>
+
+       * main.c (init_realm): Use KRB5_KDB_MAX_RLIFE, not
+       KRB5_KDB_MAX_LIFE, as default for realm's max renewable lifetime.
+
+2003-05-23  Sam Hartman  <hartmans@mit.edu>
+
+       * kdc_preauth.c (_make_etype_info_entry): Add flag to know if we
+       are producing etype_info2 so we know whether filling in s2kparams
+       is allowed.    In the etype_info2 case support afs3 salts.
+       (etype_info_helper): Pass in flag
+       (return_etype_info2): And here
+
+2003-05-23  Ezra Peisach  <epeisach@mit.edu>
+
+       * kdc_preauth.c (return_etype_info2): After encoding the
+       etype_info2 and copying the pointers to the pa_data, free the
+       krb5_data pointer.
+
+2003-05-22  Sam Hartman  <hartmans@mit.edu>
+
+       * kdc_util.c (validate_as_request): Only reject options we
+       understand and believe are inappropriate for AS requests. Per
+       spec, unknown options are ignored.
+
+2003-05-14  Sam Hartman  <hartmans@mit.edu>
+
+       * kdc_preauth.c (check_padata): Allow bad_integrity to be returned to a client
+
+2003-05-08  Sam Hartman  <hartmans@mit.edu>
+
+       * kdc_preauth.c (return_pw_salt): Don't return pw-salt if the
+       client's enctype list  mandates it supports enctype-info2
+
+2003-05-09  Tom Yu  <tlyu@mit.edu>
+
+       * kdc_util.c (kdc_process_tgs_req): Rename getremotesubkey ->
+       getrecvsubkey.
+
+2003-05-07  Sam Hartman  <hartmans@mit.edu>
+
+       * kdc_preauth.c (get_etype_info): Patch from Sun to reorganize
+       code and make sure that even for md5 the database order is
+       preserved. 
+       (enctype_requires_etype_info_2): new function; determines wether a
+       particular enctype in a client request means that the client  is
+       required to support etype_info2 by Kerberos clarifications.
+       (etype_info_helper): Renamed from get_etype_info  to abstract out
+       code in common between etype_info and etype_info2
+       (get_enctype_info): Return etype info only if request contains no
+       enctypes that  require etype_info2
+       (return_etype_info2): New function.
+
+2003-04-02  Sam Hartman  <hartmans@mit.edu>
+
+       * kdc_preauth.c (get_etype_info): Avoid infinite loop if request
+       does not contain des-cbc-crc and database does 
+
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * do_tgs_req.c (process_tgs_req): Check that principal name
+       component 1 is present before examining it.
+       * kdc_util.c (krb5_is_tgs_principal, validate_tgs_request): Check
+       principal name length before examining components.
+
+2003-03-28  Tom Yu  <tlyu@mit.edu>
+
+       * kdc_preauth.c (verify_enc_timestamp): Save decryption error, in
+       case we get NO_MATCHING_KEY later.  This allows us to log a more
+       sane error if an incorrect password is used for encrypting the
+       enc-timestamp preauth.
+
+2003-03-16  Sam Hartman  <hartmans@mit.edu>
+
+       * main.c (initialize_realms): Add support to call
+       enable_v4_crossrealm if the user wants insecure operation 
+
+       * kerberos_v4.c: Add enable_v4_crossrealm.  By default krb4
+       cross-realm is not allowed as it is insecure.  Also, remove
+       support for generating krb4 tickets encrypted in 3DES as they are
+       insecure. 
+
+       * kdc_util.h: Define enable_v4_crossrealm, new function to enable
+       secure krb4 cross-realm authentication 
+
 2003-03-05  Tom Yu  <tlyu@mit.edu>
 
        * main.c (init_realm): Update call to krb5_ktdb_resolve().
index 368dfaf91b2f0d6be8e94dcd794ebc556f1ea154..680ded33ab6c5436dabc07b703624544b2e0b6be 100644 (file)
@@ -101,80 +101,87 @@ clean::
 $(OUTPRE)kdc5_err.$(OBJEXT): kdc5_err.c $(COM_ERR_DEPS)
 $(OUTPRE)dispatch.$(OBJEXT): dispatch.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/syslog.h \
-  kdc_util.h extern.h $(SRCTOP)/include/krb5/adm_proto.h
+  $(SRCTOP)/include/syslog.h kdc_util.h extern.h $(SRCTOP)/include/krb5/adm_proto.h
 $(OUTPRE)do_as_req.$(OBJEXT): do_as_req.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/syslog.h \
-  kdc_util.h policy.h $(SRCTOP)/include/krb5/adm.h $(SRCTOP)/include/krb5/adm_proto.h \
-  extern.h
+  $(SRCTOP)/include/syslog.h kdc_util.h policy.h $(SRCTOP)/include/krb5/adm.h \
+  $(SRCTOP)/include/krb5/adm_proto.h extern.h
 $(OUTPRE)do_tgs_req.$(OBJEXT): do_tgs_req.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/syslog.h \
-  kdc_util.h policy.h extern.h $(SRCTOP)/include/krb5/adm_proto.h
+  $(SRCTOP)/include/syslog.h kdc_util.h policy.h extern.h \
+  $(SRCTOP)/include/krb5/adm_proto.h
 $(OUTPRE)kdc_util.$(OBJEXT): kdc_util.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h kdc_util.h extern.h $(SRCTOP)/include/syslog.h \
-  $(SRCTOP)/include/krb5/adm.h $(SRCTOP)/include/krb5/adm_proto.h
+  kdc_util.h extern.h $(SRCTOP)/include/syslog.h $(SRCTOP)/include/krb5/adm.h \
+  $(SRCTOP)/include/krb5/adm_proto.h
 $(OUTPRE)kdc_preauth.$(OBJEXT): kdc_preauth.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h kdc_util.h extern.h $(SRCTOP)/include/krb5/adm_proto.h \
+  kdc_util.h extern.h $(SRCTOP)/include/krb5/adm_proto.h \
   $(SRCTOP)/include/syslog.h
 $(OUTPRE)logger.$(OBJEXT): $(SRCTOP)/lib/kadm5/logger.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/syslog.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/adm_proto.h \
+  $(SRCTOP)/include/syslog.h
 $(OUTPRE)main.$(OBJEXT): main.c $(SRCTOP)/include/syslog.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/krb5/adm.h $(SRCTOP)/include/krb5/adm_proto.h \
-  kdc_util.h extern.h kdc5_err.h $(SRCTOP)/include/krb5/kdb_kt.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/adm.h \
+  $(SRCTOP)/include/krb5/adm_proto.h kdc_util.h extern.h \
+  kdc5_err.h $(SRCTOP)/include/krb5/kdb_kt.h $(SRCTOP)/include/kerberosIV/des.h
 $(OUTPRE)network.$(OBJEXT): network.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h kdc_util.h extern.h kdc5_err.h \
-  $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/syslog.h \
-  $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/cm.h \
-  $(SRCTOP)/include/foreachaddr.c
+  kdc_util.h extern.h kdc5_err.h $(SRCTOP)/include/krb5/adm_proto.h \
+  $(SRCTOP)/include/syslog.h $(SRCTOP)/include/fake-addrinfo.h \
+  $(SRCTOP)/include/cm.h $(SRCTOP)/include/foreachaddr.c
 $(OUTPRE)policy.$(OBJEXT): policy.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h kdc_util.h
+  kdc_util.h
 $(OUTPRE)extern.$(OBJEXT): extern.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h extern.h
+  extern.h
 $(OUTPRE)replay.$(OBJEXT): replay.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h kdc_util.h extern.h
+  kdc_util.h extern.h
 $(OUTPRE)kerberos_v4.$(OBJEXT): kerberos_v4.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h kdc_util.h $(SRCTOP)/include/krb5/adm_proto.h \
-  $(SRCTOP)/include/syslog.h $(SRCTOP)/include/kerberosIV/krb.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  $(SRCTOP)/include/kerberosIV/klog.h $(SRCTOP)/include/kerberosIV/prot.h \
-  $(SRCTOP)/include/kerberosIV/krb_db.h $(SRCTOP)/include/kerberosIV/kdc.h \
-  extern.h
+  kdc_util.h $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/syslog.h \
+  $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+  $(KRB_ERR_H_DEP) $(SRCTOP)/include/kerberosIV/klog.h \
+  $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_db.h \
+  $(SRCTOP)/include/kerberosIV/kdc.h extern.h
 
index 0c6116e219d38a56d4c6c08f32bae9a9c41d315f..c8b679bc2a532d77d01dc21a998ccdd84f14195c 100644 (file)
@@ -174,7 +174,7 @@ tgt_again:
                krb5_data *tgs_1 =
                    krb5_princ_component(kdc_context, tgs_server, 1);
 
-               if (server_1->length != tgs_1->length ||
+               if (!tgs_1 || server_1->length != tgs_1->length ||
                    memcmp(server_1->data, tgs_1->data, tgs_1->length)) {
                    krb5_db_free_principal(kdc_context, &server, nprincs);
                    find_alternate_tgs(request, &server, &more, &nprincs);
index ad06674b887501cce8ce0176ab9642990c51025d..d4db86aac01c7909cd6671b53922eb4f53ff82d8 100644 (file)
@@ -49,13 +49,10 @@ typedef struct __kdc_realm_data {
     char *             realm_mpname;   /* Master principal name for realm  */
     krb5_principal     realm_mprinc;   /* Master principal for realm       */
     krb5_keyblock      realm_mkey;     /* Master key for this realm        */
-    krb5_kvno          realm_mkvno;    /* Master key vno for this realm    */
     /*
      * TGS per-realm data.
      */
     krb5_principal     realm_tgsprinc; /* TGS principal for this realm     */
-    krb5_keyblock      realm_tgskey;   /* TGS' key for this realm          */
-    krb5_kvno          realm_tgskvno;  /* TGS' key vno for this realm      */
     /*
      * Other per-realm data.
      */
@@ -66,8 +63,6 @@ typedef struct __kdc_realm_data {
      */
     krb5_deltat                realm_maxlife;  /* Maximum ticket life for realm    */
     krb5_deltat                realm_maxrlife; /* Maximum renewable life for realm */
-    void               *realm_kstypes; /* Key/Salts supported for realm    */
-    krb5_int32         realm_nkstypes; /* Number of key/salts              */
     krb5_boolean       realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */
 } kdc_realm_t;
 
@@ -87,8 +82,6 @@ kdc_realm_t *find_realm_data (char *, krb5_ui_4);
 #define        max_renewable_life_for_realm    kdc_active_realm->realm_maxrlife
 #define        master_keyblock                 kdc_active_realm->realm_mkey
 #define        master_princ                    kdc_active_realm->realm_mprinc
-#define        tgs_key                         kdc_active_realm->realm_tgskey
-#define        tgs_kvno                        kdc_active_realm->realm_tgskvno
 #define        tgs_server_struct               *(kdc_active_realm->realm_tgsprinc)
 #define        tgs_server                      kdc_active_realm->realm_tgsprinc
 #define        dbm_db_name                     kdc_active_realm->realm_dbname
index 040e88845c3d74c94aae77e9570e68b9c26a6331..452d8d3d86e6d74ec6e9c9c173a638b09e35ff14 100644 (file)
@@ -1361,7 +1361,7 @@ char **argv;
            /*
             * copy the forwarder header and adjust the bases and lengths.
             */
-           memcpy(reply.data, reply.data, HEADER_LEN);
+           memcpy(reply.data, req.data, HEADER_LEN);
            req.base += HEADER_LEN;
            req.len -= HEADER_LEN;
            reply.base += HEADER_LEN;
index 4747f27deb1ac66f4ea47898cfd8b4568b52f360..342f05021842c5d0e6a9da45dd282fea6b04761a 100644 (file)
@@ -59,6 +59,8 @@
 #include "adm_proto.h"
 #include <syslog.h>
 
+#include <assert.h>
+
 /* XXX This is ugly and should be in a header file somewhere */
 #ifndef KRB5INT_DES_TYPES_DEFINED
 #define KRB5INT_DES_TYPES_DEFINED
@@ -104,6 +106,18 @@ static krb5_error_code get_etype_info
     (krb5_context, krb5_kdc_req *request,
                    krb5_db_entry *client, krb5_db_entry *server,
                    krb5_pa_data *data);
+static krb5_error_code
+get_etype_info2(krb5_context context, krb5_kdc_req *request,
+              krb5_db_entry *client, krb5_db_entry *server,
+                 krb5_pa_data *pa_data);
+static krb5_error_code
+return_etype_info2(krb5_context, krb5_pa_data * padata, 
+                  krb5_db_entry *client,
+                  krb5_kdc_req *request, krb5_kdc_rep *reply,
+                  krb5_key_data *client_key,
+                  krb5_keyblock *encrypting_key,
+                  krb5_pa_data **send_pa);
+
 static krb5_error_code return_pw_salt
     (krb5_context, krb5_pa_data * padata, 
                    krb5_db_entry *client,
@@ -155,6 +169,14 @@ static krb5_preauth_systems preauth_systems[] = {
        0,
        0
     },
+    {
+       "etype-info2",
+       KRB5_PADATA_ETYPE_INFO2,
+       0,
+       get_etype_info2,
+       0,
+       return_etype_info2
+    },
     {
        "pw-salt",
        KRB5_PADATA_PW_SALT,
@@ -362,6 +384,7 @@ check_padata (krb5_context context, krb5_db_entry *client,
  * to return some preauth system errors back to the client.
  */
         switch(retval) {
+       case KRB5KRB_AP_ERR_BAD_INTEGRITY:
     case KRB5KRB_AP_ERR_SKEW:
        return retval;
     default:
@@ -431,6 +454,26 @@ cleanup:
     return (retval);
 }
 
+static krb5_boolean
+enctype_requires_etype_info_2(krb5_enctype enctype)
+{
+    switch(enctype) {
+    case ENCTYPE_DES_CBC_CRC:
+    case ENCTYPE_DES_CBC_MD4:
+    case ENCTYPE_DES_CBC_MD5:
+    case ENCTYPE_DES3_CBC_SHA1:
+    case ENCTYPE_DES3_CBC_RAW:
+    case ENCTYPE_ARCFOUR_HMAC:
+    case ENCTYPE_ARCFOUR_HMAC_EXP :
+    case ENCTYPE_LOCAL_DES3_HMAC_SHA1:
+       return 0;
+    default:
+       if (krb5_c_valid_enctype(enctype))
+           return 1;
+       else return 0;
+    }
+}
+
 static krb5_boolean
 request_contains_enctype (krb5_context context,  const krb5_kdc_req *request,
                          krb5_enctype enctype)
@@ -457,7 +500,8 @@ verify_enc_timestamp(krb5_context context, krb5_db_entry *client,
     krb5_key_data *            client_key;
     krb5_int32                 start;
     krb5_timestamp             timenow;
-    
+    krb5_error_code            decrypt_err;
+
     scratch.data = pa->contents;
     scratch.length = pa->length;
 
@@ -471,6 +515,7 @@ verify_enc_timestamp(krb5_context context, krb5_db_entry *client,
        goto cleanup;
 
     start = 0;
+    decrypt_err = 0;
     while (1) {
        if ((retval = krb5_dbe_search_enctype(context, client,
                                              &start, enc_data->enctype,
@@ -488,6 +533,8 @@ verify_enc_timestamp(krb5_context context, krb5_db_entry *client,
        krb5_free_keyblock_contents(context, &key);
        if (retval == 0)
            break;
+       else
+           decrypt_err = retval;
     }
 
     if ((retval = decode_krb5_pa_enc_ts(&enc_ts_data, &pa_enc)) != 0)
@@ -513,29 +560,98 @@ cleanup:
     krb5_free_data_contents(context, &enc_ts_data);
     if (pa_enc)
        free(pa_enc);
+    /*
+     * If we get NO_MATCHING_KEY and decryption previously failed, and
+     * we failed to find any other keys of the correct enctype after
+     * that failed decryption, it probably means that the password was
+     * incorrect.
+     */
+    if (retval == KRB5_KDB_NO_MATCHING_KEY && decrypt_err != 0)
+       retval = decrypt_err;
     return retval;
 }
 
+static krb5_error_code
+_make_etype_info_entry(krb5_context context,
+                      krb5_kdc_req *request, krb5_key_data *client_key,
+                      krb5_enctype etype, krb5_etype_info_entry **entry,
+                      int etype_info2)
+{
+    krb5_data                  salt;
+    krb5_etype_info_entry *    tmp_entry; 
+    krb5_error_code            retval;
+
+    if ((tmp_entry = malloc(sizeof(krb5_etype_info_entry))) == NULL)
+       return ENOMEM;
+
+    salt.data = 0;
+
+    tmp_entry->magic = KV5M_ETYPE_INFO_ENTRY;
+    tmp_entry->etype = etype;
+    tmp_entry->length = KRB5_ETYPE_NO_SALT;
+    tmp_entry->salt = 0;
+    tmp_entry->s2kparams.data = NULL;
+    tmp_entry->s2kparams.length = 0;
+    retval = get_salt_from_key(context, request->client,
+                              client_key, &salt);
+    if (retval)
+       goto fail;
+    if (etype_info2 && client_key->key_data_ver > 1 &&
+       client_key->key_data_type[1] == KRB5_KDB_SALTTYPE_AFS3) {
+       switch (etype) {
+       case ENCTYPE_DES_CBC_CRC:
+       case ENCTYPE_DES_CBC_MD4:
+       case ENCTYPE_DES_CBC_MD5:
+           tmp_entry->s2kparams.data = malloc(1);
+           if (tmp_entry->s2kparams.data == NULL) {
+               retval = ENOMEM;
+               goto fail;
+           }
+           tmp_entry->s2kparams.length = 1;
+           tmp_entry->s2kparams.data[0] = 1;
+           break;
+       default:
+           break;
+       }
+    }
+
+    if (salt.length >= 0) {
+       tmp_entry->length = salt.length;
+       tmp_entry->salt = (unsigned char *) salt.data;
+       salt.data = 0;
+    }
+    *entry = tmp_entry;
+    return 0;
+
+fail:
+    if (tmp_entry) {
+       if (tmp_entry->s2kparams.data)
+           free(tmp_entry->s2kparams.data);
+       free(tmp_entry);
+    }
+    if (salt.data)
+       free(salt.data);
+    return retval;
+}
 /*
  * This function returns the etype information for a particular
  * client, to be passed back in the preauth list in the KRB_ERROR
- * message.
+ * message.  It supports generating both etype_info  and etype_info2
+ *  as most of the work is the same.   
  */
 static krb5_error_code
-get_etype_info(krb5_context context, krb5_kdc_req *request,
+etype_info_helper(krb5_context context, krb5_kdc_req *request,
               krb5_db_entry *client, krb5_db_entry *server,
-              krb5_pa_data *pa_data)
+              krb5_pa_data *pa_data, int etype_info2)
 {
     krb5_etype_info_entry **   entry = 0;
     krb5_key_data              *client_key;
     krb5_error_code            retval;
-    krb5_data                  salt;
     krb5_data *                        scratch;
     krb5_enctype               db_etype;
     int                        i = 0;
     int                        start = 0;
-
-    salt.data = 0;
+    int                                seen_des = 0;
 
     entry = malloc((client->n_key_data * 2 + 1) * sizeof(krb5_etype_info_entry *));
     if (entry == NULL)
@@ -550,51 +666,55 @@ get_etype_info(krb5_context context, krb5_kdc_req *request,
        if (retval)
            goto cleanup;
        db_etype = client_key->key_data_type[0];
-       if (db_etype == ENCTYPE_DES_CBC_MD4 || db_etype == ENCTYPE_DES_CBC_MD5)
-           db_etype = ENCTYPE_DES_CBC_CRC;
+       if (db_etype == ENCTYPE_DES_CBC_MD4)
+           db_etype = ENCTYPE_DES_CBC_MD5;
        
-       while (1) {
-           if (!request_contains_enctype(context,
-                                         request, db_etype)) {
-               if (db_etype == ENCTYPE_DES_CBC_CRC)
-                    continue;
-                else break;
-            }
-
-           if ((entry[i] = malloc(sizeof(krb5_etype_info_entry))) == NULL) {
-               retval = ENOMEM;
+       if (request_contains_enctype(context, request, db_etype)) {
+           assert(etype_info2 ||
+                  !enctype_requires_etype_info_2(db_etype));
+           if ((retval = _make_etype_info_entry(context, request, client_key,
+                           db_etype, &entry[i], etype_info2)) != 0) {
                goto cleanup;
            }
            entry[i+1] = 0;
-           entry[i]->magic = KV5M_ETYPE_INFO_ENTRY;
-           entry[i]->etype = db_etype;
-           entry[i]->length = KRB5_ETYPE_NO_SALT;
-           entry[i]->salt = 0;
-           retval = get_salt_from_key(context, request->client,
-                                      client_key, &salt);
-           if (retval)
-               goto cleanup;
-           if (salt.length >= 0 && salt.length != SALT_TYPE_NO_LENGTH) {
-               entry[i]->length = salt.length;
-               entry[i]->salt = salt.data;
-               salt.data = 0;
-           }
            i++;
-           /*
-            * If we have a DES_CRC key, it can also be used as a
-            * DES_MD5 key.
-            */
-           if (db_etype == ENCTYPE_DES_CBC_CRC)
+       }
+
+       /* 
+        * If there is a des key in the kdb, try the "similar" enctypes,
+        * avoid duplicate entries. 
+        */
+       if (!seen_des) {
+           switch (db_etype) {
+           case ENCTYPE_DES_CBC_MD5:
+               db_etype = ENCTYPE_DES_CBC_CRC;
+               break;
+           case ENCTYPE_DES_CBC_CRC:
                db_etype = ENCTYPE_DES_CBC_MD5;
-           else
                break;
+           default:
+               continue;
+
+           }
+           if (request_contains_enctype(context, request, db_etype)) {
+               if ((retval = _make_etype_info_entry(context, request,
+                               client_key, db_etype, &entry[i], etype_info2)) != 0) {
+                   goto cleanup;
+               }
+               entry[i+1] = 0;
+               i++;
+           }
+           seen_des++;
        }
     }
-    retval = encode_krb5_etype_info((const krb5_etype_info_entry **) entry,
+    if (etype_info2)
+       retval = encode_krb5_etype_info2((const krb5_etype_info_entry **) entry,
+                                   &scratch);
+    else       retval = encode_krb5_etype_info((const krb5_etype_info_entry **) entry,
                                    &scratch);
     if (retval)
        goto cleanup;
-    pa_data->contents = scratch->data;
+    pa_data->contents = (unsigned char *)scratch->data;
     pa_data->length = scratch->length;
     free(scratch);
 
@@ -603,11 +723,84 @@ get_etype_info(krb5_context context, krb5_kdc_req *request,
 cleanup:
     if (entry)
        krb5_free_etype_info(context, entry);
-    if (salt.data)
-       free(salt.data);
     return retval;
 }
 
+static krb5_error_code
+get_etype_info(krb5_context context, krb5_kdc_req *request,
+              krb5_db_entry *client, krb5_db_entry *server,
+              krb5_pa_data *pa_data)
+{
+  int i;
+    for (i=0;  i < request->nktypes; i++) {
+       if (enctype_requires_etype_info_2(request->ktype[i])) 
+           return KRB5KDC_ERR_PADATA_TYPE_NOSUPP ;;;; /*Caller will
+                                                       * skip this
+                                                       * type*/
+    }
+    return etype_info_helper(context, request, client, server, pa_data, 0);
+}
+
+static krb5_error_code
+get_etype_info2(krb5_context context, krb5_kdc_req *request,
+              krb5_db_entry *client, krb5_db_entry *server,
+              krb5_pa_data *pa_data)
+{
+    return etype_info_helper( context, request, client, server, pa_data, 1);
+}
+
+static krb5_error_code
+return_etype_info2(krb5_context context, krb5_pa_data * padata, 
+                  krb5_db_entry *client,
+                  krb5_kdc_req *request, krb5_kdc_rep *reply,
+                  krb5_key_data *client_key,
+                  krb5_keyblock *encrypting_key,
+                  krb5_pa_data **send_pa)
+{
+    krb5_error_code retval;
+    krb5_pa_data *tmp_padata;
+    krb5_etype_info_entry **entry = NULL;
+    krb5_data *scratch = NULL;
+    tmp_padata = malloc( sizeof(krb5_pa_data));
+    if (tmp_padata == NULL)
+       return ENOMEM;
+    tmp_padata->pa_type = KRB5_PADATA_ETYPE_INFO2;
+    entry = malloc(2 * sizeof(krb5_etype_info_entry *));
+    if (entry == NULL) {
+       retval = ENOMEM;
+       goto cleanup;
+    }
+    entry[0] = NULL;
+    entry[1] = NULL;
+    retval = _make_etype_info_entry(context, request, client_key, client_key->key_data_type[0],
+                                   entry, 1);
+    if (retval)
+       goto cleanup;
+    retval = encode_krb5_etype_info2((const krb5_etype_info_entry **) entry, &scratch);
+    if (retval)
+       goto cleanup;
+    tmp_padata->contents = scratch->data;
+    tmp_padata->length = scratch->length;
+    *send_pa = tmp_padata;
+
+    /* For cleanup - we no longer own the contents of the krb5_data 
+     * only to pointer to the krb5_data
+     */
+    scratch->data = 0;
+
+ cleanup:
+    if (entry)
+       krb5_free_etype_info(context, entry);
+    if (retval) {
+       if (tmp_padata)
+           free(tmp_padata);
+    }
+    if (scratch)
+           krb5_free_data(context, scratch);
+    return retval;
+}
+
+
 static krb5_error_code
 return_pw_salt(krb5_context context, krb5_pa_data *in_padata,
               krb5_db_entry *client, krb5_kdc_req *request,
@@ -618,7 +811,12 @@ return_pw_salt(krb5_context context, krb5_pa_data *in_padata,
     krb5_pa_data *     padata;
     krb5_data *                scratch;
     krb5_data          salt_data;
+    int i;
     
+    for (i = 0; i < request->nktypes; i++) {
+       if (enctype_requires_etype_info_2(request->ktype[i]))
+           return 0;
+    }
     if (client_key->key_data_ver == 1 ||
        client_key->key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)
        return 0;
index 736c51d12963015e31b7975651c52127d9fe5988..071555bd9582a134e271bfe1f06a3eb0936f1e4c 100644 (file)
@@ -150,7 +150,8 @@ realm_compare(krb5_principal princ1, krb5_principal princ2)
  */
 krb5_boolean krb5_is_tgs_principal(krb5_principal principal)
 {
-       if ((krb5_princ_component(kdc_context, principal, 0)->length ==
+       if ((krb5_princ_size(kdc_context, principal) > 0) &&
+           (krb5_princ_component(kdc_context, principal, 0)->length ==
             KRB5_TGS_NAME_SIZE) &&
            (!memcmp(krb5_princ_component(kdc_context, principal, 0)->data,
                     KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE)))
@@ -312,8 +313,8 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from,
        goto cleanup_auth_context;
     }
 
-    if ((retval = krb5_auth_con_getremotesubkey(kdc_context,
-                                               auth_context, subkey)))
+    if ((retval = krb5_auth_con_getrecvsubkey(kdc_context,
+                                             auth_context, subkey)))
        goto cleanup_auth_context;
 
     if ((retval = krb5_auth_con_getauthenticator(kdc_context, auth_context,
@@ -827,9 +828,8 @@ fail:
  * Returns a Kerberos protocol error number, which is _not_ the same
  * as a com_err error number!
  */
-#define AS_OPTIONS_HANDLED (KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | \
-                            KDC_OPT_ALLOW_POSTDATE | KDC_OPT_POSTDATED | \
-                            KDC_OPT_RENEWABLE | KDC_OPT_RENEWABLE_OK)
+#define AS_INVALID_OPTIONS (KDC_OPT_FORWARDED | KDC_OPT_PROXY |\
+KDC_OPT_VALIDATE | KDC_OPT_RENEW | KDC_OPT_ENC_TKT_IN_SKEY)
 int
 validate_as_request(register krb5_kdc_req *request, krb5_db_entry client,
                    krb5_db_entry server, krb5_timestamp kdc_time,
@@ -838,9 +838,9 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client,
     int                errcode;
     
     /*
-     * If an illegal option is set, complain.
+     * If an option is set that is only allowed in TGS requests, complain.
      */
-    if (request->kdc_options & ~(AS_OPTIONS_HANDLED)) {
+    if (request->kdc_options & AS_INVALID_OPTIONS) {
        *status = "INVALID AS OPTIONS";
        return KDC_ERR_BADOPTION;
     }
@@ -1113,13 +1113,10 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
     int                st_idx = 0;
 
     /*
-     * If an illegal option is set, complain.
+     * If an illegal option is set, ignore it.
      */
-    if (request->kdc_options & ~(TGS_OPTIONS_HANDLED)) {
-       *status = "INVALID TGS OPTIONS";
-       return KDC_ERR_BADOPTION;
-    }
-    
+    request->kdc_options &= TGS_OPTIONS_HANDLED;
+
     /* Check to see if server has expired */
     if (server.expiration && server.expiration < kdc_time) {
        *status = "SERVICE EXPIRED";
@@ -1162,7 +1159,8 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
            return KRB_AP_ERR_NOT_US;
        }
        /* ...and that the second component matches the server realm... */
-       if ((krb5_princ_component(kdc_context, ticket->server, 1)->length !=
+       if ((krb5_princ_size(kdc_context, ticket->server) <= 1) ||
+           (krb5_princ_component(kdc_context, ticket->server, 1)->length !=
             krb5_princ_realm(kdc_context, request->server)->length) ||
            memcmp(krb5_princ_component(kdc_context, ticket->server, 1)->data,
                   krb5_princ_realm(kdc_context, request->server)->data,
index 9abe3b86046bc2b2b9ad7c6829d28c8a917f15e2..05ba07f4f3775aa00a8594afca388e87a0df69c9 100644 (file)
@@ -176,6 +176,7 @@ krb5_error_code process_v4 (const krb5_data *,
                                      const krb5_fulladdr *,
                                      krb5_data **);
 void process_v4_mode (const char *, const char *);
+void enable_v4_crossrealm(char *);
 #else
 #define process_v4(foo,bar,quux,foobar)        KRB5KRB_AP_ERR_BADVERSION
 #endif
index a87a1d5e50c8f144cb89eb6df468050a51e747e6..1d1ca702ebd478a55d50b249cba4ad753e747dbe 100644 (file)
@@ -146,7 +146,7 @@ static krb5_data *response;
 
 void kerberos_v4 (struct sockaddr_in *, KTEXT);
 void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
-static int set_tgtkey (char *, krb5_kvno);
+static int set_tgtkey (char *, krb5_kvno, krb5_boolean);
 
 /* Attributes converted from V5 to V4 - internal representation */
 #define V4_KDB_REQUIRES_PREAUTH  0x1
@@ -180,6 +180,8 @@ static const struct v4mode_lookup_entry  v4mode_table[] = {
 static const int v4mode_table_nents = sizeof(v4mode_table)/
                                      sizeof(v4mode_table[0]);
 
+static int allow_v4_crossrealm = 0;
+
 void process_v4_mode(const char *program_name, const char *string)
 {
     int i, found;
@@ -205,6 +207,11 @@ void process_v4_mode(const char *program_name, const char *string)
     return;
 }
 
+void enable_v4_crossrealm ( char *programname) {
+    allow_v4_crossrealm = 1;
+    krb5_klog_syslog(LOG_ERR, "Enabling v4 cross-realm compatibility; this is a known security hole");
+}
+
 krb5_error_code
 process_v4(const krb5_data *pkt, const krb5_fulladdr *client_fulladdr,
           krb5_data **resp)
@@ -382,6 +389,14 @@ compat_decrypt_key (krb5_key_data *in5, unsigned char *out4,
 /* array of name-components + NULL ptr
  */
 
+/*
+ * Previously this code returned either a v4 key or a v5 key  and you
+ * could tell from the enctype of the v5 key whether the v4 key was
+ * useful.  Now we return both keys so the code can try both des3 and
+ * des decryption.  We fail if the ticket doesn't have a v4 key.
+ * Also, note as a side effect, the v5 key is basically useless  in
+ * the client case.  It is still returned so the caller can free it.
+ */
 static int
 kerb_get_principal(char *name, char *inst, /* could have wild cards */
                   Principal *principal,
@@ -461,8 +476,28 @@ kerb_get_principal(char *name, char *inst, /* could have wild cards */
            return(0);
        }
     } else {
-       /* XXX yes I know this is a hardcoded search order */
-       if (krb5_dbe_find_enctype(kdc_context, &entries,
+       if ( krb5_dbe_find_enctype(kdc_context, &entries,
+                                 ENCTYPE_DES_CBC_CRC,
+                                 KRB5_KDB_SALTTYPE_V4, kvno, &pkey) &&
+           krb5_dbe_find_enctype(kdc_context, &entries,
+                                 ENCTYPE_DES_CBC_CRC,
+                                 -1, kvno, &pkey)) {
+           lt = klog(L_KRB_PERR,
+                     "KDC V4: failed to find key for %s.%s #%d",
+                     name, inst, kvno);
+           krb5_db_free_principal(kdc_context, &entries, nprinc);
+           return(0);
+       }
+    }
+
+    if (!compat_decrypt_key(pkey, k, k5key, issrv)) {
+       memcpy( &principal->key_low, k, LONGLEN);
+               memcpy( &principal->key_high, (krb5_ui_4 *) k + 1, LONGLEN);
+    }
+    memset(k, 0, sizeof k);
+    if (issrv) {
+       krb5_free_keyblock_contents (kdc_context, k5key);
+       if (krb5_dbe_find_enctype(kdc_context, &entries,
                                  ENCTYPE_DES3_CBC_RAW,
                                  -1, kvno, &pkey) &&
            krb5_dbe_find_enctype(kdc_context, &entries,
@@ -478,17 +513,16 @@ kerb_get_principal(char *name, char *inst, /* could have wild cards */
                                  ENCTYPE_DES_CBC_CRC,
                                  -1, kvno, &pkey)) {
            lt = klog(L_KRB_PERR,
-                     "KDC V4: failed to find key for %s.%s #%d",
+                     "KDC V4: failed to find key for %s.%s #%d (after having found it once)",
                      name, inst, kvno);
            krb5_db_free_principal(kdc_context, &entries, nprinc);
            return(0);
        }
-    }
+       compat_decrypt_key(pkey, k, k5key, issrv);
+    memset (k, 0, sizeof k);
+       }
+
 
-    if (!compat_decrypt_key(pkey, k, k5key, issrv)) {
-       memcpy( &principal->key_low, k, LONGLEN);
-               memcpy( &principal->key_high, (krb5_ui_4 *) k + 1, LONGLEN);
-    }
     /*
      * Convert v5's entries struct to v4's Principal struct:
      * v5's time-unit for lifetimes is 1 sec, while v4 uses 5 minutes,
@@ -639,10 +673,9 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
 
     case AUTH_MSG_KDC_REQUEST:
        {
-#ifdef notdef
-           u_long  time_ws;    /* Workstation time */
-#endif
            int    req_life;    /* Requested liftime */
+           unsigned int request_backdate =  0; /*How far to backdate
+                                                 in seconds.*/
            char   *service;    /* Service name */
            char   *instance;   /* Service instance */
 #ifdef notdef
@@ -715,7 +748,7 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
             * kerb_time, which is potentially problematic.
             */
            if (v4endtime > v4req_end)
-               kerb_time.tv_sec -= v4endtime - v4req_end;
+               request_backdate = v4endtime - v4req_end;
 
 #ifdef NOENCRYPTION
            memset(session_key, 0, sizeof(C_Block));
@@ -732,21 +765,14 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
            kdb_encrypt_key(key, key, master_key,
                            master_key_schedule, DECRYPT);
            /* construct and seal the ticket */
-           if (K4KDC_ENCTYPE_OK(k5key.enctype)) {
-               krb_create_ticket(tk, k_flags, a_name_data.name,
-                                 a_name_data.instance, local_realm,
-                                 client_host.s_addr, (char *) session_key,
-                                 lifetime, kerb_time.tv_sec,
-                                 s_name_data.name, s_name_data.instance,
-                                 key);
-           } else {
-               krb_cr_tkt_krb5(tk, k_flags, a_name_data.name,
-                               a_name_data.instance, local_realm,
-                               client_host.s_addr, (char *) session_key,
-                               lifetime, kerb_time.tv_sec,
-                               s_name_data.name, s_name_data.instance,
-                               &k5key);
-           }
+           /* We always issue des tickets; the 3des tickets are a broken hack*/
+           krb_create_ticket(tk, k_flags, a_name_data.name,
+                             a_name_data.instance, local_realm,
+                             client_host.s_addr, (char *) session_key,
+                             lifetime, kerb_time.tv_sec - request_backdate,
+                             s_name_data.name, s_name_data.instance,
+                             key);
+
            krb5_free_keyblock_contents(kdc_context, &k5key);
            memset(key, 0, sizeof(key));
            memset(key_s, 0, sizeof(key_s));
@@ -826,8 +852,15 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
            strncpy(tktrlm, (char *)auth->dat + 3, REALM_SZ);
            tktrlm[REALM_SZ-1] = '\0';
            kvno = (krb5_kvno)auth->dat[2];
-           if (set_tgtkey(tktrlm, kvno)) {
-               lt = klog(L_ERR_UNK,
+           if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) {
+             lt = klog(L_ERR_UNK,
+                       "Cross realm ticket from %s denied by policy,", tktrlm);
+             kerb_err_reply(client, pkt,
+                              KERB_ERR_PRINCIPAL_UNKNOWN, lt);
+               return;
+           }
+           if (set_tgtkey(tktrlm, kvno, 0)) {
+             lt = klog(L_ERR_UNK,
                          "FAILED set_tgtkey realm %s, kvno %d. Host: %s ",
                          tktrlm, kvno, inet_ntoa(client_host));
                /* no better error code */
@@ -837,6 +870,19 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
            }
            kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
                ad, 0);
+           if (kerno) {
+               if (set_tgtkey(tktrlm, kvno, 1)) {
+                   lt = klog(L_ERR_UNK,
+                             "FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ",
+                             tktrlm, kvno, inet_ntoa(client_host));
+                   /* no better error code */
+                   kerb_err_reply(client, pkt,
+                                  KERB_ERR_PRINCIPAL_UNKNOWN, lt);
+                   return;
+               }
+               kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
+                                  ad, 0);
+           }
 
            if (kerno) {
                klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s",
@@ -913,21 +959,13 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
            des_new_random_key(session_key);
 #endif
 
-           if (K4KDC_ENCTYPE_OK(k5key.enctype)) {
-               krb_create_ticket(tk, k_flags, ad->pname, ad->pinst,
-                                 ad->prealm, client_host.s_addr,
-                                 (char *) session_key, lifetime,
-                                 kerb_time.tv_sec,
-                                 s_name_data.name, s_name_data.instance,
-                                 key);
-           } else {
-               krb_cr_tkt_krb5(tk, k_flags, ad->pname, ad->pinst,
-                               ad->prealm, client_host.s_addr,
-                               (char *) session_key, lifetime,
-                               kerb_time.tv_sec,
-                               s_name_data.name, s_name_data.instance,
-                               &k5key);
-           }
+           /* ALways issue des tickets*/
+           krb_create_ticket(tk, k_flags, ad->pname, ad->pinst,
+                             ad->prealm, client_host.s_addr,
+                             (char *) session_key, lifetime,
+                             kerb_time.tv_sec,
+                             s_name_data.name, s_name_data.instance,
+                             key);
            krb5_free_keyblock_contents(kdc_context, &k5key);
            memset(key, 0, sizeof(key));
            memset(key_s, 0, sizeof(key_s));
@@ -1107,11 +1145,12 @@ check_princ(char *p_name, char *instance, int lifetime, Principal *p,
 
 /* Set the key for krb_rd_req so we can check tgt */
 static int
-set_tgtkey(char *r, krb5_kvno kvno)
+set_tgtkey(char *r, krb5_kvno kvno, krb5_boolean use_3des)
 {
     int     n;
     static char lastrealm[REALM_SZ] = "";
     static int last_kvno = 0;
+    static krb5_boolean last_use_3des = 0;
     static int more;
     Principal p_st;
     Principal *p = &p_st;
@@ -1119,7 +1158,7 @@ set_tgtkey(char *r, krb5_kvno kvno)
     krb5_keyblock k5key;
 
     k5key.contents = NULL;
-    if (!strcmp(lastrealm, r) && last_kvno == kvno)
+    if (!strcmp(lastrealm, r) && last_kvno == kvno && last_use_3des == use_3des)
        return (KSUCCESS);
 
 /*  log("Getting key for %s", r); */
@@ -1141,11 +1180,12 @@ set_tgtkey(char *r, krb5_kvno kvno)
        return KFAILURE;
     }
 
-    if (!K4KDC_ENCTYPE_OK(k5key.enctype)) {
+    if (use_3des&&!K4KDC_ENCTYPE_OK(k5key.enctype)) {
        krb_set_key_krb5(kdc_context, &k5key);
        strncpy(lastrealm, r, sizeof(lastrealm) - 1);
        lastrealm[sizeof(lastrealm) - 1] = '\0';
        last_kvno = kvno;
+       last_use_3des = use_3des;
     } else {
        /* unseal tgt key from master key */
        memcpy(key,                &p->key_low,  4);
index 3e5091cbf3802b27ac86d0aab52ba28d28902f2e..9ddcaaa9e56b1247cb786269236a5e321ee394c5 100644 (file)
@@ -121,8 +121,6 @@ finish_realm(kdc_realm_t *rdp)
        free(rdp->realm_ports);
     if (rdp->realm_tcp_ports)
        free(rdp->realm_tcp_ports);
-    if (rdp->realm_kstypes)
-       free(rdp->realm_kstypes);
     if (rdp->realm_keytab)
        krb5_kt_close(rdp->realm_context, rdp->realm_keytab);
     if (rdp->realm_context) {
@@ -132,10 +130,6 @@ finish_realm(kdc_realm_t *rdp)
            memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length);
            free(rdp->realm_mkey.contents);
        }
-       if (rdp->realm_tgskey.length && rdp->realm_tgskey.contents) {
-           memset(rdp->realm_tgskey.contents, 0, rdp->realm_tgskey.length);
-           free(rdp->realm_tgskey.contents);
-       }
        krb5_db_fini(rdp->realm_context);
        if (rdp->realm_tgsprinc)
            krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
@@ -159,14 +153,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname,
 {
     krb5_error_code    kret;
     krb5_boolean       manual;
-    krb5_db_entry      db_entry;
-    int                        num2get;
-    krb5_boolean       more;
     krb5_realm_params  *rparams;
-    krb5_key_data      *kdata;
-    krb5_key_salt_tuple        *kslist;
-    krb5_int32         nkslist;
-    int                        i;
 
     memset((char *) rdp, 0, sizeof(kdc_realm_t));
     if (!realm) {
@@ -213,7 +200,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname,
     else
        rdp->realm_ports = strdup(def_udp_ports);
     if (rparams && rparams->realm_kdc_tcp_ports)
-       rdp->realm_tcp_ports = strdup(rparams->realm_kdc_ports);
+       rdp->realm_tcp_ports = strdup(rparams->realm_kdc_tcp_ports);
     else
        rdp->realm_tcp_ports = strdup(def_tcp_ports);
 
@@ -242,35 +229,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname,
 
     /* Handle ticket renewable maximum life */
     rdp->realm_maxrlife = (rparams && rparams->realm_max_rlife_valid) ?
-       rparams->realm_max_rlife : KRB5_KDB_MAX_LIFE;
-
-    /* Handle key/salt list */
-    if (rparams && rparams->realm_num_keysalts) {
-       rdp->realm_kstypes = rparams->realm_keysalts;
-       rdp->realm_nkstypes = rparams->realm_num_keysalts;
-       rparams->realm_keysalts = NULL;
-       rparams->realm_num_keysalts = 0;
-       kslist = (krb5_key_salt_tuple *) rdp->realm_kstypes;
-       nkslist = rdp->realm_nkstypes;
-    } else {
-       /*
-        * XXX  Initialize default key/salt list.
-        */
-       if ((kslist = (krb5_key_salt_tuple *)
-            malloc(sizeof(krb5_key_salt_tuple)))) {
-           kslist->ks_enctype = ENCTYPE_DES_CBC_CRC;
-           kslist->ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
-           rdp->realm_kstypes = kslist;
-           rdp->realm_nkstypes = 1;
-           nkslist = 1;
-       }
-       else {
-           com_err(progname, ENOMEM,
-                   "while setting up key/salt list for realm %s",
-                   realm);
-           exit(1);
-       }
-    }
+       rparams->realm_max_rlife : KRB5_KDB_MAX_RLIFE;
 
     if (rparams)
        krb5_free_realm_params(rdp->realm_context, rparams);
@@ -332,51 +291,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname,
        goto whoops;
     }
 
-    /* Fetch the master key and get its version number */
-    num2get = 1;
-    kret = krb5_db_get_principal(rdp->realm_context, rdp->realm_mprinc,
-                                &db_entry, &num2get, &more);
-    if (!kret) {
-       if (num2get != 1)
-           kret = KRB5_KDB_NOMASTERKEY;
-       else {
-           if (more) {
-               krb5_db_free_principal(rdp->realm_context,
-                                      &db_entry,
-                                      num2get);
-               kret = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
-           }
-       }
-    }
-    if (kret) {
-       com_err(progname, kret,
-               "while fetching master entry for realm %s", realm);
-       goto whoops;
-    }
-       
-    /*
-     * Get the most recent master key.  Search the key list in
-     * the order specified by the key/salt list.
-     */
-    kdata = (krb5_key_data *) NULL;
-    for (i=0; i<nkslist; i++) {
-       if (!(kret = krb5_dbe_find_enctype(rdp->realm_context,
-                                          &db_entry,
-                                          kslist[i].ks_enctype,
-                                          -1,
-                                          -1,
-                                          &kdata)))
-           break;
-    }
-    if (!kdata) {
-       com_err(progname, kret,
-               "while finding master key for realm %s",
-               realm);
-       goto whoops;
-    }
-    rdp->realm_mkvno = kdata->key_data_kvno;
-    krb5_db_free_principal(rdp->realm_context, &db_entry, num2get);
-
     if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) {
        com_err(progname, kret,
                "while setting master key for realm %s", realm);
@@ -400,63 +314,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname,
        goto whoops;
     }
 
-    /* Get the TGS database entry */
-    num2get = 1;
-    if (!(kret = krb5_db_get_principal(rdp->realm_context,
-                                      rdp->realm_tgsprinc,
-                                      &db_entry,
-                                      &num2get,
-                                      &more))) {
-       if (num2get != 1)
-           kret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-       else {
-           if (more) {
-               krb5_db_free_principal(rdp->realm_context,
-                                      &db_entry,
-                                      num2get);
-               kret = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
-           }
-       }
-    }
-    if (kret) {
-       com_err(progname, kret,
-               "while fetching TGS entry for realm %s", realm);
-       goto whoops;
-    } 
-    /*
-     * Get the most recent TGS key.  Search the key list in
-     * the order specified by the key/salt list.
-     */
-    kdata = (krb5_key_data *) NULL;
-    for (i=0; i<nkslist; i++) {
-       if (!(kret = krb5_dbe_find_enctype(rdp->realm_context,
-                                          &db_entry,
-                                          kslist[i].ks_enctype,
-                                          -1,
-                                          -1,
-                                          &kdata)))
-           break;
-    }
-    if (!kdata) {
-       com_err(progname, kret, "while finding TGS key for realm %s",
-               realm);
-       goto whoops;
-    }
-    if (!(kret = krb5_dbekd_decrypt_key_data(rdp->realm_context,
-                                            &rdp->realm_mkey,
-                                            kdata,
-                                            &rdp->realm_tgskey, NULL))){
-       rdp->realm_tgskvno = kdata->key_data_kvno;
-    }
-    krb5_db_free_principal(rdp->realm_context,
-                          &db_entry,
-                          num2get);
-    if (kret) {
-       com_err(progname, kret,
-               "while decrypting TGS key for realm %s", realm);
-       goto whoops;
-    }
-
     if (!rkey_init_done) {
        krb5_data seed;
 #ifdef KRB5_KRB4_COMPAT
@@ -551,7 +408,7 @@ setup_sam(void)
 void
 usage(char *name)
 {
-    fprintf(stderr, "usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-4 v4mode] [-n]\n", name);
+    fprintf(stderr, "usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-4 v4mode] [-X] [-n]\n", name);
     return;
 }
 
@@ -606,7 +463,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
      * Loop through the option list.  Each time we encounter a realm name,
      * use the previously scanned options to fill in for defaults.
      */
-    while ((c = getopt(argc, argv, "r:d:mM:k:R:e:p:s:n4:3")) != -1) {
+    while ((c = getopt(argc, argv, "r:d:mM:k:R:e:p:s:n4:X3")) != -1) {
        switch(c) {
        case 'r':                       /* realm name for db */
            if (!find_realm_data(optarg, (krb5_ui_4) strlen(optarg))) {
@@ -662,6 +519,11 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
            v4mode = strdup(optarg);
 #endif
            break;
+       case 'X':
+#ifdef KRB5_KRB4_COMPAT
+               enable_v4_crossrealm(argv[0]);
+#endif
+               break;
        case '3':
 #ifdef ATHENA_DES3_KLUDGE
            if (krb5_enctypes_list[krb5_enctypes_length-1].etype
index 4c49102a945a65c8838100d4ec046eeffeced912..c8bf5afabc2ce39b8092cbe191db9fdb71752f26 100644 (file)
@@ -328,8 +328,9 @@ delete_fd (struct connection *xconn)
     FOREACH_ELT(connections, i, conn)
        if (conn == xconn) {
            DEL(connections, i);
-           return;
+           break;
        }
+    free(xconn);
 }
 
 static int
@@ -841,6 +842,7 @@ static void accept_tcp_connection(struct connection *conn, const char *prog,
                newconn->u.tcp.addrbuf);
        delete_fd(newconn);
        close(s);
+       tcp_data_counter--;
        return;
     }
     newconn->u.tcp.offset = 0;
@@ -857,7 +859,6 @@ static void accept_tcp_connection(struct connection *conn, const char *prog,
 static void
 kill_tcp_connection(struct connection *conn)
 {
-    delete_fd(conn);
     if (conn->u.tcp.response)
        krb5_free_data(kdc_context, conn->u.tcp.response);
     if (conn->u.tcp.buffer)
@@ -873,6 +874,7 @@ kill_tcp_connection(struct connection *conn)
            sstate.max--;
     close(conn->fd);
     conn->fd = -1;
+    delete_fd(conn);
     tcp_data_counter--;
 }
 
index d5ace8b3988393c342a02533fc7d598d19b07c68..4096cccd485b7ef2c423b1a0b6e410bb712a346c 100644 (file)
@@ -34,6 +34,7 @@ libdir=@libdir@
 CC_LINK='@CC_LINK@'
 KRB4_LIB=@KRB4_LIB@
 DES425_LIB=@DES425_LIB@
+KDB5_DB_LIB=@KDB5_DB_LIB@
 LDFLAGS='@LDFLAGS@'
 RPATH_FLAG='@RPATH_FLAG@'
 
@@ -179,12 +180,12 @@ if test -n "$do_libs"; then
            -e 's#\$(CFLAGS)#'"$CFLAGS"'#'`
 
     if test $library = 'kdb'; then
-       lib_flags="$lib_flags -lkdb5 -ldb"
+       lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
        library=krb5
     fi
 
     if test $library = 'kadm_server'; then
-       lib_flags="$lib_flags -lkadm5srv -lkdb5 -ldb"
+       lib_flags="$lib_flags -lkadm5srv -lkdb5 $KDB5_DB_LIB"
        library=kadm_common
     fi
 
index 7f018c3a7bfe03a767e48cfc7663f76657b81746..52d0746f8bcadc8f5486b6f54c96007cfea15705 100644 (file)
@@ -27,23 +27,15 @@ Things-to-keep:
 ChangeLog
 Makefile.in
 README
-RELEASE_NOTES
 configure
 configure.in
 cnv_tkt_skey.c
-conv_creds.c
 conv_princ.c
 conv_tkt.c
-encode.c
-getcred.c
-globals.c
 k524init.c
-krb524.h
-krb524_err.et
+krb524d.h
 krb524_prot
 krb524d.c
-misc.c
-sendmsg.c
 test.c
 
 Things-to-lose:
index 672bffe8cc1298c82b6573682cbd8bb8e7f9dac1..2c627817643ccdab62eade212d8b0253f54f6350 100644 (file)
@@ -1,3 +1,100 @@
+2003-09-02  Tom Yu  <tlyu@mit.edu>
+
+       * cnv_tkt_skey.c (krb524_convert_tkt_skey): Apply patch from Cesar
+       Garcia to fix lifetime computation.
+
+2003-08-11  Tom Yu  <tlyu@mit.edu>
+
+       * cnv_tkt_skey.c (krb524_convert_tkt_skey): Call krb_create_ticket
+       instead of local version.  Remove local version of
+       krb_create_ticket.  This file no longer gets included into a
+       krb524 library, so accessing internal functions isn't that big of
+       an issue anymore.
+
+2003-06-12  Tom Yu  <tlyu@mit.edu>
+
+       * krb524.c (krb524_convert_creds_kdc, krb524_init_ets): Mark as
+       KRB5_CALLCONV_WRONG.
+       (krb524_init_ets): Takes a krb5_context.
+
+2003-06-09  Tom Yu  <tlyu@mit.edu>
+
+       * krb524.c: Fix copyright notice.
+
+2003-06-05  Jeffery Altman  <jaltman@mit.edu>
+
+       * Makefile.in: Build krb524.dll on Windows.
+
+       * krb524.c: New file; stub for Windows krb524.dll.
+
+2003-06-05  Ken Raeburn  <raeburn@mit.edu>
+
+       * k524init.c (main): Remove debugging printf.
+
+2003-05-29  Alexandra Ellwood  <lxs@mit.edu>
+
+       * krb524d.h: removed invalid Mac pragmas
+
+2003-05-27  Ken Raeburn  <raeburn@mit.edu>
+
+       * k524init.c (main): Call krb5_524_convert_creds instead of
+       krb524_convert_creds_kdc.
+
+       * Makefile.in ($(OUTPRE)k524init.exe): Don't depend on K524DEP.
+
+2003-05-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * conv_creds.c, encode.c, globals.c, sendmsg.c: Deleted.  Contents
+       added to krb5 library.
+       * getcred.c, misc.c: Deleted.
+       * krb524.h: Library declarations moved to krb5.hin and k5-int.h.
+       Remainder renamed to krb524d.h.
+       * krb524_err.et: Moved to lib/krb5/error_tables.
+       * cnv_tkt_skey.c: Include krb524d.h, not krb524.h.
+       (krb524d_debug): Define new variable.  Replace all references to
+       krb524_debug.
+       * conv_princ.c: Don't include krb524.h.
+       * k524init.c: Don't include krb524.h.
+       (main): Don't call krb524_init_ets.
+       * krb524d.c: Include krb524d.h, not krb524.h.
+       (encode_v4tkt): New function pointer variable.
+       (main): Initialize it using krb5int_accessor.
+       * test.c: Don't include krb524.h.
+       (main): Don't set krb524_debug, and don't call krb524_init_ets.
+       * Makefile.in: Don't pull in library makefile fragments.
+       (LIB, LIBMAJOR, LIBMINOR, RELDIR): Deleted.
+       (KRB524_DEPLIB, KRB524_LIB, STOBJLISTS, STLIBOBJS): Deleted.
+       (GENS, KRB524_HDR, KRB524_ERR_HDR): Deleted.
+       (SRCS): Remove deleted/moved files.
+       (all-unix): Don't depend on $(GENS) on includes.
+       (includes, all-windows): Don't depend on headers.
+       ($(KRB524_HDR), $(KRB524_ERR_HDR)): Delete rules.
+       (all-windows): Comment out dependency on $(K524LIB) for now.
+       (CLIENT_OBJS, SERVER_OBJS): New variables.
+       (krb524test, krb524d, k524init): Don't use KRB524_*LIB, just
+       KRB5_*LIB.  Use *_OBJS lists.
+       (install-unix, clean-unix, clean-windows): Don't install or clean
+       libs or headers.
+       (krb524_err.c): Target deleted.
+
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * krb524d.c (do_connection): Use krb5_princ_size rather than
+       direct structure field access.
+
+2003-03-16  Sam Hartman  <hartmans@mit.edu>
+
+       * krb524d.c (handle_classic_v4): Do not support 3des enctypes as
+       they are insecure.  Also, by default do not allow krb4
+       cross-realm.
+
+       * cnv_tkt_skey.c (krb524_convert_tkt_skey): Don't support 3des tickets
+
+2003-03-12  Ken Raeburn  <raeburn@mit.edu>
+
+       * cnv_tkt_skey.c (krb524_convert_tkt_skey): Extract source IP
+       address in its proper size, not as 'long'.
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
     * cnv_tkt_skey.c, conv_creds.c, conv_princ.c, encode.c, sendmsg.c: 
       Removed Mac-specific includes.
index 1e5b5dc314875876b07291d11dae153a1423a5a9..5140bdcf8150fe7b7df3d92fae098a46c9088bfa 100644 (file)
@@ -23,19 +23,9 @@ BUILDTOP=$(REL)..
 # PERFORMANCE OF THIS SOFTWARE.
 # 
 
-##WIN32##!if 0
-LIB=krb524
-##WIN32##!endif
-LIBMAJOR=1
-LIBMINOR=0
-RELDIR=../krb524
-STOBJLISTS=OBJS.ST
-
 DEFINES = -DUSE_MASTER -DKRB524_PRIVATE=1
 PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
 PROG_RPATH=$(KRB5_LIBDIR)
-KRB524_DEPLIB  = libkrb524.a
-KRB524_LIB     = libkrb524.a
 
 ##WIN32##!ifdef USE_ALTERNATE_KRB4_INCLUDES
 ##WIN32##KRB4_INCLUDES=-I$(USE_ALTERNATE_KRB4_INCLUDES)
@@ -55,32 +45,16 @@ LOCALINCLUDES= $(KRB4_INCLUDES) -I. -I$(srcdir)
 
 # Library sources
 SRCS   = \
-       $(srcdir)/conv_creds.c \
        $(srcdir)/conv_princ.c \
        $(srcdir)/cnv_tkt_skey.c \
-       $(srcdir)/encode.c \
-       $(srcdir)/misc.c \
-       $(srcdir)/globals.c \
-       $(srcdir)/sendmsg.c \
-       $(srcdir)/krb524_err.et \
-       $(srcdir)/libinit.c
+       $(srcdir)/libinit.c     \
+    $(srcdir)/krb524.c
 
 EXTRADEPSRCS = \
        $(srcdir)/test.c \
        $(srcdir)/k524init.c \
        $(srcdir)/krb524d.c
 
-STLIBOBJS = \
-       $(OUTPRE)conv_creds.$(OBJEXT) \
-       $(OUTPRE)conv_princ.$(OBJEXT) \
-       $(OUTPRE)cnv_tkt_skey.$(OBJEXT) \
-       $(OUTPRE)encode.$(OBJEXT) \
-       $(OUTPRE)misc.$(OBJEXT) \
-       $(OUTPRE)globals.$(OBJEXT) \
-       $(OUTPRE)sendmsg.$(OBJEXT) \
-       $(OUTPRE)krb524_err.$(OBJEXT) \
-       $(OUTPRE)libinit.$(OBJEXT)
-
 ##WIN32##!ifdef KRB524_STATIC_HACK
 ##WIN32##LPREFIX=..\lib
 ##WIN32##K5_GLUE=$(LPREFIX)\$(OUTPRE)k5_glue.obj
@@ -93,148 +67,77 @@ STLIBOBJS = \
 ##WIN32##K524DEP=$(STLIBOBJS)
 ##WIN32##!endif
 
-GENS   = krb524_err.c krb524_err.h
-
-KRB524_HDR=$(BUILDTOP)$(S)include$(S)krb524.h
-KRB524_ERR_HDR=$(BUILDTOP)$(S)include$(S)krb524_err.h
-
-all-unix:: $(GENS) 
-all-unix:: all-libs
-all-unix:: includes
-
 all-unix:: krb524d krb524test k524init
 
-includes:: $(KRB524_HDR) $(KRB524_ERR_HDR)
-
-$(KRB524_HDR): krb524.h
-##WIN32##      $(CP) $? "$@"
-##WIN32##!if 0
-$(KRB524_HDR): krb524.h
-       if cmp $(srcdir)/krb524.h \
-       $(BUILDTOP)/include/krb524.h  >/dev/null 2>&1; then :; \
-       else \
-               (set -x; $(RM) $(BUILDTOP)/include/krb524.h; \
-                $(CP) $(srcdir)/krb524.h \
-                       $(BUILDTOP)/include/krb524.h) ; \
-       fi
-##WIN32##!endif
+all-windows:: $(OUTPRE)k524init.exe $(K524LIB)
 
-$(KRB524_ERR_HDR): krb524_err.h
-##WIN32##      $(CP) $? "$@"
-##WIN32##!if 0
-$(KRB524_ERR_HDR): krb524_err.h
-       if cmp krb524_err.h \
-       $(BUILDTOP)/include/krb524_err.h  >/dev/null 2>&1; then :; \
-       else \
-               (set -x; $(RM) $(BUILDTOP)/include/krb524_err.h; \
-                $(CP) krb524_err.h \
-                       $(BUILDTOP)/include/krb524_err.h) ; \
-       fi
-##WIN32##!endif
+krb524test: test.o $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
+       $(CC_LINK) -o krb524test test.o $(KRB5_LIB) $(KRB4COMPAT_LIBS)
 
-all-windows:: $(KRB524_HDR) $(K524LIB) $(OUTPRE)k524init.exe
+SERVER_OBJS= krb524d.o cnv_tkt_skey.o conv_princ.o
+CLIENT_OBJS= $(OUTPRE)k524init.$(OBJEXT)
 
-krb524test: libkrb524.a test.o $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS)
-       $(CC_LINK) -o krb524test test.o $(KRB524_LIB) $(KRB4COMPAT_LIBS)
+krb524d: $(SERVER_OBJS) $(KADMSRV_DEPLIBS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
+       $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KRB5_LIB) $(KRB4COMPAT_LIBS)
 
-krb524d: krb524d.o $(KADMSRV_DEPLIBS) $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS)
-       $(CC_LINK) -o krb524d krb524d.o $(KADMSRV_LIBS) $(KRB524_LIB) $(KRB4COMPAT_LIBS)
+k524init: $(CLIENT_OBJS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
+       $(CC_LINK) -o k524init $(CLIENT_OBJS) $(KRB5_LIB) $(KRB4COMPAT_LIBS)
 
-k524init: k524init.o  $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS)
-       $(CC_LINK) -o k524init k524init.o $(KRB524_LIB) $(KRB4COMPAT_LIBS)
-
-$(K524LIB): $(STLIBOBJS) $(K4LIB) $(KLIB)
+$(K524LIB): $(OUTPRE)krb524.$(OBJEXT) $(OUTPRE)libinit.$(OBJEXT) $(KLIB) $(CLIB)
        link $(DLL_LINKOPTS) -def:$(K524DEF) -out:$*.dll $** $(WINLIBS)
 
-$(OUTPRE)k524init.exe: $(OUTPRE)k524init.$(OBJEXT) $(K524DEP) $(KLIB) $(K4LIB) $(CLIB) $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib
+$(OUTPRE)k524init.exe: $(OUTPRE)k524init.$(OBJEXT) $(KLIB) $(K4LIB) $(CLIB) $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib
        link $(EXE_LINKOPTS) -out:$@ $** $(WINLIBS)
 
-install-unix:: install-libs
+install-unix::
        $(INSTALL_PROGRAM) krb524d $(DESTDIR)$(SERVER_BINDIR)/krb524d
        $(INSTALL_PROGRAM) k524init $(DESTDIR)$(CLIENT_BINDIR)/krb524init
 
-clean-unix:: clean-libs clean-libobjs
-       $(RM) $(OBJS) $(GENS) core *~ *.bak #*
+clean-unix::
+       $(RM) $(OBJS) core *~ *.bak #*
        $(RM) krb524test krb524d k524init test.o krb524d.o k524init.o
-       $(RM) $(BUILDTOP)/include/krb524.h $(BUILDTOP)/include/krb524_err.h
-
-clean-windows::
-       $(RM) $(GENS)
-
-krb524_err.c : krb524_err.et
-
-# @libobj_frag@
-# @lib_frag@
 
 # +++ Dependency line eater +++
 # 
 # Makefile dependencies follow.  This must be the last section in
 # the Makefile.in file
 #
-conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): conv_creds.c $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/kerberosIV/krb.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  $(BUILDTOP)/include/profile.h krb524.h krb524_err.h
-conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(BUILDTOP)/include/krb5.h \
+$(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  $(BUILDTOP)/include/profile.h krb524.h krb524_err.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h
-cnv_tkt_skey.so cnv_tkt_skey.po $(OUTPRE)cnv_tkt_skey.$(OBJEXT): cnv_tkt_skey.c $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/profile.h
+$(OUTPRE)cnv_tkt_skey.$(OBJEXT): cnv_tkt_skey.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krb.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  krb524.h krb524_err.h
-encode.so encode.po $(OUTPRE)encode.$(OBJEXT): encode.c $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  $(BUILDTOP)/include/profile.h krb524.h krb524_err.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h
-misc.so misc.po $(OUTPRE)misc.$(OBJEXT): misc.c $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  $(BUILDTOP)/include/profile.h krb524.h krb524_err.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h
-globals.so globals.po $(OUTPRE)globals.$(OBJEXT): globals.c
-sendmsg.so sendmsg.po $(OUTPRE)sendmsg.$(OBJEXT): sendmsg.c $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
-  $(KRB_ERR_H_DEP) krb524.h krb524_err.h
-libinit.so libinit.po $(OUTPRE)libinit.$(OBJEXT): libinit.c
-test.so test.po $(OUTPRE)test.$(OBJEXT): test.c $(SRCTOP)/include/k5-int.h \
+  $(KRB_ERR_H_DEP) krb524d.h
+$(OUTPRE)libinit.$(OBJEXT): libinit.c
+$(OUTPRE)krb524.$(OBJEXT): krb524.c
+$(OUTPRE)test.$(OBJEXT): test.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/des.h \
-  $(SRCTOP)/include/kerberosIV/krb.h $(KRB_ERR_H_DEP) \
-  krb524.h krb524_err.h
-k524init.so k524init.po $(OUTPRE)k524init.$(OBJEXT): k524init.c $(BUILDTOP)/include/krb5.h \
+  $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
+  $(KRB_ERR_H_DEP)
+$(OUTPRE)k524init.$(OBJEXT): k524init.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  $(BUILDTOP)/include/profile.h krb524.h krb524_err.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h
-krb524d.so krb524d.po $(OUTPRE)krb524d.$(OBJEXT): krb524d.c $(BUILDTOP)/include/krb5.h \
+  $(BUILDTOP)/include/profile.h
+$(OUTPRE)krb524d.$(OBJEXT): krb524d.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
   $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
   $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/kerberosIV/krb.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  krb524.h krb524_err.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h \
+  $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+  $(KRB_ERR_H_DEP) krb524d.h
 
index 67349765c0440ba9c68c398b2b3ecf373fb3ae50..97d8bbfddfdfd2bbc11d1ada94f4d3706c643559 100644 (file)
@@ -1,3 +1,28 @@
+/*
+ * Copyright 2003  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
  * 
 #include <netinet/in.h>
 #endif
 #include <krb.h>
-#include "krb524.h"
-
-static int
-krb524int_krb_create_ticket(KTEXT, unsigned int, char *, char *, char *, long,
-                           char *, int, long, char *, char *, C_Block);
+#include "krb524d.h"
 
-static int
-krb524int_krb_cr_tkt_krb5(KTEXT, unsigned int, char *, char *, char *, long,
-                         char *, int, long, char *, char *,
-                         krb5_keyblock *);
-
-static int
-krb524int_krb_cr_tkt_int(KTEXT, unsigned int, char *, char *, char *, long,
-                        char *, int, long, char *, char *, C_Block,
-                        krb5_keyblock *);
+static int krb524d_debug = 0;
 
 /*
  * Convert a v5 ticket for server to a v4 ticket, using service key
@@ -104,7 +117,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
          v5etkt->session->enctype != ENCTYPE_DES_CBC_MD4 &&
          v5etkt->session->enctype != ENCTYPE_DES_CBC_MD5) ||
         v5etkt->session->length != sizeof(C_Block)) {
-         if (krb524_debug)
+         if (krb524d_debug)
               fprintf(stderr, "v5 session keyblock type %d length %d != C_Block size %d\n",
                       v5etkt->session->enctype,
                       v5etkt->session->length,
@@ -121,7 +134,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
        give out a v4 ticket with as much of the v5 lifetime is available
        "now" instead. */
      if ((ret = krb5_timeofday(context, &server_time))) {
-         if (krb524_debug)
+         if (krb524d_debug)
              fprintf(stderr, "krb5_timeofday failed!\n");
         krb5_free_enc_tkt_part(context, v5etkt);
         v5tkt->enc_part2 = NULL;
@@ -130,7 +143,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
      if ((server_time + context->clockskew >= v5etkt->times.starttime)
         && (server_time - context->clockskew <= v5etkt->times.endtime)) {
          lifetime = krb_time_to_life(server_time, v5etkt->times.endtime);
-         v4endtime = krb_life_to_time(v5etkt->times.starttime, lifetime);
+         v4endtime = krb_life_to_time(server_time, lifetime);
          /*
           * Adjust start time backwards if the lifetime value
           * returned by krb_time_to_life() maps to a longer lifetime
@@ -139,7 +152,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
          if (v4endtime > v5etkt->times.endtime)
              server_time -= v4endtime - v5etkt->times.endtime;
      } else {
-          if (krb524_debug)
+          if (krb524d_debug)
               fprintf(stderr, "v5 ticket time out of bounds\n");
          krb5_free_enc_tkt_part(context, v5etkt);
          v5tkt->enc_part2 = NULL;
@@ -156,14 +169,14 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
      kaddr.contents = (krb5_octet *)&sinp->sin_addr;
 
      if (!krb5_address_search(context, &kaddr, v5etkt->caddrs)) {
-        if (krb524_debug)
+        if (krb524d_debug)
             fprintf(stderr, "Invalid v5creds address information.\n");
         krb5_free_enc_tkt_part(context, v5etkt);
         v5tkt->enc_part2 = NULL;
         return KRB524_BADADDR;
      }
 
-     if (krb524_debug)
+     if (krb524d_debug)
        printf("startime = %ld, authtime = %ld, lifetime = %ld\n",
               (long) v5etkt->times.starttime,
               (long) v5etkt->times.authtime,
@@ -171,12 +184,12 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
 
      /* XXX are there V5 flags we should map to V4 equivalents? */
      if (v4_skey->enctype == ENCTYPE_DES_CBC_CRC) {
-        ret = krb524int_krb_create_ticket(v4tkt,
+        ret = krb_create_ticket(v4tkt,
                                 0, /* flags */                      
                                 pname,
                                 pinst,
                                 prealm,
-                                *((unsigned long *)kaddr.contents),
+                                sinp->sin_addr.s_addr,
                                 (char *) v5etkt->session->contents,
                                 lifetime,
                                 /* issue_data */
@@ -184,26 +197,8 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
                                 sname,
                                 sinst,
                                 v4_skey->contents);
-     } else {
-        /* Force enctype to be raw if using DES3. */
-        if (v4_skey->enctype == ENCTYPE_DES3_CBC_SHA1 ||
-            v4_skey->enctype == ENCTYPE_LOCAL_DES3_HMAC_SHA1)
-            v4_skey->enctype = ENCTYPE_DES3_CBC_RAW;
-        ret = krb524int_krb_cr_tkt_krb5(v4tkt,
-                              0, /* flags */                        
-                              pname,
-                              pinst,
-                              prealm,
-                              *((unsigned long *)kaddr.contents),
-                              (char *) v5etkt->session->contents,
-                              lifetime,
-                              /* issue_data */
-                              server_time,
-                              sname,
-                              sinst,
-                              v4_skey);
      }
-
+     else abort();
      krb5_free_enc_tkt_part(context, v5etkt);
      v5tkt->enc_part2 = NULL;
      if (ret == KSUCCESS)
@@ -211,226 +206,3 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
      else
          return KRB524_V4ERR;
 }
-
-/*****************************************************************************
- * Copied from krb4's cr_tkt.
- * Modified functions below to be static.
- *****************************************************************************/
-
-#define          HOST_BYTE_ORDER (* (const char *) &temp_ONE)
-static const int temp_ONE = 1;
-
-/*
- * Create ticket takes as arguments information that should be in a
- * ticket, and the KTEXT object in which the ticket should be
- * constructed.  It then constructs a ticket and returns, leaving the
- * newly created ticket in tkt.
-#ifndef NOENCRYPTION
- * The data in tkt->dat is encrypted in the server's key.
-#endif
- * The length of the ticket is a multiple of
- * eight bytes and is in tkt->length.
- *
- * If the ticket is too long, the ticket will contain nulls.
- * The return value of the routine is undefined.
- *
- * The corresponding routine to extract information from a ticket it
- * decomp_ticket.  When changes are made to this routine, the
- * corresponding changes should also be made to that file.
- *
- * The packet is built in the following format:
- * 
- *                     variable
- * type                        or constant        data
- * ----                        -----------        ----
- *
- * tkt->length         length of ticket (multiple of 8 bytes)
- * 
-#ifdef NOENCRYPTION
- * tkt->dat:
-#else
- * tkt->dat:           (encrypted in server's key)
-#endif
- * 
- * unsigned char       flags              namely, HOST_BYTE_ORDER
- * 
- * string              pname              client's name
- * 
- * string              pinstance          client's instance
- * 
- * string              prealm             client's realm
- * 
- * 4 bytes             paddress           client's address
- * 
- * 8 bytes             session            session key
- * 
- * 1 byte              life               ticket lifetime
- * 
- * 4 bytes             time_sec           KDC timestamp
- * 
- * string              sname              service's name
- * 
- * string              sinstance          service's instance
- * 
- * <=7 bytes           null               null pad to 8 byte multiple
- *
- */
-static int
-krb524int_krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress,
-                 session, life, time_sec, sname, sinstance, key)
-    KTEXT   tkt;                /* Gets filled in by the ticket */
-    unsigned int flags;                /* Various Kerberos flags */
-    char    *pname;             /* Principal's name */
-    char    *pinstance;         /* Principal's instance */
-    char    *prealm;            /* Principal's authentication domain */
-    long    paddress;           /* Net address of requesting entity */
-    char    *session;           /* Session key inserted in ticket */
-    int     life;               /* Lifetime of the ticket */
-    long    time_sec;           /* Issue time and date */
-    char    *sname;             /* Service Name */
-    char    *sinstance;         /* Instance Name */
-    C_Block key;                /* Service's secret key */
-{
-    return krb524int_krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm,
-                                   paddress, session, life, time_sec, sname,
-                                   sinstance, key, NULL);
-}
-
-static int
-krb524int_krb_cr_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress,
-                         session, life, time_sec, sname, sinstance, k5key)
-    KTEXT   tkt;                /* Gets filled in by the ticket */
-    unsigned int flags;                /* Various Kerberos flags */
-    char    *pname;             /* Principal's name */
-    char    *pinstance;         /* Principal's instance */
-    char    *prealm;            /* Principal's authentication domain */
-    long    paddress;           /* Net address of requesting entity */
-    char    *session;           /* Session key inserted in ticket */
-    int     life;               /* Lifetime of the ticket */
-    long    time_sec;           /* Issue time and date */
-    char    *sname;             /* Service Name */
-    char    *sinstance;         /* Instance Name */
-    krb5_keyblock *k5key;      /* NULL if not present */
-{
-    C_Block key;
-
-    return krb524int_krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm,
-                                   paddress, session, life, time_sec, sname,
-                                   sinstance, key, k5key);
-}
-
-static int
-krb524int_krb_cr_tkt_int(tkt, flags_in, pname, pinstance, prealm, paddress,
-              session, life, time_sec, sname, sinstance, key, k5key)
-    KTEXT   tkt;                /* Gets filled in by the ticket */
-    unsigned int flags_in;     /* Various Kerberos flags */
-    char    *pname;             /* Principal's name */
-    char    *pinstance;         /* Principal's instance */
-    char    *prealm;            /* Principal's authentication domain */
-    long    paddress;           /* Net address of requesting entity */
-    char    *session;           /* Session key inserted in ticket */
-    int     life;               /* Lifetime of the ticket */
-    long    time_sec;           /* Issue time and date */
-    char    *sname;             /* Service Name */
-    char    *sinstance;         /* Instance Name */
-    C_Block key;                /* Service's secret key */
-    krb5_keyblock *k5key;      /* NULL if not present */
-{
-    Key_schedule key_s;
-    register char *data;        /* running index into ticket */
-
-    unsigned char flags = flags_in & 0xFF; /* This must be one byte */
-
-    tkt->length = 0;            /* Clear previous data  */
-
-    /* Check length of ticket */
-    if (sizeof(tkt->dat) < (sizeof(flags) +
-                            1 + strlen(pname) +
-                            1 + strlen(pinstance) +
-                            1 + strlen(prealm) +
-                            4 +                         /* address */
-                           8 +                         /* session */
-                           1 +                         /* life */
-                           4 +                         /* issue time */
-                            1 + strlen(sname) +
-                            1 + strlen(sinstance) +
-                           7) / 8) {                   /* roundoff */
-        memset(tkt->dat, 0, sizeof(tkt->dat));
-        return KFAILURE /* XXX */;
-    }
-
-    flags |= HOST_BYTE_ORDER;   /* ticket byte order   */
-    memcpy((char *) (tkt->dat), (char *) &flags, sizeof(flags));
-    data = ((char *)tkt->dat) + sizeof(flags);
-    (void) strcpy(data, pname);
-    data += 1 + strlen(pname);
-    (void) strcpy(data, pinstance);
-    data += 1 + strlen(pinstance);
-    (void) strcpy(data, prealm);
-    data += 1 + strlen(prealm);
-    memcpy(data, (char *) &paddress, 4);
-    data += 4;
-
-    memcpy(data, (char *) session, 8);
-    data += 8;
-    *(data++) = (char) life;
-    /* issue time */
-    memcpy(data, (char *) &time_sec, 4);
-    data += 4;
-    (void) strcpy(data, sname);
-    data += 1 + strlen(sname);
-    (void) strcpy(data, sinstance);
-    data += 1 + strlen(sinstance);
-
-    /* guarantee null padded ticket to multiple of 8 bytes */
-    memset(data, 0, 7);
-    tkt->length = ((data - ((char *)tkt->dat) + 7)/8)*8;
-
-    /* Check length of ticket */
-    if (tkt->length > (sizeof(KTEXT_ST) - 7)) {
-        memset(tkt->dat, 0, tkt->length);
-        tkt->length = 0;
-        return KFAILURE /* XXX */;
-    }
-
-#ifndef NOENCRYPTION
-    /* Encrypt the ticket in the services key */
-    if (k5key != NULL) {
-       /* block locals */
-       krb5_data in;
-       krb5_enc_data out;
-       krb5_error_code ret;
-       size_t enclen;
-
-       in.length = tkt->length;
-       in.data = tkt->dat;
-       /* XXX assumes context arg is ignored */
-       ret = krb5_c_encrypt_length(NULL, k5key->enctype,
-                                   (size_t)in.length, &enclen);
-       if (ret)
-           return KFAILURE;
-       out.ciphertext.length = enclen;
-       out.ciphertext.data = malloc(enclen);
-       if (out.ciphertext.data == NULL)
-           return KFAILURE;    /* XXX maybe ENOMEM? */
-
-       /* XXX assumes context arg is ignored */
-       ret = krb5_c_encrypt(NULL, k5key, KRB5_KEYUSAGE_KDC_REP_TICKET,
-                            NULL, &in, &out);
-       if (ret) {
-           free(out.ciphertext.data);
-           return KFAILURE;
-       } else {
-           tkt->length = out.ciphertext.length;
-           memcpy(tkt->dat, out.ciphertext.data, out.ciphertext.length);
-           memset(out.ciphertext.data, 0, out.ciphertext.length);
-           free(out.ciphertext.data);
-       }
-    } else {
-       key_sched(key,key_s);
-       pcbc_encrypt((C_Block *)tkt->dat,(C_Block *)tkt->dat,
-                    (long) tkt->length,key_s,(C_Block *)key,1);
-    }
-#endif /* !NOENCRYPTION */
-    return 0;
-}
diff --git a/src/krb524/conv_creds.c b/src/krb524/conv_creds.c
deleted file mode 100644 (file)
index ba8daaa..0000000
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- * 
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose.  It is provided "as is" without express or implied warranty.
- * 
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "krb5.h"
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include "port-sockets.h"
-#include "socket-utils.h"
-#include <krb.h>
-#include "krb524.h"
-
-#ifdef USE_CCAPI
-#include <CredentialsCache.h>
-#endif
-
-krb5_error_code krb524_convert_creds_plain
-(krb5_context context, krb5_creds *v5creds, 
-                  CREDENTIALS *v4creds);
-
-krb5_error_code
-krb524_convert_creds_kdc(context, v5creds, v4creds)
-     krb5_context context;
-     krb5_creds *v5creds;
-     CREDENTIALS *v4creds;
-{
-     krb5_error_code ret;
-     krb5_data reply;
-     char *p;
-     struct sockaddr_storage ss;
-     socklen_t slen = sizeof(ss);
-
-     ret = krb524_convert_creds_plain(context, v5creds, v4creds);
-     if (ret)
-        return ret;
-
-     reply.data = NULL;
-     ret = krb524_sendto_kdc(context, &v5creds->ticket,
-                            &v5creds->server->realm, &reply,
-                            ss2sa(&ss), &slen);
-     if (ret)
-        return ret;
-
-#if TARGET_OS_MAC
-#ifdef USE_CCAPI
-     v4creds->stk_type = cc_v4_stk_des;
-#endif
-     if (slen == sizeof(struct sockaddr_in)
-        && ss2sa(&ss)->sa_family == AF_INET) {
-        v4creds->address = ss2sin(&ss)->sin_addr.s_addr;
-     }
-     /* Otherwise, leave it set to all-zero.  */
-#endif
-
-     p = reply.data;
-     ret = ntohl(*((krb5_error_code *) p));
-     p += sizeof(krb5_int32);
-     reply.length -= sizeof(krb5_int32);
-     if (ret)
-        goto fail;
-
-     v4creds->kvno = ntohl(*((krb5_error_code *) p));
-     p += sizeof(krb5_int32);
-     reply.length -= sizeof(krb5_int32);
-     ret = decode_v4tkt(&v4creds->ticket_st, p, &reply.length);
-
-fail:
-     if (reply.data) 
-        free(reply.data);
-     reply.data = NULL;
-     return ret;
-}
-
-krb5_error_code
-krb524_convert_creds_plain(context, v5creds, v4creds)
-     krb5_context context;
-     krb5_creds *v5creds;
-     CREDENTIALS *v4creds;
-{
-     int ret;
-     krb5_timestamp endtime;
-     char dummy[REALM_SZ];
-     memset((char *) v4creds, 0, sizeof(CREDENTIALS));
-
-     if ((ret = krb524_convert_princs(context, v5creds->client, 
-                                     v5creds->server,
-                                     v4creds->pname, v4creds->pinst,
-                                     dummy, v4creds->service,
-                                     v4creds->instance, v4creds->realm)))
-         return ret;
-
-     /* Check enctype too */
-     if (v5creds->keyblock.length != sizeof(C_Block)) {
-         if (krb524_debug)
-              fprintf(stderr, "v5 session keyblock length %d != C_Block size %d\n",
-                      v5creds->keyblock.length,
-                      (int) sizeof(C_Block));
-         return KRB524_BADKEY;
-     } else
-         memcpy(v4creds->session, (char *) v5creds->keyblock.contents,
-                sizeof(C_Block));
-
-     /* V4 has no concept of authtime or renew_till, so ignore them */
-     v4creds->issue_date = v5creds->times.starttime;
-     v4creds->lifetime = krb_time_to_life(v5creds->times.starttime,
-                                         v5creds->times.endtime);
-     endtime = krb_life_to_time(v5creds->times.starttime,
-                               v4creds->lifetime);
-     /*
-      * Adjust start time backwards to deal with rounding up in
-      * krb_time_to_life(), to match code on server side.
-      */
-     if (endtime > v5creds->times.endtime)
-        v4creds->issue_date -= endtime - v5creds->times.endtime;
-
-     return 0;
-}
index f52c0dd133eaa561e7ea1111a60cdc906b8d76d4..3359981ba4c6affb8e7c73f6ada08079be89fb60 100644 (file)
@@ -22,7 +22,6 @@
 
 #include "krb5.h"
 #include <krb.h>
-#include "krb524.h"
 
 int krb524_convert_princs(context, client, server, pname, pinst, prealm, 
                          sname, sinst, srealm)
diff --git a/src/krb524/encode.c b/src/krb524/encode.c
deleted file mode 100644 (file)
index 00698cf..0000000
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- * 
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose.  It is provided "as is" without express or implied warranty.
- * 
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "krb5.h"
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-#include <sys/types.h>
-
-#ifdef _WIN32
-#include "port-sockets.h"
-#else
-#include <sys/time.h>
-#include <sys/signal.h>
-#include <netinet/in.h>
-#endif
-
-#include <krb.h>
-#include "krb524.h"
-
-/*
- * I'm sure that this is reinventing the wheel, but I don't know where
- * the wheel is hidden.
- */
-
-int  encode_v4tkt (KTEXT_ST *, char *, unsigned int *),
-     encode_ktext (char **, int *, KTEXT_ST *),
-     encode_bytes (char **, int *, char *, unsigned int),
-     encode_int32 (char **, int *, krb5_int32 *);
-
-int  decode_v4tkt (KTEXT_ST *, char *, unsigned int *),
-     decode_ktext (char **, int *, KTEXT_ST *),
-     decode_bytes (char **, int *, char *, unsigned int),
-     decode_int32 (char **, int *, krb5_int32 *);
-
-int encode_bytes(out, outlen, in, len)
-     char **out;
-     int *outlen;
-     char *in;
-     unsigned int len;
-{
-     if (len > *outlen)
-         return KRB524_ENCFULL;
-     memcpy(*out, in, len);
-     *out += len;
-     *outlen -= len;
-     return 0;
-}
-
-int encode_int32(out, outlen, v)
-     char **out;
-     int *outlen;
-     krb5_int32 *v;
-{
-     krb5_int32 nv; /* Must be 4 bytes */
-
-     nv = htonl(*v);
-     return encode_bytes(out, outlen, (char *) &nv, sizeof(nv));
-}
-
-int encode_v4tkt(v4tkt, buf, encoded_len)
-     KTEXT_ST *v4tkt;
-     char *buf;
-     unsigned int *encoded_len;
-{
-     int buflen, ret;
-
-     buflen = *encoded_len;
-
-     if ((ret = encode_int32(&buf, &buflen, &v4tkt->length)))
-         return ret;
-     if ((ret = encode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
-         return ret;
-     if ((ret = encode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz)))
-         return ret;
-
-     *encoded_len -= buflen;
-     return 0;
-}
-
-/* decode functions */
-
-int decode_bytes(out, outlen, in, len)
-     char **out;
-     int *outlen;
-     char *in; 
-     unsigned int len;
-{
-     if (len > *outlen)
-         return KRB524_DECEMPTY;
-     memcpy(in, *out, len);
-     *out += len;
-     *outlen -= len;
-     return 0;
-}
-
-int decode_int32(out, outlen, v)
-     char **out;
-     int *outlen;
-     krb5_int32 *v;
-{
-     int ret;
-     krb5_int32 nv; /* Must be four bytes */
-
-     if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv))))
-         return ret;
-     *v = ntohl(nv);
-     return 0;
-}
-
-int decode_v4tkt(v4tkt, buf, encoded_len)
-     KTEXT_ST *v4tkt;
-     char *buf;
-     unsigned int *encoded_len;
-{
-     int buflen, ret;
-
-     buflen = *encoded_len;
-     if ((ret = decode_int32(&buf, &buflen, &v4tkt->length)))
-         return ret;
-     if ((ret = decode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
-         return ret;
-     if ((ret = decode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz)))
-         return ret;
-     *encoded_len -= buflen;
-     return 0;
-}
-
diff --git a/src/krb524/getcred.c b/src/krb524/getcred.c
deleted file mode 100644 (file)
index ecbb25f..0000000
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- * 
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose.  It is provided "as is" without express or implied warranty.
- * 
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdio.h>
-#include "krb5.h"
-#include <krb.h>
-
-main(argc, argv)
-     int argc;
-     char **argv;
-{
-     krb5_principal client, server;
-     krb5_ccache cc;
-     krb5_creds v5creds;
-     CREDENTIALS v4creds;
-     int i, ret;
-     krb5_context context;
-     krb5_error_code retval;
-     
-     retval = krb5_init_context(&context);
-     if (retval) {
-            com_err(argv[0], retval, "while initializing krb5");
-            exit(1);
-     }
-
-     if (ret = krb5_parse_name(argv[1], &client)) {
-         com_err("getcred", ret, "parsing client name");
-         exit(1);
-     }
-     if (ret = krb5_parse_name(argv[2], &server)) {
-         com_err("getcred", ret, "parsing server name");
-         exit(1);
-     }
-     if (ret = krb5_cc_default(context, &cc)) {
-         com_err("getcred", ret, "opening default credentials cache");
-         exit(1);
-     }
-
-     memset((char *) &v5creds, 0, sizeof(v5creds));
-     v5creds.client = client;
-     v5creds.server = server;
-     v5creds.times.endtime = 0;
-     v5creds.keyblock.enctype = ENCTYPE_DES_CBC_MD5;
-     if (ret = krb5_get_credentials(context, 0, cc, &v5creds)) {
-         com_err("getcred", ret, "getting V5 credentials");
-         exit(1);
-     }
-
-     if (ret = krb524_convert_creds_kdc(context, &v5creds, &v4creds)) {
-         com_err("getcred", ret, "converting to V4 credentials");
-         exit(1);
-     }
-     
-     return 0;
-}
index 746fbb9381d281f111b4f01a50b22e8e9f11b426..9a988205f1858a1c026af47920cc063fba9120e2 100644 (file)
@@ -37,7 +37,6 @@
 #endif
 
 #include <krb.h>
-#include "krb524.h"
 
 extern int optind;
 extern char *optarg;
@@ -92,8 +91,6 @@ int main(argc, argv)
         exit(1);
      }
 
-     krb524_init_ets(context);
-
      if ((code = krb5_cc_default(context, &cc))) {
          com_err(prog, code, "opening default credentials cache");
          exit(1);
@@ -152,7 +149,7 @@ int main(argc, argv)
          exit(1);
      }
 
-     if ((code = krb524_convert_creds_kdc(context, v5creds, &v4creds))) {
+     if ((code = krb5_524_convert_creds(context, v5creds, &v4creds))) {
          com_err(prog, code, "converting to V4 credentials");
          exit(1);
      }
diff --git a/src/krb524/krb524.c b/src/krb524/krb524.c
new file mode 100644 (file)
index 0000000..1eff72f
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2003 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ */
+
+#ifdef _WIN32
+#include "krb5.h"
+
+#ifdef krb524_convert_creds_kdc
+#undef krb524_convert_creds_kdc
+#endif
+#ifdef krb524_init_ets
+#undef krb524_init_ets
+#endif
+
+int KRB5_CALLCONV_WRONG
+krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, struct credentials *v4creds)
+{
+       return(krb5_524_convert_creds(context,v5creds,v4creds));
+}
+
+void KRB5_CALLCONV_WRONG
+krb524_init_ets(krb5_context context)
+{
+       /* no-op */
+}
+#endif /* _WIN32 */
diff --git a/src/krb524/krb524.h b/src/krb524/krb524.h
deleted file mode 100644 (file)
index f44a6b4..0000000
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- * 
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose.  It is provided "as is" without express or implied warranty.
- * 
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef KRB524_H
-#define KRB524_H
-
-#define KRB524_SERVICE "krb524"
-#define KRB524_PORT 4444
-
-#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
-#      include <TargetConditionals.h>
-#    ifndef KRB524_PRIVATE /* Allow e.g. build system to override */
-#              define KRB524_PRIVATE 0
-#      endif
-#else
-#      ifndef KRB524_PRIVATE
-#              define KRB524_PRIVATE 1
-#      endif
-#endif 
-
-#include <krb524_err.h>
-
-#ifndef KRB524INT_BEGIN_DECLS
-#ifdef __cplusplus
-#define KRB524INT_BEGIN_DECLS  extern "C" {
-#define KRB524INT_END_DECLS    }
-#else
-#define KRB524INT_BEGIN_DECLS
-#define KRB524INT_END_DECLS
-#endif
-#endif
-
-#if TARGET_OS_MAC
-#    if defined(__MWERKS__)
-#      pragma import on
-#    endif
-#    pragma options align=mac68k
-#endif
-
-KRB524INT_BEGIN_DECLS
-
-#if KRB524_PRIVATE
-extern int krb524_debug;
-
-struct sockaddr;
-struct sockaddr_in;
-
-int krb524_convert_tkt_skey
-       (krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt, 
-                  krb5_keyblock *v5_skey, krb5_keyblock *v4_skey,
-                       struct sockaddr_in *saddr);
-
-/* conv_princ.c */
-
-int krb524_convert_princs
-       (krb5_context context, krb5_principal client, krb5_principal server,
-        char *pname, char *pinst, char *prealm,
-        char *sname, char *sinst, char *srealm);
-
-/* conv_creds.c */
-
-int krb524_convert_creds_addr
-       (krb5_context context, krb5_creds *v5creds, 
-                  CREDENTIALS *v4creds, struct sockaddr *saddr);
-#endif /* KRB524_PRIVATE */
-
-int krb524_convert_creds_kdc
-       (krb5_context context, krb5_creds *v5creds, 
-                  CREDENTIALS *v4creds);
-
-#if KRB524_PRIVATE
-/* conv_tkt.c */
-
-int krb524_convert_tkt
-       (krb5_principal server, krb5_data *v5tkt, KTEXT_ST *v4tkt,
-                  int *kvno, struct sockaddr_in *saddr);
-
-/* encode.c */
-
-int encode_v4tkt
-       (KTEXT_ST *v4tkt, char *buf, unsigned int *encoded_len);
-
-int decode_v4tkt
-       (KTEXT_ST *v4tkt, char *buf, unsigned int *encoded_len);
-
-
-/* misc.c */
-
-void krb524_init_ets
-       (krb5_context context);
-
-/* sendmsg.c */
-
-#include "port-sockets.h"
-#include "socket-utils.h" /* for socklen_t */
-int krb524_sendto_kdc
-        (krb5_context context, const krb5_data * message, 
-        const krb5_data * realm, krb5_data * reply,
-        struct sockaddr *, socklen_t *);
-#endif /* KRB524_PRIVATE */
-
-#if TARGET_OS_MAC
-#    if defined(__MWERKS__)
-#      pragma import reset
-#    endif
-#      pragma options align=reset
-#endif
-
-KRB524INT_END_DECLS
-
-#endif /* KRB524_H */
index 4995b515fc229978e6c9e181b85f1d8c4517df97..a5d05c54e72681f106d2228f8dae7fc065aeb11e 100644 (file)
@@ -60,7 +60,7 @@
 #include <netinet/in.h>
 
 #include <krb.h>
-#include "krb524.h"
+#include "krb524d.h"
 
 #if defined(NEED_DAEMON_PROTO)
 extern int daemon(int, int);
@@ -76,6 +76,7 @@ static int debug = 0;
 void *handle = NULL;
 
 int use_keytab, use_master;
+int allow_v4_crossrealm = 0;
 char *keytab = NULL;
 krb5_keytab kt;
 
@@ -110,6 +111,8 @@ static RETSIGTYPE request_exit(signo)
      signalled = 1;
 }
 
+int (*encode_v4tkt)(KTEXT, char *, unsigned int *) = 0;
+
 int main(argc, argv)
      int argc;
      char **argv;
@@ -132,12 +135,31 @@ int main(argc, argv)
             exit(1);
      }
 
+     {
+        krb5int_access k5int;
+        retval = krb5int_accessor(&k5int, KRB5INT_ACCESS_VERSION);
+        if (retval != 0) {
+            com_err(whoami, retval,
+                    "while accessing krb5 library internal support");
+            exit(1);
+        }
+        encode_v4tkt = k5int.krb524_encode_v4tkt;
+        if (encode_v4tkt == NULL) {
+            com_err(whoami, 0,
+                    "krb4 support disabled in krb5 support library");
+            exit(1);
+        }
+     }
+
      argv++; argc--;
      use_master = use_keytab = nofork = 0;
      config_params.mask = 0;
      
      while (argc) {
-         if (strncmp(*argv, "-k", 2) == 0)
+       if (strncmp(*argv, "-X", 2) == 0) {
+        allow_v4_crossrealm = 1;
+       }
+       else if (strncmp(*argv, "-k", 2) == 0)
               use_keytab = 1;
          else if (strncmp(*argv, "-m", 2) == 0)
               use_master = 1;
@@ -346,7 +368,7 @@ krb5_error_code do_connection(s, context)
      if (debug)
          printf("V5 ticket decoded\n");
      
-     if( v5tkt->server->length >= 1
+     if( krb5_princ_size(context, v5tkt->server) >= 1
         &&krb5_princ_component(context, v5tkt->server, 0)->length == 3
         &&strncmp(krb5_princ_component(context, v5tkt->server, 0)->data,
                   "afs", 3) == 0) {
@@ -524,19 +546,7 @@ handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt,
                                   &v5_service_key, NULL)))
          goto error;
 
-     if ((ret = lookup_service_key(context, v5tkt->server,
-                                  ENCTYPE_DES3_CBC_RAW,
-                                  0, /* highest kvno */
-                                  &v4_service_key, v4kvno)) &&
-        (ret = lookup_service_key(context, v5tkt->server,
-                                  ENCTYPE_LOCAL_DES3_HMAC_SHA1,
-                                  0,
-                                  &v4_service_key, v4kvno)) &&
-        (ret = lookup_service_key(context, v5tkt->server,
-                                  ENCTYPE_DES3_CBC_SHA1,
-                                  0,
-                                  &v4_service_key, v4kvno)) &&
-        (ret = lookup_service_key(context, v5tkt->server,
+     if ( (ret = lookup_service_key(context, v5tkt->server,
                                   ENCTYPE_DES_CBC_CRC,
                                   0,
                                   &v4_service_key, v4kvno)))
@@ -544,8 +554,19 @@ handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt,
 
      if (debug)
          printf("service key retrieved\n");
+     if ((ret = krb5_decrypt_tkt_part(context, &v5_service_key, v5tkt))) {
+       goto error;
+     }
 
-     ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &v5_service_key,
+    if (!(allow_v4_crossrealm || krb5_realm_compare(context, v5tkt->server,
+                                                   v5tkt->enc_part2->client))) {
+ret =  KRB5KDC_ERR_POLICY ;
+ goto error;
+    }
+    krb5_free_enc_tkt_part(context, v5tkt->enc_part2);
+    v5tkt->enc_part2= NULL;
+
+         ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &v5_service_key,
                                   &v4_service_key,
                                   (struct sockaddr_in *)saddr);
      if (ret)
@@ -561,6 +582,9 @@ handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt,
          printf("v4 credentials encoded\n");
 
  error:
+     if (v5tkt->enc_part2)
+        krb5_free_enc_tkt_part(context, v5tkt->enc_part2);
+
      if(v5_service_key.contents)
        krb5_free_keyblock_contents(context, &v5_service_key);
      if (v4_service_key.contents)
similarity index 61%
rename from src/krb524/globals.c
rename to src/krb524/krb524d.h
index 0ed8682422250fbb4da0e5e0ec47c18e28e35d47..33be97157aeec0515ed4227ee8cda23aca9ec7ab 100644 (file)
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-int krb524_debug = 0;
+#ifndef KRB524INT_H
+#define KRB524INT_H
+
+#include "port-sockets.h"
+#include "kerberosIV/krb.h"
+
+#ifndef KRB524INT_BEGIN_DECLS
+#ifdef __cplusplus
+#define KRB524INT_BEGIN_DECLS  extern "C" {
+#define KRB524INT_END_DECLS    }
+#else
+#define KRB524INT_BEGIN_DECLS
+#define KRB524INT_END_DECLS
+#endif
+#endif
+
+KRB524INT_BEGIN_DECLS
+
+int krb524_convert_tkt_skey
+       (krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt, 
+                  krb5_keyblock *v5_skey, krb5_keyblock *v4_skey,
+                       struct sockaddr_in *saddr);
+
+/* conv_princ.c */
+
+int krb524_convert_princs
+       (krb5_context context, krb5_principal client, krb5_principal server,
+        char *pname, char *pinst, char *prealm,
+        char *sname, char *sinst, char *srealm);
+
+KRB524INT_END_DECLS
+
+#endif /* KRB524INT_H */
index 13189e8cfc18fb526d29fa4745ce266492add911..d0cb92181b5184f9d000776f5efb357901bcd81e 100644 (file)
@@ -32,7 +32,6 @@
 
 #include <des.h>
 #include <krb.h>
-#include "krb524.h"
 #include "com_err.h"
 
 #define KEYSIZE 8
@@ -223,7 +222,9 @@ int main(argc, argv)
      krb5_context context;
      krb5_error_code retval;
 
+#if 0
      krb524_debug = 1;
+#endif
 
      retval = krb5_init_context(&context);
      if (retval) {
@@ -231,8 +232,6 @@ int main(argc, argv)
             exit(1);
      }
 
-     krb524_init_ets(context);
-
      local = 0;
      remote = NULL;
      argc--; argv++;
index bfa7678b0cad3dc3543e408f31681ae8034e0724..860408b4e4115302e50cd96d60f130edab5fcaff 100644 (file)
@@ -1,3 +1,65 @@
+2004-03-31  Jeffrey Altman <jaltman@mit.edu>
+
+    * Makefile.in: Delay Load the ADVAPI32.DLL and SECUR32.DLL libraries
+      to enable the KRB5_32.DLL to load on Windows 9x systems which do
+      not support the LSA Kerberos functionality.
+
+2003-12-18  Jeffrey Altman <jaltman@mit.edu>
+
+        * krb5_32.def: Remove exports added on 2003-12-13.  Moved
+          to krb5int_accessor
+
+2003-12-13  Jeffrey Altman <jaltman@mit.edu>
+   
+        * krb4_32.def: Remove exports from KfM not yet compiled in KfW
+            krb_ad_tkt, krb_pw_tkt, kuserok, tkt_string, FSp_xxx
+        
+        * krb5_32.def: Add exports of private functions necessary for 
+            building new gssapi32.dll:
+              krb5int_c_mandatory_cksumtype   ; PRIVATE GSSAPI k5-int.h
+              krb5_ser_pack_int64             ; PRIVATE GSSAPI k5-int.h
+              krb5_ser_unpack_int64           ; PRIVATE GSSAPI k5-int.h
+
+2003-12-11  Jeffrey Altman <jaltman@mit.edu>
+
+        * Makefile.in: Add secur32.lib to libraries necessary to build 
+          krb5_32.dll.  Necessary to support the new MSLSA ccache type.
+
+2003-12-08  Jeffrey Altman <jaltman@mit.edu>
+
+        * krb4_32.def: Add exports for functions exported by KfM
+
+2003-07-21  Alexandra Ellwood  <lxs@mit.edu>
+
+        * krb5_32.def: Export krb5_principal2salt.
+
+2003-07-18  Jeffrey Altman <jaltman@mit.edu>
+
+    * gssapi32.def: Export GSS OID constants
+
+2003-07-09  Alexandra Ellwood  <lxs@mit.edu>
+
+        * krb5_32.def: Export krb5_get_permitted_enctypes and 
+        krb5_set_real_time for Samba.
+
+2003-05-27  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb5_32.def: Add krb5_524_convert_creds.
+
+2003-05-08  Sam Hartman  <hartmans@mit.edu>
+
+       * krb5_32.def: Add krb5_c_string_to_key_with_params
+
+2003-05-09  Tom Yu  <tlyu@mit.edu>
+
+       * krb5_32.def: Add krb5_auth_con_getrecvsubkey,
+       krb5_auth_con_getsendsubkey, krb5_auth_con_setrecvsubkey,
+       krb5_auth_con_setsendsubkey.
+
+2003-04-15  Sam Hartman  <hartmans@mit.edu>
+
+       * krb5_32.def: Add krb5_set_password and krb5_set_password_using_ccache
+
 2003-02-10  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in (K4LIBS): Revert previous.
index 01a43511dba15bc2cc39e636790080bb37850f24..88d2d2945e9e02f783c2645085df6cc68e66f9aa 100644 (file)
@@ -52,8 +52,9 @@ KRB5RC = krb5.rc
 VERSIONRC = $(BUILDTOP)\windows\version.rc
 
 WINLIBS = kernel32.lib ws2_32.lib user32.lib shell32.lib oldnames.lib \
-       version.lib advapi32.lib gdi32.lib
-WINDLLFLAGS = $(DLL_LINKOPTS) -base:0x1c000000
+       version.lib secur32.lib advapi32.lib gdi32.lib delayimp.lib
+WINDLLFLAGS = $(DLL_LINKOPTS) -base:0x1c000000 /DELAYLOAD:secur32.dll \
+       /DELAYLOAD:advapi32.dll /DELAY:UNLOAD /DELAY:NOBIND
 
 NO_GLUE=$(OUTPRE)no_glue.obj
 K5_GLUE=$(OUTPRE)k5_glue.obj
index 6f73ddf62710f7d767f926ac0d19335a1a0b224e..4b6bd92648f4407874711656a14e9551e82b8975 100644 (file)
@@ -1,3 +1,75 @@
+2004-05-07  Ken Raeburn  <raeburn@mit.edu>
+
+       * configure.in: Check for endian.h and machine/endian.h.
+
+2004-03-22  Ken Raeburn  <raeburn@mit.edu>
+
+       * pbkdf2.c (hmac1): Make a local copy of the supplied keyblock
+       structure, in case we want to modify it.
+
+2004-02-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * t_encrypt.c (compare_results): New function.
+       (main): Use it to check decryption results against the original
+       plaintext.  When testing with cipher state, encrypt and then
+       decrypt (and verify) two messages.
+       * Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB.
+
+2004-02-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * t_cts.c (test_cts): Process encryption and decryption IVs
+       separately, make sure they match, and display the value.
+
+2003-12-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * etypes.c (krb5_enctypes_list): Fill in required_ctype field.
+       * mandatory_sumtype.c: New file.
+       * Makefile.in (SRCS, OBJS, STLIBOBJS): Build it.
+
+2003-07-13  Kenneth Raeburn  <raeburn@mit.edu>
+
+       * pbkdf2.c (foo): Never call com_err.
+
+2003-06-25  Ken Raeburn  <raeburn@mit.edu>
+
+       * checksum_length.c (krb5_c_checksum_length): Handle trunc_size.
+
+2003-06-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * cksumtypes.c (krb5_cksumtypes_list): Add aes128/256 hmacs, with
+       new trunc_size field.
+
+       * make_checksum.c (krb5_c_make_checksum): If trunc_size is
+       specified, shrink the computed checksum down to the indicated
+       size.
+
+2003-06-05  Sam Hartman  <hartmans@mit.edu>
+
+       * string_to_key.c (krb5_c_string_to_key_with_params): Only allow
+       AFS s2k  for DES enctypes
+
+2003-05-15  Sam Hartman  <hartmans@mit.edu>
+
+       * combine_keys.c (enctype_ok): new function to determine if we support combine_keys for a particular enctype
+
+2003-05-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * etypes.c (krb5_enctypes_list): Add names aes128-cts and
+       aes256-cts as aliases.
+
+2003-05-08  Sam Hartman  <hartmans@mit.edu>
+
+       * string_to_key.c: Move krb5_c_string_to_key_with_params to krb5.h
+
+2003-04-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * pbkdf2.c (krb5int_pbkdf2): Provide a temporary buffer for the
+       output from F, if the remaining space in the output buffer isn't
+       big enough.  Free the temporary buffers before returning.
+
+       * etypes.c (krb5_enctypes_list): Use krb5int_aes_encrypt_length,
+       and krb5int_aes_dk_encrypt, and krb5int_aes_dk_decrypt for AES.
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
 
     * prng.c: use Unix randomness sources on Mac OS X.
index e571ef777446cc633b539d9f95ebf71b51540bb6..2169d135856e478a9fb987333a4df72a765abf47 100644 (file)
@@ -54,6 +54,7 @@ STLIBOBJS=\
        keyed_checksum_types.o  \
        make_checksum.o         \
        make_random_key.o       \
+       mandatory_sumtype.o     \
        nfold.o                 \
        old_api_glue.o          \
        pbkdf2.o                \
@@ -86,6 +87,7 @@ OBJS=\
        $(OUTPRE)keyed_checksum_types.$(OBJEXT) \
        $(OUTPRE)make_checksum.$(OBJEXT)        \
        $(OUTPRE)make_random_key.$(OBJEXT)      \
+       $(OUTPRE)mandatory_sumtype.$(OBJEXT)    \
        $(OUTPRE)nfold.$(OBJEXT)                \
        $(OUTPRE)old_api_glue.$(OBJEXT)         \
        $(OUTPRE)pbkdf2.$(OBJEXT)               \
@@ -118,6 +120,7 @@ SRCS=\
        $(srcdir)/keyed_checksum_types.c\
        $(srcdir)/make_checksum.c       \
        $(srcdir)/make_random_key.c     \
+       $(srcdir)/mandatory_sumtype.c   \
        $(srcdir)/nfold.c               \
        $(srcdir)/old_api_glue.c        \
        $(srcdir)/pbkdf2.c      \
@@ -177,7 +180,7 @@ check-unix:: t_nfold t_encrypt t_prng t_hmac t_pkcs5
 t_nfold$(EXEEXT): t_nfold.$(OBJEXT) nfold.$(OBJEXT)
        $(CC_LINK) -o $@ t_nfold.$(OBJEXT) nfold.$(OBJEXT)
 
-t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT)
+t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT) $(CRYPTO_DEPLIB)
        $(CC_LINK) -o $@ t_encrypt.$(OBJEXT)  -lkrb5 -lk5crypto -lcom_err
 
 t_prng$(EXEEXT): t_prng.$(OBJEXT) 
@@ -348,206 +351,224 @@ check-windows::
 #
 block_size.so block_size.po $(OUTPRE)block_size.$(OBJEXT): block_size.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h etypes.h
+  etypes.h
 checksum_length.so checksum_length.po $(OUTPRE)checksum_length.$(OBJEXT): checksum_length.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  cksumtypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h cksumtypes.h
 cksumtype_to_string.so cksumtype_to_string.po $(OUTPRE)cksumtype_to_string.$(OBJEXT): cksumtype_to_string.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  cksumtypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h cksumtypes.h
 cksumtypes.so cksumtypes.po $(OUTPRE)cksumtypes.$(OBJEXT): cksumtypes.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/hash_provider/hash_provider.h \
-  $(srcdir)/keyhash_provider/keyhash_provider.h cksumtypes.h
+  $(srcdir)/hash_provider/hash_provider.h $(srcdir)/keyhash_provider/keyhash_provider.h \
+  cksumtypes.h
 coll_proof_cksum.so coll_proof_cksum.po $(OUTPRE)coll_proof_cksum.$(OBJEXT): coll_proof_cksum.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  cksumtypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h cksumtypes.h
 combine_keys.so combine_keys.po $(OUTPRE)combine_keys.$(OBJEXT): combine_keys.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h etypes.h $(srcdir)/dk/dk.h
+  etypes.h $(srcdir)/dk/dk.h
 crypto_libinit.so crypto_libinit.po $(OUTPRE)crypto_libinit.$(OBJEXT): crypto_libinit.c \
   crypto_libinit.h
 default_state.so default_state.po $(OUTPRE)default_state.$(OBJEXT): default_state.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 decrypt.so decrypt.po $(OUTPRE)decrypt.$(OBJEXT): decrypt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h etypes.h
+  etypes.h
 encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): encrypt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h etypes.h
+  etypes.h
 encrypt_length.so encrypt_length.po $(OUTPRE)encrypt_length.$(OBJEXT): encrypt_length.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  etypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h etypes.h
 enctype_compare.so enctype_compare.po $(OUTPRE)enctype_compare.$(OBJEXT): enctype_compare.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  etypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h etypes.h
 enctype_to_string.so enctype_to_string.po $(OUTPRE)enctype_to_string.$(OBJEXT): enctype_to_string.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  etypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h etypes.h
 etypes.so etypes.po $(OUTPRE)etypes.$(OBJEXT): etypes.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/enc_provider/enc_provider.h \
-  $(srcdir)/hash_provider/hash_provider.h etypes.h $(srcdir)/old/old.h \
-  $(srcdir)/raw/raw.h $(srcdir)/dk/dk.h $(srcdir)/arcfour/arcfour.h \
-  $(srcdir)/aes/aes_s2k.h
+  $(srcdir)/enc_provider/enc_provider.h $(srcdir)/hash_provider/hash_provider.h \
+  etypes.h $(srcdir)/old/old.h $(srcdir)/raw/raw.h $(srcdir)/dk/dk.h \
+  $(srcdir)/arcfour/arcfour.h $(srcdir)/aes/aes_s2k.h
 hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): hmac.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 keyed_cksum.so keyed_cksum.po $(OUTPRE)keyed_cksum.$(OBJEXT): keyed_cksum.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h cksumtypes.h
+  cksumtypes.h
 keyed_checksum_types.so keyed_checksum_types.po $(OUTPRE)keyed_checksum_types.$(OBJEXT): keyed_checksum_types.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  etypes.h cksumtypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h etypes.h cksumtypes.h
 make_checksum.so make_checksum.po $(OUTPRE)make_checksum.$(OBJEXT): make_checksum.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h cksumtypes.h etypes.h \
-  $(srcdir)/dk/dk.h
+  cksumtypes.h etypes.h $(srcdir)/dk/dk.h
 make_random_key.so make_random_key.po $(OUTPRE)make_random_key.$(OBJEXT): make_random_key.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  etypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h etypes.h
+mandatory_sumtype.so mandatory_sumtype.po $(OUTPRE)mandatory_sumtype.$(OBJEXT): mandatory_sumtype.c \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h etypes.h
 nfold.so nfold.po $(OUTPRE)nfold.$(OBJEXT): nfold.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 old_api_glue.so old_api_glue.po $(OUTPRE)old_api_glue.$(OBJEXT): old_api_glue.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): pbkdf2.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/hash_provider/hash_provider.h
+  $(srcdir)/hash_provider/hash_provider.h
 prng.so prng.po $(OUTPRE)prng.$(OBJEXT): prng.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/enc_provider/enc_provider.h \
-  $(srcdir)/yarrow/yarrow.h $(srcdir)/yarrow/ytypes.h \
-  $(srcdir)/yarrow/yhash.h $(srcdir)/sha1/shs.h $(srcdir)/yarrow/ycipher.h
+  $(srcdir)/enc_provider/enc_provider.h $(srcdir)/yarrow/yarrow.h \
+  $(srcdir)/yarrow/ytypes.h $(srcdir)/yarrow/yhash.h \
+  $(srcdir)/sha1/shs.h $(srcdir)/yarrow/ycipher.h
 state.so state.po $(OUTPRE)state.$(OBJEXT): state.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h etypes.h
+  etypes.h
 string_to_cksumtype.so string_to_cksumtype.po $(OUTPRE)string_to_cksumtype.$(OBJEXT): string_to_cksumtype.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  cksumtypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h cksumtypes.h
 string_to_enctype.so string_to_enctype.po $(OUTPRE)string_to_enctype.$(OBJEXT): string_to_enctype.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  etypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h etypes.h
 string_to_key.so string_to_key.po $(OUTPRE)string_to_key.$(OBJEXT): string_to_key.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h etypes.h
+  etypes.h
 valid_cksumtype.so valid_cksumtype.po $(OUTPRE)valid_cksumtype.$(OBJEXT): valid_cksumtype.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  cksumtypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h cksumtypes.h
 valid_enctype.so valid_enctype.po $(OUTPRE)valid_enctype.$(OBJEXT): valid_enctype.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h etypes.h
+  etypes.h
 verify_checksum.so verify_checksum.po $(OUTPRE)verify_checksum.$(OBJEXT): verify_checksum.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  cksumtypes.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h cksumtypes.h
 t_nfold.so t_nfold.po $(OUTPRE)t_nfold.$(OBJEXT): t_nfold.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 t_encrypt.so t_encrypt.po $(OUTPRE)t_encrypt.$(OBJEXT): t_encrypt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h etypes.h
+  etypes.h
 t_prng.so t_prng.po $(OUTPRE)t_prng.$(OBJEXT): t_prng.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 t_hmac.so t_hmac.po $(OUTPRE)t_hmac.$(OBJEXT): t_hmac.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 t_pkcs5.so t_pkcs5.po $(OUTPRE)t_pkcs5.$(OBJEXT): t_pkcs5.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 t_cts.so t_cts.po $(OUTPRE)t_cts.$(OBJEXT): t_cts.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 vectors.so vectors.po $(OUTPRE)vectors.$(OBJEXT): vectors.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 
index 443aabdd98d1ccb72aff75c1c5d9257d45b1a34c..6955bc1a84194cab3165d79cfeb19670d4107933 100644 (file)
@@ -1,3 +1,33 @@
+2004-05-25  Tom Yu  <tlyu@mit.edu>
+
+       * aesopt.h (PLATFORM_BYTE_ORDER): Treat _WIN32 as always
+       little-endian.  Default to little-endian if there's no other
+       compile-time way to detect endianness, noting it as a guess.
+       (SAFE_IO): Error out if SAFE_IO is not set and endianness was
+       guessed.
+
+2004-05-07  Ken Raeburn  <raeburn@mit.edu>
+
+       * aesopt.h (PLATFORM_BYTE_ORDER): Check for _MIPSEB, _MIPSEL.  If
+       endian.h or machine/endian.h is available, include it instead of
+       sys/param.h.  Don't mess around with multibyte character
+       constants.
+
+2003-05-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * aes_s2k.c (DEFAULT_ITERATION_COUNT): New macro; define to 4096.
+       (MAX_ITERATION_COUNT): New macro.
+       (krb5int_aes_string_to_key): Use them.
+
+2003-04-29  Ken Raeburn  <raeburn@mit.edu>
+
+       * uitypes.h: Use inttypes.h if HAVE_INTTYPES_H is defined.
+
+2003-04-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * aes_s2k.c (krb5int_aes_string_to_key): Return an error if the
+       supplied iteration count is really, really large.
+
 2003-03-04  Ken Raeburn  <raeburn@mit.edu>
 
        * aes_s2k.c, aes_s2k.h: New files.
index d14f0f9067fcc59398ba62eb78e9e68f47a4ba81..4a1064a0b753c1f929c15c064e647042202e70dd 100644 (file)
@@ -83,7 +83,8 @@ aeskey.so aeskey.po $(OUTPRE)aeskey.$(OBJEXT): aeskey.c aesopt.h aes.h \
   uitypes.h
 aes_s2k.so aes_s2k.po $(OUTPRE)aes_s2k.$(OBJEXT): aes_s2k.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h aes_s2k.h
+  $(srcdir)/../dk/dk.h aes_s2k.h
 
index f3670d7d84a087a65fa3b08e7337f6e15761acd0..9d48bd0cb18beffa48aa69078b41f508fb3f7304 100644 (file)
@@ -1,9 +1,39 @@
-/* Insert MIT copyright here.  */
+/*
+ * lib/crypto/aes/aes_s2k.c
+ *
+ * Copyright 2003 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * krb5int_aes_string_to_key
+ */
 
 #include "k5-int.h"
 #include "dk.h"
 #include "aes_s2k.h"
 
+#define DEFAULT_ITERATION_COUNT                4096 /* was 0xb000L in earlier drafts */
+#define MAX_ITERATION_COUNT            0x1000000L
+
 krb5_error_code
 krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
                          const krb5_data *string,
@@ -27,7 +57,13 @@ krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
                return KRB5_ERR_BAD_S2K_PARAMS;
        }
     } else
-       iter_count = 0xb000L;
+       iter_count = DEFAULT_ITERATION_COUNT;
+
+    /* This is not a protocol specification constraint; this is an
+       implementation limit, which should eventually be controlled by
+       a config file.  */
+    if (iter_count >= MAX_ITERATION_COUNT)
+       return KRB5_ERR_BAD_S2K_PARAMS;
 
     /*
      * Dense key space, no parity bits or anything, so take a shortcut
index 53fa4d56db1e4c1ce4ce46cd88b4cd8eadbfa198..0eebd46aef0b086c8f249a29a5ada72ad0baa4dc 100644 (file)
 #  endif
 #elif defined(_MSC_VER)
 #  include <stdlib.h>
-#elif !defined(WIN32)
+#elif defined(_MIPSEB)
+#  define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
+#elif defined(_MIPSEL)
+#  define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
+#elif defined(_WIN32)
+#  define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
+#elif !defined(_WIN32)
 #  include <stdlib.h>
-#undef _ENDIAN_H /* XXX */
-#  if !defined (_ENDIAN_H)
-#    include <sys/param.h>
+#  if defined(HAVE_ENDIAN_H)
+#    include <endian.h>
+#  elif defined(HAVE_MACHINE_ENDIAN_H)
+#    include <machine/endian.h>
 #  else
-#    include _ENDIAN_H
+#    include <sys/param.h>
 #  endif
 #endif
 
 #define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
 #elif 0     /* **** EDIT HERE IF NECESSARY **** */
 #define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
-#elif (('1234' >> 24) == '1')
-#  define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
-#elif (('4321' >> 24) == '1')
-#  define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
-#endif
+#elif 1
+#define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
+#define UNKNOWN_BYTE_ORDER     /* we're guessing */
 #endif
-
-#if !defined(PLATFORM_BYTE_ORDER)
-#  error Please set undetermined byte order (lines 229 or 231 of aesopt.h).
 #endif
 
 /*  3. ASSEMBLER SUPPORT
 #define SAFE_IO
 #endif
 
+/*
+ * If PLATFORM_BYTE_ORDER does not match the actual machine byte
+ * order, the fast word-access code will cause incorrect results.
+ * Therefore, SAFE_IO is required when the byte order is unknown.
+ */
+#if !defined(SAFE_IO) && defined(UNKNOWN_BYTE_ORDER)
+#  error "SAFE_IO must be defined if machine byte order is unknown."
+#endif
+
 /*  7. LOOP UNROLLING
 
     The code for encryption and decrytpion cycles through a number of rounds
index 4e50ef7dfedb67ae04d64cabfd59b3d112da8695..02dd3b0725f1285e8540c401c7acce51814d6e5f 100644 (file)
@@ -44,7 +44,7 @@
 #endif
 #endif
 
-#if defined HAS_INTTYPES_H
+#if defined HAS_INTTYPES_H || defined HAVE_INTTYPES_H
 #include <inttypes.h>
 #define s_u32     u
 #define s_u64   ull
index 8c33066b9b79dc423304de4bdf4ae9e7e8dba2d6..329feb47ca64b216d57a079eee31d55c8f582a30 100644 (file)
@@ -45,13 +45,14 @@ clean-unix:: clean-libobjs
 #
 arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): arcfour.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h arcfour-int.h arcfour.h
+  arcfour-int.h arcfour.h
 string_to_key.so string_to_key.po $(OUTPRE)string_to_key.$(OBJEXT): string_to_key.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../md4/rsa-md4.h \
-  arcfour-int.h arcfour.h
+  $(srcdir)/../md4/rsa-md4.h arcfour-int.h arcfour.h
 
index 80040b2318ab4ebc1797d046e3906725ef6a4e0e..f3886f4a9708335a6f78f83ce407e210585a175b 100644 (file)
@@ -45,6 +45,8 @@ krb5_c_checksum_length(context, cksumtype, length)
 
     if (krb5_cksumtypes_list[i].keyhash)
        (*(krb5_cksumtypes_list[i].keyhash->hash_size))(length);
+    else if (krb5_cksumtypes_list[i].trunc_size)
+       *length = krb5_cksumtypes_list[i].trunc_size;
     else
        (*(krb5_cksumtypes_list[i].hash->hash_size))(length);
 
index 76882f87d128522c62e71de095702fa12ccc8244..ae7ed5f8740f7bc8bfaf82429f2c1c7ba69be469 100644 (file)
@@ -84,6 +84,14 @@ const struct krb5_cksumtypes krb5_cksumtypes_list[] = {
       ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5,
       NULL },
 
+    { CKSUMTYPE_HMAC_SHA1_96_AES128, KRB5_CKSUMFLAG_DERIVE,
+      "hmac-sha1-96-aes128", "HMAC-SHA1 AES128 key",
+      0, NULL, 
+      &krb5int_hash_sha1, 12 },
+    { CKSUMTYPE_HMAC_SHA1_96_AES256, KRB5_CKSUMFLAG_DERIVE,
+      "hmac-sha1-96-aes256", "HMAC-SHA1 AES256 key",
+      0, NULL, 
+      &krb5int_hash_sha1, 12 },
 };
 
 const int krb5_cksumtypes_length =
index 6466a95f30cdeddfc2e716b4e56e9a3d6523b249..9aad8f54320576642250282e27d385774c67a91f 100644 (file)
@@ -50,6 +50,25 @@ static krb5_error_code dr
 (const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
                unsigned char *outdata, const krb5_data *in_constant);
 
+/*
+ * We only support this combine_keys algorithm for des and 3des keys.
+ * Everything else should use the PRF defined in the crypto framework.
+ * We don't implement that yet.
+ */
+
+static krb5_boolean  enctype_ok (krb5_enctype e) 
+{
+    switch (e) {
+    case ENCTYPE_DES_CBC_CRC:
+    case ENCTYPE_DES_CBC_MD4:
+    case ENCTYPE_DES_CBC_MD5:
+    case ENCTYPE_DES3_CBC_SHA1:
+       return 1;
+    default:
+       return 0;
+    }
+}
+
 krb5_error_code krb5int_c_combine_keys
 (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, krb5_keyblock *outkey)
 {
@@ -60,6 +79,9 @@ krb5_error_code krb5int_c_combine_keys
     krb5_keyblock tkey;
     krb5_error_code ret;
     int i, myalloc = 0;
+    if (!(enctype_ok(key1->enctype)&&enctype_ok(key2->enctype)))
+       return (KRB5_CRYPTO_INTERNAL);
+    
 
     if (key1->length != key2->length || key1->enctype != key2->enctype)
        return (KRB5_CRYPTO_INTERNAL);
index d675de4bbbb544e6dc9f16c2893ab3b6ea83fdc5..4dc938a17b1c1c4f7f2f8eda727d3d037815f3e7 100644 (file)
@@ -1,7 +1,7 @@
 AC_INIT(configure.in)
 CONFIG_RULES
 
-AC_CHECK_HEADERS(memory.h unistd.h)
+AC_CHECK_HEADERS(memory.h unistd.h endian.h machine/endian.h)
 
 KRB5_RUN_FLAGS
 KRB5_BUILD_PROGRAM
index 09d24047e3274f4d2fa0d70464c108677fddf51d..29e09391e26e9bcc614f3487b7648f6480445722 100644 (file)
@@ -46,7 +46,8 @@ t_crc: t_crc.o crc32.o
 #
 crc32.so crc32.po $(OUTPRE)crc32.$(OBJEXT): crc32.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h crc-32.h
+  crc-32.h
 
index f8065d7efdc19ae75b484a5ca5cc3fa5798522ea..607cc5f16e2f21e924cf0156a35299d14fc56062 100644 (file)
@@ -100,61 +100,68 @@ clean-unix:: clean-libobjs
 #
 afsstring2key.so afsstring2key.po $(OUTPRE)afsstring2key.$(OBJEXT): afsstring2key.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h des_int.h $(SRCTOP)/include/kerberosIV/des.h
+  des_int.h $(SRCTOP)/include/kerberosIV/des.h
 d3_cbc.so d3_cbc.po $(OUTPRE)d3_cbc.$(OBJEXT): d3_cbc.c des_int.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/des.h \
-  f_tables.h
+  $(SRCTOP)/include/kerberosIV/des.h f_tables.h
 d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): d3_kysched.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h des_int.h $(SRCTOP)/include/kerberosIV/des.h
+  des_int.h $(SRCTOP)/include/kerberosIV/des.h
 f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): f_cbc.c des_int.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/des.h \
-  f_tables.h
+  $(SRCTOP)/include/kerberosIV/des.h f_tables.h
 f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): f_cksum.c des_int.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/des.h \
-  f_tables.h
+  $(SRCTOP)/include/kerberosIV/des.h f_tables.h
 f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): f_parity.c des_int.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/des.h
+  $(SRCTOP)/include/kerberosIV/des.h
 f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): f_sched.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h des_int.h $(SRCTOP)/include/kerberosIV/des.h
+  des_int.h $(SRCTOP)/include/kerberosIV/des.h
 f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): f_tables.c des_int.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/des.h \
-  f_tables.h
+  $(SRCTOP)/include/kerberosIV/des.h f_tables.h
 key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): key_sched.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h des_int.h $(SRCTOP)/include/kerberosIV/des.h
+  des_int.h $(SRCTOP)/include/kerberosIV/des.h
 weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): weak_key.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h des_int.h $(SRCTOP)/include/kerberosIV/des.h
+  des_int.h $(SRCTOP)/include/kerberosIV/des.h
 string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): string2key.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h des_int.h $(SRCTOP)/include/kerberosIV/des.h
+  des_int.h $(SRCTOP)/include/kerberosIV/des.h
 
index 9ed3a8de9e85e5bcfcd8d7844fd51bd758205484..885dbf7cb71f43df1ab4d1e5617bbe93fb888219 100644 (file)
@@ -1,3 +1,32 @@
+2004-02-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument
+       IVEC_MODE.  If clear, same old behavior.  If set, copy out next
+       to last block for CTS.
+       (krb5_dk_decrypt, krb5int_aes_dk_decrypt): Pass extra argument.
+       * dk_encrypt.c (krb5int_aes_dk_encrypt): For IV, copy out next to
+       last block for CTS.
+
+2003-04-17  Ken Raeburn  <raeburn@mit.edu>
+
+       * dk_encrypt.c (krb5int_aes_dk_encrypt): Set output length
+       properly.
+
+2003-04-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): Renamed from
+       krb5_dk_decrypt, made static, added extra HMACSIZE argument to
+       indicate size of HMAC.  Cast byte values to char to silence
+       compiler warning.
+       (krb5_dk_decrypt): Call it.
+       (krb5int_aes_dk_decrypt): New function.
+       * dk_encrypt.c (krb5_dk_encrypt): Cast byte values to char to
+       silence compiler warning.
+       (krb5int_aes_encrypt_length, trunc_hmac, krb5int_aes_dk_encrypt):
+       New functions.
+       * dk.h (krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt,
+       krb5int_aes_dk_decrypt): Declare.
+
 2003-03-04  Ken Raeburn  <raeburn@mit.edu>
 
        * stringtokey.c (krb5int_dk_string_to_key): Renamed from
index 3785ad6f82a4205d87819f46617ef7cf24c3cf2a..cfd4821e9784850e41f05dbe9882e00fe6e95ede 100644 (file)
@@ -54,28 +54,32 @@ clean-unix:: clean-libobjs
 #
 checksum.so checksum.po $(OUTPRE)checksum.$(OBJEXT): checksum.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../etypes.h \
-  dk.h
+  $(srcdir)/../etypes.h dk.h
 dk_decrypt.so dk_decrypt.po $(OUTPRE)dk_decrypt.$(OBJEXT): dk_decrypt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h dk.h
+  dk.h
 dk_encrypt.so dk_encrypt.po $(OUTPRE)dk_encrypt.$(OBJEXT): dk_encrypt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h dk.h
+  dk.h
 derive.so derive.po $(OUTPRE)derive.$(OBJEXT): derive.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h dk.h $(srcdir)/../etypes.h
+  dk.h $(srcdir)/../etypes.h
 stringtokey.so stringtokey.po $(OUTPRE)stringtokey.$(OBJEXT): stringtokey.c dk.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h
 
index 01710161716467eaaf876104b48723d3817956ab..a224167ea1a49f0fc0b18dfd4146c68f10a7b403 100644 (file)
@@ -38,6 +38,18 @@ krb5_error_code krb5_dk_encrypt
                const krb5_data *ivec,
                const krb5_data *input, krb5_data *output);
 
+void krb5int_aes_encrypt_length
+(const struct krb5_enc_provider *enc,
+               const struct krb5_hash_provider *hash,
+               size_t input, size_t *length);
+
+krb5_error_code krb5int_aes_dk_encrypt
+(const struct krb5_enc_provider *enc,
+               const struct krb5_hash_provider *hash,
+               const krb5_keyblock *key, krb5_keyusage usage,
+               const krb5_data *ivec,
+               const krb5_data *input, krb5_data *output);
+
 krb5_error_code krb5_dk_decrypt
 (const struct krb5_enc_provider *enc,
                const struct krb5_hash_provider *hash,
@@ -45,6 +57,13 @@ krb5_error_code krb5_dk_decrypt
                const krb5_data *ivec, const krb5_data *input,
                krb5_data *arg_output);
 
+krb5_error_code krb5int_aes_dk_decrypt
+(const struct krb5_enc_provider *enc,
+               const struct krb5_hash_provider *hash,
+               const krb5_keyblock *key, krb5_keyusage usage,
+               const krb5_data *ivec, const krb5_data *input,
+               krb5_data *arg_output);
+
 krb5_error_code krb5int_dk_string_to_key
 (const struct krb5_enc_provider *enc, 
                const krb5_data *string, const krb5_data *salt,
index adc4d2348f1e30e1c285a358793c973674d4fb06..febb735f993ae4e726a82a1ecd216756d33e7228 100644 (file)
 
 #define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
 
+static krb5_error_code
+krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
+                                const struct krb5_hash_provider *hash,
+                                const krb5_keyblock *key,
+                                krb5_keyusage usage,
+                                const krb5_data *ivec,
+                                const krb5_data *input,
+                                krb5_data *output,
+                                size_t hmacsize,
+                                int ivec_mode);
+
 krb5_error_code
 krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
      const struct krb5_enc_provider *enc;
@@ -38,6 +49,37 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
      const krb5_data *ivec;
      const krb5_data *input;
      krb5_data *output;
+{
+    return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage,
+                                           ivec, input, output, 0, 0);
+}
+
+krb5_error_code
+krb5int_aes_dk_decrypt(enc, hash, key, usage, ivec, input, output)
+     const struct krb5_enc_provider *enc;
+     const struct krb5_hash_provider *hash;
+     const krb5_keyblock *key;
+     krb5_keyusage usage;
+     const krb5_data *ivec;
+     const krb5_data *input;
+     krb5_data *output;
+{
+    return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage,
+                                           ivec, input, output, 96 / 8, 1);
+}
+
+static krb5_error_code
+krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage, ivec, input, output,
+                                hmacsize, ivec_mode)
+     const struct krb5_enc_provider *enc;
+     const struct krb5_hash_provider *hash;
+     const krb5_keyblock *key;
+     krb5_keyusage usage;
+     const krb5_data *ivec;
+     const krb5_data *input;
+     krb5_data *output;
+     size_t hmacsize;
+     int ivec_mode;
 {
     krb5_error_code ret;
     size_t hashsize, blocksize, keybytes, keylength, enclen, plainlen;
@@ -52,7 +94,12 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
     (*(enc->block_size))(&blocksize);
     (*(enc->keysize))(&keybytes, &keylength);
 
-    enclen = input->length - hashsize;
+    if (hmacsize == 0)
+       hmacsize = hashsize;
+    else if (hmacsize > hashsize)
+       return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
+    enclen = input->length - hmacsize;
 
     if ((kedata = (unsigned char *) malloc(keylength)) == NULL)
        return(ENOMEM);
@@ -87,7 +134,7 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
     d1.data[2] = (usage>>8)&0xff;
     d1.data[3] = usage&0xff;
 
-    d1.data[4] = 0xAA;
+    d1.data[4] = (char) 0xAA;
 
     if ((ret = krb5_derive_key(enc, key, &ke, &d1)) != 0)
        goto cleanup;
@@ -108,9 +155,15 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
     if ((ret = ((*(enc->decrypt))(&ke, ivec, &d1, &d2))) != 0)
        goto cleanup;
 
-    if (ivec != NULL && ivec->length == blocksize)
-       cn = (unsigned char *) d1.data + d1.length - blocksize;
-    else
+    if (ivec != NULL && ivec->length == blocksize) {
+       if (ivec_mode == 0)
+           cn = (unsigned char *) d1.data + d1.length - blocksize;
+       else if (ivec_mode == 1) {
+           int nblocks = (d1.length + blocksize - 1) / blocksize;
+           cn = d1.data + blocksize * (nblocks - 2);
+       } else
+           abort();
+    } else
        cn = NULL;
 
     /* verify the hash */
@@ -121,7 +174,7 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
     if ((ret = krb5_hmac(hash, &ki, 1, &d2, &d1)) != 0)
        goto cleanup;
 
-    if (memcmp(cksum, input->data+enclen, hashsize) != 0) {
+    if (memcmp(cksum, input->data+enclen, hmacsize) != 0) {
        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
        goto cleanup;
     }
index eb9fe5fa37ebb1b82120512693f29afae7a3264b..6016b1dac3a45998234629f3f32c5119980594a0 100644 (file)
@@ -108,7 +108,7 @@ krb5_dk_encrypt(enc, hash, key, usage, ivec, input, output)
     d1.data[2] = (usage>>8)&0xff;
     d1.data[3] = usage&0xff;
 
-    d1.data[4] = 0xAA;
+    d1.data[4] = (char) 0xAA;
 
     if ((ret = krb5_derive_key(enc, key, &ke, &d1)))
        goto cleanup;
@@ -177,6 +177,198 @@ cleanup:
     return(ret);
 }
 
+/* Not necessarily "AES", per se, but "a CBC+CTS mode block cipher
+   with a 96-bit truncated HMAC".  */
+void
+krb5int_aes_encrypt_length(enc, hash, inputlen, length)
+     const struct krb5_enc_provider *enc;
+     const struct krb5_hash_provider *hash;
+     size_t inputlen;
+     size_t *length;
+{
+    size_t blocksize, hashsize;
+
+    (*(enc->block_size))(&blocksize);
+    hashsize = 96 / 8;
+
+    /* No roundup, since CTS requires no padding once we've hit the
+       block size.  */
+    *length = blocksize+inputlen + hashsize;
+}
+
+static krb5_error_code
+trunc_hmac (const struct krb5_hash_provider *hash,
+           const krb5_keyblock *ki, int num,
+           const krb5_data *input, const krb5_data *output)
+{
+    size_t hashsize;
+    krb5_data tmp;
+    krb5_error_code ret;
+
+    (hash->hash_size)(&hashsize);
+    if (hashsize < output->length)
+       return KRB5_CRYPTO_INTERNAL;
+    tmp.length = hashsize;
+    tmp.data = malloc(hashsize);
+    if (tmp.data == NULL)
+       return errno;
+    ret = krb5_hmac(hash, ki, num, input, &tmp);
+    if (ret == 0)
+       memcpy(output->data, tmp.data, output->length);
+    memset(tmp.data, 0, hashsize);
+    free(tmp.data);
+    return ret;
+}
+
+krb5_error_code
+krb5int_aes_dk_encrypt(enc, hash, key, usage, ivec, input, output)
+     const struct krb5_enc_provider *enc;
+     const struct krb5_hash_provider *hash;
+     const krb5_keyblock *key;
+     krb5_keyusage usage;
+     const krb5_data *ivec;
+     const krb5_data *input;
+     krb5_data *output;
+{
+    size_t blocksize, keybytes, keylength, plainlen, enclen;
+    krb5_error_code ret;
+    unsigned char constantdata[K5CLENGTH];
+    krb5_data d1, d2;
+    unsigned char *plaintext, *kedata, *kidata, *cn;
+    krb5_keyblock ke, ki;
+
+    /* allocate and set up plaintext and to-be-derived keys */
+
+    (*(enc->block_size))(&blocksize);
+    (*(enc->keysize))(&keybytes, &keylength);
+    plainlen = blocksize+input->length;
+
+    krb5int_aes_encrypt_length(enc, hash, input->length, &enclen);
+
+    /* key->length, ivec will be tested in enc->encrypt */
+
+    if (output->length < enclen)
+       return(KRB5_BAD_MSIZE);
+
+    if ((kedata = (unsigned char *) malloc(keylength)) == NULL)
+       return(ENOMEM);
+    if ((kidata = (unsigned char *) malloc(keylength)) == NULL) {
+       free(kedata);
+       return(ENOMEM);
+    }
+    if ((plaintext = (unsigned char *) malloc(plainlen)) == NULL) {
+       free(kidata);
+       free(kedata);
+       return(ENOMEM);
+    }
+
+    ke.contents = kedata;
+    ke.length = keylength;
+    ki.contents = kidata;
+    ki.length = keylength;
+
+    /* derive the keys */
+
+    d1.data = constantdata;
+    d1.length = K5CLENGTH;
+
+    d1.data[0] = (usage>>24)&0xff;
+    d1.data[1] = (usage>>16)&0xff;
+    d1.data[2] = (usage>>8)&0xff;
+    d1.data[3] = usage&0xff;
+
+    d1.data[4] = (char) 0xAA;
+
+    if ((ret = krb5_derive_key(enc, key, &ke, &d1)))
+       goto cleanup;
+
+    d1.data[4] = 0x55;
+
+    if ((ret = krb5_derive_key(enc, key, &ki, &d1)))
+       goto cleanup;
+
+    /* put together the plaintext */
+
+    d1.length = blocksize;
+    d1.data = plaintext;
+
+    if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &d1)))
+       goto cleanup;
+
+    memcpy(plaintext+blocksize, input->data, input->length);
+
+    /* Ciphertext stealing; there should be no more.  */
+    if (plainlen != blocksize + input->length)
+       abort();
+
+    /* encrypt the plaintext */
+
+    d1.length = plainlen;
+    d1.data = plaintext;
+
+    d2.length = plainlen;
+    d2.data = output->data;
+
+    if ((ret = ((*(enc->encrypt))(&ke, ivec, &d1, &d2))))
+       goto cleanup;
+
+    if (ivec != NULL && ivec->length == blocksize) {
+       int nblocks = (d2.length + blocksize - 1) / blocksize;
+       cn = d2.data + blocksize * (nblocks - 2);
+    } else
+       cn = NULL;
+
+    /* hash the plaintext */
+
+    d2.length = enclen - plainlen;
+    d2.data = output->data+plainlen;
+    if (d2.length != 96 / 8)
+       abort();
+
+    if ((ret = trunc_hmac(hash, &ki, 1, &d1, &d2))) {
+       memset(d2.data, 0, d2.length);
+       goto cleanup;
+    }
+
+    output->length = enclen;
+
+    /* update ivec */
+    if (cn != NULL) {
+       memcpy(ivec->data, cn, blocksize);
+#if 0
+       {
+           int i;
+           printf("\n%s: output:", __func__);
+           for (i = 0; i < output->length; i++) {
+               if (i % 16 == 0)
+                   printf("\n%s: ", __func__);
+               printf(" %02x", i[(unsigned char *)output->data]);
+           }
+           printf("\n%s: outputIV:", __func__);
+           for (i = 0; i < ivec->length; i++) {
+               if (i % 16 == 0)
+                   printf("\n%s: ", __func__);
+               printf(" %02x", i[(unsigned char *)ivec->data]);
+           }
+           printf("\n");  fflush(stdout);
+       }
+#endif
+    }
+
+    /* ret is set correctly by the prior call */
+
+cleanup:
+    memset(kedata, 0, keylength);
+    memset(kidata, 0, keylength);
+    memset(plaintext, 0, plainlen);
+
+    free(plaintext);
+    free(kidata);
+    free(kedata);
+
+    return(ret);
+}
+
 #ifdef ATHENA_DES3_KLUDGE
 void
 krb5_marc_dk_encrypt_length(enc, hash, inputlen, length)
index 08a614e967fa8f495e8147b7a6d7d8b812521d47..c40be6a70705892592ed452daf3fd6fd71c22c95 100644 (file)
@@ -1,3 +1,19 @@
+2004-02-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * aes.c (krb5int_aes_encrypt, krb5int_aes_decrypt): Copy out value
+       for new IV.
+
+2003-04-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * aes.c (enc): Replaced function with a macro.
+       (dec): New macro.
+       (krb5int_aes_encrypt): Use enc and dec.  Delete unused variable
+       OFFSET.
+       (krb5int_aes_decrypt): Renamed from k5_aes_dencrypt, implemented
+       decryption, made non-static.
+       (krb5int_enc_aes128, krb5int_enc_aes256): Use new name for
+       krb5int_aes_decrypt.
+
 2003-03-04  Ken Raeburn  <raeburn@mit.edu>
 
        * aes.c (krb5int_aes_init_state): Implement.
index dbc4f64cc741f37d2b554816db05ffefca2fd913..743f4ee6e829f35671bc3edea8a997d1ee2245b6 100644 (file)
@@ -47,26 +47,28 @@ clean-unix:: clean-libobjs
 #
 des.so des.po $(OUTPRE)des.$(OBJEXT): des.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../des/des_int.h \
-  $(SRCTOP)/include/kerberosIV/des.h enc_provider.h
+  $(srcdir)/../des/des_int.h $(SRCTOP)/include/kerberosIV/des.h \
+  enc_provider.h
 des3.so des3.po $(OUTPRE)des3.$(OBJEXT): des3.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../des/des_int.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(srcdir)/../des/des_int.h $(SRCTOP)/include/kerberosIV/des.h
 aes.so aes.po $(OUTPRE)aes.$(OBJEXT): aes.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h enc_provider.h $(srcdir)/../aes/aes.h \
-  $(srcdir)/../aes/uitypes.h
+  enc_provider.h $(srcdir)/../aes/aes.h $(srcdir)/../aes/uitypes.h
 arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): arcfour.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../arcfour/arcfour-int.h \
-  $(srcdir)/../arcfour/arcfour.h enc_provider.h
+  $(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \
+  enc_provider.h
 
index d3dc2a5a73dfafac53db12a023057d6c23d52c81..1fc7abca77c92a96a528a7d41b7cf4b0939477b6 100644 (file)
@@ -52,23 +52,8 @@ static void printd (const char *descr, krb5_data *d) {
     }
     printf("\n");
 }
-static void enc(char *out, const char *in, aes_ctx *ctx)
-{
-    if (aes_enc_blk(in, out, ctx) != aes_good)
-       abort();
-#if 0
-    {
-       krb5_data e_in, e_out;
-       e_in.data = in;
-       e_out.data = out;
-       e_in.length = e_out.length = BLOCK_SIZE;
-       printf("encrypting [[\n");
-       printd("input block", &e_in);
-       printd("output block", &e_out);
-       printf("]]\n");
-    }
-#endif
-}
+#define enc(OUT, IN, CTX) (aes_enc_blk((IN),(OUT),(CTX)) == aes_good ? (void) 0 : abort())
+#define dec(OUT, IN, CTX) (aes_dec_blk((IN),(OUT),(CTX)) == aes_good ? (void) 0 : abort())
 
 static void xorblock(char *out, const char *in)
 {
@@ -83,7 +68,6 @@ krb5int_aes_encrypt(const krb5_keyblock *key, const krb5_data *ivec,
 {
     aes_ctx ctx;
     unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
-    int offset;
     int nblocks = 0, blockno;
 
 /*    CHECK_SIZES; */
@@ -100,8 +84,7 @@ krb5int_aes_encrypt(const krb5_keyblock *key, const krb5_data *ivec,
 
     if (nblocks == 1) {
        /* XXX Used for DK function.  */
-       if (aes_enc_blk(input->data, output->data, &ctx) != aes_good)
-           abort();
+       enc(output->data, input->data, &ctx);
     } else {
        int nleft;
 
@@ -112,7 +95,6 @@ krb5int_aes_encrypt(const krb5_keyblock *key, const krb5_data *ivec,
 
            /* Set up for next block.  */
            memcpy(tmp, tmp2, BLOCK_SIZE);
-           offset += BLOCK_SIZE;
        }
        /* Do final CTS step for last two blocks (the second of which
           may or may not be incomplete).  */
@@ -127,23 +109,70 @@ krb5int_aes_encrypt(const krb5_keyblock *key, const krb5_data *ivec,
        xorblock(tmp, tmp3);
        enc(tmp2, tmp, &ctx);
        memcpy(output->data + (nblocks - 2) * BLOCK_SIZE, tmp2, BLOCK_SIZE);
+       if (ivec)
+           memcpy(ivec->data, tmp2, BLOCK_SIZE);
     }
 
     return 0;
 }
 
-static krb5_error_code
-k5_aes_decrypt(const krb5_keyblock *key, const krb5_data *ivec,
-              const krb5_data *input, krb5_data *output)
+krb5_error_code
+krb5int_aes_decrypt(const krb5_keyblock *key, const krb5_data *ivec,
+                   const krb5_data *input, krb5_data *output)
 {
     aes_ctx ctx;
+    unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
+    int nblocks = 0, blockno;
 
     CHECK_SIZES;
 
     if (aes_dec_key(key->contents, key->length, &ctx) != aes_good)
        abort();
 
-    abort();
+    if (ivec)
+       memcpy(tmp, ivec->data, BLOCK_SIZE);
+    else
+       memset(tmp, 0, BLOCK_SIZE);
+
+    nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+
+    if (nblocks == 1) {
+       if (input->length < BLOCK_SIZE)
+           abort();
+       dec(output->data, input->data, &ctx);
+    } else {
+       int nleft;
+
+       for (blockno = 0; blockno < nblocks - 2; blockno++) {
+           dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
+           xorblock(tmp2, tmp);
+           memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
+           memcpy(tmp, input->data + blockno * BLOCK_SIZE, BLOCK_SIZE);
+       }
+       /* Do last two blocks, the second of which (next-to-last block
+          of plaintext) may be incomplete.  */
+       dec(tmp2, input->data + (nblocks - 2) * BLOCK_SIZE, &ctx);
+       /* Set tmp3 to last ciphertext block, padded.  */
+       memset(tmp3, 0, sizeof(tmp3));
+       memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE,
+              input->length - (nblocks - 1) * BLOCK_SIZE);
+       /* Set tmp2 to last (possibly partial) plaintext block, and
+          save it.  */
+       xorblock(tmp2, tmp3);
+       memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2,
+              input->length - (nblocks - 1) * BLOCK_SIZE);
+       /* Maybe keep the trailing part, and copy in the last
+          ciphertext block.  */
+       memcpy(tmp2, tmp3, input->length - (nblocks - 1) * BLOCK_SIZE);
+       /* Decrypt, to get next to last plaintext block xor previous
+          ciphertext.  */
+       dec(tmp3, tmp2, &ctx);
+       xorblock(tmp3, tmp);
+       memcpy(output->data + (nblocks - 2) * BLOCK_SIZE, tmp3, BLOCK_SIZE);
+       if (ivec)
+           memcpy(ivec->data, input->data + (nblocks - 2) * BLOCK_SIZE,
+                  BLOCK_SIZE);
+    }
 
     return 0;
 }
@@ -178,7 +207,7 @@ const struct krb5_enc_provider krb5int_enc_aes128 = {
     aes_block_size,
     aes128_keysize,
     krb5int_aes_encrypt,
-    k5_aes_decrypt,
+    krb5int_aes_decrypt,
     k5_aes_make_key,
     krb5int_aes_init_state,
     krb5int_default_free_state
@@ -188,7 +217,7 @@ const struct krb5_enc_provider krb5int_enc_aes256 = {
     aes_block_size,
     aes256_keysize,
     krb5int_aes_encrypt,
-    k5_aes_decrypt,
+    krb5int_aes_decrypt,
     k5_aes_make_key,
     krb5int_aes_init_state,
     krb5int_default_free_state
index 1cc570cd8f8132a1b0eef4eee29f74881e146bfb..6dcf02643a32ea3bf573c605118573686c82d331 100644 (file)
@@ -45,93 +45,109 @@ const struct krb5_keytypes krb5_enctypes_list[] = {
       "des-cbc-crc", "DES cbc mode with CRC-32",
       &krb5int_enc_des, &krb5int_hash_crc32,
       krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
-      krb5int_des_string_to_key },
+      krb5int_des_string_to_key, CKSUMTYPE_RSA_MD5 },
     { ENCTYPE_DES_CBC_MD4,
       "des-cbc-md4", "DES cbc mode with RSA-MD4",
       &krb5int_enc_des, &krb5int_hash_md4,
       krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
-      krb5int_des_string_to_key },
+      krb5int_des_string_to_key, CKSUMTYPE_RSA_MD4 },
     { ENCTYPE_DES_CBC_MD5,
       "des-cbc-md5", "DES cbc mode with RSA-MD5",
       &krb5int_enc_des, &krb5int_hash_md5,
       krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
-      krb5int_des_string_to_key },
+      krb5int_des_string_to_key, CKSUMTYPE_RSA_MD5 },
     { ENCTYPE_DES_CBC_MD5,
       "des", "DES cbc mode with RSA-MD5", /* alias */
       &krb5int_enc_des, &krb5int_hash_md5,
       krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
-      krb5int_des_string_to_key },
+      krb5int_des_string_to_key, CKSUMTYPE_RSA_MD5 },
 
     { ENCTYPE_DES_CBC_RAW,
       "des-cbc-raw", "DES cbc mode raw",
       &krb5int_enc_des, NULL,
       krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
-      krb5int_des_string_to_key },
+      krb5int_des_string_to_key, 0 },
     { ENCTYPE_DES3_CBC_RAW,
       "des3-cbc-raw", "Triple DES cbc mode raw",
       &krb5int_enc_des3, NULL,
       krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
-      krb5int_dk_string_to_key },
+      krb5int_dk_string_to_key, 0 },
 
     { ENCTYPE_DES3_CBC_SHA1,
       "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
       &krb5int_enc_des3, &krb5int_hash_sha1,
       krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
-      krb5int_dk_string_to_key },
+      krb5int_dk_string_to_key, CKSUMTYPE_HMAC_SHA1_DES3 },
     { ENCTYPE_DES3_CBC_SHA1,   /* alias */
       "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
       &krb5int_enc_des3, &krb5int_hash_sha1,
       krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
-      krb5int_dk_string_to_key },
+      krb5int_dk_string_to_key, CKSUMTYPE_HMAC_SHA1_DES3 },
     { ENCTYPE_DES3_CBC_SHA1,   /* alias */
       "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
       &krb5int_enc_des3, &krb5int_hash_sha1,
       krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
-      krb5int_dk_string_to_key },
+      krb5int_dk_string_to_key, CKSUMTYPE_HMAC_SHA1_DES3 },
 
     { ENCTYPE_DES_HMAC_SHA1,
       "des-hmac-sha1", "DES with HMAC/sha1",
       &krb5int_enc_des, &krb5int_hash_sha1,
       krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
-      krb5int_dk_string_to_key },
+      krb5int_dk_string_to_key, 0 },
     { ENCTYPE_ARCFOUR_HMAC, 
       "arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+      CKSUMTYPE_HMAC_MD5_ARCFOUR },
     { ENCTYPE_ARCFOUR_HMAC,  /* alias */
       "rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+      CKSUMTYPE_HMAC_MD5_ARCFOUR },
     { ENCTYPE_ARCFOUR_HMAC,  /* alias */
       "arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+      CKSUMTYPE_HMAC_MD5_ARCFOUR },
     { ENCTYPE_ARCFOUR_HMAC_EXP, 
       "arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5",
       &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+      CKSUMTYPE_HMAC_MD5_ARCFOUR },
     { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
       "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5",
       &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+      CKSUMTYPE_HMAC_MD5_ARCFOUR },
     { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
       "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5",
       &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+      CKSUMTYPE_HMAC_MD5_ARCFOUR },
 
     { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
       "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
       &krb5int_enc_aes128, &krb5int_hash_sha1,
-      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
-      krb5int_aes_string_to_key },
+      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
+      krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES128 },
+    { ENCTYPE_AES128_CTS_HMAC_SHA1_96, /* alias */
+      "aes128-cts", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
+      &krb5int_enc_aes128, &krb5int_hash_sha1,
+      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
+      krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES128 },
     { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
       "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
       &krb5int_enc_aes256, &krb5int_hash_sha1,
-      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
-      krb5int_aes_string_to_key },
+      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
+      krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES256 },
+    { ENCTYPE_AES256_CTS_HMAC_SHA1_96, /* alias */
+      "aes256-cts", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
+      &krb5int_enc_aes256, &krb5int_hash_sha1,
+      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
+      krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES256 },
 
 #ifdef ATHENA_DES3_KLUDGE
     /*
@@ -143,7 +159,7 @@ const struct krb5_keytypes krb5_enctypes_list[] = {
       "Triple DES with HMAC/sha1 and 32-bit length code",
       &krb5int_enc_des3, &krb5int_hash_sha1,
       krb5_marc_dk_encrypt_length, krb5_marc_dk_encrypt, krb5_marc_dk_decrypt,
-      krb5int_dk_string_to_key },
+      krb5int_dk_string_to_key, CKSUMTYPE_HMAC_SHA1_DES3 },
 #endif
 };
 
index 55aa8922e6ea821d60c0819d02f119e7d1f2cd79..b9e6ba7789ba889d103d5f25374879f9d9738115 100644 (file)
@@ -42,26 +42,26 @@ clean-unix:: clean-libobjs
 #
 hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): hash_crc32.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../crc32/crc-32.h \
-  hash_provider.h
+  $(srcdir)/../crc32/crc-32.h hash_provider.h
 hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): hash_md4.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../md4/rsa-md4.h \
-  hash_provider.h
+  $(srcdir)/../md4/rsa-md4.h hash_provider.h
 hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): hash_md5.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../md5/rsa-md5.h \
-  hash_provider.h
+  $(srcdir)/../md5/rsa-md5.h hash_provider.h
 hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): hash_sha1.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../sha1/shs.h \
-  hash_provider.h
+  $(srcdir)/../sha1/shs.h hash_provider.h
 
index 27c3821fd72aff5834baea96c6eb13e72c8f9171..d134fd87062364ab6ad6d1c9534971eddc7d9f24 100644 (file)
@@ -61,29 +61,31 @@ clean-unix:: clean-libobjs
 #
 descbc.so descbc.po $(OUTPRE)descbc.$(OBJEXT): descbc.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../des/des_int.h \
-  $(SRCTOP)/include/kerberosIV/des.h keyhash_provider.h
+  $(srcdir)/../des/des_int.h $(SRCTOP)/include/kerberosIV/des.h \
+  keyhash_provider.h
 k5_md4des.so k5_md4des.po $(OUTPRE)k5_md4des.$(OBJEXT): k5_md4des.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../des/des_int.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(srcdir)/../md4/rsa-md4.h \
-  keyhash_provider.h
+  $(srcdir)/../des/des_int.h $(SRCTOP)/include/kerberosIV/des.h \
+  $(srcdir)/../md4/rsa-md4.h keyhash_provider.h
 k5_md5des.so k5_md5des.po $(OUTPRE)k5_md5des.$(OBJEXT): k5_md5des.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../des/des_int.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(srcdir)/../md5/rsa-md5.h \
-  keyhash_provider.h
+  $(srcdir)/../des/des_int.h $(SRCTOP)/include/kerberosIV/des.h \
+  $(srcdir)/../md5/rsa-md5.h keyhash_provider.h
 hmac_md5.so hmac_md5.po $(OUTPRE)hmac_md5.$(OBJEXT): hmac_md5.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h keyhash_provider.h $(srcdir)/../arcfour/arcfour-int.h \
+  keyhash_provider.h $(srcdir)/../arcfour/arcfour-int.h \
   $(srcdir)/../arcfour/arcfour.h $(srcdir)/../md5/rsa-md5.h \
   $(srcdir)/../hash_provider/hash_provider.h
 
index 5d7be934b5f4b832210554332316702fb2fa76e8..8a384e710a716d8d4a521c9f2b7715891402ec5c 100644 (file)
@@ -108,6 +108,13 @@ krb5_c_make_checksum(context, cksumtype, key, usage, input, cksum)
     if (!ret) {
        cksum->magic = KV5M_CHECKSUM;
        cksum->checksum_type = cksumtype;
+       if (krb5_cksumtypes_list[i].trunc_size) {
+           krb5_octet *trunc;
+           cksum->length = krb5_cksumtypes_list[i].trunc_size;
+           trunc = (krb5_octet *) realloc(cksum->contents, cksum->length);
+           if (trunc)
+               cksum->contents = trunc;
+       }
     }
 
 cleanup:
diff --git a/src/lib/crypto/mandatory_sumtype.c b/src/lib/crypto/mandatory_sumtype.c
new file mode 100644 (file)
index 0000000..f9322ff
--- /dev/null
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2003 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "etypes.h"
+
+krb5_error_code
+krb5int_c_mandatory_cksumtype (krb5_context ctx, krb5_enctype etype,
+                              krb5_cksumtype *cksumtype)
+{
+    int i;
+
+    for (i = 0; i < krb5_enctypes_length; i++)
+       if (krb5_enctypes_list[i].etype == etype) {
+           *cksumtype = krb5_enctypes_list[i].required_ctype;
+           return 0;
+       }
+
+    return KRB5_BAD_ENCTYPE;
+}
index af05935261b225d53aa8f14300c76cf0a7df3082..57341c6a73572a0a8398aaa676a5efcb4df067a4 100644 (file)
@@ -63,7 +63,8 @@ clean-unix:: clean-libobjs
 #
 md4.so md4.po $(OUTPRE)md4.$(OBJEXT): md4.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h rsa-md4.h
+  rsa-md4.h
 
index b7838934f92a8d24058c69f851e20c5ef7a89d82..d5e3a22440c8a11a0b9cb894d063ac79599c9877 100644 (file)
@@ -53,7 +53,8 @@ clean-unix:: clean-libobjs
 #
 md5.so md5.po $(OUTPRE)md5.$(OBJEXT): md5.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h rsa-md5.h
+  rsa-md5.h
 
index c23b403716fa28095c2247f717a6a23b4eab3f56..bab270489d69eefce22967aa57cffb2b8d7027b6 100644 (file)
@@ -1,3 +1,9 @@
+2003-05-23  Sam Hartman  <hartmans@mit.edu>
+
+       * des_stringtokey.c (krb5int_des_string_to_key): If param has  one
+       byte, treat it as a type.   Type 0 is normal, type 1 is AFS
+       string2key. 
+
 2003-03-04  Ken Raeburn  <raeburn@mit.edu>
 
        * des_stringtokey.c (krb5int_des_string_to_key): Renamed from
index 8fc8390e5aad850b66f4d65d946081316ef99976..acc2cdd71d3857e2af957b6b43f422fd8e7bb2c1 100644 (file)
@@ -40,18 +40,21 @@ clean-unix:: clean-libobjs
 #
 des_stringtokey.so des_stringtokey.po $(OUTPRE)des_stringtokey.$(OBJEXT): des_stringtokey.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  old.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h old.h $(srcdir)/../des/des_int.h \
+  $(SRCTOP)/include/kerberosIV/des.h
 old_decrypt.so old_decrypt.po $(OUTPRE)old_decrypt.$(OBJEXT): old_decrypt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h old.h
+  old.h
 old_encrypt.so old_encrypt.po $(OUTPRE)old_encrypt.$(OBJEXT): old_encrypt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h old.h
+  old.h
 
index fd3440bda0c64c08f82eae63b34f1324331a4849..20f2f053a544715a66faeb59a84e5abb5e02eb0a 100644 (file)
@@ -26,6 +26,7 @@
 
 #include "k5-int.h"
 #include "old.h"
+#include <des_int.h>
 
 /* XXX */
 extern krb5_error_code mit_des_string_to_key_int
@@ -41,7 +42,19 @@ krb5int_des_string_to_key(enc, string, salt, parm, key)
      const krb5_data *parm;
      krb5_keyblock *key;
 {
-    if (parm != NULL)
-       return KRB5_ERR_BAD_S2K_PARAMS;
+    int type;
+    if (parm ) {
+       if (parm->length != 1)
+           return KRB5_ERR_BAD_S2K_PARAMS;
+       type = parm->data[0];
+    }
+    else type = 0;
+    switch(type) {
+    case 0:
     return(mit_des_string_to_key_int(key, string, salt));
+    case 1:
+       return mit_afs_string_to_key(key, string, salt);
+    default:
+       return KRB5_ERR_BAD_S2K_PARAMS;
+    }
 }
index d8a3f8b5899cb8fe18e4b1fd9b936839d854a914..af39170a4e15435dd990ab688da4553dca282dd6 100644 (file)
@@ -158,6 +158,7 @@ krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *,
 {
     int l, r, i;
     char *utmp1, *utmp2;
+    char utmp3[20];            /* XXX length shouldn't be hardcoded! */
 
     if (output->length == 0 || hlen == 0)
        abort();
@@ -169,7 +170,13 @@ krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *,
     r = output->length - (l - 1) * hlen;
 
     utmp1 = /*output + dklen; */ malloc(hlen);
+    if (utmp1 == NULL)
+       return errno;
     utmp2 = /*utmp1 + hlen; */ malloc(salt->length + 4 + hlen);
+    if (utmp2 == NULL) {
+       free(utmp1);
+       return errno;
+    }
 
     /* Step 3.  */
     for (i = 1; i <= l; i++) {
@@ -177,11 +184,21 @@ krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *,
        int j;
 #endif
        krb5_error_code err;
+       char *out;
 
-       err = F(output->data + (i-1) * hlen, utmp1, utmp2, prf, hlen,
-               pass, salt, count, i);
-       if (err)
+       if (i == l)
+           out = utmp3;
+       else
+           out = output->data + (i-1) * hlen;
+       err = F(out, utmp1, utmp2, prf, hlen, pass, salt, count, i);
+       if (err) {
+           free(utmp1);
+           free(utmp2);
            return err;
+       }
+       if (i == l)
+           memcpy(output->data + (i-1) * hlen, utmp3,
+                  output->length - (i-1) * hlen);
 
 #if 0
        printf("after F(%d), @%p:\n", i, output->data);
@@ -190,6 +207,8 @@ krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *,
        printf ("\n");
 #endif
     }
+    free(utmp1);
+    free(utmp2);
     return 0;
 }
 
@@ -199,7 +218,10 @@ static krb5_error_code hmac1(const struct krb5_hash_provider *h,
     char tmp[40];
     size_t blocksize, hashsize;
     krb5_error_code err;
+    krb5_keyblock k;
 
+    k = *key;
+    key = &k;
     if (debug_hmac)
        printk(" test key", key);
     h->block_size(&blocksize);
@@ -235,8 +257,6 @@ foo(krb5_keyblock *pass, krb5_data *salt, krb5_data *out)
 
     memset(out->data, 0, out->length);
     err = hmac1 (&krb5int_hash_sha1, pass, salt, out);
-    if (err)
-       com_err("foo", err, "computing hmac");
     return err;
 }
 
index d94112b6a9d48f20226b6b532a3e01a694593483..490d2c78b8a3d3a2bb9832aa4c33f3457a72e518 100644 (file)
@@ -38,12 +38,14 @@ clean-unix:: clean-libobjs
 #
 raw_decrypt.so raw_decrypt.po $(OUTPRE)raw_decrypt.$(OBJEXT): raw_decrypt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h raw.h
+  raw.h
 raw_encrypt.so raw_encrypt.po $(OUTPRE)raw_encrypt.$(OBJEXT): raw_encrypt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h raw.h
+  raw.h
 
index da3e70fa3c080d5a1085d2f7c272587f7517303c..f796eaacec08b52a499e89ce211829840b91bc61 100644 (file)
@@ -58,7 +58,7 @@ t_shs3: t_shs3.o shs.o
 #
 shs.so shs.po $(OUTPRE)shs.$(OBJEXT): shs.c shs.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 
index c9434e08da5aec8e688fe311f3a07ddc0f768e4c..412583185b482fd4a16ef0675eb0c6d5ec4e23e2 100644 (file)
@@ -27,7 +27,6 @@
 #include "k5-int.h"
 #include "etypes.h"
 
-/* Eventually this declaration should move to krb5.h.  */
 krb5_error_code KRB5_CALLCONV
 krb5_c_string_to_key_with_params(krb5_context context,
                                 krb5_enctype enctype,
@@ -72,7 +71,21 @@ krb5_c_string_to_key_with_params(context, enctype, string, salt, params, key)
        return(KRB5_BAD_ENCTYPE);
 
     enc = krb5_enctypes_list[i].enc;
+/* xxx AFS string2key function is indicated by a special length  in
+ * the salt in much of the code.  However only the DES enctypes can
+ * deal with this.  Using s2kparams would be a much better solution.*/
+    if (salt && salt->length == SALT_TYPE_AFS_LENGTH) {
+       switch (enctype) {
+       case ENCTYPE_DES_CBC_CRC:
+       case ENCTYPE_DES_CBC_MD4:
+       case ENCTYPE_DES_CBC_MD5:
+           break;
+       default:
+           return (KRB5_CRYPTO_INTERNAL);
+       }
+    }
 
+       
     (*(enc->keysize))(&keybytes, &keylength);
 
     if ((key->contents = (krb5_octet *) malloc(keylength)) == NULL)
index 5bf1ecba9507764a2b1fd3a2e82265d83a69638e..b105bd2752f69768b0e84aa58be4b603902044cd 100644 (file)
@@ -120,27 +120,52 @@ static void test_cts()
                                               krb5_data *);
 
     int i;
-    char outbuf[64];
-    krb5_data in, out;
+    char outbuf[64], encivbuf[16], decivbuf[16], outbuf2[64];
+    krb5_data in, out, enciv, deciv, out2;
     krb5_keyblock key;
     krb5_error_code err;
 
     in.data = input;
     out.data = outbuf;
+    out2.data = outbuf2;
+    enciv.length = deciv.length = 16;
+    enciv.data = encivbuf;
+    deciv.data = decivbuf;
     key.contents = aeskey;
     key.length = 16;
 
+    memset(enciv.data, 0, 16);
     printk("AES 128-bit key", &key);
     for (i = 0; i < sizeof(lengths)/sizeof(lengths[0]); i++) {
+    memset(enciv.data, 0, 16);
+    memset(deciv.data, 0, 16);
+
        printf("\n");
        in.length = out.length = lengths[i];
-       err = krb5int_aes_encrypt(&key, 0, &in, &out);
+       printd("IV", &enciv);
+       err = krb5int_aes_encrypt(&key, &enciv, &in, &out);
        if (err) {
            printf("error %ld from krb5int_aes_encrypt\n", (long)err);
            exit(1);
        }
        printd("Input", &in);
        printd("Output", &out);
+       printd("Next IV", &enciv);
+       out2.length = out.length;
+       err = krb5int_aes_decrypt(&key, &deciv, &out, &out2);
+       if (err) {
+           printf("error %ld from krb5int_aes_decrypt\n", (long)err);
+           exit(1);
+       }
+       if (out2.length != in.length
+           || memcmp(in.data, out2.data, in.length)) {
+           printd("Decryption result DOESN'T MATCH", &out2);
+           exit(1);
+       }
+       if (memcmp(enciv.data, deciv.data, 16)) {
+           printd("Decryption IV result DOESN'T MATCH", &deciv);
+           exit(1);
+       }
     }
 }
 
index 2a6e09e31bc66074ee97c4af33f411fc1e23163d..3bc62e5d619ca19c3c3bbfb1c5bf726385834ac7 100644 (file)
@@ -53,25 +53,51 @@ if( retval) { \
   abort(); \
 } else printf ("OK\n");
   
+int compare_results(krb5_data *d1, krb5_data *d2)
+{
+    if (d1->length != d2->length) {
+       /* Decryption can leave a little trailing cruft.
+          For the current cryptosystems, this can be up to 7 bytes.  */
+       if (d1->length + 8 <= d2->length)
+           return EINVAL;
+       if (d1->length > d2->length)
+           return EINVAL;
+    }
+    if (memcmp(d1->data, d2->data, d1->length)) {
+       return EINVAL;
+    }
+    return 0;
+}
+
 int
 main ()
 {
   krb5_context context = 0;
-  krb5_data  in, out, check, state;
+  krb5_data  in, in2, out, out2, check, check2, state;
   int i;
   size_t len;
-  krb5_enc_data enc_out;
+  krb5_enc_data enc_out, enc_out2;
   krb5_error_code retval;
   krb5_keyblock *key;
+
   in.data = "This is a test.\n";
   in.length = strlen (in.data);
+  in2.data = "This is another test.\n";
+  in2.length = strlen (in2.data);
 
   test ("Seeding random number generator",
        krb5_c_random_seed (context, &in));
   out.data = malloc(2048);
+  out2.data = malloc(2048);
   check.data = malloc(2048);
+  check2.data = malloc(2048);
+  if (out.data == NULL || out2.data == NULL
+      || check.data == NULL || check2.data == NULL)
+      abort();
   out.length = 2048;
+  out2.length = 2048;
   check.length = 2048;
+  check2.length = 2048;
   for (i = 0; interesting_enctypes[i]; i++) {
     krb5_enctype enctype = interesting_enctypes [i];
     printf ("Testing enctype %d\n", enctype);
@@ -79,8 +105,8 @@ main ()
          krb5_init_keyblock (context, enctype, 0, &key));
     test ("Generating random key",
          krb5_c_make_random_key (context, enctype, key));
-    enc_out.ciphertext.data = out.data;
-    enc_out.ciphertext.length = out.length;
+    enc_out.ciphertext = out;
+    enc_out2.ciphertext = out2;
     /* We use an intermediate `len' because size_t may be different size 
        than `int' */
     krb5_c_encrypt_length (context, key->enctype, in.length, &len);
@@ -89,14 +115,29 @@ main ()
          krb5_c_encrypt (context, key, 7, 0, &in, &enc_out));
     test ("Decrypting",
          krb5_c_decrypt (context, key, 7, 0, &enc_out, &check));
+    test ("Comparing", compare_results (&in, &check));
+    enc_out.ciphertext.length = out.length;
+    check.length = 2048;
     test ("init_state",
          krb5_c_init_state (context, key, 7, &state));
-        test ("Encrypting with state",
+    test ("Encrypting with state",
          krb5_c_encrypt (context, key, 7, &state, &in, &enc_out));
-    test ("Decrypting",
-         krb5_c_decrypt (context, key, 7, 0, &enc_out, &check));
+    test ("Encrypting again with state",
+         krb5_c_encrypt (context, key, 7, &state, &in2, &enc_out2));
+    test ("free_state",
+         krb5_c_free_state (context, key, &state));
+    test ("init_state",
+         krb5_c_init_state (context, key, 7, &state));
+    test ("Decrypting with state",
+         krb5_c_decrypt (context, key, 7, &state, &enc_out, &check));
+    test ("Decrypting again with state",
+         krb5_c_decrypt (context, key, 7, &state, &enc_out2, &check2));
     test ("free_state",
          krb5_c_free_state (context, key, &state));
+    test ("Comparing",
+         compare_results (&in, &check));
+    test ("Comparing",
+         compare_results (&in2, &check2));
     krb5_free_keyblock (context, key);
   }
 
index efae363642218d47bc7bd59b5d56f5750dda53d4..5357272491bad672c91d1344c12727167dde4a38 100644 (file)
@@ -44,15 +44,16 @@ clean-unix:: clean-libobjs
 #
 yarrow.so yarrow.po $(OUTPRE)yarrow.$(OBJEXT): yarrow.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h yarrow.h ytypes.h yhash.h \
-  $(srcdir)/../sha1/shs.h ycipher.h ylock.h ystate.h \
-  yexcep.h
+  yarrow.h ytypes.h yhash.h $(srcdir)/../sha1/shs.h ycipher.h \
+  ylock.h ystate.h yexcep.h
 ycipher.so ycipher.po $(OUTPRE)ycipher.$(OBJEXT): ycipher.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h yarrow.h ytypes.h yhash.h \
-  $(srcdir)/../sha1/shs.h ycipher.h $(srcdir)/../enc_provider/enc_provider.h
+  yarrow.h ytypes.h yhash.h $(srcdir)/../sha1/shs.h ycipher.h \
+  $(srcdir)/../enc_provider/enc_provider.h
 
index acd4ea66e416f82cb3d16c9a23a0510d0d5bab51..9ab878a943cf8b22a9f8a157aa8400b398bac35b 100644 (file)
@@ -1,3 +1,8 @@
+2003-04-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * quad_cksum.c, t_pcbc.c, t_quad.c, verify.c: Don't declare errno
+       or errmsg.
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
 
     * mac_des_glue.c, des.c, enc_dec.c, key_sched.c, str_to_key.c: 
index dc486f32b69b80e880a5f9a70f4d69e71e990325..54960fee7fd89846968cc972caa1dd0ff519b479 100644 (file)
@@ -119,85 +119,86 @@ install-unix:: install-libs
 #
 cksum.so cksum.po $(OUTPRE)cksum.$(OBJEXT): cksum.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 des.so des.po $(OUTPRE)des.$(OBJEXT): des.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 enc_dec.so enc_dec.po $(OUTPRE)enc_dec.$(OBJEXT): enc_dec.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 key_parity.so key_parity.po $(OUTPRE)key_parity.$(OBJEXT): key_parity.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): key_sched.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 new_rnd_key.so new_rnd_key.po $(OUTPRE)new_rnd_key.$(OBJEXT): new_rnd_key.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 pcbc_encrypt.so pcbc_encrypt.po $(OUTPRE)pcbc_encrypt.$(OBJEXT): pcbc_encrypt.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h $(srcdir)/../crypto/des/f_tables.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h \
+  $(srcdir)/../crypto/des/f_tables.h
 quad_cksum.so quad_cksum.po $(OUTPRE)quad_cksum.$(OBJEXT): quad_cksum.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 random_key.so random_key.po $(OUTPRE)random_key.$(OBJEXT): random_key.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 read_passwd.so read_passwd.po $(OUTPRE)read_passwd.$(OBJEXT): read_passwd.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 str_to_key.so str_to_key.po $(OUTPRE)str_to_key.$(OBJEXT): str_to_key.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 util.so util.po $(OUTPRE)util.$(OBJEXT): util.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(srcdir)/../crypto/des/des_int.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(srcdir)/../crypto/des/des_int.h $(SRCTOP)/include/kerberosIV/des.h
 weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): weak_key.c $(srcdir)/../crypto/des/des_int.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/kerberosIV/des.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h
 
index b9ef031ef2e01025e9b17a4f02fe474cc04de55b..2a7b78cfdde9d3125b1a3348f800d038a47732e4 100644 (file)
 #define vaxtohs(x) two_bytes_vax_to_nets(((const unsigned char *)(x)))
 
 /* Externals */
-extern char *errmsg();
-#ifndef HAVE_ERRNO
-extern int errno;
-#endif
 extern int des_debug;
 
 /*** Routines ***************************************************** */
index 8bd6a08bc34871a634e5a467883e2003d70eec72..2932148b7e3eefc23207d51fc8f1de3f69e7693f 100644 (file)
@@ -30,8 +30,6 @@
 #include "des_int.h"
 #include "des.h"
 
-extern char *errmsg();
-extern int errno;
 char *progname;
 int des_debug;
 
index 421a5558481786dce173348c15fe7d1a8d152c2c..b9299fd20054d605e1da1a6de1b2ff887215d9ed 100644 (file)
@@ -30,8 +30,6 @@
 #include "des_int.h"
 #include "des.h"
 
-extern char *errmsg();
-extern int errno;
 extern unsigned long quad_cksum();
 char *progname;
 int des_debug;
index 91718e35093c503f6840b02d116f7791055f4e21..653730a2f0272356dea0f71efd9e495b1b8ce4d3 100644 (file)
@@ -37,8 +37,6 @@
 #include "des_int.h"
 #include "des.h"
 
-extern char *errmsg();
-extern int errno;
 char *progname;
 int nflag = 2;
 int vflag;
index 26747104bc24308116bddec308b5b09f691ecdb1..27fc2d9a9e6f8b756f4ae46196f17e94228af95f 100644 (file)
@@ -1,3 +1,8 @@
+2003-07-17  Tom Yu  <tlyu@mit.edu>
+
+       * gss_libinit.c (gssint_initialize_library): Don't call
+       kg_release_defcred(); it doesn't exist any more.
+
 2003-03-08  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.in ($(BUILDTOP)/include/gssapi/gssapi.h,
index baa776e5bcb98831af644aad46d618ab3af33421..3df77c8b75938721328361919dee9ce2e02f9a0f 100644 (file)
@@ -122,5 +122,6 @@ gss_libinit.so gss_libinit.po $(OUTPRE)gss_libinit.$(OBJEXT): gss_libinit.c gene
   $(COM_ERR_DEPS) krb5/gssapi_err_krb5.h $(srcdir)/krb5/gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(srcdir)/generic/gssapiP_generic.h \
   $(srcdir)/generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(srcdir)/krb5/gssapi_krb5.h gss_libinit.h generic/gssapi.h
 
index bd58e5ae71a379da5b7702534b18fcde6282f9df..531b309929a98ff8ce8d495e2021b5dd12fc4714 100644 (file)
@@ -1,3 +1,25 @@
+2004-02-08  Ken Raeburn  <raeburn@mit.edu>
+
+       * util_ordering.c (g_queue_externalize, g_queue_internalize):
+       Check for sufficient buffer space.
+
+2003-12-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * gssapiP_generic.h: Include k5-platform.h.
+       (gssint_uint64): New typedef.
+       (g_order_init, g_order_check): Update decls.
+       * util_ordering.c (struct _queue): Change sequence number fields
+       to gssint_uint64.  Add mask field.
+       (queue_insert): Change sequence number to gssint_uint64.
+       (g_order_init): Change sequence numbers to gssint_uint64.  Add
+       "wide_nums" argument; initialize the queue mask field based on
+       it; all callers changed.  Store a -1 as the first element.
+       (g_order_check): Store and check elements as offsets from
+       firstnum.  Mask to 32 bits if desired.
+       * util_token.c (g_verify_token_header): Add new argument
+       indicating whether the pseudo-ASN.1 wrapper is required; all
+       callers changed.
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
 
     * disp_com_err_status.c, gssapi_generic.h:  
index 8ac282f374c3feae07d9edc5a85215b140f6fdc5..b55a6e241513f2b118e0e8c425dbbe4fbdfc0b64 100644 (file)
@@ -147,40 +147,52 @@ depend:: $(ETSRCS)
 #
 disp_com_err_status.so disp_com_err_status.po $(OUTPRE)disp_com_err_status.$(OBJEXT): disp_com_err_status.c \
   gssapiP_generic.h gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 disp_major_status.so disp_major_status.po $(OUTPRE)disp_major_status.$(OBJEXT): disp_major_status.c \
   gssapiP_generic.h gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 gssapi_generic.so gssapi_generic.po $(OUTPRE)gssapi_generic.$(OBJEXT): gssapi_generic.c \
   gssapiP_generic.h gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 oid_ops.so oid_ops.po $(OUTPRE)oid_ops.$(OBJEXT): oid_ops.c gssapiP_generic.h \
   gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 rel_buffer.so rel_buffer.po $(OUTPRE)rel_buffer.$(OBJEXT): rel_buffer.c gssapiP_generic.h \
   gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 rel_oid_set.so rel_oid_set.po $(OUTPRE)rel_oid_set.$(OBJEXT): rel_oid_set.c gssapiP_generic.h \
   gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 util_buffer.so util_buffer.po $(OUTPRE)util_buffer.$(OBJEXT): util_buffer.c gssapiP_generic.h \
   gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 util_oid.so util_oid.po $(OUTPRE)util_oid.$(OBJEXT): util_oid.c gssapiP_generic.h \
   gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 util_ordering.so util_ordering.po $(OUTPRE)util_ordering.$(OBJEXT): util_ordering.c gssapiP_generic.h \
   gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 util_set.so util_set.po $(OUTPRE)util_set.$(OBJEXT): util_set.c gssapiP_generic.h \
   gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 util_token.so util_token.po $(OUTPRE)util_token.$(OBJEXT): util_token.c gssapiP_generic.h \
   gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 util_validate.so util_validate.po $(OUTPRE)util_validate.$(OBJEXT): util_validate.c gssapiP_generic.h \
   gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  gssapi_err_generic.h $(COM_ERR_DEPS)
+  gssapi_err_generic.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h
 gssapi_err_generic.so gssapi_err_generic.po $(OUTPRE)gssapi_err_generic.$(OBJEXT): gssapi_err_generic.c \
   $(COM_ERR_DEPS)
 
index 102ba699e15959dfc0478c99c866e094447f2ced..24d51d0d59f6bdd9c3dc7a1d182ff9a6a6d6fe5c 100644 (file)
@@ -40,6 +40,9 @@
 #include "gssapi_err_generic.h"
 #include <errno.h>
 
+#include "k5-platform.h"
+typedef UINT64_TYPE gssint_uint64;
+
 /** helper macros **/
 
 #define g_OID_equal(o1,o2) \
@@ -159,8 +162,9 @@ void g_make_token_header (gss_OID mech, unsigned int body_size,
                          unsigned char **buf, int tok_type);
 
 gss_int32 g_verify_token_header (gss_OID mech, unsigned int *body_size,
-                         unsigned char **buf, int tok_type, 
-                                unsigned int toksize_in);
+                                unsigned char **buf, int tok_type, 
+                                unsigned int toksize_in,
+                                int wrapper_required);
 
 OM_uint32 g_display_major_status (OM_uint32 *minor_status,
                                 OM_uint32 status_value,
@@ -171,10 +175,10 @@ OM_uint32 g_display_com_err_status (OM_uint32 *minor_status,
                                   OM_uint32 status_value,
                                   gss_buffer_t status_string);
 
-gss_int32 g_order_init (void **queue, OM_uint32 seqnum,
-                                 int do_replay, int do_sequence);
+gss_int32 g_order_init (void **queue, gssint_uint64 seqnum,
+                                 int do_replay, int do_sequence, int wide);
 
-gss_int32 g_order_check (void **queue, OM_uint32 seqnum);
+gss_int32 g_order_check (void **queue, gssint_uint64 seqnum);
 
 void g_order_free (void **queue);
 
index 21a8b0641fee8f4cd0807400cfc270c000fa06cc..f7cf666789ef234669dad6de089fa810b4c914f4 100644 (file)
@@ -38,8 +38,14 @@ typedef struct _queue {
    int do_sequence;
    int start;
    int length;
-   unsigned int firstnum;
-   unsigned int elem[QUEUE_LENGTH];
+   gssint_uint64 firstnum;
+   /* Stored as deltas from firstnum.  This way, the high bit won't
+      overflow unless we've actually gone through 2**n messages, or
+      gotten something *way* out of sequence.  */
+   gssint_uint64 elem[QUEUE_LENGTH];
+   /* All ones for 64-bit sequence numbers; 32 ones for 32-bit
+      sequence numbers.  */
+   gssint_uint64 mask;
 } queue;
 
 /* rep invariant:
@@ -51,7 +57,7 @@ typedef struct _queue {
 #define QELEM(q,i) ((q)->elem[(i)%QSIZE(q)])
 
 static void
-queue_insert(queue *q, int after, unsigned int seqnum)
+queue_insert(queue *q, int after, gssint_uint64 seqnum)
 {
    /* insert.  this is not the fastest way, but it's easy, and it's
       optimized for insert at end, which is the common case */
@@ -80,10 +86,10 @@ queue_insert(queue *q, int after, unsigned int seqnum)
       q->length++;
    }
 }
-   
+
 gss_int32
-g_order_init(void **vqueue, OM_uint32 seqnum,
-            int do_replay, int do_sequence)
+g_order_init(void **vqueue, gssint_uint64 seqnum,
+            int do_replay, int do_sequence, int wide_nums)
 {
    queue *q;
 
@@ -92,38 +98,49 @@ g_order_init(void **vqueue, OM_uint32 seqnum,
 
    q->do_replay = do_replay;
    q->do_sequence = do_sequence;
+   q->mask = wide_nums ? ~(gssint_uint64)0 : 0xffffffffUL;
 
    q->start = 0;
    q->length = 1;
    q->firstnum = seqnum;
-   q->elem[q->start] = seqnum-1;
+   q->elem[q->start] = ((gssint_uint64)0 - 1) & q->mask;
 
    *vqueue = (void *) q;
    return(0);
 }
 
 gss_int32
-g_order_check(void **vqueue, OM_uint32 seqnum)
+g_order_check(void **vqueue, gssint_uint64 seqnum)
 {
    queue *q;
    int i;
-   
+   gssint_uint64 expected;
+
    q = (queue *) (*vqueue);
 
    if (!q->do_replay && !q->do_sequence)
       return(GSS_S_COMPLETE);
 
+   /* All checks are done relative to the initial sequence number, to
+      avoid (or at least put off) the pain of wrapping.  */
+   seqnum -= q->firstnum;
+   /* If we're only doing 32-bit values, adjust for that again.
+
+      Note that this will probably be the wrong thing to if we get
+      2**32 messages sent with 32-bit sequence numbers.  */
+   seqnum &= q->mask;
+
    /* rule 1: expected sequence number */
 
-   if (seqnum == QELEM(q,q->start+q->length-1)+1) { 
+   expected = (QELEM(q,q->start+q->length-1)+1) & q->mask;
+   if (seqnum == expected) { 
       queue_insert(q, q->start+q->length-1, seqnum);
       return(GSS_S_COMPLETE);
    }
 
    /* rule 2: > expected sequence number */
 
-   if ((seqnum > QELEM(q,q->start+q->length-1)+1) ||
-       (seqnum < q->firstnum)) {
+   if ((seqnum > expected)) {
       queue_insert(q, q->start+q->length-1, seqnum);
       if (q->do_replay && !q->do_sequence)
         return(GSS_S_COMPLETE);
@@ -134,7 +151,20 @@ g_order_check(void **vqueue, OM_uint32 seqnum)
    /* rule 3: seqnum < seqnum(first) */
 
    if ((seqnum < QELEM(q,q->start)) &&
-       (seqnum >= q->firstnum)) {
+       /* Is top bit of whatever width we're using set?
+
+         We used to check for greater than or equal to firstnum, but
+         (1) we've since switched to compute values relative to
+         firstnum, so the lowest we can have is 0, and (2) the effect
+         of the original scheme was highly dependent on whether
+         firstnum was close to either side of 0.  (Consider
+         firstnum==0xFFFFFFFE and we miss three packets; the next
+         packet is *new* but would look old.)
+
+          This check should give us 2**31 or 2**63 messages "new", and
+          just as many "old".  That's not quite right either.  */
+       (seqnum & (1 + (q->mask >> 1)))
+       ) {
       if (q->do_replay && !q->do_sequence)
         return(GSS_S_OLD_TOKEN);
       else
@@ -189,6 +219,8 @@ g_queue_size(void *vqueue, size_t *sizep)
 gss_uint32
 g_queue_externalize(void *vqueue, unsigned char **buf, size_t *lenremain)
 {
+    if (*lenremain < sizeof(queue))
+       return ENOMEM;
     memcpy(*buf, vqueue, sizeof(queue));
     *buf += sizeof(queue);
     *lenremain -= sizeof(queue);
@@ -201,6 +233,8 @@ g_queue_internalize(void **vqueue, unsigned char **buf, size_t *lenremain)
 {
     void *q;
 
+    if (*lenremain < sizeof(queue))
+       return EINVAL;
     if ((q = malloc(sizeof(queue))) == 0)
        return ENOMEM;
     memcpy(q, *buf, sizeof(queue));
index 30ae0698c2fcda499761cf89294688b768564cd2..97a788c09edcef740404a439293e344445979785 100644 (file)
@@ -168,12 +168,15 @@ void g_make_token_header(mech, body_size, buf, tok_type)
  * mechanism in the token does not match the mech argument.  buf and
  * *body_size are left unmodified on error.
  */
-gss_int32 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize_in)
+
+gss_int32 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize_in,
+                               wrapper_required)
      gss_OID mech;
      unsigned int *body_size;
      unsigned char **buf_in;
      int tok_type;
      unsigned int toksize_in;
+     int wrapper_required;
 {
    unsigned char *buf = *buf_in;
    int seqsize;
@@ -182,8 +185,13 @@ gss_int32 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize_in)
 
    if ((toksize-=1) < 0)
       return(G_BAD_TOK_HEADER);
-   if (*buf++ != 0x60)
-      return(G_BAD_TOK_HEADER);
+   if (*buf++ != 0x60) {
+       if (wrapper_required)
+          return(G_BAD_TOK_HEADER);
+       buf--;
+       toksize++;
+       goto skip_wrapper;
+   }
 
    if ((seqsize = der_read_length(&buf, &toksize)) < 0)
       return(G_BAD_TOK_HEADER);
@@ -207,16 +215,17 @@ gss_int32 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize_in)
 
    if (! g_OID_equal(&toid, mech)) 
        return  G_WRONG_MECH;
+skip_wrapper:
    if (tok_type != -1) {
        if ((toksize-=2) < 0)
           return(G_BAD_TOK_HEADER);
 
        if ((*buf++ != ((tok_type>>8)&0xff)) ||
-          (*buf++ != (tok_type&0xff))) 
+          (*buf++ != (tok_type&0xff)))
           return(G_WRONG_TOKID);
    }
-       *buf_in = buf;
-       *body_size = toksize;
+   *buf_in = buf;
+   *body_size = toksize;
 
-       return 0;
-       }
+   return 0;
+}
index 7906786e9579fdd88118a2a53e1a3013d2cd9e32..0568f29640626e9c49eebe65b4f71ae0a06efb1d 100644 (file)
@@ -33,12 +33,9 @@ OM_uint32 gssint_initialize_library (void)
 
 void gssint_cleanup_library (void)
 {
-       OM_uint32 min_stat;
 
        assert (initialized);
        
-       (void) kg_release_defcred (&min_stat);
-       
 #if !USE_BUNDLE_ERROR_STRINGS
        remove_error_table(&et_k5g_error_table);
        remove_error_table(&et_ggss_error_table);
index 7424a251db02ed7cad86cb35212d6f758e5ab2db..911b3050117f393178a47cbbe3564b297ef736b1 100644 (file)
@@ -1,3 +1,213 @@
+2004-02-26  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): Don't clear
+       the DO_TIME flag until after rd_req is called so a replay cache is
+       set up  even in the no_credential case. 
+
+2004-02-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation
+       for confidential CFX tokens.
+
+2004-02-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * ser_sctx.c (kg_oid_externalize): Check for errors.
+       (kg_oid_internalize): Check for errors.  Free allocated storage on
+       error.
+       (kg_queue_externalize): Check for errorrs.
+       (kg_queue_internalize): Check for errors.  Free allocated storage
+       on error.
+       (kg_ctx_size): Update for new context data.
+       (kg_ctx_externalize): Update for new context data.  Check for
+       error storing trailer.
+       (kg_ctx_internalize): Update for new context data.  Check for
+       errors in a few more cases.
+
+2004-02-05  Jeffrey Altman <jaltman@mit.edu>
+
+    * gssapiP_krb5.h:  remove KG_IMPLFLAGS macro
+
+    * init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS
+      macro with previous macro definition
+
+    * accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS
+      macro with new definition.  As per 1964 the INTEG and CONF flags
+      are supposed to indicate the availability of the services in 
+      the client.  By applying the previous definition of KG_IMPLFLAGS
+      the INTEG and CONF flags are always on.  This can be a problem
+      because some clients such as Microsoft's Kerberos SSPI allow
+      CONF and INTEG to be used independently.  By forcing the flags
+      on, we would end up with inconsist state with the client.
+
+2004-01-27  Ken Raeburn  <raeburn@mit.edu>
+
+       * init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't
+       crash on null pointer in debugging code.
+       (new_connection): Disable CFX_EXERCISE unknown-token-id case
+       detection.
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context)
+       [CFX_EXERCISE]: Log to /tmp/gsslog whether delegation or extra
+       option bytes were present.
+
+2004-01-05  Ken Raeburn  <raeburn@mit.edu>
+
+       * init_sec_context.c: Include auth_con.h if CFX_EXERCISE is
+       defined.
+       (make_gss_checksum) [CFX_EXERCISE]: If the key enctype is aes256,
+       insert some stuff after the delegation slot.
+       (new_connection) [CFX_EXERCISE]: Don't send messages with bogus
+       token ids.
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): Don't
+       discard the delegation flag; only look for a delegation if the
+       flag is set, and only look for delegation, not other options.
+       Ignore any other data there.
+
+2003-12-19  Tom Yu  <tlyu@mit.edu>
+
+       * init_sec_context.c: Include k5-int.h for accessor.
+
+2003-12-18  Jeffrey Altman <jaltman@mit.edu>
+
+   * accept_sec_context.c, init_sec_context.c, ser_sctx.c:
+     Implement use of krb5int_accessor() for krb5int_c_mandatory_cksumtype,
+     krb5_ser_pack_int64, and krb5_ser_unpack_int64
+
+2003-12-13  Ken Raeburn  <raeburn@mit.edu>
+           Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * k5sealv3.c: New file, implements Wrap and MIC tokens for CFX
+       extensions.
+       * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Added acceptor
+       subkey, 64-bit sequence numbers, checksum type, and hooks for
+       sending a bogus initial token for CFX testing.  Changed some flags
+       into bitfields.
+       (gss_krb5int_make_seal_token_v3): Declare.
+       * Makefile.in (SRCS, OBJS, STLIBOBJS): Build it.
+       * accept_sec_context.c (krb5_gss_accept_sec_context): Add CFX
+       support.  For G_WRONG_TOKID, send back an error token with
+       AP_ERR_MSG_TYPE code and return a CONTINUE_NEEDED indication.
+       Initialize new fields in context.
+       * delete_sec_context.c (krb5_gss_delete_sec_context): Free
+       acceptor subkey field.
+       * init_sec_context.c (get_credentials): Drop enctypes argument;
+       callers changed.
+       (get_requested_enctypes): Deleted.
+       (setup_enc): Combine some common sections.  Do CFX initialization
+       for newer enctypes.
+       (new_connection) [CFX_EXERCISE]: If doing CFX, send a bogus
+       token.  Delete the enctype list manipulation.
+       (mutual_auth): If CFX, save acceptor's subkey.
+       * k5seal.c (make_seal_token_v1): Sequence number is now 64 bits.
+       (kg_seal): Call out to _v3 code for CFX.
+       * k5unseal.c (kg_unseal): For CFX, adjust token id numbers and
+       call out to _v3 code.
+       * wrap_size_limit.c (krb5_gss_wrap_size_limit): Implement CFX
+       support.
+
+       * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Deleted fields
+       ctypes and nctypes.
+       * delete_sec_context.c, init_sec_context.c, ser_sctx.c: Removed
+       references.
+
+2003-12-11  Alexandra Ellwood <lxs@mit.edu>
+
+       * acquire_cred.c, gssapi_krb5.c, gssapiP_krb5.h, set_ccache.c:
+        Added kg_sync_ccache_name(), kg_get_ccache_name, and 
+        kg_set_ccache_name() and rewrote gss_krb5_ccache_name() and
+        added a call to kg_sync_ccache_name() to acquire_init_cred()
+        to fix a bug where on systems with multiple ccaches that GSSAPI
+        gets stuck on the ccache that was default when it launched.
+
+2003-07-19  Ezra Peisach  <epeisach@mit.edu>
+
+       * acquire_cred.c (krb5_gss_register_acceptor_identity): Allocate
+       enough memory to include the null at the end of the keytab char *.
+
+2003-07-17  Tom Yu  <tlyu@mit.edu>
+
+       * gssapiP_krb5.h: Delete kg_release_defcred(); it's no longer
+       used.
+
+       * gssapi_krb5.c: Delete defcred; it's no longer cached.
+       (kg_get_defcred): Don't cache.
+       (kg_release_defcred): Delete; it's no longer used.
+
+       * init_sec_context.c (krb5_gss_init_sec_context): Break into more
+       manageable pieces.  Clean up a few error condition memory leaks
+       previously obscured by the sheer size of this function.
+       (setup_enc): New function; used to be part of
+       krb5_gss_init_sec_context() responsible for setting up enctypes,
+       keyblocks, related nastiness.
+       (get_requested_enctypes): New function; used to be part of
+       krb5_gss_init_sec_context() responsible for pruning the krb5
+       library's default enctype list to the limited set of enctypes
+       usable with GSSAPI.
+       (new_connection): New function; used to be part of
+       krb5_gss_init_sec_context() responsible for initial gss_ctx setup
+       and creating the AP-REQ.
+       (mutual_auth): New function; used to be part of
+       krb5_gss_init_sec_context() responsible for reading the AP-REP if
+       mutual auth was requested.
+
+       * inq_cred.c (krb5_gss_inquire_cred): Rearrange due to removal of
+       kg_release_defcred(), particularly to explicitly release the
+       defcred once it's obtained.
+
+       * rel_cred.c (krb5_gss_release_cred): Remove call to
+       kg_release_defcred(), and always succeed in releasing the null
+       credential.
+
+       * set_ccache.c (gss_krb5_ccache_name): Remove call to
+       kg_release_defcred().
+
+2003-07-14  Tom Yu  <tlyu@mit.edu>
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): Call
+       TREAD_STR with correct arguments.  Patch from Emily Ratliff.
+
+2003-07-10  Tom Yu  <tlyu@mit.edu>
+
+       * acquire_cred.c (acquire_init_cred): Close the ccache if
+       krb5_cc_set_flags() fails, as krb5int_cc_default succeeds even if
+       the file is not there, but krb5_cc_set_flags will fail in turning
+       off OPENCLOSE mode if the file can't be opened.  Thanks to Kent Wu.
+
+2003-06-13  Tom Yu  <tlyu@mit.edu>
+
+       * init_sec_context.c (make_ap_req_v1): Free checksum_data if
+       needed, to avoid leaking memory.  Found by Kent Wu.
+       (krb5_gss_init_sec_context): Free default_enctypes to avoid
+       leaking returned value from krb5_get_tgs_ktypes.
+
+       * k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if
+       token.length == 0, to avoid spurious uninitialized memory
+       references when calling memcpy() with a zero length.
+
+2003-05-13  Tom Yu  <tlyu@mit.edu>
+
+       * gssapi_krb5.h: Remove check for GSS_RFC_COMPLIANT_OIDS.
+
+2003-05-09  Tom Yu  <tlyu@mit.edu>
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): Rename
+       remote_subkey -> recv_subkey.
+
+       * init_sec_context.c (krb5_gss_init_sec_context): Rename
+       local_subkey -> send_subkey.
+
+2003-03-14  Sam Hartman  <hartmans@mit.edu>
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): Set
+       prot_ready here
+
+       * init_sec_context.c (krb5_gss_init_sec_context):  Set prot_ready
+       after context established
+
+       * gssapiP_krb5.h (KG_IMPLFLAGS): Don't claim prot_ready until the
+       context is established  because we don't currently support it.  
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
 
     * disp_status.c, gssapi_krb5.h, gssapiP_krb5.h: 
index c0d2660ee8539dc2aebc15e2e9b29ed730766e4e..0bdc117de6072ddbd05efcc40ea4b3b0799183e7 100644 (file)
@@ -43,6 +43,7 @@ SRCS = \
        $(srcdir)/inq_cred.c \
        $(srcdir)/inq_names.c \
        $(srcdir)/k5seal.c \
+       $(srcdir)/k5sealv3.c \
        $(srcdir)/k5unseal.c \
        $(srcdir)/krb5_gss_glue.c \
        $(srcdir)/process_context_token.c \
@@ -90,6 +91,7 @@ OBJS = \
        $(OUTPRE)inq_cred.$(OBJEXT) \
        $(OUTPRE)inq_names.$(OBJEXT) \
        $(OUTPRE)k5seal.$(OBJEXT) \
+       $(OUTPRE)k5sealv3.$(OBJEXT) \
        $(OUTPRE)k5unseal.$(OBJEXT) \
        $(OUTPRE)krb5_gss_glue.$(OBJEXT) \
        $(OUTPRE)process_context_token.$(OBJEXT) \
@@ -137,6 +139,7 @@ STLIBOBJS = \
        inq_cred.o \
        inq_names.o \
        k5seal.o \
+       k5sealv3.o \
        k5unseal.o \
        krb5_gss_glue.o \
        process_context_token.o \
@@ -215,195 +218,244 @@ install::
 #
 accept_sec_context.so accept_sec_context.po $(OUTPRE)accept_sec_context.$(OBJEXT): accept_sec_context.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
   ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
 acquire_cred.so acquire_cred.po $(OUTPRE)acquire_cred.$(OBJEXT): acquire_cred.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
+  gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
   ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
 add_cred.so add_cred.po $(OUTPRE)add_cred.$(OBJEXT): add_cred.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 canon_name.so canon_name.po $(OUTPRE)canon_name.$(OBJEXT): canon_name.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 compare_name.so compare_name.po $(OUTPRE)compare_name.$(OBJEXT): compare_name.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 context_time.so context_time.po $(OUTPRE)context_time.$(OBJEXT): context_time.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 copy_ccache.so copy_ccache.po $(OUTPRE)copy_ccache.$(OBJEXT): copy_ccache.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 delete_sec_context.so delete_sec_context.po $(OUTPRE)delete_sec_context.$(OBJEXT): delete_sec_context.c \
   gssapiP_krb5.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) \
   $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \
   $(BUILDTOP)/include/gssapi/gssapi.h ../generic/gssapi_err_generic.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
   gssapi_krb5.h gssapi_err_krb5.h
 disp_name.so disp_name.po $(OUTPRE)disp_name.$(OBJEXT): disp_name.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 disp_status.so disp_status.po $(OUTPRE)disp_status.$(OBJEXT): disp_status.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 duplicate_name.so duplicate_name.po $(OUTPRE)duplicate_name.$(OBJEXT): duplicate_name.c \
   gssapiP_krb5.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) \
   $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \
   $(BUILDTOP)/include/gssapi/gssapi.h ../generic/gssapi_err_generic.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
   gssapi_krb5.h gssapi_err_krb5.h
 export_name.so export_name.po $(OUTPRE)export_name.$(OBJEXT): export_name.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 export_sec_context.so export_sec_context.po $(OUTPRE)export_sec_context.$(OBJEXT): export_sec_context.c \
   gssapiP_krb5.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) \
   $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \
   $(BUILDTOP)/include/gssapi/gssapi.h ../generic/gssapi_err_generic.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
   gssapi_krb5.h gssapi_err_krb5.h
 get_tkt_flags.so get_tkt_flags.po $(OUTPRE)get_tkt_flags.$(OBJEXT): get_tkt_flags.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 gssapi_krb5.so gssapi_krb5.po $(OUTPRE)gssapi_krb5.$(OBJEXT): gssapi_krb5.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
+  gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
   ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
 import_name.so import_name.po $(OUTPRE)import_name.$(OBJEXT): import_name.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 import_sec_context.so import_sec_context.po $(OUTPRE)import_sec_context.$(OBJEXT): import_sec_context.c \
   gssapiP_krb5.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) \
   $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \
   $(BUILDTOP)/include/gssapi/gssapi.h ../generic/gssapi_err_generic.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
   gssapi_krb5.h gssapi_err_krb5.h
 indicate_mechs.so indicate_mechs.po $(OUTPRE)indicate_mechs.$(OBJEXT): indicate_mechs.c \
   gssapiP_krb5.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) \
   $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \
   $(BUILDTOP)/include/gssapi/gssapi.h ../generic/gssapi_err_generic.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
   gssapi_krb5.h gssapi_err_krb5.h
 init_sec_context.so init_sec_context.po $(OUTPRE)init_sec_context.$(OBJEXT): init_sec_context.c \
-  gssapiP_krb5.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \
-  $(BUILDTOP)/include/gssapi/gssapi.h ../generic/gssapi_err_generic.h \
-  gssapi_krb5.h gssapi_err_krb5.h
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
 inq_context.so inq_context.po $(OUTPRE)inq_context.$(OBJEXT): inq_context.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 inq_cred.so inq_cred.po $(OUTPRE)inq_cred.$(OBJEXT): inq_cred.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 inq_names.so inq_names.po $(OUTPRE)inq_names.$(OBJEXT): inq_names.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 k5seal.so k5seal.po $(OUTPRE)k5seal.$(OBJEXT): k5seal.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
+k5sealv3.so k5sealv3.po $(OUTPRE)k5sealv3.$(OBJEXT): k5sealv3.c $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+  gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
   ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
 k5unseal.so k5unseal.po $(OUTPRE)k5unseal.$(OBJEXT): k5unseal.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 krb5_gss_glue.so krb5_gss_glue.po $(OUTPRE)krb5_gss_glue.$(OBJEXT): krb5_gss_glue.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 process_context_token.so process_context_token.po $(OUTPRE)process_context_token.$(OBJEXT): process_context_token.c \
   gssapiP_krb5.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) \
   $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \
   $(BUILDTOP)/include/gssapi/gssapi.h ../generic/gssapi_err_generic.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
   gssapi_krb5.h gssapi_err_krb5.h
 rel_cred.so rel_cred.po $(OUTPRE)rel_cred.$(OBJEXT): rel_cred.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 rel_oid.so rel_oid.po $(OUTPRE)rel_oid.$(OBJEXT): rel_oid.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 rel_name.so rel_name.po $(OUTPRE)rel_name.$(OBJEXT): rel_name.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 seal.so seal.po $(OUTPRE)seal.$(OBJEXT): seal.c gssapiP_krb5.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 ser_sctx.so ser_sctx.po $(OUTPRE)ser_sctx.$(OBJEXT): ser_sctx.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
+  gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
   ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
 set_ccache.so set_ccache.po $(OUTPRE)set_ccache.$(OBJEXT): set_ccache.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 sign.so sign.po $(OUTPRE)sign.$(OBJEXT): sign.c gssapiP_krb5.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 unseal.so unseal.po $(OUTPRE)unseal.$(OBJEXT): unseal.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 util_cksum.so util_cksum.po $(OUTPRE)util_cksum.$(OBJEXT): util_cksum.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 util_crypt.so util_crypt.po $(OUTPRE)util_crypt.$(OBJEXT): util_crypt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
+  gssapiP_krb5.h $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
   ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
 util_seed.so util_seed.po $(OUTPRE)util_seed.$(OBJEXT): util_seed.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 util_seqnum.so util_seqnum.po $(OUTPRE)util_seqnum.$(OBJEXT): util_seqnum.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h \
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 val_cred.so val_cred.po $(OUTPRE)val_cred.$(OBJEXT): val_cred.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 verify.so verify.po $(OUTPRE)verify.$(OBJEXT): verify.c gssapiP_krb5.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  ../generic/gssapi_err_generic.h gssapi_krb5.h gssapi_err_krb5.h
+  ../generic/gssapi_err_generic.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h gssapi_krb5.h gssapi_err_krb5.h
 wrap_size_limit.so wrap_size_limit.po $(OUTPRE)wrap_size_limit.$(OBJEXT): wrap_size_limit.c \
   gssapiP_krb5.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) \
   $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \
   $(BUILDTOP)/include/gssapi/gssapi.h ../generic/gssapi_err_generic.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
   gssapi_krb5.h gssapi_err_krb5.h
 gssapi_err_krb5.so gssapi_err_krb5.po $(OUTPRE)gssapi_err_krb5.$(OBJEXT): gssapi_err_krb5.c \
   $(COM_ERR_DEPS)
index 5ff6146eadc65cfaeaaa2694084a0c85837c43e6..9db7e7e55e03a10321a3ca75f5c4f8de0727dd71 100644 (file)
 #endif
 #include <assert.h>
 
+#ifdef CFX_EXERCISE
+#define CFX_ACCEPTOR_SUBKEY (time(0) & 1)
+#else
+#define CFX_ACCEPTOR_SUBKEY 1
+#endif
+
 /* Decode, decrypt and store the forwarded creds in the local ccache. */
 static krb5_error_code
 rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
@@ -101,8 +107,8 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
         * By the time krb5_rd_cred is called here (after krb5_rd_req has been
         * called in krb5_gss_accept_sec_context), the "keyblock" field of
         * auth_context contains a pointer to the session key, and the
-        * "remote_subkey" field might contain a session subkey.  Either of
-        * these (the "remote_subkey" if it isn't NULL, otherwise the
+        * "recv_subkey" field might contain a session subkey.  Either of
+        * these (the "recv_subkey" if it isn't NULL, otherwise the
         * "keyblock") might have been used to encrypt the encrypted part of
         * the KRB_CRED message that contains the forwarded credentials.  (The
         * Java Crypto and Security Implementation from the DSTC in Australia
@@ -122,7 +128,8 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
                if ((retval = krb5_auth_con_init(context, &new_auth_ctx)))
                        goto cleanup;
                krb5_auth_con_setflags(context, new_auth_ctx, 0);
-               if ((retval = krb5_rd_cred(context, new_auth_ctx, inbuf, &creds, NULL)))
+               if ((retval = krb5_rd_cred(context, new_auth_ctx, inbuf,
+                                          &creds, NULL)))
                        goto cleanup;
                }
 
@@ -241,7 +248,14 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    krb5_data scratch;
    gss_cred_id_t cred_handle = NULL;
    krb5_gss_cred_id_t deleg_cred = NULL;
+   krb5int_access kaccess;
 
+   code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (code) {
+        *minor_status = code;
+        return(GSS_S_FAILURE);
+    }
+       
    if (GSS_ERROR(kg_get_context(minor_status, &context)))
       return(GSS_S_FAILURE);
 
@@ -312,13 +326,13 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    if (!(code = g_verify_token_header((gss_OID) gss_mech_krb5,
                                      &(ap_req.length),
                                      &ptr, KG_TOK_CTX_AP_REQ,
-                                     input_token->length))) {
+                                     input_token->length, 1))) {
        mech_used = gss_mech_krb5;
    } else if ((code == G_WRONG_MECH) &&
              !(code = g_verify_token_header((gss_OID) gss_mech_krb5_old,
                                             &(ap_req.length), 
                                             &ptr, KG_TOK_CTX_AP_REQ,
-                                            input_token->length))) {
+                                            input_token->length, 1))) {
        /*
        * Previous versions of this library used the old mech_id
        * and some broken behavior (wrong IV on checksum
@@ -327,6 +341,11 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        * old behavior.
        */
        mech_used = gss_mech_krb5_old;
+   } else if (code == G_WRONG_TOKID) {
+       major_status = GSS_S_CONTINUE_NEEDED;
+       code = KRB5KRB_AP_ERR_MSG_TYPE;
+       mech_used = gss_mech_krb5;
+       goto fail;
    } else {
        major_status = GSS_S_DEFECTIVE_TOKEN;
        goto fail;
@@ -358,8 +377,6 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        major_status = GSS_S_FAILURE;
        goto fail;
    }
-   krb5_auth_con_setflags(context, auth_context,
-                         KRB5_AUTH_CONTEXT_DO_SEQUENCE);
    if (cred->rcache) {
        if ((code = krb5_auth_con_setrcache(context, auth_context, cred->rcache))) {
           major_status = GSS_S_FAILURE;
@@ -376,6 +393,8 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        major_status = GSS_S_FAILURE;
        goto fail;
    }
+   krb5_auth_con_setflags(context, auth_context,
+                         KRB5_AUTH_CONTEXT_DO_SEQUENCE);
 
    krb5_auth_con_getauthenticator(context, auth_context, &authdat);
 
@@ -496,18 +515,20 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        reqcksum.contents = 0;
 
        TREAD_INT(ptr, gss_flags, bigend);
+#if 0
        gss_flags &= ~GSS_C_DELEG_FLAG; /* mask out the delegation flag; if
                                          there's a delegation, we'll set
                                          it below */
+#endif
        decode_req_message = 0;
 
        /* if the checksum length > 24, there are options to process */
 
-       if(authdat->checksum->length > 24) {
+       if(authdat->checksum->length > 24 && (gss_flags & GSS_C_DELEG_FLAG)) {
 
           i = authdat->checksum->length - 24;
 
-          while (i >= 4) {
+          if (i >= 4) {
 
               TREAD_INT16(ptr, option_id, bigend);
 
@@ -515,23 +536,24 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
 
               i -= 4;
 
-              /* have to use ptr2, since option.data is wrong type and
-                 macro uses ptr as both lvalue and rvalue */
-
               if (i < option.length || option.length < 0) {
                   code = KG_BAD_LENGTH;
                   major_status = GSS_S_FAILURE;
                   goto fail;
               }
 
-              TREAD_STR(ptr, ptr2, bigend);
+              /* have to use ptr2, since option.data is wrong type and
+                 macro uses ptr as both lvalue and rvalue */
+
+              TREAD_STR(ptr, ptr2, option.length);
               option.data = (char *) ptr2;
 
               i -= option.length;
 
-              switch(option_id) {
-
-              case KRB5_GSS_FOR_CREDS_OPTION:
+              if (option_id != KRB5_GSS_FOR_CREDS_OPTION) {
+                  major_status = GSS_S_FAILURE;
+                  goto fail;
+              }
 
                   /* store the delegated credential */
 
@@ -543,16 +565,37 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
                       goto fail;
                   }
 
-                  gss_flags |= GSS_C_DELEG_FLAG; /* got a delegation */
-
-                  break;
-
-                  /* default: */
-                  /* unknown options aren't an error */
-
-              } /* switch */
-          } /* while */
-       } /* if */
+          } /* if i >= 4 */
+          /* ignore any additional trailing data, for now */
+#ifdef CFX_EXERCISE
+          {
+              FILE *f = fopen("/tmp/gsslog", "a");
+              if (f) {
+                  fprintf(f,
+                          "initial context token with delegation, %d extra bytes\n",
+                          i);
+                  fclose(f);
+              }
+          }
+#endif
+       } else {
+#ifdef CFX_EXERCISE
+          {
+              FILE *f = fopen("/tmp/gsslog", "a");
+              if (f) {
+                  if (gss_flags & GSS_C_DELEG_FLAG)
+                      fprintf(f,
+                              "initial context token, delegation flag but too small\n");
+                  else
+                      /* no deleg flag, length might still be too big */
+                      fprintf(f,
+                              "initial context token, %d extra bytes\n",
+                              authdat->checksum->length - 24);
+                  fclose(f);
+              }
+          }
+#endif
+       }
    }
 
    /* create the ctx struct and start filling it in */
@@ -568,7 +611,10 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    ctx->mech_used = (gss_OID) mech_used;
    ctx->auth_context = auth_context;
    ctx->initiate = 0;
-   ctx->gss_flags = KG_IMPLFLAGS(gss_flags);
+   ctx->gss_flags = (GSS_C_TRANS_FLAG |
+                    ((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |
+                            GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
+                            GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG)));
    ctx->seed_init = 0;
    ctx->big_endian = bigend;
 
@@ -592,8 +638,8 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        goto fail;
    }
 
-   if ((code = krb5_auth_con_getremotesubkey(context, auth_context,
-                                            &ctx->subkey))) { 
+   if ((code = krb5_auth_con_getrecvsubkey(context, auth_context,
+                                          &ctx->subkey))) { 
        major_status = GSS_S_FAILURE;      
        goto fail;
    }
@@ -616,6 +662,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        goto fail;
    }
 
+   ctx->proto = 0;
    switch(ctx->subkey->enctype) {
    case ENCTYPE_DES_CBC_MD5:
    case ENCTYPE_DES_CBC_CRC:
@@ -635,12 +682,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
           /*SUPPRESS 113*/
           ctx->enc->contents[i] ^= 0xf0;
 
-       if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq))) {
-          major_status = GSS_S_FAILURE;
-          goto fail;
-       }
-
-       break;
+       goto copy_subkey_to_seq;
 
    case ENCTYPE_DES3_CBC_SHA1:
        ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW;
@@ -649,36 +691,38 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        ctx->sealalg = SEAL_ALG_DES3KD;
 
        /* fill in the encryption descriptors */
-
+   copy_subkey:
        if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) {
           major_status = GSS_S_FAILURE;
           goto fail;
        }
-
+   copy_subkey_to_seq:
        if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq))) {
           major_status = GSS_S_FAILURE;
           goto fail;
        }
-
        break;
-         case ENCTYPE_ARCFOUR_HMAC:
-           ctx->signalg = SGN_ALG_HMAC_MD5 ;
-           ctx->cksum_size = 8;
-           ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ;
-
-             code = krb5_copy_keyblock (context, ctx->subkey, &ctx->enc);
-             if (code)
-                 goto fail;
-             code = krb5_copy_keyblock (context, ctx->subkey, &ctx->seq);
-             if (code) {
-                 krb5_free_keyblock (context, ctx->enc);
-                 goto fail;
-             }
-             break;        
+
+   case ENCTYPE_ARCFOUR_HMAC:
+       ctx->signalg = SGN_ALG_HMAC_MD5 ;
+       ctx->cksum_size = 8;
+       ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ;
+       goto copy_subkey;
 
    default:
-       code = KRB5_BAD_ENCTYPE;
-       goto fail;
+       ctx->signalg = -1;
+       ctx->sealalg = -1;
+       ctx->proto = 1;
+       code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, ctx->subkey->enctype,
+                                           &ctx->cksumtype);
+       if (code)
+          goto fail;
+       code = krb5_c_checksum_length(context, ctx->cksumtype,
+                                    &ctx->cksum_size);
+       if (code)
+          goto fail;
+       ctx->have_acceptor_subkey = 0;
+       goto copy_subkey;
    }
 
    ctx->endtime = ticket->enc_part2->times.endtime;
@@ -686,7 +730,11 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
 
    krb5_free_ticket(context, ticket); /* Done with ticket */
 
-   krb5_auth_con_getremoteseqnumber(context, auth_context, &ctx->seq_recv);
+   {
+       krb5_ui_4 seq_temp;
+       krb5_auth_con_getremoteseqnumber(context, auth_context, &seq_temp);
+       ctx->seq_recv = seq_temp;
+   }
 
    if ((code = krb5_timeofday(context, &now))) {
        major_status = GSS_S_FAILURE;
@@ -701,7 +749,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
 
    g_order_init(&(ctx->seqstate), ctx->seq_recv,
                (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
-               (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0);
+               (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto);
 
    /* at this point, the entire context structure is filled in, 
       so it can be released.  */
@@ -710,15 +758,56 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
 
    if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
        unsigned char * ptr3;
+       krb5_ui_4 seq_temp;
+       int cfx_generate_subkey;
+
+       if (ctx->proto == 1)
+          cfx_generate_subkey = CFX_ACCEPTOR_SUBKEY;
+       else
+          cfx_generate_subkey = 0;
+
+       if (cfx_generate_subkey) {
+          krb5_int32 acflags;
+          code = krb5_auth_con_getflags(context, auth_context, &acflags);
+          if (code == 0) {
+              acflags |= KRB5_AUTH_CONTEXT_USE_SUBKEY;
+              code = krb5_auth_con_setflags(context, auth_context, acflags);
+          }
+          if (code) {
+              major_status = GSS_S_FAILURE;
+              goto fail;
+          }
+       }
+
        if ((code = krb5_mk_rep(context, auth_context, &ap_rep))) {
           major_status = GSS_S_FAILURE;
           goto fail;
        }
 
-       krb5_auth_con_getlocalseqnumber(context, auth_context,
-                                      &ctx->seq_send);
+       krb5_auth_con_getlocalseqnumber(context, auth_context, &seq_temp);
+       ctx->seq_send = seq_temp & 0xffffffffL;
+
+       if (cfx_generate_subkey) {
+          /* Get the new acceptor subkey.  With the code above, there
+             should always be one if we make it to this point.  */
+          code = krb5_auth_con_getsendsubkey(context, auth_context,
+                                             &ctx->acceptor_subkey);
+          if (code != 0) {
+              major_status = GSS_S_FAILURE;
+              goto fail;
+          }
+          code = (*kaccess.krb5int_c_mandatory_cksumtype)(context,
+                                               ctx->acceptor_subkey->enctype,
+                                               &ctx->acceptor_subkey_cksumtype);
+          if (code) {
+              major_status = GSS_S_FAILURE;
+              goto fail;
+          }
+          ctx->have_acceptor_subkey = 1;
+       }
 
        /* the reply token hasn't been sent yet, but that's ok. */
+       ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
        ctx->established = 1;
 
        token.length = g_token_size((gss_OID) mech_used, ap_rep.length);
@@ -803,7 +892,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    if (ap_rep.data)
        krb5_free_data_contents(context, &ap_rep);
 
-   if (!GSS_ERROR(major_status))
+   if (!GSS_ERROR(major_status) && major_status != GSS_S_CONTINUE_NEEDED)
        return(major_status);
 
    /* from here on is the real "fail" code */
@@ -843,7 +932,9 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        krb5_free_ap_req(context, request);
    }
 
-   if (cred && (gss_flags & GSS_C_MUTUAL_FLAG)) {
+   if (cred
+       && ((gss_flags & GSS_C_MUTUAL_FLAG)
+          || (major_status == GSS_S_CONTINUE_NEEDED))) {
        unsigned int tmsglen;
        int toktype;
 
@@ -853,7 +944,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        */
        memset(&krb_error_data, 0, sizeof(krb_error_data));
 
-       code  -= ERROR_TABLE_BASE_krb5;
+       code -= ERROR_TABLE_BASE_krb5;
        if (code < 0 || code > 128)
           code = 60 /* KRB_ERR_GENERIC */;
 
@@ -861,7 +952,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        (void) krb5_us_timeofday(context, &krb_error_data.stime,
                                &krb_error_data.susec);
        krb_error_data.server = cred->princ;
-          
+
        code = krb5_mk_error(context, &krb_error_data, &scratch);
        if (code)
           return (major_status);
index 2c620b940567fcd6540b2927aca2733c39d66994..513abe5524194a59b0c6fed5cefb7a81b45ab190 100644 (file)
@@ -92,7 +92,7 @@ krb5_gss_register_acceptor_identity(const char *keytab)
        free(krb5_gss_keytab);
 
     len = strlen(keytab);
-    krb5_gss_keytab = malloc(len);
+    krb5_gss_keytab = malloc(len + 1);
     if (krb5_gss_keytab == NULL)
        return GSS_S_FAILURE;
 
@@ -190,8 +190,13 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
 
    cred->ccache = NULL;
 
-   /* open the default credential cache */
+   /* load the GSS ccache name into the kg_context */
+   
+   if (GSS_ERROR(kg_sync_ccache_name(minor_status)))
+       return(GSS_S_FAILURE);
 
+   /* open the default credential cache */
+   
    if ((code = krb5int_cc_default(context, &ccache))) {
       *minor_status = code;
       return(GSS_S_CRED_UNAVAIL);
@@ -201,6 +206,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
 
    flags = 0;          /* turns off OPENCLOSE mode */
    if ((code = krb5_cc_set_flags(context, ccache, flags))) {
+      (void)krb5_cc_close(context, ccache);
       *minor_status = code;
       return(GSS_S_CRED_UNAVAIL);
    }
index 28c23589062f6209454d89da0c619509ab3cd027..94702b862701f785f9bbc7621f8cef672fb6fe73 100644 (file)
@@ -92,6 +92,8 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
       krb5_free_principal(context, ctx->there);
    if (ctx->subkey)
       krb5_free_keyblock(context, ctx->subkey);
+   if (ctx->acceptor_subkey)
+       krb5_free_keyblock(context, ctx->acceptor_subkey);
 
    if (ctx->auth_context) {
        (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL);
@@ -101,9 +103,6 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
    if (ctx->mech_used)
        gss_release_oid(minor_status, &ctx->mech_used);
    
-   if (ctx->ctypes)
-       xfree(ctx->ctypes);
-
    /* Zero out context */
    memset(ctx, 0, sizeof(*ctx));
    xfree(ctx);
index 3251086128a0067fcbbe33a16bcd07357c6d1675..514c82147a208f835b2260d4c1437bb5722f4cb6 100644 (file)
@@ -69,6 +69,9 @@
 #include "gssapi_krb5.h"
 #include "gssapi_err_krb5.h"
 
+/* for debugging */
+#undef CFX_EXERCISE
+
 /** constants **/
 
 #define CKSUMTYPE_KG_CB                0x8003
 #define        KG_TOK_WRAP_MSG         0x0201
 #define KG_TOK_DEL_CTX         0x0102
 
-#define KG_IMPLFLAGS(x) (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | \
-                        GSS_C_TRANS_FLAG | GSS_C_PROT_READY_FLAG | \
-                        ((x) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \
-                                GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG)))
-
 #define KG2_TOK_INITIAL                0x0101
 #define KG2_TOK_RESPONSE       0x0202
 #define KG2_TOK_MIC            0x0303
@@ -116,10 +114,17 @@ enum seal_alg {
   SEAL_ALG_DES3KD          = 0x0002
 };
 
+/* for 3DES */
 #define KG_USAGE_SEAL 22
 #define KG_USAGE_SIGN 23
 #define KG_USAGE_SEQ  24
 
+/* for draft-ietf-krb-wg-gssapi-cfx-01 */
+#define KG_USAGE_ACCEPTOR_SEAL 22
+#define KG_USAGE_ACCEPTOR_SIGN 23
+#define KG_USAGE_INITIATOR_SEAL        24
+#define KG_USAGE_INITIATOR_SIGN        25
+
 enum qop {
   GSS_KRB5_INTEG_C_QOP_MD5       = 0x0001, /* *partial* MD5 = "MD2.5" */
   GSS_KRB5_INTEG_C_QOP_DES_MD5   = 0x0002,
@@ -152,15 +157,21 @@ typedef struct _krb5_gss_cred_id_rec {
 } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; 
 
 typedef struct _krb5_gss_ctx_id_rec {
-   int initiate;       /* nonzero if initiating, zero if accepting */
+   unsigned int initiate : 1;  /* nonzero if initiating, zero if accepting */
+   unsigned int established : 1;
+   unsigned int big_endian : 1;
+   unsigned int have_acceptor_subkey : 1;
+   unsigned int seed_init : 1; /* XXX tested but never actually set */
+#ifdef CFX_EXERCISE
+   unsigned int testing_unknown_tokid : 1; /* for testing only */
+#endif
    OM_uint32 gss_flags;
-   int seed_init;
    unsigned char seed[16];
    krb5_principal here;
    krb5_principal there;
    krb5_keyblock *subkey;
    int signalg;
-   int cksum_size;
+   size_t cksum_size;
    int sealalg;
    krb5_keyblock *enc;
    krb5_keyblock *seq;
@@ -169,15 +180,22 @@ typedef struct _krb5_gss_ctx_id_rec {
    /* XXX these used to be signed.  the old spec is inspecific, and
       the new spec specifies unsigned.  I don't believe that the change
       affects the wire encoding. */
-   krb5_ui_4 seq_send;
-   krb5_ui_4 seq_recv;
+   gssint_uint64 seq_send;
+   gssint_uint64 seq_recv;
    void *seqstate;
-   int established;
-   int big_endian;
    krb5_auth_context auth_context;
    gss_OID_desc *mech_used;
-   int nctypes;
-   krb5_cksumtype *ctypes;
+    /* Protocol spec revision
+       0 => RFC 1964 with 3DES and RC4 enhancements
+       1 => draft-ietf-krb-wg-gssapi-cfx-01
+       No others defined so far.  */
+   int proto;
+   krb5_cksumtype cksumtype;   /* for "main" subkey */
+   krb5_keyblock *acceptor_subkey; /* CFX only */
+   krb5_cksumtype acceptor_subkey_cksumtype;
+#ifdef CFX_EXERCISE
+    gss_buffer_desc init_token;
+#endif
 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
 
 extern void *kg_vdb;
@@ -202,8 +220,6 @@ OM_uint32 kg_get_defcred
        (OM_uint32 *minor_status, 
                   gss_cred_id_t *cred);
 
-OM_uint32 kg_release_defcred (OM_uint32 *minor_status);
-
 krb5_error_code kg_checksum_channel_bindings
          (krb5_context context, gss_channel_bindings_t cb,
                                             krb5_checksum *cksum,
@@ -290,7 +306,15 @@ krb5_error_code kg_ctx_internalize (krb5_context kcontext,
 
 OM_uint32 kg_get_context (OM_uint32 *minor_status,
                                    krb5_context *context);
-       
+
+OM_uint32 kg_sync_ccache_name (OM_uint32 *minor_status);
+
+OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, 
+                              const char **out_name);
+
+OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status, 
+                              const char *name);
+
 /** declarations of internal name mechanism functions **/
 
 OM_uint32 krb5_gss_acquire_cred
@@ -589,4 +613,10 @@ gss_OID krb5_gss_convert_static_mech_oid
 (gss_OID oid
         );
        
+krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context,
+                                              krb5_gss_ctx_id_rec *,
+                                              const gss_buffer_desc *,
+                                              gss_buffer_t,
+                                              int, int);
+
 #endif /* _GSSAPIP_KRB5_H_ */
index db6eabd5d438bb6fcae0e65da9c51a9a49bdb763..be750a74902425a212bee576f48e25bb53697fd8 100644 (file)
@@ -125,13 +125,10 @@ const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+1;
 const gss_OID_set_desc * const gss_mech_set_krb5_both = oidsets+2;
 
 void *kg_vdb = NULL;
+static char *kg_ccache_name = NULL;
 
 /** default credential support */
 
-/* default credentials */
-
-static gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL;
-
 /*
  * init_sec_context() will explicitly re-acquire default credentials,
  * so handling the expiration/invalidation condition here isn't needed.
@@ -141,36 +138,18 @@ kg_get_defcred(minor_status, cred)
      OM_uint32 *minor_status;
      gss_cred_id_t *cred;
 {
-   if (defcred == GSS_C_NO_CREDENTIAL) {
-      OM_uint32 major;
-
-      if ((major = krb5_gss_acquire_cred(minor_status, 
-                                        (gss_name_t) NULL, GSS_C_INDEFINITE, 
-                                        GSS_C_NULL_OID_SET, GSS_C_INITIATE, 
-                                        &defcred, NULL, NULL)) &&
-         GSS_ERROR(major)) {
-        defcred = GSS_C_NO_CREDENTIAL;
-        return(major);
-      }
+    OM_uint32 major;
+    
+    if ((major = krb5_gss_acquire_cred(minor_status, 
+                                     (gss_name_t) NULL, GSS_C_INDEFINITE, 
+                                     GSS_C_NULL_OID_SET, GSS_C_INITIATE, 
+                                     cred, NULL, NULL)) && GSS_ERROR(major)) {
+      return(major);
    }
-
-   *cred = defcred;
    *minor_status = 0;
    return(GSS_S_COMPLETE);
 }
 
-OM_uint32
-kg_release_defcred(minor_status)
-     OM_uint32 *minor_status;
-{
-   if (defcred == GSS_C_NO_CREDENTIAL) {
-      *minor_status = 0;
-      return(GSS_S_COMPLETE);
-   }
-
-   return(krb5_gss_release_cred(minor_status, &defcred));
-}
-
 OM_uint32
 kg_get_context(minor_status, context)
    OM_uint32 *minor_status;
@@ -203,3 +182,103 @@ fail:
    *minor_status = (OM_uint32) code;
    return GSS_S_FAILURE;
 }
+
+OM_uint32
+kg_sync_ccache_name (OM_uint32 *minor_status)
+{
+    krb5_context context = NULL;
+    OM_uint32 err = 0;
+    OM_uint32 minor;
+    
+    /* 
+     * Sync up the kg_context ccache name with the GSSAPI ccache name.
+     * If kg_ccache_name is NULL -- normal unless someone has called 
+     * gss_krb5_ccache_name() -- then the system default ccache will 
+     * be picked up and used by resetting the context default ccache.
+     * This is needed for platforms which support multiple ccaches.
+     */
+    
+    if (!err) {
+        if (GSS_ERROR(kg_get_context (&minor, &context))) {
+            err = minor;
+        }
+    }
+    
+    if (!err) {
+        /* kg_ccache_name == NULL resets the context default ccache */
+        err = krb5_cc_set_default_name(context, kg_ccache_name);
+    }
+    
+    *minor_status = err;
+    return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
+}
+
+OM_uint32
+kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name)
+{
+    krb5_context context = NULL;
+    const char *name = NULL;
+    OM_uint32 err = 0;
+    OM_uint32 minor;
+    
+    if (!err) {
+        if (GSS_ERROR(kg_get_context (&minor, &context))) {
+            err = minor;
+        }
+    }
+    
+    if (!err) {
+        if (kg_ccache_name != NULL) {
+            name = kg_ccache_name;
+        } else {
+            /* reset the context default ccache (see text above) */
+            err = krb5_cc_set_default_name (context, NULL);
+            if (!err) {
+                name = krb5_cc_default_name(context);
+            }
+        }
+    }
+
+    if (!err) {
+        if (out_name) {
+            *out_name = name;
+        }
+    }
+    
+    *minor_status = err;
+    return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
+}
+
+OM_uint32
+kg_set_ccache_name (OM_uint32 *minor_status, const char *name)
+{
+    char *new_name = NULL;
+    OM_uint32 err = 0;
+    
+    if (!err) {
+        if (name) {
+            new_name = malloc(strlen(name) + 1);
+            if (new_name == NULL) {
+                err = ENOMEM;
+            } else {
+                strcpy(new_name, name);
+            }
+        }
+    }
+    
+    if (!err) {
+        char *swap = NULL;
+        
+        swap = kg_ccache_name;
+        kg_ccache_name = new_name;
+        new_name = swap;
+    }
+    
+    if (new_name != NULL) {
+        free (new_name);
+    }
+    
+    *minor_status = err;
+    return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
+}
+
index c142802e4a161fa556e14cce272a77dff89b9c30..3007a0fd840e86998447edcec62ef734a9fde36a 100644 (file)
@@ -31,7 +31,6 @@
 extern "C" {
 #endif /* __cplusplus */
 
-#if GSS_RFC_COMPLIANT_OIDS
 /* Reserved static storage for GSS_oids.  See rfc 1964 for more details. */
 
 /* 2.1.1. Kerberos Principal Name Form: */
@@ -71,8 +70,6 @@ GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME;
  * generic(1) string_uid_name(3)}.  The recommended symbolic name for
  * this type is "GSS_KRB5_NT_STRING_UID_NAME". */ 
 
-#endif /* GSS_RFC_COMPLIANT_OIDS */
-
 extern const gss_OID_desc * const gss_mech_krb5;
 extern const gss_OID_desc * const gss_mech_krb5_old;
 extern const gss_OID_set_desc * const gss_mech_set_krb5;
index 8877052ba6adb64dbdd3ea421f0aaea1fbed8989..544316e0afe33fc7769132a3f054b1ed40c2229f 100644 (file)
@@ -70,6 +70,7 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
+#include "k5-int.h"
 #include "gssapiP_krb5.h"
 #ifdef HAVE_MEMORY_H
 #include <memory.h>
@@ -90,13 +91,12 @@ int krb5_gss_dbg_client_expcreds = 0;
  * ccache.
  */
 static krb5_error_code get_credentials(context, cred, server, now,
-                                      endtime, enctypes, out_creds)
+                                      endtime, out_creds)
     krb5_context context;
     krb5_gss_cred_id_t cred;
     krb5_principal server;
     krb5_timestamp now;
     krb5_timestamp endtime;
-    const krb5_enctype *enctypes;
     krb5_creds **out_creds;
 {
     krb5_error_code    code;
@@ -112,10 +112,7 @@ static krb5_error_code get_credentials(context, cred, server, now,
 
     in_creds.keyblock.enctype = 0;
 
-    code = krb5_set_default_tgs_enctypes (context, enctypes);
-    if (code)
-      goto cleanup;
-        code = krb5_get_credentials(context, 0, cred->ccache,
+    code = krb5_get_credentials(context, 0, cred->ccache,
                                &in_creds, out_creds);
     if (code)
        goto cleanup;
@@ -145,6 +142,9 @@ struct gss_checksum_data {
     krb5_data checksum_data;
 };
 
+#ifdef CFX_EXERCISE
+#include "../../krb5/krb/auth_con.h"
+#endif
 static krb5_error_code KRB5_CALLCONV
 make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
                   void *cksum_data, krb5_data **out)
@@ -154,6 +154,8 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
     unsigned char *ptr;
     struct gss_checksum_data *data = cksum_data;
     krb5_data credmsg;
+    int junk;
+
     data->checksum_data.data = 0;
     credmsg.data = 0;
     /* build the checksum field */
@@ -191,6 +193,21 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
     } else {
        data->checksum_data.length = 24;
     }
+#ifdef CFX_EXERCISE
+    if (data->ctx->auth_context->keyblock != NULL
+       && data->ctx->auth_context->keyblock->enctype == 18) {
+       srand(time(0) ^ getpid());
+       /* Our ftp client code stupidly assumes a base64-encoded
+          version of the token will fit in 10K, so don't make this
+          too big.  */
+       junk = rand() & 0xff;
+    } else
+       junk = 0;
+#else
+    junk = 0;
+#endif
+
+    data->checksum_data.length += junk;
 
     /* now allocate a buffer to hold the checksum data and
        (maybe) KRB_CRED msg */
@@ -219,6 +236,8 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
        /* free credmsg data */
        krb5_free_data_contents(context, &credmsg);
     }
+    if (junk)
+       memset(ptr, 'i', junk);
     *out = &data->checksum_data;
     return 0;
 }
@@ -316,12 +335,529 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token)
    code = 0;
     
  cleanup:
+   if (checksum_data && checksum_data->data)
+       krb5_free_data_contents(context, checksum_data);
    if (ap_req.data)
        krb5_free_data_contents(context, &ap_req);
 
    return (code);
 }
 
+/*
+ * setup_enc
+ *
+ * Fill in the encryption descriptors.  Called after AP-REQ is made.
+ */
+static OM_uint32
+setup_enc(
+   OM_uint32 *minor_status,
+   krb5_gss_ctx_id_rec *ctx,
+   krb5_context context)
+{
+   krb5_error_code code;
+   int i;
+   krb5int_access kaccess;
+
+   code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+   if (code)
+       goto fail;
+
+   ctx->have_acceptor_subkey = 0;
+   ctx->proto = 0;
+   ctx->cksumtype = 0;
+   switch(ctx->subkey->enctype) {
+   case ENCTYPE_DES_CBC_MD5:
+   case ENCTYPE_DES_CBC_MD4:
+   case ENCTYPE_DES_CBC_CRC:
+      ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW;
+      ctx->signalg = SGN_ALG_DES_MAC_MD5;
+      ctx->cksum_size = 8;
+      ctx->sealalg = SEAL_ALG_DES;
+
+      /* The encryption key is the session key XOR
+        0xf0f0f0f0f0f0f0f0.  */
+      if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc)))
+        goto fail;
+
+      for (i=0; i<ctx->enc->length; i++)
+        ctx->enc->contents[i] ^= 0xf0;
+
+      goto copy_subkey_to_seq;
+
+   case ENCTYPE_DES3_CBC_SHA1:
+       /* MIT extension */
+      ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW;
+      ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
+      ctx->cksum_size = 20;
+      ctx->sealalg = SEAL_ALG_DES3KD;
+
+   copy_subkey:
+      code = krb5_copy_keyblock (context, ctx->subkey, &ctx->enc);
+      if (code)
+        goto fail;
+   copy_subkey_to_seq:
+      code = krb5_copy_keyblock (context, ctx->subkey, &ctx->seq);
+      if (code) {
+        krb5_free_keyblock (context, ctx->enc);
+        goto fail;
+      }
+      break;
+
+   case ENCTYPE_ARCFOUR_HMAC:
+       /* Microsoft extension */
+      ctx->signalg = SGN_ALG_HMAC_MD5 ;
+      ctx->cksum_size = 8;
+      ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ;
+
+      goto copy_subkey;
+
+   default:
+       /* Fill some fields we shouldn't be using on this path
+         with garbage.  */
+       ctx->signalg = -10;
+       ctx->sealalg = -10;
+
+       ctx->proto = 1;
+       code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, ctx->subkey->enctype,
+                                           &ctx->cksumtype);
+       if (code)
+          goto fail;
+       code = krb5_c_checksum_length(context, ctx->cksumtype,
+                                    &ctx->cksum_size);
+       if (code)
+          goto fail;
+       goto copy_subkey;
+   }
+fail:
+   *minor_status = code;
+   return GSS_S_FAILURE;
+}
+
+/*
+ * new_connection
+ *
+ * Do the grunt work of setting up a new context.
+ */
+static OM_uint32
+new_connection(
+   OM_uint32 *minor_status,
+   krb5_gss_cred_id_t cred,
+   gss_ctx_id_t *context_handle,
+   gss_name_t target_name,
+   gss_OID mech_type,
+   OM_uint32 req_flags,
+   OM_uint32 time_req,
+   gss_channel_bindings_t input_chan_bindings,
+   gss_buffer_t input_token,
+   gss_OID *actual_mech_type,
+   gss_buffer_t output_token,
+   OM_uint32 *ret_flags,
+   OM_uint32 *time_rec,
+   krb5_context context,
+   int default_mech)
+{
+   OM_uint32 major_status;
+   krb5_error_code code;
+   krb5_creds *k_cred;
+   krb5_gss_ctx_id_rec *ctx, *ctx_free;
+   krb5_timestamp now;
+   gss_buffer_desc token;
+
+   major_status = GSS_S_FAILURE;
+   token.length = 0;
+   token.value = NULL;
+
+   /* make sure the cred is usable for init */
+
+   if ((cred->usage != GSS_C_INITIATE) &&
+       (cred->usage != GSS_C_BOTH)) {
+      *minor_status = 0;
+      return(GSS_S_NO_CRED);
+   }
+
+   /* complain if the input token is non-null */
+
+   if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
+#if 0 /* def CFX_EXERCISE */
+       if (*context_handle != GSS_C_NO_CONTEXT
+          && ((krb5_gss_ctx_id_t)*context_handle)->testing_unknown_tokid) {
+          /* XXX Should check for a KRB_ERROR message that we can
+             parse, and which contains the expected error code.  */
+          ctx = (krb5_gss_ctx_id_t)*context_handle;
+          goto resume_after_testing;
+       }
+#endif
+       *minor_status = 0;
+       return(GSS_S_DEFECTIVE_TOKEN);
+   }
+
+   /* create the ctx */
+
+   if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec)))
+       == NULL) {
+      *minor_status = ENOMEM;
+      return(GSS_S_FAILURE);
+   }
+
+   /* fill in the ctx */
+   memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
+   ctx_free = ctx;
+   if ((code = krb5_auth_con_init(context, &ctx->auth_context)))
+      goto fail;
+   krb5_auth_con_setflags(context, ctx->auth_context,
+                         KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+   ctx->initiate = 1;
+   ctx->gss_flags = (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |
+                     GSS_C_TRANS_FLAG | 
+                     ((req_flags) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
+                                     GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG)));
+   ctx->seed_init = 0;
+   ctx->big_endian = 0;  /* all initiators do little-endian, as per spec */
+   ctx->seqstate = 0;
+
+   if ((code = krb5_timeofday(context, &now)))
+      goto fail;
+
+   if (time_req == 0 || time_req == GSS_C_INDEFINITE) {
+      ctx->endtime = 0;
+   } else {
+      ctx->endtime = now + time_req;
+   }
+
+   if ((code = krb5_copy_principal(context, cred->princ, &ctx->here)))
+      goto fail;
+      
+   if ((code = krb5_copy_principal(context, (krb5_principal) target_name,
+                                  &ctx->there)))
+      goto fail;
+
+   code = get_credentials(context, cred, ctx->there, now,
+                         ctx->endtime, &k_cred);
+   if (code)
+      goto fail;
+
+   if (default_mech) {
+      mech_type = (gss_OID) gss_mech_krb5;
+   }
+
+   if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used)
+       != GSS_S_COMPLETE) {
+      code = *minor_status;
+      goto fail;
+   }
+   /*
+    * Now try to make it static if at all possible....
+    */
+   ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
+
+   {
+      /* gsskrb5 v1 */
+      krb5_ui_4 seq_temp;
+      if ((code = make_ap_req_v1(context, ctx,
+                                cred, k_cred, input_chan_bindings, 
+                                mech_type, &token))) {
+        if ((code == KRB5_FCC_NOFILE) || (code == KRB5_CC_NOTFOUND) ||
+            (code == KG_EMPTY_CCACHE))
+           major_status = GSS_S_NO_CRED;
+        if (code == KRB5KRB_AP_ERR_TKT_EXPIRED)
+           major_status = GSS_S_CREDENTIALS_EXPIRED;
+        goto fail;
+      }
+
+      krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &seq_temp);
+      ctx->seq_send = seq_temp;
+      krb5_auth_con_getsendsubkey(context, ctx->auth_context,
+                                 &ctx->subkey);
+   }
+
+   major_status = setup_enc(minor_status, ctx, context);
+
+   if (k_cred) {
+      krb5_free_creds(context, k_cred);
+      k_cred = 0;
+   }
+      
+   /* at this point, the context is constructed and valid,
+      hence, releaseable */
+
+   /* intern the context handle */
+
+   if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
+      code = G_VALIDATE_FAILED;
+      goto fail;
+   }
+   *context_handle = (gss_ctx_id_t) ctx;
+   ctx_free = 0;
+
+#if 0 /* Sigh.  We're changing the spec again.  */
+#ifdef CFX_EXERCISE
+   if (ctx->proto == 1
+       /* I think the RPC code may be broken.  Don't mess around
+         if we're authenticating to "kadmin/whatever".  */
+       && ctx->there->data[0].data[0] != 'k'
+       /* I *know* the FTP server code is broken.  */
+       && ctx->there->data[0].data[0] != 'f'
+       ) {
+       /* Create a bogus token and return it, with status
+         GSS_S_CONTINUE_NEEDED.  Save enough data that we can resume
+         on the next call.  */
+       static const unsigned char hack_token[20] = {
+          0x60, 0x12, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+          0xf7, 0x12, 0x01, 0x02, 0x02, 0x12, 0x34, 0x68,
+          0x65, 0x6c, 0x6c, 0x6f
+       };
+       ctx->testing_unknown_tokid = 1;
+       ctx->init_token = token;
+       token.value = malloc(20);
+       token.length = 20;
+       if (token.value == NULL) {
+          /* Skip testing.  We'll probably die soon enough, but let's
+             not do it because we couldn't exercise this code
+             path.  */
+          goto resume_after_testing;
+       }
+       memcpy(token.value, hack_token, sizeof(hack_token));
+       /* Can just fall through into the normal return path, because
+         it'll always return GSS_S_CONTINUE_NEEDED because we're
+         doing mutual authentication.  */
+   }
+   if (0) {
+   resume_after_testing:
+       token = ctx->init_token;
+       ctx->init_token.value = 0;
+       ctx->init_token.length = 0;
+       ctx->testing_unknown_tokid = 0;
+       ctx_free = 0;
+   }
+#endif /* CFX_EXERCISE */
+#endif /* 0 */
+
+   /* compute time_rec */
+   if (time_rec) {
+      if ((code = krb5_timeofday(context, &now)))
+        goto fail;
+      *time_rec = ctx->endtime - now;
+   }
+
+   /* set the other returns */
+   *output_token = token;
+
+   if (ret_flags)
+      *ret_flags = ctx->gss_flags;
+
+   if (actual_mech_type)
+      *actual_mech_type = mech_type;
+
+   /* return successfully */
+
+   *minor_status = 0;
+   if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
+      ctx->established = 0;
+      return(GSS_S_CONTINUE_NEEDED);
+   } else {
+      ctx->seq_recv = ctx->seq_send;
+      g_order_init(&(ctx->seqstate), ctx->seq_recv,
+                  (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, 
+                  (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto);
+      ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
+      ctx->established = 1;
+      return(GSS_S_COMPLETE);
+   }
+
+fail:
+   if (ctx_free) {
+       if (ctx_free->auth_context)
+          krb5_auth_con_free(context, ctx_free->auth_context);
+       if (ctx_free->here)
+          krb5_free_principal(context, ctx_free->here);
+       if (ctx_free->there)
+          krb5_free_principal(context, ctx_free->there);
+       if (ctx_free->subkey)
+          krb5_free_keyblock(context, ctx_free->subkey);
+       xfree(ctx_free);
+   } else
+       (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+
+   *minor_status = code;
+   return (major_status);
+}
+
+/*
+ * mutual_auth
+ *
+ * Handle the reply from the acceptor, if we're doing mutual auth.
+ */
+static OM_uint32
+mutual_auth(
+   OM_uint32 *minor_status,
+   krb5_gss_cred_id_t cred,
+   gss_ctx_id_t *context_handle,
+   gss_name_t target_name,
+   gss_OID mech_type,
+   OM_uint32 req_flags,
+   OM_uint32 time_req,
+   gss_channel_bindings_t input_chan_bindings,
+   gss_buffer_t input_token,
+   gss_OID *actual_mech_type,
+   gss_buffer_t output_token,
+   OM_uint32 *ret_flags,
+   OM_uint32 *time_rec,
+   krb5_context context)
+{
+   OM_uint32 major_status;
+   unsigned char *ptr;
+   char *sptr;
+   krb5_data ap_rep;
+   krb5_ap_rep_enc_part *ap_rep_data;
+   krb5_timestamp now;
+   krb5_gss_ctx_id_rec *ctx;
+   krb5_error *krb_error;
+   krb5_error_code code;
+   krb5int_access kaccess;
+
+   code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+   if (code)
+       goto fail;
+
+   major_status = GSS_S_FAILURE;
+
+   /* validate the context handle */
+   /*SUPPRESS 29*/
+   if (! kg_validate_ctx_id(*context_handle)) {
+      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+      return(GSS_S_NO_CONTEXT);
+   }
+
+   ctx = (gss_ctx_id_t) *context_handle;
+
+   /* make sure the context is non-established, and that certain
+      arguments are unchanged */
+
+   if ((ctx->established) ||
+       ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) {
+      code = KG_CONTEXT_ESTABLISHED;
+      goto fail;
+   }
+
+   if (! krb5_principal_compare(context, ctx->there, 
+                               (krb5_principal) target_name)) {
+      (void)krb5_gss_delete_sec_context(minor_status, 
+                                       context_handle, NULL);
+      code = 0;
+      major_status = GSS_S_BAD_NAME;
+      goto fail;
+   }
+
+   /* verify the token and leave the AP_REP message in ap_rep */
+
+   if (input_token == GSS_C_NO_BUFFER) {
+      (void)krb5_gss_delete_sec_context(minor_status, 
+                                       context_handle, NULL);
+      code = 0;
+      major_status = GSS_S_DEFECTIVE_TOKEN;
+      goto fail;
+   }
+
+   ptr = (unsigned char *) input_token->value;
+
+   if (g_verify_token_header((gss_OID) ctx->mech_used,
+                            &(ap_rep.length),
+                            &ptr, KG_TOK_CTX_AP_REP,
+                            input_token->length, 1)) {
+      if (g_verify_token_header((gss_OID) ctx->mech_used,
+                               &(ap_rep.length),
+                               &ptr, KG_TOK_CTX_ERROR,
+                               input_token->length, 1) == 0) {
+
+        /* Handle a KRB_ERROR message from the server */
+
+        sptr = (char *) ptr;           /* PC compiler bug */
+        TREAD_STR(sptr, ap_rep.data, ap_rep.length);
+                     
+        code = krb5_rd_error(context, &ap_rep, &krb_error);
+        if (code)
+           goto fail;
+        if (krb_error->error)
+           code = krb_error->error + ERROR_TABLE_BASE_krb5;
+        else
+           code = 0;
+        krb5_free_error(context, krb_error);
+        goto fail;
+      } else {
+        *minor_status = 0;
+        return(GSS_S_DEFECTIVE_TOKEN);
+      }
+   }
+
+   sptr = (char *) ptr;                      /* PC compiler bug */
+   TREAD_STR(sptr, ap_rep.data, ap_rep.length);
+
+   /* decode the ap_rep */
+   if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep,
+                          &ap_rep_data))) {
+      /*
+       * XXX A hack for backwards compatiblity.
+       * To be removed in 1999 -- proven 
+       */
+      krb5_auth_con_setuseruserkey(context, ctx->auth_context,
+                                  ctx->subkey);
+      if ((krb5_rd_rep(context, ctx->auth_context, &ap_rep,
+                      &ap_rep_data)))
+        goto fail;
+   }
+
+   /* store away the sequence number */
+   ctx->seq_recv = ap_rep_data->seq_number;
+   g_order_init(&(ctx->seqstate), ctx->seq_recv,
+               (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
+               (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0, ctx->proto);
+
+   if (ctx->proto == 1 && ap_rep_data->subkey) {
+       /* Keep acceptor's subkey.  */
+       ctx->have_acceptor_subkey = 1;
+       code = krb5_copy_keyblock(context, ap_rep_data->subkey,
+                                &ctx->acceptor_subkey);
+       if (code)
+          goto fail;
+       code = (*kaccess.krb5int_c_mandatory_cksumtype)(context,
+                                           ctx->acceptor_subkey->enctype,
+                                           &ctx->acceptor_subkey_cksumtype);
+       if (code)
+          goto fail;
+   }
+
+   /* free the ap_rep_data */
+   krb5_free_ap_rep_enc_part(context, ap_rep_data);
+
+   /* set established */
+   ctx->established = 1;
+
+   /* set returns */
+
+   if (time_rec) {
+      if ((code = krb5_timeofday(context, &now)))
+        goto fail;
+      *time_rec = ctx->endtime - now;
+   }
+
+   if (ret_flags)
+      *ret_flags = ctx->gss_flags;
+
+   if (actual_mech_type)
+      *actual_mech_type = mech_type;
+
+   /* success */
+
+   *minor_status = 0;
+   return GSS_S_COMPLETE;
+
+fail:
+   (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+
+   *minor_status = code;
+   return (major_status);
+}
+
 OM_uint32
 krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
                          context_handle, target_name, mech_type,
@@ -344,25 +880,10 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
 {
    krb5_context context;
    krb5_gss_cred_id_t cred;
-   krb5_creds *k_cred = 0;
-   static const krb5_enctype wanted_enctypes[] = {
-#if 1
-     ENCTYPE_DES3_CBC_SHA1,
-#endif
-     ENCTYPE_ARCFOUR_HMAC,
-     ENCTYPE_DES_CBC_CRC,
-     ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4,
-   };
-#define N_WANTED_ENCTYPES (sizeof(wanted_enctypes)/sizeof(wanted_enctypes[0]))
-   krb5_enctype requested_enctypes[N_WANTED_ENCTYPES + 1];
-   krb5_enctype *default_enctypes = 0;
-   krb5_error_code code; 
-   krb5_gss_ctx_id_rec *ctx, *ctx_free;
-   krb5_timestamp now;
-   gss_buffer_desc token;
-   int i, j, k, err;
+   int err;
    int default_mech = 0;
    OM_uint32 major_status;
+   OM_uint32 tmp_min_stat;
 
    if (GSS_ERROR(kg_get_context(minor_status, &context)))
       return(GSS_S_FAILURE);
@@ -374,35 +895,28 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
    output_token->value = NULL;
    if (actual_mech_type)
       *actual_mech_type = NULL;
-   token.value = 0;
-   ctx_free = 0;
+
+   /* verify that the target_name is valid and usable */
+
+   if (! kg_validate_name(target_name)) {
+      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+      return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
+   }
 
    /* verify the credential, or use the default */
    /*SUPPRESS 29*/
    if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
-      OM_uint32 major;
-
-      /*
-       * Release default cred prior to re-acquiring it, to notice when
-       * the ccache has changed.
-       */
-      major = kg_release_defcred(minor_status);
-      if (GSS_ERROR(major))
-        return major;
-      if ((major = kg_get_defcred(minor_status, &claimant_cred_handle)) &&
-         GSS_ERROR(major)) {
-        return(major);
+      major_status = kg_get_defcred(minor_status, &cred);
+      if (major_status && GSS_ERROR(major_status)) {
+        return(major_status);
       }
    } else {
-      OM_uint32 major;
-          
-      major = krb5_gss_validate_cred(minor_status, claimant_cred_handle);
-      if (GSS_ERROR(major))
-         return(major);
+      major_status = krb5_gss_validate_cred(minor_status, claimant_cred_handle);
+      if (GSS_ERROR(major_status))
+         return(major_status);
+      cred = (krb5_gss_cred_id_t) claimant_cred_handle;
    }
 
-   cred = (krb5_gss_cred_id_t) claimant_cred_handle;
-
    /* verify the mech_type */
 
    err = 0;
@@ -426,414 +940,37 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
    }
    
    if (err) {
+      if (claimant_cred_handle == GSS_C_NO_CREDENTIAL)
+        krb5_gss_release_cred(minor_status, (gss_cred_id_t)cred);
       *minor_status = 0;
       return(GSS_S_BAD_MECH);
    }
 
-   /* verify that the target_name is valid and usable */
-
-   if (! kg_validate_name(target_name)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-   }
-
    /* is this a new connection or not? */
 
    /*SUPPRESS 29*/
-   if (*context_handle == GSS_C_NO_CONTEXT) {
-      /* make sure the cred is usable for init */
-
-      if ((cred->usage != GSS_C_INITIATE) &&
-         (cred->usage != GSS_C_BOTH)) {
-        *minor_status = 0;
-        return(GSS_S_NO_CRED);
-      }
-
-      /* complain if the input token is non-null */
-
-      if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
-        *minor_status = 0;
-        return(GSS_S_DEFECTIVE_TOKEN);
-      }
-
-      /* create the ctx */
-
-      if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec)))
-         == NULL) {
-        *minor_status = ENOMEM;
-        return(GSS_S_FAILURE);
-      }
-
-      /* fill in the ctx */
-      memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
-      ctx_free = ctx;
-      if ((code = krb5_auth_con_init(context, &ctx->auth_context)))
-         goto fail;
-      krb5_auth_con_setflags(context, ctx->auth_context,
-                            KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-      ctx->initiate = 1;
-      ctx->gss_flags = KG_IMPLFLAGS(req_flags);
-      ctx->seed_init = 0;
-      ctx->big_endian = 0;  /* all initiators do little-endian, as per spec */
-      ctx->seqstate = 0;
-      ctx->nctypes = 0;
-      ctx->ctypes = 0;
-
-      if ((code = krb5_timeofday(context, &now)))
-         goto fail;
-
-      if (time_req == 0 || time_req == GSS_C_INDEFINITE) {
-        ctx->endtime = 0;
-      } else {
-        ctx->endtime = now + time_req;
-      }
-
-      if ((code = krb5_copy_principal(context, cred->princ, &ctx->here)))
-         goto fail;
-      
-      if ((code = krb5_copy_principal(context, (krb5_principal) target_name,
-                                     &ctx->there)))
-         goto fail;
-
-      code = krb5_get_tgs_ktypes (context, 0, &default_enctypes);
-      if (code)
-         goto fail;
-      /* "i" denotes *next* slot to fill.  Don't forget to save room
-        for a trailing zero.  */
-      i = 0;
-      for (j = 0;
-          (default_enctypes[j] != 0
-           /* This part should be redundant, but let's be paranoid.  */
-           && i < N_WANTED_ENCTYPES);
-          j++) {
-
-         int is_duplicate_enctype;
-         int is_wanted_enctype;
-
-         krb5_enctype e = default_enctypes[j];
-
-         /* Is this enctype one of the ones we want for GSSAPI?  */
-         is_wanted_enctype = 0;
-         for (k = 0; k < N_WANTED_ENCTYPES; k++) {
-             if (wanted_enctypes[k] == e) {
-                 is_wanted_enctype = 1;
-                 break;
-             }
-         }
-         /* If unwanted, go to the next one. */
-         if (!is_wanted_enctype)
-             continue;
-
-         /* Is this enctype already in the list of enctypes to
-            request?  (Is it a duplicate?)  */
-         is_duplicate_enctype = 0;
-         for (k = 0; k < i; k++) {
-             if (requested_enctypes[k] == e) {
-                 is_duplicate_enctype = 1;
-                 break;
-             }
-         }
-         /* If it is not a duplicate, add it. */
-         if (!is_duplicate_enctype)
-             requested_enctypes[i++] = e;
-      }
-      requested_enctypes[i++] = 0;
-
-      if ((code = get_credentials(context, cred, ctx->there, now,
-                                 ctx->endtime, requested_enctypes, &k_cred)))
-         goto fail;
-
-      if (default_mech) {
-        mech_type = (gss_OID) gss_mech_krb5;
-      }
-
-      if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used)
-         != GSS_S_COMPLETE) {
-         code = *minor_status;
-         goto fail;
-      }
-      /*
-       * Now try to make it static if at all possible....
-       */
-      ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
-
-      {
-         /* gsskrb5 v1 */
-         if ((code = make_ap_req_v1(context, ctx,
-                                    cred, k_cred, input_chan_bindings, 
-                                    mech_type, &token))) {
-             if ((code == KRB5_FCC_NOFILE) || (code == KRB5_CC_NOTFOUND) ||
-                 (code == KG_EMPTY_CCACHE))
-                 major_status = GSS_S_NO_CRED;
-             if (code == KRB5KRB_AP_ERR_TKT_EXPIRED)
-                 major_status = GSS_S_CREDENTIALS_EXPIRED;
-             goto fail;
-         }
-
-         krb5_auth_con_getlocalseqnumber(context, ctx->auth_context,
-                                         &ctx->seq_send);
-         krb5_auth_con_getlocalsubkey(context, ctx->auth_context,
-                                      &ctx->subkey);
-
-         /* fill in the encryption descriptors */
-
-         switch(ctx->subkey->enctype) {
-         case ENCTYPE_DES_CBC_MD5:
-         case ENCTYPE_DES_CBC_MD4:
-         case ENCTYPE_DES_CBC_CRC:
-             ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW;
-             ctx->signalg = SGN_ALG_DES_MAC_MD5;
-             ctx->cksum_size = 8;
-             ctx->sealalg = SEAL_ALG_DES;
-
-             /* The encryption key is the session key XOR
-                0xf0f0f0f0f0f0f0f0.  */
-             if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc)))
-                 goto fail;
-
-             for (i=0; i<ctx->enc->length; i++)
-                 /*SUPPRESS 113*/
-                 ctx->enc->contents[i] ^= 0xf0;
-
-             if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq)))
-                 goto fail;
-
-             break;
-
-         case ENCTYPE_DES3_CBC_SHA1:
-             ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW;
-             ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
-             ctx->cksum_size = 20;
-             ctx->sealalg = SEAL_ALG_DES3KD;
-
-             code = krb5_copy_keyblock (context, ctx->subkey, &ctx->enc);
-             if (code)
-                 goto fail;
-             code = krb5_copy_keyblock (context, ctx->subkey, &ctx->seq);
-             if (code) {
-                 krb5_free_keyblock (context, ctx->enc);
-                 goto fail;
-             }
-             break;
-         case ENCTYPE_ARCFOUR_HMAC:
-           ctx->signalg = SGN_ALG_HMAC_MD5 ;
-           ctx->cksum_size = 8;
-           ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ;
-
-             code = krb5_copy_keyblock (context, ctx->subkey, &ctx->enc);
-             if (code)
-                 goto fail;
-             code = krb5_copy_keyblock (context, ctx->subkey, &ctx->seq);
-             if (code) {
-                 krb5_free_keyblock (context, ctx->enc);
-                 goto fail;
-             }
-             break;        
-#if 0
-         case ENCTYPE_DES3_CBC_MD5:
-             enctype = ENCTYPE_DES3_CBC_RAW;
-             ctx->signalg = 3;
-             ctx->cksum_size = 16;
-             ctx->sealalg = 1;
-             break;
+   if (*context_handle == GSS_C_NO_CONTEXT
+#ifdef CFX_EXERCISE
+       || ((krb5_gss_ctx_id_t)*context_handle)->testing_unknown_tokid
 #endif
-         default:
-             *minor_status = KRB5_BAD_ENCTYPE;
-             return GSS_S_FAILURE;
-         }
-
-      }
-
-      if (k_cred) {
-          krb5_free_creds(context, k_cred);
-         k_cred = 0;
-      }
-      
-      /* at this point, the context is constructed and valid,
-        hence, releaseable */
-
-      /* intern the context handle */
-
-      if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
-         code = G_VALIDATE_FAILED;
-         goto fail;
-      }
-      *context_handle = (gss_ctx_id_t) ctx;
-      ctx_free = 0;
-
-      /* compute time_rec */
-      if (time_rec) {
-        if ((code = krb5_timeofday(context, &now)))
-            goto fail;
-        *time_rec = ctx->endtime - now;
-      }
-
-      /* set the other returns */
-      *output_token = token;
-
-      if (ret_flags)
-        *ret_flags = ctx->gss_flags;
-
-      if (actual_mech_type)
-        *actual_mech_type = mech_type;
-
-      /* return successfully */
-
-      *minor_status = 0;
-      if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
-        ctx->established = 0;
-        return(GSS_S_CONTINUE_NEEDED);
-      } else {
-        ctx->seq_recv = ctx->seq_send;
-        g_order_init(&(ctx->seqstate), ctx->seq_recv,
-                     (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, 
-                     (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0);
-        ctx->established = 1;
-        /* fall through to GSS_S_COMPLETE */
-      }
+       ) {
+      major_status = new_connection(minor_status, cred, context_handle,
+                                   target_name, mech_type, req_flags,
+                                   time_req, input_chan_bindings,
+                                   input_token, actual_mech_type,
+                                   output_token, ret_flags, time_rec,
+                                   context, default_mech);
    } else {
-      unsigned char *ptr;
-      char *sptr;
-      krb5_data ap_rep;
-      krb5_ap_rep_enc_part *ap_rep_data;
-      krb5_error *krb_error;
-
-      /* validate the context handle */
-      /*SUPPRESS 29*/
-      if (! kg_validate_ctx_id(*context_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_NO_CONTEXT);
-      }
-
-      ctx = (gss_ctx_id_t) *context_handle;
-
-      /* make sure the context is non-established, and that certain
-        arguments are unchanged */
-
-      if ((ctx->established) ||
-         (((gss_cred_id_t) cred) != claimant_cred_handle) ||
-         ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) {
-         code = KG_CONTEXT_ESTABLISHED;
-         goto fail;
-      }
-
-      if (! krb5_principal_compare(context, ctx->there, 
-                                  (krb5_principal) target_name)) {
-        (void)krb5_gss_delete_sec_context(minor_status, 
-                                          context_handle, NULL);
-        code = 0;
-        major_status = GSS_S_BAD_NAME;
-        goto fail;
-      }
-
-      /* verify the token and leave the AP_REP message in ap_rep */
-
-      if (input_token == GSS_C_NO_BUFFER) {
-        (void)krb5_gss_delete_sec_context(minor_status, 
-                                          context_handle, NULL);
-        code = 0;
-        major_status = GSS_S_DEFECTIVE_TOKEN;
-        goto fail;
-      }
-
-      ptr = (unsigned char *) input_token->value;
-
-      if ((err = g_verify_token_header((gss_OID) ctx->mech_used,
-                                      &(ap_rep.length),
-                                      &ptr, KG_TOK_CTX_AP_REP,
-                                      input_token->length))) {
-         if (g_verify_token_header((gss_OID) ctx->mech_used,
-                                   &(ap_rep.length),
-                                   &ptr, KG_TOK_CTX_ERROR,
-                                   input_token->length) == 0) {
-
-             /* Handle a KRB_ERROR message from the server */
-
-             sptr = (char *) ptr;           /* PC compiler bug */
-             TREAD_STR(sptr, ap_rep.data, ap_rep.length);
-                     
-             code = krb5_rd_error(context, &ap_rep, &krb_error);
-             if (code)
-                 goto fail;
-             if (krb_error->error)
-                 code = krb_error->error + ERROR_TABLE_BASE_krb5;
-             else
-                 code = 0;
-             krb5_free_error(context, krb_error);
-             goto fail;
-         } else {
-             *minor_status = 0;
-             return(GSS_S_DEFECTIVE_TOKEN);
-         }
-      }
-
-      sptr = (char *) ptr;                      /* PC compiler bug */
-      TREAD_STR(sptr, ap_rep.data, ap_rep.length);
-
-      /* decode the ap_rep */
-      if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep,
-                             &ap_rep_data))) {
-         /*
-          * XXX A hack for backwards compatiblity.
-          * To be removed in 1999 -- proven 
-          */
-         krb5_auth_con_setuseruserkey(context, ctx->auth_context,
-                                      ctx->subkey);
-         if ((krb5_rd_rep(context, ctx->auth_context, &ap_rep,
-                          &ap_rep_data)))
-             goto fail;
-      }
-
-      /* store away the sequence number */
-      ctx->seq_recv = ap_rep_data->seq_number;
-      g_order_init(&(ctx->seqstate), ctx->seq_recv,
-                  (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
-                  (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0);
-
-      /* free the ap_rep_data */
-      krb5_free_ap_rep_enc_part(context, ap_rep_data);
-
-      /* set established */
-      ctx->established = 1;
-
-      /* set returns */
-
-      if (time_rec) {
-        if ((code = krb5_timeofday(context, &now)))
-                goto fail;
-        *time_rec = ctx->endtime - now;
-      }
-
-      if (ret_flags)
-        *ret_flags = ctx->gss_flags;
-
-      if (actual_mech_type)
-        *actual_mech_type = mech_type;
-
-      /* success */
-
-      *minor_status = 0;
-      /* fall through to GSS_S_COMPLETE */
+      major_status = mutual_auth(minor_status, cred, context_handle,
+                                target_name, mech_type, req_flags,
+                                time_req, input_chan_bindings,
+                                input_token, actual_mech_type,
+                                output_token, ret_flags, time_rec,
+                                context);
    }
 
-   return(GSS_S_COMPLETE);
+   if (claimant_cred_handle == GSS_C_NO_CREDENTIAL)
+      krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t)cred);
 
-fail:
-   if (ctx_free) {
-       if (ctx_free->auth_context)
-          krb5_auth_con_free(context, ctx_free->auth_context);
-       if (ctx_free->here)
-          krb5_free_principal(context, ctx_free->here);
-       if (ctx_free->there)
-          krb5_free_principal(context, ctx_free->there);
-       if (ctx_free->subkey)
-          krb5_free_keyblock(context, ctx_free->subkey);
-       if (ctx_free->ctypes)
-          krb5_free_cksumtypes(context, ctx_free->ctypes);
-       xfree(ctx_free);
-   } else
-       (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
-
-   *minor_status = code;
-   return (major_status);
+   return(major_status);
 }
index a79034d9ec43877e9180cb2c9b5ac2c1513877d0..83782162bedf91fdeb7f9b7b86ee912bf678a4a8 100644 (file)
@@ -91,6 +91,8 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
    gss_OID_set mechs;
    OM_uint32 ret;
 
+   ret = GSS_S_FAILURE;
+
    if (GSS_ERROR(kg_get_context(minor_status, &context)))
       return(GSS_S_FAILURE);
 
@@ -102,7 +104,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
    if (cred_handle == GSS_C_NO_CREDENTIAL) {
       OM_uint32 major;
 
-      if ((major = kg_get_defcred(minor_status, &cred_handle)) &&
+      if ((major = kg_get_defcred(minor_status, (gss_cred_id_t)&cred)) &&
          GSS_ERROR(major)) {
         return(major);
       }
@@ -112,13 +114,13 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
       major = krb5_gss_validate_cred(minor_status, cred_handle);
       if (GSS_ERROR(major))
          return(major);
+      cred = (krb5_gss_cred_id_t) cred_handle;
    }
 
-   cred = (krb5_gss_cred_id_t) cred_handle;
-
    if ((code = krb5_timeofday(context, &now))) {
       *minor_status = code;
-      return(GSS_S_FAILURE);
+      ret = GSS_S_FAILURE;
+      goto fail;
    }
 
    if (cred->tgt_expire > 0) {
@@ -132,7 +134,8 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
       if (cred->princ &&
          (code = krb5_copy_principal(context, cred->princ, &ret_name))) {
         *minor_status = code;
-        return(GSS_S_FAILURE);
+        ret = GSS_S_FAILURE;
+        goto fail;
       }
    }
 
@@ -149,7 +152,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
                                                           &mechs)))) {
           krb5_free_principal(context, ret_name);
           /* *minor_status set above */
-          return(ret);
+          goto fail;
        }
    }
 
@@ -172,8 +175,18 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
    if (mechanisms)
       *mechanisms = mechs;
 
+   if (cred_handle == GSS_C_NO_CREDENTIAL)
+       krb5_gss_release_cred(minor_status, (gss_cred_id_t)cred);
+
    *minor_status = 0;
    return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE);
+fail:
+   if (cred_handle == GSS_C_NO_CREDENTIAL) {
+       OM_uint32 tmp_min_stat;
+
+       krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t)cred);
+   }
+   return ret;
 }
 
 /* V2 interface */
index 3c8702a555ccd7f6b7c2dbb7aadfc2f14833aa82..7999a3e1580af757fb959169683c35e881e630cf 100644 (file)
@@ -54,7 +54,7 @@ static krb5_error_code
 make_seal_token_v1 (krb5_context context,
                    krb5_keyblock *enc,
                    krb5_keyblock *seq,
-                   krb5_ui_4 *seqnum,
+                   gssint_uint64 *seqnum,
                    int direction,
                    gss_buffer_t text,
                    gss_buffer_t token,
@@ -304,6 +304,7 @@ make_seal_token_v1 (krb5_context context,
     /* that's it.  return the token */
 
     (*seqnum)++;
+    *seqnum &= 0xffffffffL;
 
     token->length = tlen;
     token->value = (void *) t;
@@ -334,50 +335,16 @@ kg_seal(context, minor_status, context_handle, conf_req_flag, qop_req,
     output_message_buffer->length = 0;
     output_message_buffer->value = NULL;
 
-    /* only default qop or matching established cryptosystem is allowed */
-    
-#if 0
-    switch (qop_req & GSS_KRB5_CONF_C_QOP_MASK) {
-    case GSS_C_QOP_DEFAULT:
-       break;
-    default:
-    unknown_qop:
-       *minor_status = (OM_uint32) G_UNKNOWN_QOP;
-       return GSS_S_FAILURE;
-    case GSS_KRB5_CONF_C_QOP_DES:
-       if (ctx->sealalg != SEAL_ALG_DES) {
-       bad_qop:
-           *minor_status = (OM_uint32) G_BAD_QOP;
-           return GSS_S_FAILURE;
-       }
-       break;
-    case GSS_KRB5_CONF_C_QOP_DES3:
-       if (ctx->sealalg != SEAL_ALG_DES3)
-           goto bad_qop;
-       break;
-    }
-    switch (qop_req & GSS_KRB5_INTEG_C_QOP_MASK) {
-    case GSS_C_QOP_DEFAULT:
-       break;
-    default:
-       goto unknown_qop;
-    case GSS_KRB5_INTEG_C_QOP_MD5:
-    case GSS_KRB5_INTEG_C_QOP_DES_MD5:
-    case GSS_KRB5_INTEG_C_QOP_DES_MAC:
-       if (ctx->sealalg != SEAL_ALG_DES)
-           goto bad_qop;
-       break;
-    case GSS_KRB5_INTEG_C_QOP_HMAC_SHA1:
-       if (ctx->sealalg != SEAL_ALG_DES3KD)
-           goto bad_qop;
-       break;
-    }
-#else
+    /* Only default qop or matching established cryptosystem is allowed.
+
+       There are NO EXTENSIONS to this set for AES and friends!  The
+       new spec says "just use 0".  The old spec plus extensions would
+       actually allow for certain non-zero values.  Fix this to handle
+       them later.  */
     if (qop_req != 0) {
        *minor_status = (OM_uint32) G_UNKNOWN_QOP;
        return GSS_S_FAILURE;
     }
-#endif
 
     /* validate the context handle */
     if (! kg_validate_ctx_id(context_handle)) {
@@ -397,12 +364,26 @@ kg_seal(context, minor_status, context_handle, conf_req_flag, qop_req,
        return(GSS_S_FAILURE);
     }
 
-    code = make_seal_token_v1(context, ctx->enc, ctx->seq,
-                             &ctx->seq_send, ctx->initiate,
-                             input_message_buffer, output_message_buffer,
-                             ctx->signalg, ctx->cksum_size, ctx->sealalg,
-                             conf_req_flag, toktype, ctx->big_endian,
-                             ctx->mech_used);
+    switch (ctx->proto)
+    {
+    case 0:
+       code = make_seal_token_v1(context, ctx->enc, ctx->seq,
+                                 &ctx->seq_send, ctx->initiate,
+                                 input_message_buffer, output_message_buffer,
+                                 ctx->signalg, ctx->cksum_size, ctx->sealalg,
+                                 conf_req_flag, toktype, ctx->big_endian,
+                                 ctx->mech_used);
+       break;
+    case 1:
+       code = gss_krb5int_make_seal_token_v3(context, ctx,
+                                             input_message_buffer,
+                                             output_message_buffer,
+                                             conf_req_flag, toktype);
+       break;
+    default:
+       code = G_UNKNOWN_QOP;   /* XXX */
+       break;
+    }
 
     if (code) {
        *minor_status = code;
diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
new file mode 100644 (file)
index 0000000..710c6f5
--- /dev/null
@@ -0,0 +1,502 @@
+/*
+ * lib/gssapi/krb5/k5sealv3.c
+ *
+ * Copyright 2003,2004 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ */
+/* draft-ietf-krb-wg-gssapi-cfx-05 */
+
+#include <assert.h>
+#include "k5-platform.h"       /* for 64-bit support */
+#include "k5-int.h"            /* for zap() */
+#include "gssapiP_krb5.h"
+#include <stdarg.h>
+
+static int
+rotate_left (void *ptr, size_t bufsiz, size_t rc)
+{
+    /* Optimize for receiving.  After some debugging is done, the MIT
+       implementation won't do any rotates on sending, and while
+       debugging, they'll be randomly chosen.
+
+       Return 1 for success, 0 for failure (ENOMEM).  */
+    void *tbuf;
+
+    if (bufsiz == 0)
+       return 1;
+    rc = rc % bufsiz;
+    if (rc == 0)
+       return 1;
+
+    tbuf = malloc(rc);
+    if (tbuf == 0)
+       return 0;
+    memcpy(tbuf, ptr, rc);
+    memmove(ptr, (char *)ptr + rc, bufsiz - rc);
+    memcpy((char *)ptr + bufsiz - rc, tbuf, rc);
+    free(tbuf);
+    return 1;
+}
+
+static const gss_buffer_desc empty_message = { 0, 0 };
+
+#define FLAG_SENDER_IS_ACCEPTOR        0x01
+#define FLAG_WRAP_CONFIDENTIAL 0x02
+#define FLAG_ACCEPTOR_SUBKEY   0x04
+
+krb5_error_code
+gss_krb5int_make_seal_token_v3 (krb5_context context,
+                               krb5_gss_ctx_id_rec *ctx,
+                               const gss_buffer_desc * message,
+                               gss_buffer_t token,
+                               int conf_req_flag, int toktype)
+{
+    size_t bufsize = 16;
+    unsigned char *outbuf = 0;
+    krb5_error_code err;
+    int key_usage;
+    unsigned char acceptor_flag;
+    const gss_buffer_desc *message2 = message;
+    size_t rrc, ec;
+    unsigned short tok_id;
+    krb5_checksum sum;
+    krb5_keyblock *key;
+
+    assert(toktype != KG_TOK_SEAL_MSG || ctx->enc != 0);
+    assert(ctx->big_endian == 0);
+
+    acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR;
+    key_usage = (toktype == KG_TOK_WRAP_MSG
+                ? (ctx->initiate
+                   ? KG_USAGE_INITIATOR_SEAL
+                   : KG_USAGE_ACCEPTOR_SEAL)
+                : (ctx->initiate
+                   ? KG_USAGE_INITIATOR_SIGN
+                   : KG_USAGE_ACCEPTOR_SIGN));
+    if (ctx->have_acceptor_subkey) {
+       key = ctx->acceptor_subkey;
+    } else {
+       key = ctx->enc;
+    }
+
+#ifdef CFX_EXERCISE
+    {
+       static int initialized = 0;
+       if (!initialized) {
+           srand(time(0));
+           initialized = 1;
+       }
+    }
+#endif
+
+    if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) {
+       krb5_data plain;
+       krb5_enc_data cipher;
+       size_t ec_max;
+
+       /* 300: Adds some slop.  */
+       if (SIZE_MAX - 300 < message->length)
+           return ENOMEM;
+       ec_max = SIZE_MAX - message->length - 300;
+       if (ec_max > 0xffff)
+           ec_max = 0xffff;
+#ifdef CFX_EXERCISE
+       /* For testing only.  For performance, always set ec = 0.  */
+       ec = ec_max & rand();
+#else
+       ec = 0;
+#endif
+       plain.length = message->length + 16 + ec;
+       plain.data = malloc(message->length + 16 + ec);
+       if (plain.data == NULL)
+           return ENOMEM;
+
+       /* Get size of ciphertext.  */
+       bufsize = 16 + krb5_encrypt_size (plain.length, ctx->enc->enctype);
+       /* Allocate space for header plus encrypted data.  */
+       outbuf = malloc(bufsize);
+       if (outbuf == NULL) {
+           free(plain.data);
+           return ENOMEM;
+       }
+
+       /* TOK_ID */
+       store_16_be(0x0504, outbuf);
+       /* flags */
+       outbuf[2] = (acceptor_flag
+                    | (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0)
+                    | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+       /* filler */
+       outbuf[3] = 0xff;
+       /* EC */
+       store_16_be(ec, outbuf+4);
+       /* RRC */
+       store_16_be(0, outbuf+6);
+       store_64_be(ctx->seq_send, outbuf+8);
+
+       memcpy(plain.data, message->value, message->length);
+       memset(plain.data + message->length, 'x', ec);
+       memcpy(plain.data + message->length + ec, outbuf, 16);
+
+       cipher.ciphertext.data = outbuf + 16;
+       cipher.ciphertext.length = bufsize - 16;
+       cipher.enctype = key->enctype;
+       err = krb5_c_encrypt(context, key, key_usage, 0, &plain, &cipher);
+       zap(plain.data, plain.length);
+       free(plain.data);
+       plain.data = 0;
+       if (err)
+           goto error;
+
+       /* Now that we know we're returning a valid token....  */
+       ctx->seq_send++;
+
+#ifdef CFX_EXERCISE
+       rrc = rand() & 0xffff;
+       if (rotate_left(outbuf+16, bufsize-16,
+                       (bufsize-16) - (rrc % (bufsize - 16))))
+           store_16_be(rrc, outbuf+6);
+       /* If the rotate fails, don't worry about it.  */
+#endif
+    } else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) {
+       krb5_data plain;
+
+       /* Here, message is the application-supplied data; message2 is
+          what goes into the output token.  They may be the same, or
+          message2 may be empty (for MIC).  */
+
+       tok_id = 0x0504;
+
+    wrap_with_checksum:
+       plain.length = message->length + 16;
+       plain.data = malloc(message->length + 16);
+       if (plain.data == NULL)
+           return ENOMEM;
+
+       if (ctx->cksum_size > 0xffff)
+           abort();
+
+       bufsize = 16 + message2->length + ctx->cksum_size;
+       outbuf = malloc(bufsize);
+       if (outbuf == NULL) {
+           free(plain.data);
+           plain.data = 0;
+           err = ENOMEM;
+           goto error;
+       }
+
+       /* TOK_ID */
+       store_16_be(tok_id, outbuf);
+       /* flags */
+       outbuf[2] = (acceptor_flag
+                    | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+       /* filler */
+       outbuf[3] = 0xff;
+       if (toktype == KG_TOK_WRAP_MSG) {
+           /* Use 0 for checksum calculation, substitute
+              checksum length later.  */
+           /* EC */
+           store_16_be(0, outbuf+4);
+           /* RRC */
+           store_16_be(0, outbuf+6);
+       } else {
+           /* MIC and DEL store 0xFF in EC and RRC.  */
+           store_16_be(0xffff, outbuf+4);
+           store_16_be(0xffff, outbuf+6);
+       }
+       store_64_be(ctx->seq_send, outbuf+8);
+
+       memcpy(plain.data, message->value, message->length);
+       memcpy(plain.data + message->length, outbuf, 16);
+
+       /* Fill in the output token -- data contents, if any, and
+          space for the checksum.  */
+       if (message2->length)
+           memcpy(outbuf + 16, message2->value, message2->length);
+
+       sum.contents = outbuf + 16 + message2->length;
+       sum.length = ctx->cksum_size;
+
+       err = krb5_c_make_checksum(context, ctx->cksumtype, key,
+                                  key_usage, &plain, &sum);
+       zap(plain.data, plain.length);
+       free(plain.data);
+       plain.data = 0;
+       if (err) {
+           zap(outbuf,bufsize);
+           free(outbuf);
+           goto error;
+       }
+       if (sum.length != ctx->cksum_size)
+           abort();
+       memcpy(outbuf + 16 + message2->length, sum.contents, ctx->cksum_size);
+       krb5_free_checksum_contents(context, &sum);
+       sum.contents = 0;
+       /* Now that we know we're actually generating the token...  */
+       ctx->seq_send++;
+
+       if (toktype == KG_TOK_WRAP_MSG) {
+#ifdef CFX_EXERCISE
+           rrc = rand() & 0xffff;
+           /* If the rotate fails, don't worry about it.  */
+           if (rotate_left(outbuf+16, bufsize-16,
+                           (bufsize-16) - (rrc % (bufsize - 16))))
+               store_16_be(rrc, outbuf+6);
+#endif
+           /* Fix up EC field.  */
+           store_16_be(ctx->cksum_size, outbuf+4);
+       } else {
+           store_16_be(0xffff, outbuf+6);
+       }
+    } else if (toktype == KG_TOK_MIC_MSG) {
+       tok_id = 0x0404;
+       message2 = &empty_message;
+       goto wrap_with_checksum;
+    } else if (toktype == KG_TOK_DEL_CTX) {
+       tok_id = 0x0405;
+       message = message2 = &empty_message;
+       goto wrap_with_checksum;
+    } else
+       abort();
+
+    token->value = outbuf;
+    token->length = bufsize;
+    return 0;
+
+error:
+    free(outbuf);
+    token->value = NULL;
+    token->length = 0;
+    return err;
+}
+
+/* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
+   conf_state is only valid if SEAL. */
+
+OM_uint32
+gss_krb5int_unseal_token_v3(krb5_context *contextptr,
+                           OM_uint32 *minor_status,
+                           krb5_gss_ctx_id_rec *ctx,
+                           unsigned char *ptr, int bodysize,
+                           gss_buffer_t message_buffer,
+                           int *conf_state, int *qop_state, int toktype)
+{
+    krb5_context context = *contextptr;
+    krb5_data plain;
+    gssint_uint64 seqnum;
+    size_t ec, rrc;
+    int key_usage;
+    unsigned char acceptor_flag;
+    krb5_checksum sum;
+    krb5_error_code err;
+    krb5_boolean valid;
+    krb5_keyblock *key;
+
+    assert(toktype != KG_TOK_SEAL_MSG || ctx->enc != 0);
+    assert(ctx->big_endian == 0);
+    assert(ctx->proto == 1);
+
+    if (qop_state)
+       *qop_state = GSS_C_QOP_DEFAULT;
+
+    acceptor_flag = ctx->initiate ? FLAG_SENDER_IS_ACCEPTOR : 0;
+    key_usage = (toktype == KG_TOK_WRAP_MSG
+                ? (!ctx->initiate
+                   ? KG_USAGE_INITIATOR_SEAL
+                   : KG_USAGE_ACCEPTOR_SEAL)
+                : (!ctx->initiate
+                   ? KG_USAGE_INITIATOR_SIGN
+                   : KG_USAGE_ACCEPTOR_SIGN));
+
+    /* Oops.  I wrote this code assuming ptr would be at the start of
+       the token header.  */
+    ptr -= 2;
+    bodysize += 2;
+
+    if (bodysize < 16) {
+    defective:
+       *minor_status = 0;
+       return GSS_S_DEFECTIVE_TOKEN;
+    }
+    if ((ptr[2] & FLAG_SENDER_IS_ACCEPTOR) != acceptor_flag) {
+       *minor_status = G_BAD_DIRECTION;
+       return GSS_S_BAD_SIG;
+    }
+
+    /* Two things to note here.
+
+       First, we can't really enforce the use of the acceptor's subkey,
+       if we're the acceptor; the initiator may have sent messages
+       before getting the subkey.  We could probably enforce it if
+       we're the initiator.
+
+       Second, if someone tweaks the code to not set the flag telling
+       the krb5 library to generate a new subkey in the AP-REP
+       message, the MIT library may include a subkey anyways --
+       namely, a copy of the AP-REQ subkey, if it was provided.  So
+       the initiator may think we wanted a subkey, and set the flag,
+       even though we weren't trying to set the subkey.  The "other"
+       key, the one not asserted by the acceptor, will have the same
+       value in that case, though, so we can just ignore the flag.  */
+    if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) {
+       key = ctx->acceptor_subkey;
+    } else {
+       key = ctx->enc;
+    }
+
+    if (toktype == KG_TOK_WRAP_MSG) {
+       if (load_16_be(ptr) != 0x0504)
+           goto defective;
+       if (ptr[3] != 0xff)
+           goto defective;
+       ec = load_16_be(ptr+4);
+       rrc = load_16_be(ptr+6);
+       seqnum = load_64_be(ptr+8);
+       if (!rotate_left(ptr+16, bodysize-16, rrc)) {
+       no_mem:
+           *minor_status = ENOMEM;
+           return GSS_S_FAILURE;
+       }
+       if (ptr[2] & FLAG_WRAP_CONFIDENTIAL) {
+           /* confidentiality */
+           krb5_enc_data cipher;
+           unsigned char *althdr;
+
+           if (conf_state)
+               *conf_state = 1;
+           /* Do we have no decrypt_size function?
+
+              For all current cryptosystems, the ciphertext size will
+              be larger than the plaintext size.  */
+           cipher.enctype = key->enctype;
+           cipher.ciphertext.length = bodysize - 16;
+           cipher.ciphertext.data = ptr + 16;
+           plain.length = bodysize - 16;
+           plain.data = malloc(plain.length);
+           if (plain.data == NULL)
+               goto no_mem;
+           err = krb5_c_decrypt(context, key, key_usage, 0,
+                                &cipher, &plain);
+           if (err) {
+               free(plain.data);
+               goto error;
+           }
+           /* Don't use bodysize here!  Use the fact that
+              cipher.ciphertext.length has been adjusted to the
+              correct length.  */
+           althdr = plain.data + plain.length - 16;
+           if (load_16_be(althdr) != 0x0504
+               || althdr[2] != ptr[2]
+               || althdr[3] != ptr[3]
+               || memcmp(althdr+8, ptr+8, 8))
+               goto defective;
+           message_buffer->value = plain.data;
+           message_buffer->length = plain.length - ec - 16;
+       } else {
+           /* no confidentiality */
+           if (conf_state)
+               *conf_state = 0;
+           if (ec + 16 < ec)
+               /* overflow check */
+               goto defective;
+           if (ec + 16 > bodysize)
+               goto defective;
+           /* We have: header | msg | cksum.
+              We need cksum(msg | header).
+              Rotate the first two.  */
+           store_16_be(0, ptr+4);
+           store_16_be(0, ptr+6);
+           plain.length = bodysize-ec;
+           plain.data = ptr;
+           if (!rotate_left(ptr, bodysize-ec, 16))
+               goto no_mem;
+           sum.length = ec;
+           if (sum.length != ctx->cksum_size) {
+               *minor_status = 0;
+               return GSS_S_BAD_SIG;
+           }
+           sum.contents = ptr+bodysize-ec;
+           sum.checksum_type = ctx->cksumtype;
+           err = krb5_c_verify_checksum(context, key, key_usage,
+                                        &plain, &sum, &valid);
+           if (err)
+               goto error;
+           if (!valid) {
+               *minor_status = 0;
+               return GSS_S_BAD_SIG;
+           }
+           message_buffer->length = plain.length - 16;
+           message_buffer->value = malloc(message_buffer->length);
+           if (message_buffer->value == NULL)
+               goto no_mem;
+           memcpy(message_buffer->value, plain.data, message_buffer->length);
+       }
+       err = g_order_check(&ctx->seqstate, seqnum);
+       *minor_status = 0;
+       return err;
+    } else if (toktype == KG_TOK_MIC_MSG) {
+       /* wrap token, no confidentiality */
+       if (load_16_be(ptr) != 0x0404)
+           goto defective;
+    verify_mic_1:
+       if (ptr[3] != 0xff)
+           goto defective;
+       if (load_32_be(ptr+4) != 0xffffffffL)
+           goto defective;
+       seqnum = load_64_be(ptr+8);
+       plain.length = message_buffer->length + 16;
+       plain.data = malloc(plain.length);
+       if (plain.data == NULL)
+           goto no_mem;
+       if (message_buffer->length)
+           memcpy(plain.data, message_buffer->value, message_buffer->length);
+       memcpy(plain.data + message_buffer->length, ptr, 16);
+       sum.length = bodysize - 16;
+       sum.contents = ptr + 16;
+       sum.checksum_type = ctx->cksumtype;
+       err = krb5_c_verify_checksum(context, key, key_usage,
+                                    &plain, &sum, &valid);
+       if (err) {
+       error:
+           free(plain.data);
+           *minor_status = err;
+           return GSS_S_BAD_SIG; /* XXX */
+       }
+       if (!valid) {
+           free(plain.data);
+           *minor_status = 0;
+           return GSS_S_BAD_SIG;
+       }
+       err = g_order_check(&ctx->seqstate, seqnum);
+       *minor_status = 0;
+       return err;
+    } else if (toktype == KG_TOK_DEL_CTX) {
+       if (load_16_be(ptr) != 0x0405)
+           goto defective;
+       message_buffer = &empty_message;
+       goto verify_mic_1;
+    } else {
+       goto defective;
+    }
+}
index 347d6b8524169cbc6c704f70dbd09a3847ba394f..6851352eee927d43eebda6651d46fbeae51b2a59 100644 (file)
@@ -224,6 +224,8 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
                return(GSS_S_FAILURE);
            }
            memcpy(token.value, plain+conflen, token.length);
+       } else {
+           token.value = NULL;
        }
     } else if (toktype == KG_TOK_SIGN_MSG) {
        token = *message_buffer;
@@ -488,6 +490,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
     unsigned char *ptr;
     unsigned int bodysize;
     int err;
+    int toktype2;
 
     /* validate the context handle */
     if (! kg_validate_ctx_id(context_handle)) {
@@ -508,14 +511,38 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
 
     ptr = (unsigned char *) input_token_buffer->value;
 
-    if (!(err = g_verify_token_header((gss_OID) ctx->mech_used,
-                                     &bodysize, &ptr, toktype,
-                                     input_token_buffer->length))) {
-       return(kg_unseal_v1(context, minor_status, ctx, ptr, bodysize,
-                           message_buffer, conf_state, qop_state,
-                           toktype));
+    if (ctx->proto)
+       switch (toktype) {
+       case KG_TOK_SIGN_MSG:
+           toktype2 = 0x0404;
+           break;
+       case KG_TOK_SEAL_MSG:
+           toktype2 = 0x0504;
+           break;
+       case KG_TOK_DEL_CTX:
+           toktype2 = 0x0405;
+           break;
+       default:
+           toktype2 = toktype;
+           break;
+       }
+    else
+       toktype2 = toktype;
+    err = g_verify_token_header((gss_OID) ctx->mech_used,
+                               &bodysize, &ptr, toktype2,
+                               input_token_buffer->length,
+                               !ctx->proto);
+    if (err) {
+       *minor_status = err;
+       return GSS_S_DEFECTIVE_TOKEN;
     }
 
-    *minor_status = err;
-    return(GSS_S_DEFECTIVE_TOKEN);
+    if (ctx->proto == 0)
+       return kg_unseal_v1(context, minor_status, ctx, ptr, bodysize,
+                           message_buffer, conf_state, qop_state,
+                           toktype);
+    else
+       return gss_krb5int_unseal_token_v3(context, minor_status, ctx,
+                                          ptr, bodysize, message_buffer,
+                                          conf_state, qop_state, toktype);
 }
index 0d81399af254ad4ecccc6e8098e986f1cf5ba514..43d5ca1c2efae7edd0166eb52c173caae543a323 100644 (file)
@@ -34,8 +34,10 @@ krb5_gss_release_cred(minor_status, cred_handle)
    if (GSS_ERROR(kg_get_context(minor_status, &context)))
       return(GSS_S_FAILURE);
 
-   if (*cred_handle == GSS_C_NO_CREDENTIAL)
-      return(kg_release_defcred(minor_status));
+   if (*cred_handle == GSS_C_NO_CREDENTIAL) {
+      *minor_status = 0;
+      return(GSS_S_COMPLETE);
+   }
 
    if (! kg_delete_cred_id(*cred_handle)) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
index 8ab9401c3ec6dbd82d760e14e6f086e687a85c2b..e0d0ee0afc8545b3e46b8f12e8178d115b867ded 100644 (file)
@@ -51,14 +51,21 @@ kg_oid_externalize(kcontext, arg, buffer, lenremain)
     size_t             *lenremain;
 {
      gss_OID oid = (gss_OID) arg;
+     krb5_error_code err;
      
-     (void) krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
-     (void) krb5_ser_pack_int32((krb5_int32) oid->length,
-                               buffer, lenremain);
-     (void) krb5_ser_pack_bytes((krb5_octet *) oid->elements,
-                               oid->length, buffer, lenremain);
-     (void) krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
-     return 0;
+     err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
+     if (err)
+        return err;
+     err = krb5_ser_pack_int32((krb5_int32) oid->length,
+                              buffer, lenremain);
+     if (err)
+        return err;
+     err = krb5_ser_pack_bytes((krb5_octet *) oid->elements,
+                              oid->length, buffer, lenremain);
+     if (err)
+        return err;
+     err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
+     return err;
 }
 
 static krb5_error_code
@@ -86,22 +93,35 @@ kg_oid_internalize(kcontext, argp, buffer, lenremain)
      oid = (gss_OID) malloc(sizeof(gss_OID_desc));
      if (oid == NULL)
          return ENOMEM;
-     (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
+        free(oid);
+        return EINVAL;
+     }
      oid->length = ibuf;
      oid->elements = malloc(ibuf);
      if (oid->elements == 0) {
             free(oid);
             return ENOMEM;
      }
-     (void) krb5_ser_unpack_bytes((krb5_octet *) oid->elements,
-                                 oid->length, &bp, &remain);
+     if (krb5_ser_unpack_bytes((krb5_octet *) oid->elements,
+                              oid->length, &bp, &remain)) {
+        free(oid->elements);
+        free(oid);
+        return EINVAL;
+     }
      
      /* Read in and check our trailing magic number */
-     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-       return (EINVAL);
+     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
+        free(oid->elements);
+        free(oid);
+        return (EINVAL);
+     }
 
-     if (ibuf != KV5M_GSS_OID)
+     if (ibuf != KV5M_GSS_OID) {
+        free(oid->elements);
+        free(oid);
         return (EINVAL);
+     }
 
      *buffer = bp;
      *lenremain = remain;
@@ -140,10 +160,13 @@ kg_queue_externalize(kcontext, arg, buffer, lenremain)
     krb5_octet         **buffer;
     size_t             *lenremain;
 {
-     (void) krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
-     g_queue_externalize(arg, buffer, lenremain);
-     (void) krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
-     return 0;
+    krb5_error_code err;
+    err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
+    if (err == 0)
+       err = g_queue_externalize(arg, buffer, lenremain);
+    if (err == 0)
+       err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
+    return err;
 }
 
 static krb5_error_code
@@ -156,6 +179,7 @@ kg_queue_internalize(kcontext, argp, buffer, lenremain)
      krb5_int32 ibuf;
      krb5_octet                *bp;
      size_t            remain;
+     krb5_error_code   err;
 
      bp = *buffer;
      remain = *lenremain;
@@ -167,14 +191,20 @@ kg_queue_internalize(kcontext, argp, buffer, lenremain)
      if (ibuf != KV5M_GSS_QUEUE)
         return (EINVAL);
 
-     g_queue_internalize(argp, &bp, &remain);
+     err = g_queue_internalize(argp, &bp, &remain);
+     if (err)
+         return err;
 
      /* Read in and check our trailing magic number */
-     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-       return (EINVAL);
+     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
+        g_order_free(argp);
+        return (EINVAL);
+     }
 
-     if (ibuf != KV5M_GSS_QUEUE)
+     if (ibuf != KV5M_GSS_QUEUE) {
+        g_order_free(argp);
         return (EINVAL);
+     }
 
      *buffer = bp;
      *lenremain = remain;
@@ -218,26 +248,38 @@ kg_ctx_size(kcontext, arg, sizep)
      * krb5_gss_ctx_id_rec requires:
      * krb5_int32      for KG_CONTEXT
      * krb5_int32      for initiate.
-     * krb5_int32      for mutual.
+     * krb5_int32      for established.
+     * krb5_int32      for big_endian.
+     * krb5_int32      for have_acceptor_subkey.
      * krb5_int32      for seed_init.
+     * krb5_int32      for gss_flags.
      * sizeof(seed)    for seed
+     * ...             for here
+     * ...             for there
+     * ...             for subkey
      *  krb5_int32     for signalg.
      *  krb5_int32     for cksum_size.
      *  krb5_int32     for sealalg.
+     * ...             for enc
+     * ...             for seq
      * krb5_int32      for endtime.
      * krb5_int32      for flags.
-     * krb5_int32      for seq_send.
-     * krb5_int32      for seq_recv.
-     * krb5_int32      for established.
-     * krb5_int32      for big_endian.
-     * krb5_int32      for nctypes.
+     * krb5_int64      for seq_send.
+     * krb5_int64      for seq_recv.
+     * ...             for seqstate
+     * ...             for auth_context
+     * ...             for mech_used
+     * krb5_int32      for proto
+     * krb5_int32      for cksumtype
+     * ...             for acceptor_subkey
+     * krb5_int32      for acceptor_key_cksumtype
      * krb5_int32      for trailer.
      */
     kret = EINVAL;
     if ((ctx = (krb5_gss_ctx_id_rec *) arg)) {
        required = 16*sizeof(krb5_int32);
+       required += 2*sizeof(krb5_int64);
        required += sizeof(ctx->seed);
-       required += ctx->nctypes*sizeof(krb5_int32);
 
        kret = 0;
        if (!kret && ctx->here)
@@ -283,6 +325,11 @@ kg_ctx_size(kcontext, arg, sizep)
                                    KV5M_AUTH_CONTEXT,
                                    (krb5_pointer) ctx->auth_context,
                                    &required);
+       if (!kret && ctx->acceptor_subkey)
+           kret = krb5_size_opaque(kcontext,
+                                   KV5M_KEYBLOCK,
+                                   (krb5_pointer) ctx->acceptor_subkey,
+                                   &required);
        if (!kret)
            *sizep += required;
     }
@@ -304,7 +351,11 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
     size_t             required;
     krb5_octet         *bp;
     size_t             remain;
-    int                        i;
+    krb5int_access kaccess;
+
+    kret = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (kret) 
+        return(kret);
 
     required = 0;
     bp = *buffer;
@@ -320,10 +371,16 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
            /* Now static data */
            (void) krb5_ser_pack_int32((krb5_int32) ctx->initiate,
                                       &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->gss_flags,
+           (void) krb5_ser_pack_int32((krb5_int32) ctx->established,
+                                      &bp, &remain);
+           (void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian,
+                                      &bp, &remain);
+           (void) krb5_ser_pack_int32((krb5_int32) ctx->have_acceptor_subkey,
                                       &bp, &remain);
            (void) krb5_ser_pack_int32((krb5_int32) ctx->seed_init,
                                       &bp, &remain);
+           (void) krb5_ser_pack_int32((krb5_int32) ctx->gss_flags,
+                                      &bp, &remain);
            (void) krb5_ser_pack_bytes((krb5_octet *) ctx->seed,
                                       sizeof(ctx->seed),
                                       &bp, &remain);
@@ -337,15 +394,9 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
                                       &bp, &remain);
            (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags,
                                       &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->seq_send,
+           (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_send,
                                       &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->seq_recv,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->established,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->nctypes,
+           (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_recv,
                                       &bp, &remain);
 
            /* Now dynamic data */
@@ -395,15 +446,25 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
                                               (krb5_pointer) ctx->auth_context,
                                               &bp, &remain);
 
-           for (i=0; i<ctx->nctypes; i++) {
-               if (!kret) {
-                   kret = krb5_ser_pack_int32((krb5_int32) ctx->ctypes[i],
+           if (!kret)
+               kret = krb5_ser_pack_int32((krb5_int32) ctx->proto,
+                                          &bp, &remain);
+           if (!kret)
+               kret = krb5_ser_pack_int32((krb5_int32) ctx->cksumtype,
+                                          &bp, &remain);
+           if (!kret && ctx->acceptor_subkey)
+               kret = krb5_externalize_opaque(kcontext,
+                                              KV5M_KEYBLOCK,
+                                              (krb5_pointer) ctx->acceptor_subkey,
                                               &bp, &remain);
-               }
-           }
-           
+           if (!kret)
+               kret = krb5_ser_pack_int32((krb5_int32) ctx->acceptor_subkey_cksumtype,
+                                          &bp, &remain);
+
+           /* trailer */
+           if (!kret)
+               kret = krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
            if (!kret) {
-               (void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
                *buffer = bp;
                *lenremain = remain;
            }
@@ -427,7 +488,11 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
     krb5_int32         ibuf;
     krb5_octet         *bp;
     size_t             remain;
-    int                        i;
+    krb5int_access kaccess;
+
+    kret = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (kret)
+        return(kret);
 
     bp = *buffer;
     remain = *lenremain;
@@ -439,7 +504,9 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
        kret = ENOMEM;
 
        /* Get a context */
-       if ((remain >= ((10*sizeof(krb5_int32))+sizeof(ctx->seed))) &&
+       if ((remain >= (16*sizeof(krb5_int32)
+                       + 2*sizeof(krb5_int64)
+                       + sizeof(ctx->seed))) &&
            (ctx = (krb5_gss_ctx_id_rec *)
             xmalloc(sizeof(krb5_gss_ctx_id_rec)))) {
            memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
@@ -448,9 +515,15 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
            ctx->initiate = (int) ibuf;
            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->gss_flags = (int) ibuf;
+           ctx->established = (int) ibuf;
+           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+           ctx->big_endian = (int) ibuf;
+           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+           ctx->have_acceptor_subkey = (int) ibuf;
            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
            ctx->seed_init = (int) ibuf;
+           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+           ctx->gss_flags = (int) ibuf;
            (void) krb5_ser_unpack_bytes((krb5_octet *) ctx->seed,
                                         sizeof(ctx->seed),
                                         &bp, &remain);
@@ -464,14 +537,12 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
            ctx->endtime = (krb5_timestamp) ibuf;
            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
            ctx->krb_flags = (krb5_flags) ibuf;
-           (void) krb5_ser_unpack_int32(&ctx->seq_send, &bp, &remain);
-           (void) krb5_ser_unpack_int32(&ctx->seq_recv, &bp, &remain);
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->established = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->big_endian = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->nctypes = (int) ibuf;
+           (void) (*kaccess.krb5_ser_unpack_int64)(&ctx->seq_send, &bp, &remain);
+           kret = (*kaccess.krb5_ser_unpack_int64)(&ctx->seq_recv, &bp, &remain);
+           if (kret) {
+               free(ctx);
+               return kret;
+           }
 
            if ((kret = kg_oid_internalize(kcontext, &ctx->mech_used, &bp,
                                           &remain))) {
@@ -531,34 +602,36 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
                                               KV5M_AUTH_CONTEXT,
                                       (krb5_pointer *) &ctx->auth_context,
                                               &bp, &remain);
-               
-           if (!kret) {
-               if (ctx->nctypes) {
-                   if ((ctx->ctypes = (krb5_cksumtype *)
-                        malloc(ctx->nctypes*sizeof(krb5_cksumtype))) == NULL){
-                       kret = ENOMEM;
-                   }
-
-                   for (i=0; i<ctx->nctypes; i++) {
-                       if (!kret) {
-                           kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-                           ctx->ctypes[i] = (krb5_cksumtype) ibuf;
-                       }
-                   }
-               }
+
+           if (!kret)
+               kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+           ctx->proto = ibuf;
+           if (!kret)
+               kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+           ctx->cksumtype = ibuf;
+           if (!kret &&
+               (kret = krb5_internalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer *) &ctx->acceptor_subkey,
+                                               &bp, &remain))) {
+               if (kret == EINVAL)
+                   kret = 0;
            }
+           if (!kret)
+               kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+           ctx->acceptor_subkey_cksumtype = ibuf;
 
            /* Get trailer */
-           if (!kret &&
-               !(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) &&
-               (ibuf == KG_CONTEXT)) {
+           if (!kret)
+               kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+           if (!kret && ibuf != KG_CONTEXT)
+               kret = EINVAL;
+
+           if (!kret) {
                *buffer = bp;
                *lenremain = remain;
                *argp = (krb5_pointer) ctx;
-           }
-           else {
-               if (!kret && (ibuf != KG_CONTEXT))
-                   kret = EINVAL;
+           } else {
                if (ctx->seq)
                    krb5_free_keyblock(kcontext, ctx->seq);
                if (ctx->enc)
index 9a612201b5b18a5a6c07741a9ed38ad5560a0b78..9a6cdda702a31525310d4a8aa4b111546a0124cd 100644 (file)
@@ -36,36 +36,55 @@ gss_krb5_ccache_name(minor_status, name, out_name)
        const char *name;
        const char **out_name;
 {
-       krb5_context context;
-       krb5_error_code retval;
-       OM_uint32 foo_stat;
-       static char *oldname = NULL;
-       const char *tmpname = NULL;
+    static char *gss_out_name = NULL;
+    
+    char *old_name = NULL;
+    OM_uint32 err = 0;
+    OM_uint32 minor = 0;
 
-       if (GSS_ERROR(kg_get_context(minor_status, &context)))
-               return (GSS_S_FAILURE);
+    if (out_name) {
+        const char *tmp_name = NULL;
 
-       if (out_name) {
-               if (oldname != NULL)
-                       free(oldname);
-               /*
-                * Save copy of previous default ccname, since
-                * cc_set_default_name will free it and we don't want
-                * to hang on to a pointer to freed memory.
-                */
-               tmpname = krb5_cc_default_name(context);
-               oldname = malloc(strlen(tmpname) + 1);
-               if (oldname == NULL)
-                       return GSS_S_FAILURE;
-               strcpy(oldname, tmpname);
-               *out_name = oldname;
-       }
-
-       retval = krb5_cc_set_default_name(context, name);
-       if (retval) {
-               *minor_status = retval;
-               return GSS_S_FAILURE;
-       }
-       kg_release_defcred(&foo_stat);
-       return GSS_S_COMPLETE;
+        if (!err) {
+            if (GSS_ERROR(kg_get_ccache_name (&minor, &tmp_name))) {
+                err = minor;
+            }
+        }
+        
+        if (!err) {
+            old_name = malloc(strlen(tmp_name) + 1);
+            if (old_name == NULL) {
+                err = ENOMEM;
+            } else {
+                strcpy(old_name, tmp_name);
+            }
+        }
+        
+        if (!err) {
+            char *swap = NULL;
+            
+            swap = gss_out_name;
+            gss_out_name = old_name;
+            old_name = swap;
+        }            
+    }
+    
+    if (!err) {
+        if (GSS_ERROR(kg_set_ccache_name (&minor, name))) {
+            err = minor;
+        }
+    }
+    
+    if (!err) {
+        if (out_name) {
+            *out_name = gss_out_name;
+        }
+    }
+    
+    if (old_name != NULL) {
+        free (old_name);
+    }
+    
+    *minor_status = err;
+    return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
 }
index 43ccc6415bf05c3d835b753355ac952070ae8e1b..b91c7f7593a399e872e12f98119298cb9258996f 100644 (file)
@@ -110,6 +110,40 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
        return(GSS_S_NO_CONTEXT);
     }
 
+    if (ctx->proto == 1) {
+       /* No pseudo-ASN.1 wrapper overhead, so no sequence length and
+          OID.  */
+       OM_uint32 sz = req_output_size;
+       /* Token header: 16 octets.  */
+       if (conf_req_flag) {
+           while (sz > 0 && krb5_encrypt_size(sz, ctx->enc->enctype) + 16 > req_output_size)
+               sz--;
+           /* Allow for encrypted copy of header.  */
+           if (sz > 16)
+               sz -= 16;
+           else
+               sz = 0;
+#ifdef CFX_EXERCISE
+           /* Allow for EC padding.  In the MIT implementation, only
+              added while testing.  */
+           if (sz > 65535)
+               sz -= 65535;
+           else
+               sz = 0;
+#endif
+       } else {
+           /* Allow for token header and checksum.  */
+           if (sz < 16 + ctx->cksum_size)
+               sz = 0;
+           else
+               sz -= (16 + ctx->cksum_size);
+       }
+
+       *max_input_size = sz;
+       *minor_status = 0;
+       return GSS_S_COMPLETE;
+    }
+
     /* Calculate the token size and subtract that from the output size */
     overhead = 7 + ctx->mech_used->length;
     data_size = req_output_size;
index 3a43be2ba0c48db58bd3f56560c74b71e3a08250..e951cb93108c0482e7ca65d7922f972d753de720 100644 (file)
@@ -72,7 +72,14 @@ EXPORTS
 ;
 ; GSS-API variables
 ;
-       gss_nt_user_name        DATA
-       gss_nt_machine_uid_name DATA
-       gss_nt_string_uid_name  DATA
-       gss_nt_service_name     DATA
+       gss_nt_user_name                   DATA
+       gss_nt_machine_uid_name        DATA
+       gss_nt_string_uid_name         DATA
+       gss_nt_service_name                DATA
+    GSS_C_NT_USER_NAME             DATA
+    GSS_C_NT_MACHINE_UID_NAME      DATA
+    GSS_C_NT_STRING_UID_NAME       DATA
+    GSS_C_NT_HOSTBASED_SERVICE     DATA
+    GSS_C_NT_HOSTBASED_SERVICE_X   DATA
+    GSS_C_NT_ANONYMOUS             DATA
+    GSS_C_NT_EXPORT_NAME           DATA
index d663d7f9bf5cf405c1f9274164224b7309db873d..9411c2ff2dcf09fbec1dad784d0d6d9eb83c4a77 100644 (file)
@@ -1,3 +1,27 @@
+2004-02-12  Tom Yu  <tlyu@mit.edu>
+
+       * configure.in: Invoke PRIOCNTL_HACK.
+
+2003-06-03  Tom Yu  <tlyu@mit.edu>
+
+       * alt_prof.c (krb5_read_realm_params): Don't bother reading in
+       realm_keysalts or realm_num_keysalts, as they're no longer used.
+
+2003-05-30  Ken Raeburn  <raeburn@mit.edu>
+
+       * alt_prof.c (kadm5_get_config_params): Change default max_life to
+       one day.
+
+2003-05-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * alt_prof.c (kadm5_get_config_params): Remove aes256 from the
+       default supported enctypes list for now.
+
+2003-04-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * alt_prof.c (kadm5_get_config_params): Add aes256 to the default
+       supported enctypes list.
+
 2003-01-10  Ken Raeburn  <raeburn@mit.edu>
 
        * configure.in: Don't explicitly invoke AC_PROG_ARCHIVE,
index 9546a6b2204583978fdb156539c7648b3e2563f6..50bdfb6f7d0db756dc448d44a810f912e53b7a9d 100644 (file)
@@ -122,10 +122,11 @@ ovsec_glue.so ovsec_glue.po $(OUTPRE)ovsec_glue.$(OBJEXT): ovsec_glue.c $(BUILDT
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h
 misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): misc_free.c $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
@@ -133,11 +134,12 @@ misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): misc_free.c $(BUILDTOP)/
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  server_internal.h admin_internal.h adb.h $(DB_DEPS)
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h server_internal.h \
+  admin_internal.h adb.h $(DB_DEPS)
 kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): kadm_rpc_xdr.c $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
   $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
@@ -145,11 +147,12 @@ kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): kadm_rpc_xdr.c
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/admin_xdr.h
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  $(BUILDTOP)/include/kadm5/admin_xdr.h
 chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): chpass_util.c $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
@@ -157,28 +160,29 @@ chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): chpass_util.c $(BU
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  admin_internal.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h admin_internal.h
 alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): alt_prof.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
-  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
-  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
-  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(SRCTOP)/include/krb5/adm_proto.h
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
+  $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
+  $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
+  $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h
 str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): str_conv.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h admin_internal.h $(BUILDTOP)/include/kadm5/admin.h \
+  admin_internal.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
   $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
@@ -188,8 +192,8 @@ str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): str_conv.c $(SRCTOP)/includ
   $(SRCTOP)/include/krb5/adm_proto.h
 logger.so logger.po $(OUTPRE)logger.$(OBJEXT): logger.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/adm_proto.h \
-  $(SRCTOP)/include/syslog.h
+  $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/syslog.h
 
index 758c8857d10712a2d208df6f0b390e6c0748d38e..659068badcea6cc6bf831b7f872752ebd3394650 100644 (file)
@@ -605,7 +605,7 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv,
         params.max_life = dtvalue;
         params.mask |= KADM5_CONFIG_MAX_LIFE;
     } else {
-        params.max_life = 36000; /* 10 hours */
+        params.max_life = 24 * 60 * 60; /* 1 day */
         params.mask |= KADM5_CONFIG_MAX_LIFE;
     }   
            
@@ -702,7 +702,7 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv,
         if (aprofile)
              krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
         if (svalue == NULL)
-             svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");
+            svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");
 
         params.keysalts = NULL;
         params.num_keysalts = 0;
@@ -936,27 +936,8 @@ krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp)
        krb5_xfree(svalue);
     }
 
-    /* Get the value for the supported enctype/salttype matrix */
-    /* XXX This is so that the kdc will search a different
-       enctype list than kadmind */
-    if (!kret) {
-       hierarchy[2] = "kdc_supported_enctypes";
-       kret = krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
-       if (kret) {
-           hierarchy[2] = "supported_enctypes";
-           kret = krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
-       }
-       if (!kret) {
-           krb5_string_to_keysalts(svalue,
-                                   ", \t",     /* Tuple separators     */
-                                   ":.-",      /* Key/salt separators  */
-                                   0,          /* No duplicates        */
-                                   &rparams->realm_keysalts,
-                                   &rparams->realm_num_keysalts);
-           krb5_xfree(svalue);
-       }
-       kret = 0;
-    }
+    rparams->realm_keysalts = NULL;
+    rparams->realm_num_keysalts = 0;
 
 cleanup:
     if (aprofile)
index daf317a8da932eed156275c8d25ac56ba5625d7e..2f094921044fbb2b14e01d333c27278e21aefdff 100644 (file)
@@ -84,12 +84,12 @@ clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): clnt_policy.c $(BU
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h
 client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): client_rpc.c $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
   $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
@@ -98,10 +98,10 @@ client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): client_rpc.c $(BUILDT
   $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h
 client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): client_principal.c \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
@@ -110,26 +110,27 @@ client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): cli
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
-  client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h
 client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): client_init.c $(COM_ERR_DEPS) \
   $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
-  $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
-  $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
-  $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
-  client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \
-  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
-  $(BUILDTOP)/include/gssrpc/auth_gssapi.h
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
+  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
+  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
+  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/auth_gssapi.h
 clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): clnt_privs.c $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
   $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
@@ -137,12 +138,12 @@ clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): clnt_privs.c $(BUILDT
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h
 clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): clnt_chpass_util.c \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
@@ -151,9 +152,9 @@ clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): cln
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h client_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h
 
index 8a00e266b06563d1c309448f4d02153e83e87686..915c9507ff6faba89633438d18fb4d05b8cbf703 100644 (file)
@@ -19,5 +19,6 @@ dnl
 KRB5_BUILD_LIBOBJS
 KRB5_BUILD_LIBRARY_WITH_DEPS
 KRB5_BUILD_PROGRAM
+KRB5_AC_PRIOCNTL_HACK
 dnl
 V5_AC_OUTPUT_MAKEFILE(. clnt srv unit-test)
index 6d3e3de5b75e652641bd4b0127ed48f4902d3be1..eea698794f8715f08b7087e68eed10f15aef2e9f 100644 (file)
@@ -1,3 +1,19 @@
+2003-09-02  Alexandra Ellwood  <lxs@mit.edu>
+
+       * svr_principal.c: Added Apple password server support.
+
+2003-06-13  Tom Yu  <tlyu@mit.edu>
+
+       * server_kdb.c (kdb_init_hist): Force history principal's key to
+       be of the same enctype as the master key, as searches for it later
+       on explicitly specify the enctype.
+
+2003-04-01  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in: Remove $(SHLIB_DBLIB_DEPS) and related variables.
+       (SHLIB_EXPDEPS): Remove $(SHLIB_DBLIB_DEPS).
+       (SHLIB_EXPLIBS): Change $(DB_LIB) to $(KDB5_DB_LIB).
+
 2003-01-12  Ezra Peisach  <epeisach@bu.edu>
 
        * svr_iters.c (kadm5_get_either): For POSIX_REGEXPS
index db61a8c57d650b2baf56ab70942caa027efe809a..d46216ccf7ed6c1829cdfc3224db07ba1007313e 100644 (file)
@@ -13,18 +13,14 @@ LIBMAJOR=5
 LIBMINOR=1
 STOBJLISTS=../OBJS.ST OBJS.ST
 
-SHLIB_DBLIB_DEPS = $(SHLIB_DBLIB-@DB_VERSION@)
-SHLIB_DBLIB-k5  = $(TOPLIBD)/libdb$(SHLIBEXT)
-SHLIB_DBLIB-sys         = 
-
 SHLIB_EXPDEPS=\
        $(TOPLIBD)/libgssrpc$(SHLIBEXT) \
        $(TOPLIBD)/libgssapi_krb5$(SHLIBEXT) \
-       $(TOPLIBD)/libkdb5$(SHLIBEXT) $(SHLIB_DBLIB_DEPS) \
+       $(TOPLIBD)/libkdb5$(SHLIBEXT) \
        $(TOPLIBD)/libkrb5$(SHLIBEXT) \
        $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
        $(COM_ERR_DEPLIB)
-SHLIB_EXPLIBS =        -lgssrpc -lgssapi_krb5 -lkdb5 $(DB_LIB) \
+SHLIB_EXPLIBS =        -lgssrpc -lgssapi_krb5 -lkdb5 $(KDB5_DB_LIB) \
                -lkrb5 -lk5crypto -lcom_err @GEN_LIB@
 SHLIB_DIRS=-L$(TOPLIBD)
 SHLIB_RDIRS=$(KRB5_LIBDIR)
@@ -113,11 +109,12 @@ svr_policy.so svr_policy.po $(OUTPRE)svr_policy.$(OBJEXT): svr_policy.c $(BUILDT
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/adb.h \
+  $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \
   $(BUILDTOP)/include/kadm5/admin_internal.h
 svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): svr_principal.c $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
@@ -126,53 +123,56 @@ svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): svr_principa
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/adb.h \
+  $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \
   $(BUILDTOP)/include/kadm5/admin_internal.h
 server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): server_acl.c $(SRCTOP)/include/syslog.h \
   $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
-  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
-  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
-  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \
-  $(DB_DEPS) $(SRCTOP)/include/krb5/adm_proto.h server_acl.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
+  $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
+  $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
+  $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) $(SRCTOP)/include/krb5/adm_proto.h \
+  server_acl.h
 server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): server_kdb.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
-  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
-  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
-  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS)
-server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): server_misc.c $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/adb.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/xdr.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
   $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
   $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \
+  $(DB_DEPS)
+server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): server_misc.c $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+  $(BUILDTOP)/include/kadm5/adb.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
+  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
+  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
+  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
+  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h
 server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): server_init.c $(COM_ERR_DEPS) \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
@@ -181,12 +181,12 @@ server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): server_init.c $(CO
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \
-  $(DB_DEPS)
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS)
 server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): server_dict.c $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
@@ -194,13 +194,14 @@ server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): server_dict.c $(BU
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/syslog.h \
-  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS)
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h \
+  $(SRCTOP)/include/syslog.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \
+  $(DB_DEPS)
 svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): svr_iters.c $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
@@ -208,11 +209,12 @@ svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): svr_iters.c $(BUILDTOP)/
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/adb.h \
+  $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \
   $(BUILDTOP)/include/kadm5/admin_internal.h
 svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): svr_chpass_util.c \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
@@ -222,12 +224,12 @@ svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): svr_ch
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \
-  $(DB_DEPS)
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS)
 adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): adb_xdr.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
@@ -235,46 +237,46 @@ adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): adb_xdr.c $(BUILDTOP)/include/
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/adb.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/admin_xdr.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h
+  $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/admin_xdr.h $(BUILDTOP)/include/kadm5/kadm_rpc.h
 adb_policy.so adb_policy.po $(OUTPRE)adb_policy.$(OBJEXT): adb_policy.c $(BUILDTOP)/include/kadm5/adb.h \
   $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/xdr.h \
-  $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
-  $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
-  $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h
+  $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
+  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
+  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
+  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
+  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h
 adb_free.so adb_free.po $(OUTPRE)adb_free.$(OBJEXT): adb_free.c $(BUILDTOP)/include/kadm5/adb.h \
   $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/xdr.h \
-  $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
-  $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
-  $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h
+  $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
+  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
+  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
+  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
+  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h
 adb_openclose.so adb_openclose.po $(OUTPRE)adb_openclose.$(OBJEXT): adb_openclose.c $(BUILDTOP)/include/kadm5/adb.h \
   $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/xdr.h \
-  $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
-  $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
-  $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h
+  $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
+  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
+  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
+  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
+  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h
 
index 231fcb3ef976e48cbf472b4fede99900f55761c3..97d38c7b6b5dae810e859b9ebd0e8b4cde9df554 100644 (file)
@@ -107,6 +107,7 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r)
     int            ret = 0;
     char    *realm, *hist_name;
     krb5_key_data *key_data;
+    krb5_key_salt_tuple ks[1];
 
     if (r == NULL)  {
        if ((ret = krb5_get_default_realm(handle->context, &realm)))
@@ -144,11 +145,13 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r)
           history principal, anyway. */
 
        hist_kvno = 2;
-
-       ret = kadm5_create_principal(handle, &ent,
-                                    (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
-                                     KADM5_ATTRIBUTES),
-                                    "to-be-random");
+       ks[0].ks_enctype = handle->params.enctype;
+       ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
+       ret = kadm5_create_principal_3(handle, &ent,
+                                      (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
+                                       KADM5_ATTRIBUTES),
+                                      1, ks,
+                                      "to-be-random");
        if (ret)
            goto done;
 
@@ -156,7 +159,8 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r)
 
        hist_princ = NULL;
 
-       ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL);
+       ret = kadm5_randkey_principal_3(handle, ent.principal, 0, 1, ks,
+                                       NULL, NULL);
 
        hist_princ = ent.principal;
 
index c1b8bc59c9c4ef014935982a411ff458214167d4..c567f83690ba1323798c20bc0666f0e0f03889d2 100644 (file)
@@ -19,6 +19,9 @@ static char *rcsid = "$Header$";
 #include       "server_internal.h"
 #include       <stdarg.h>
 #include       <stdlib.h>
+#ifdef USE_PASSWORD_SERVER
+#include       <sys/wait.h>
+#endif
 
 extern krb5_principal      master_princ;
 extern krb5_principal      hist_princ;
@@ -1065,6 +1068,105 @@ static kadm5_ret_t add_to_history(krb5_context context,
 }
 #undef KADM_MOD
 
+#ifdef USE_PASSWORD_SERVER
+
+/* FIXME: don't use global variable for this */
+krb5_boolean use_password_server = 0;
+
+static krb5_boolean
+kadm5_use_password_server (void)
+{
+    return use_password_server;
+}
+
+void
+kadm5_set_use_password_server (void)
+{
+    use_password_server = 1;
+}
+
+/*
+ * kadm5_launch_task () runs a program (task_path) to synchronize the 
+ * Apple password server with the Kerberos database.  Password server
+ * programs can receive arguments on the command line (task_argv)
+ * and a block of data via stdin (data_buffer).
+ *
+ * Because a failure to communicate with the tool results in the
+ * password server falling out of sync with the database,
+ * kadm5_launch_task() always fails if it can't talk to the tool.
+ */
+
+static kadm5_ret_t
+kadm5_launch_task (krb5_context context,
+                   const char *task_path, char * const task_argv[],
+                   const char *data_buffer) 
+{
+    kadm5_ret_t ret = 0;
+    int data_pipe[2];
+    
+    if (data_buffer != NULL) {
+        ret = pipe (data_pipe);
+        if (ret) { ret = errno; }
+    }
+
+    if (!ret) {
+        pid_t pid = fork ();
+        if (pid == -1) {
+            ret = errno;
+        } else if (pid == 0) {
+            /* The child: */
+            
+            if (data_buffer != NULL) {
+                if (dup2 (data_pipe[0], STDIN_FILENO) == -1) {
+                    _exit (1);
+                }
+            } else {
+                close (data_pipe[0]);
+            }
+
+            close (data_pipe[1]);
+            
+            execv (task_path, task_argv);
+            
+            _exit (1); /* Fail if execv fails */
+        } else {
+            /* The parent: */
+            int status;
+                       
+            if (data_buffer != NULL) {
+                /* Write out the buffer to the child */
+                if (krb5_net_write (context, data_pipe[1],
+                                    data_buffer, strlen (data_buffer)) < 0) {
+                    /* kill the child to make sure waitpid() won't hang later */
+                    ret = errno;
+                    kill (pid, SIGKILL);
+                }
+            }
+
+            close (data_buffer[0]);
+            close (data_buffer[1]);
+
+            waitpid (pid, &status, 0);
+
+            if (!ret) {
+                if (WIFEXITED (status)) {
+                    /* child read password and exited.  Check the return value. */
+                    if ((WEXITSTATUS (status) != 0) && (WEXITSTATUS (status) != 252)) {
+                       ret = KRB5KDC_ERR_POLICY; /* password change rejected */
+                    }
+                } else {
+                    /* child read password but crashed or was killed */
+                    ret = KRB5KRB_ERR_GENERIC; /* FIXME: better error */
+                }
+            }
+        }
+    }
+
+    return ret;
+}
+
+#endif
+
 kadm5_ret_t
 kadm5_chpass_principal(void *server_handle,
                            krb5_principal principal, char *password)
@@ -1193,6 +1295,42 @@ kadm5_chpass_principal_3(void *server_handle,
        kdb.pw_expiration = 0;
     }
 
+#ifdef USE_PASSWORD_SERVER
+    if (kadm5_use_password_server () &&
+        (krb5_princ_size (handle->context, principal) == 1)) {
+        krb5_data *princ = krb5_princ_component (handle->context, principal, 0);
+        const char *path = "/usr/sbin/mkpassdb";
+        char *argv[] = { "mkpassdb", "-setpassword", NULL, NULL };
+        char *pstring = NULL;
+        char pwbuf[256];
+        int pwlen = strlen (password);
+
+        if (pwlen > 254) pwlen = 254;
+        strncpy (pwbuf, password, pwlen);
+        pwbuf[pwlen] = '\n';
+        pwbuf[pwlen + 1] = '\0';
+
+        if (!ret) {
+            pstring = malloc ((princ->length + 1) * sizeof (char));
+            if (pstring == NULL) { ret = errno; }
+        }
+
+        if (!ret) {
+            memcpy (pstring, princ->data, princ->length);
+            pstring [princ->length] = '\0';
+            argv[2] = pstring;
+
+            ret = kadm5_launch_task (handle->context, path, argv, pwbuf);
+        }
+        
+        if (pstring != NULL)
+            free (pstring);
+        
+        if (ret)
+            goto done;
+    }
+#endif
+
     ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
     if (ret)
        goto done;
index f4da36de47c1f839f878aed5bd991bfde0a8295d..85c048d02f8274d1bbe5ec974cad0b25933b0c26 100644 (file)
@@ -1,3 +1,39 @@
+2004-02-13  Tom Yu  <tlyu@mit.edu>
+
+       * config/unix.exp (PRIOCNTL_HACK): Use "==" instead of "eq", which
+       is not present in tcl-8.3.
+
+2004-02-12  Tom Yu  <tlyu@mit.edu>
+
+       * config/unix.exp (PRIOCNTL_HACK): Wrap "spawn" to do priocntl
+       things to work around Solaris 9 pty-close bug.
+
+       * Makefile.in (unit-test-client-body, unit-test-server-body): Add
+       PRIOCNTL_HACK.
+
+2003-10-16  Tom Yu  <tlyu@mit.edu>
+
+       * api.1/lock.exp: Work around a race condition in the Solaris 9
+       pty implementation: output sent to a pty slave immediately before
+       last close/exit can get lost on the way to the master.  This is
+       Sun bug #4927647.  The workaround consists of changing the tests
+       to always make lock-test wait to read a character prior to
+       exiting, so any output prior to the "wait" directive will not get
+       lost.
+
+2003-06-02  Ken Raeburn  <raeburn@mit.edu>
+
+       * api.2/init-v2.exp (test117): Update lifetime expected for new
+       defaults.
+
+2003-05-21  Tom Yu  <tlyu@mit.edu>
+
+       * api.0/init.exp (test6, test7): Be slightly more lenient about
+       matching password prompt.
+
+       * api.2/init.exp (test6, test7): Be slightly more lenient about
+       matching password prompt.
+
 2003-01-07  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.ov: Deleted.
index d38362bbad8ae310b2a46d269066623af33701ad..382ac14d1326f8a7afeaff71ebadc58910bdba2f 100644 (file)
@@ -115,14 +115,16 @@ unit-test-client-body: site.exp test-noauth test-destroy test-handle-client
        $(ENV_SETUP) $(RUNTEST) --tool api RPC=1 API=$(CLNTTCL) \
                KINIT=$(BUILDTOP)/clients/kinit/kinit \
                KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
-               KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local $(RUNTESTFLAGS)
+               KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local \
+               PRIOCNTL_HACK=@PRIOCNTL_HACK@ $(RUNTESTFLAGS)
        -mv api.log capi.log
        -mv api.sum capi.sum
 
 unit-test-server-body: site.exp test-handle-server lock-test 
        $(ENV_SETUP) $(RUNTEST) --tool api RPC=0 API=$(SRVTCL) \
                LOCKTEST=./lock-test \
-               KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local $(RUNTESTFLAGS)
+               KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local \
+               PRIOCNTL_HACK=@PRIOCNTL_HACK@ $(RUNTESTFLAGS)
        -mv api.log sapi.log
        -mv api.sum sapi.sum
 
index f232d23d080a741ff61be21882259e18e5b6306d..d39ecce07dd125b0f4806c9872cc4750d54877a0 100644 (file)
@@ -77,7 +77,7 @@ proc test6 {} {
     send "ovsec_kadm_init admin null \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n"
 
     expect {
-       {Enter password:} { }
+       -re "assword\[^\r\n\]*: *" { }
        eof {
                fail "$test: eof instead of password prompt"
                api_exit
@@ -103,7 +103,7 @@ proc test7 {} {
     send "ovsec_kadm_init admin \"\" \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n"
 
     expect {
-       {Enter password:} { }
+       -re "assword\[^\r\n\]*: *" { }
        -re "\n\[^\n\]+key:\[^\n\]*$" { }
        eof {
                fail "$test: eof instead of password prompt"
index e61a28f8d1f0e37fe81c98ba1c598fc2961bb606..6adef59817126808d7b8073ada36762e35abd083 100644 (file)
@@ -137,60 +137,78 @@ proc lock_test_continue {test my_spawn_id test_failed fail_output cont cmds} {
     return {}
 }
 
-lock_test 1 [list \
+set lock1 [lock_test_start 1 [list \
        [list shared    "shared"] \
        [list release   "released"] \
-       [list eof       0]]
+       [list wait      ""] \
+       [list eof       0]]]
+eval lock_test_continue $lock1
 
-lock_test 2 [list \
+set lock2 [lock_test_start 2 [list \
        [list exclusive exclusive] \
        [list release   released] \
-       [list eof       0]]
+       [list wait      ""] \
+       [list eof       0]]]
+eval lock_test_continue $lock2
 
-lock_test 3 [list \
+set lock3 [lock_test_start 5 [list \
        [list permanent permanent] \
        [list release   released] \
-       [list eof       0]]
+       [list wait      ""] \
+       [list eof       0]]]
+eval lock_test_continue $lock3
 
-lock_test 4 [list \
+set lock4 [lock_test_start 4 [list \
        [list release   "Database not locked"] \
-       [list eof       0]]
+       [list wait      ""] \
+       [list eof       0]]]
+eval lock_test_continue $lock4
 
 set lock5 [lock_test_start 5 [list \
        [list shared    shared] \
        [list wait      ""] \
        [list eof       0]]]
-lock_test 5.1 [list \
+set lock5_1 [lock_test_start 5.1 [list \
        [list shared    shared] \
-       [list eof       0]]
+       [list wait      ""] \
+       [list eof       0]]]
+eval lock_test_continue $lock5_1
 eval lock_test_continue $lock5
 
 set lock6 [lock_test_start 6 [list \
        [list exclusive exclusive] \
        [list wait      ""] \
        [list eof       0]]]
-lock_test 6.1 [list \
+set lock6_1 [lock_test_start 6.1 [list \
        [list shared    "Cannot lock database"] \
-       [list eof       0]]
+       [list wait      ""] \
+       [list eof       0]]]
+eval lock_test_continue $lock6_1
 eval lock_test_continue $lock6
 
 set lock7 [lock_test_start 7 [list \
        [list shared    shared] \
        [list wait      ""] \
        [list eof       0]]]
-lock_test 7.1 [list \
+set lock7_1 [lock_test_start 7.1 [list \
        [list exclusive "Cannot lock database"] \
-       [list eof       0]]
+       [list wait      ""] \
+       [list eof       0]]]
+eval lock_test_continue $lock7_1
 eval lock_test_continue $lock7
 
 set lock8 [lock_test_start 8 [list \
        [list permanent permanent] \
        [list wait      ""] \
        [list release   "released" ] \
+       [list wait      ""] \
        [list eof       0]]]
-lock_test 8.1 [list \
+set lock8_1 [lock_test_start 8.1 [list \
        [list "" "administration database lock file missing while opening database" ] \
-       [list eof       1]]
+       [list wait      ""] \
+       [list eof       1]]]
+eval lock_test_continue $lock8_1
+eval set lock8 \[lock_test_continue $lock8\]
 eval lock_test_continue $lock8
 
 set lock9 [lock_test_start 9 [list \
@@ -198,13 +216,17 @@ set lock9 [lock_test_start 9 [list \
        [list release released] \
        [list wait      ""] \
        [list exclusive "database lock file missing while getting exclusive"] \
+       [list wait      ""] \
        [list eof       0]]]
 set lock9_1 [lock_test_start 9.1 [list \
        [list permanent permanent] \
        [list wait      ""] \
        [list release   released] \
+       [list wait      ""] \
        [list eof       0]]]
+eval set lock9 \[lock_test_continue $lock9\]
 eval lock_test_continue $lock9
+eval set lock9_1 \[lock_test_continue $lock9_1\]
 eval lock_test_continue $lock9_1
 
 if {! [file exists $lockfile]} {
@@ -214,10 +236,12 @@ set lock10 [lock_test_start 10 [list \
        [list permanent permanent] \
        [list wait      ""] \
        [list release   released] \
+       [list wait      ""] \
        [list eof       0]]]
 if {[file exists $lockfile]} {
     fail "test 10: lock file exists"
 }
+eval set lock10 \[lock_test_continue $lock10\]
 eval lock_test_continue $lock10
 if {[file exists $lockfile]} {
     pass "test 11: lock file exists"
@@ -229,15 +253,18 @@ set lock12 [lock_test_start 12 [list \
        [list shared    shared] \
        [list wait      ""] \
        [list eof       0]]]
-lock_test 12.1 [list \
+set lock12_1 [lock_test_start 12.1 [list \
        [list "get test-pol"    retrieved] \
-       [list eof       0]]
+       [list wait      ""] \
+       [list eof       0]]]
+eval lock_test_continue $lock12_1
 eval lock_test_continue $lock12
 
 set lock13 [lock_test_start 13 [list \
        [list "get lock13"      "Principal or policy does not exist"] \
        [list wait      ""] \
        [list "get lock13"      retrieved] \
+       [list wait      ""] \
        [list eof       0]]]
 set test13_spawn_id $spawn_id
 # create_policy could call api_exit immediately when it starts up.
@@ -248,6 +275,7 @@ api_start
 create_policy lock13
 set api_spawn_id $spawn_id
 set spawn_id $test13_spawn_id
+eval set lock13 \[lock_test_continue $lock13\]
 eval lock_test_continue $lock13
 set spawn_id $api_spawn_id
 delete_policy lock13
index 58fe1a8b9ae9b580450f6f37cd6f356a2115b369..089300939d28924bcab93c2f46009628d948c224 100644 (file)
@@ -532,10 +532,10 @@ proc test117 {} {
        }
     }
     
-    if {$max_life == 36000} {
+    if {$max_life == 86400} {
        pass "$test"
     } else {
-       fail "$test: max_life $max_life should be 36000"
+       fail "$test: max_life $max_life should be 86400"
     }
 
     if {! [cmd {kadm5_destroy $server_handle}]} {
index a1a2bc5ea567b3325ab2e35733ebeb761816cff2..335f6e04129ca7c06eff1b74b2db65c44c2faa4d 100644 (file)
@@ -80,7 +80,7 @@ proc test6 {} {
     send "kadm5_init admin null \$KADM5_ADMIN_SERVICE null \$KADM5_STRUCT_VERSION \$KADM5_API_VERSION_2 server_handle\n"
 
     expect {
-       {Enter password:} { }
+       -re "assword\[^\r\n\]*:" { }
        eof {
                fail "$test: eof instead of password prompt"
                api_exit
@@ -106,7 +106,7 @@ proc test7 {} {
     send "kadm5_init admin \"\" \$KADM5_ADMIN_SERVICE null \$KADM5_STRUCT_VERSION \$KADM5_API_VERSION_2 server_handle\n"
 
     expect {
-       {Enter password:} { }
+       -re "assword\[^\r\n\]*:" { }
        -re "key:$" { }
        eof {
                fail "$test: eof instead of password prompt"
index 0472789ea153b36704ce0d81a81c77f1aab41b63..a78515f915bc8e0b8a87cdb407f76e54b9558473 100644 (file)
@@ -14,6 +14,44 @@ if {[info exists exp_version_4]} {
        set wait_status_index 3
 }
 
+# Hack around Solaris 9 kernel race condition that causes last output
+# from a pty to get dropped.
+if { $PRIOCNTL_HACK } {
+    catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
+    rename spawn oldspawn
+    proc spawn { args } {
+       upvar 1 spawn_id spawn_id
+       set newargs {}
+       set inflags 1
+       set eatnext 0
+       foreach arg $args {
+           if { $arg == "-ignore" \
+                    || $arg == "-open" \
+                    || $arg == "-leaveopen" } {
+               lappend newargs $arg
+               set eatnext 1
+               continue
+           }
+           if [string match "-*" $arg] {
+               lappend newargs $arg
+               continue
+           }
+           if { $eatnext } {
+               set eatnext 0
+               lappend newargs $arg
+               continue
+           }
+           if { $inflags } {
+               set inflags 0
+               set newargs [concat $newargs {priocntl -e -c FX -p 0}]
+           }
+           lappend newargs $arg
+       }
+       set pid [eval oldspawn $newargs]
+       return $pid
+    }
+}
+
 # Variables for keeping track of api process state
 set api_pid "0"
 
index d685be6d9eb6a43a6c7034d321f87ad3bc8d05ff..87f60aad919f05adfda608b6449d1441d0cc6802 100644 (file)
@@ -1,3 +1,31 @@
+2003-05-22  Ezra Peisach  <epeisach@mit.edu>
+
+       * keytab.c (is_xrealm_tgt): Use strncmp instead of strcmp - as
+       principal and realm name do not need to be null terminated.
+
+2003-04-01  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in: Remove $(SHLIB_DBLIB_DEPS) and related variables.
+       (SHLIB_EXPDEPS): Remove $(SHLIB_DBLIB_DEPS).
+       (SHLIB_EXPLIBS): Change $(DB_LIB) to $(KDB5_DB_LIB).
+       (DBOBJLISTS, STOBJLISTS): Pull in object lists of in-tree libdb so
+       we don't need to install libdb.  Don't do this if building with
+       system libdb, though, since we need to explicitly link against the
+       system libdb in that case.
+
+2003-03-18  Tom Yu  <tlyu@mit.edu>
+
+       * keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype
+       comparison if the requested enctype is a wildcard.
+
+2003-03-16  Sam Hartman  <hartmans@mit.edu>
+
+       * keytab.c (krb5_ktkdb_get_entry):  Match only against the first
+       enctype  for non-cross-realm tickets so we will only accept
+       tickets that the current configuration would have issued.  For
+       cross-realm tickets be liberal and match against the specified
+       enctype. 
+
 2003-03-05  Tom Yu  <tlyu@mit.edu>
 
        * kdb_xdr.c (krb5_dbe_search_enctype): Check for ktype > 0 rather
index ea80b7652566b286e15a810ba82ab8dbdddd92d9..4ca36b0a1c7c04e1cd3274f2bd142c8c03a699e6 100644 (file)
@@ -12,17 +12,20 @@ LIBMAJOR=4
 LIBMINOR=0
 RELDIR=kdb
 # Depends on libk5crypto and libkrb5
-SHLIB_DBLIB_DEPS = $(SHLIB_DBLIB-@DB_VERSION@)
-SHLIB_DBLIB-k5  = $(TOPLIBD)/libdb$(SHLIBEXT)
-SHLIB_DBLIB-sys         = 
 
 SHLIB_EXPDEPS = \
        $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
-       $(TOPLIBD)/libkrb5$(SHLIBEXT) $(SHLIB_DBLIB_DEPS)
-SHLIB_EXPLIBS=-lkrb5 -lcom_err -lk5crypto $(DB_LIB) $(LIBS)
+       $(TOPLIBD)/libkrb5$(SHLIBEXT)
+SHLIB_EXPLIBS=-lkrb5 -lcom_err -lk5crypto $(KDB5_DB_LIB) $(LIBS)
 SHLIB_DIRS=-L$(TOPLIBD)
 SHLIB_RDIRS=$(KRB5_LIBDIR)
 
+DBDIR = $(BUILDTOP)/util/db2
+DBOBJLISTS = $(DBOBJLISTS-@DB_VERSION@)
+DBOBJLISTS-sys =
+DBOBJLISTS-k5 = $(DBDIR)/hash/OBJS.ST $(DBDIR)/btree/OBJS.ST \
+       $(DBDIR)/db/OBJS.ST $(DBDIR)/mpool/OBJS.ST $(DBDIR)/recno/OBJS.ST \
+       $(DBDIR)/clib/OBJS.ST
 
 all:: 
 
@@ -38,7 +41,7 @@ SRCS= \
        $(srcdir)/setup_mkey.c \
        $(srcdir)/store_mkey.c
 
-STOBJLISTS=OBJS.ST
+STOBJLISTS=OBJS.ST $(DBOBJLISTS)
 STLIBOBJS= \
        keytab.o \
        encrypt_key.o \
@@ -77,53 +80,55 @@ clean::
 #
 keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): keytab.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/kdb_kt.h
+  $(SRCTOP)/include/krb5/kdb_kt.h
 encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): encrypt_key.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 decrypt_key.so decrypt_key.po $(OUTPRE)decrypt_key.$(OBJEXT): decrypt_key.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): kdb_cpw.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/adm.h
+  $(SRCTOP)/include/krb5/adm.h
 kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): kdb_db2.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(DB_DEPS) kdb_compat.h \
-  kdb_db2.h
+  $(DB_DEPS) kdb_compat.h kdb_db2.h
 kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): kdb_xdr.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 verify_mky.so verify_mky.po $(OUTPRE)verify_mky.$(OBJEXT): verify_mky.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 fetch_mkey.so fetch_mkey.po $(OUTPRE)fetch_mkey.$(OBJEXT): fetch_mkey.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 setup_mkey.so setup_mkey.po $(OUTPRE)setup_mkey.$(OBJEXT): setup_mkey.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 store_mkey.so store_mkey.po $(OUTPRE)store_mkey.$(OBJEXT): store_mkey.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 
index 6ec375ac2b1edd3ce61c5c3c7c0fb39c18e2f89f..5db382cc25c686ab522a15718cdc9d74f9b502b9 100644 (file)
  * or implied warranty.
  * 
  */
+#include <string.h>
 
 #include "k5-int.h"
 #include "kdb_kt.h"
 
+static int
+is_xrealm_tgt(krb5_context, krb5_const_principal);
+
 krb5_error_code krb5_ktkdb_close (krb5_context, krb5_keytab);
 
 krb5_error_code krb5_ktkdb_get_entry (krb5_context, krb5_keytab, krb5_const_principal,
@@ -116,6 +120,8 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
     krb5_db_entry        db_entry;
     krb5_boolean         more = 0;
     int                  n = 0;
+    int xrealm_tgt = is_xrealm_tgt(context, principal);
+    int similar;
 
     if (ktkdb_ctx)
        context = ktkdb_ctx;
@@ -150,16 +156,33 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
     if (kerror)
        goto error;
 
+    /* For cross realm tgts, we match whatever enctype is provided;
+     * for other principals, we only match the first enctype that is
+     * found.  Since the TGS and AS code do the same thing, then we
+     * will only successfully decrypt  tickets we have issued.*/
     kerror = krb5_dbe_find_enctype(context, &db_entry,
-                                  enctype, -1, kvno, &key_data);
+                                  xrealm_tgt?enctype:-1,
+                                  -1, kvno, &key_data);
     if (kerror)
        goto error;
 
+
     kerror = krb5_dbekd_decrypt_key_data(context, master_key,
                                         key_data, &entry->key, NULL);
     if (kerror)
        goto error;
 
+    if (enctype > 0) { 
+       kerror = krb5_c_enctype_compare(context, enctype,
+                                       entry->key.enctype, &similar);
+       if (kerror)
+           goto error;
+
+       if (!similar) {
+           kerror = KRB5_KDB_NO_PERMITTED_KEY;
+           goto error;
+       }
+    }
     /*
      * Coerce the enctype of the output keyblock in case we got an
      * inexact match on the enctype.
@@ -176,3 +199,27 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
     krb5_db_close_database(context);
     return(kerror);
 }
+
+/*
+ * is_xrealm_tgt: Returns true if the principal is a cross-realm  TGT
+ * principal-- a principal with first component  krbtgt and second
+ * component not equal to realm.
+ */
+static int
+is_xrealm_tgt(krb5_context context, krb5_const_principal princ)
+{
+    krb5_data *dat;
+    if (krb5_princ_size(context, princ) != 2)
+       return 0;
+    dat = krb5_princ_component(context, princ, 0);
+    if (strncmp("krbtgt", dat->data, dat->length) != 0)
+       return 0;
+    dat = krb5_princ_component(context, princ, 1);
+    if (dat->length != princ->realm.length)
+       return 1;
+    if (strncmp(dat->data, princ->realm.data, dat->length) == 0)
+       return 0;
+    return 1;
+
+}
+
index 9c53ca17ba11ad82b81a3310cd26de45b3c34808..084283176e880b2618220189ba861be1eb19333e 100644 (file)
@@ -1,3 +1,132 @@
+2003-08-15  Alexandra Ellwood  <lxs@mit.edu>
+
+        * mk_auth.c: krb_check_auth clears the return value for the 
+        schedule parameter with a memset.  This prevents callers 
+        from using the key schedule, which breaks code.
+
+2003-08-06  Alexandra Ellwood  <lxs@mit.edu>
+
+        * configure.in: Don't assume all darwin boxes are powerpc.
+        (eg: OpenDarwin/x86).
+
+2003-07-11  Alexandra Ellwood  <lxs@mit.edu>
+
+        * RealmsConfig-glue.c: Check for NULL realm argument and n
+        not equal to 1.  Fill in realm with an empty string on error 
+        in case the caller doesn't check the return value.
+
+2003-07-11  Alexandra Ellwood  <lxs@mit.edu>
+
+        * RealmsConfig-glue.c: Don't fail when krb5.conf is valid
+        and krb.conf isn't.  Also, don't assert v4 realm is in profile
+        unless that realm is a valid v4 realm.
+
+2003-07-07  Alexandra Ellwood  <lxs@mit.edu>
+
+        * RealmsConfig-glue.c: krb_prof_get_nth() no longer assumes that
+        its retlen argument is correct (call strcpy instead of strncpy)
+        because this argument is a guess for some callers 
+        (eg: krb_get_admhst())
+
+2003-06-11  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in (KRB_ERR_C): New variable; Darwin needs err_txt.o to
+       have a dependency on krb_err.c so that krb_err.c will be generated
+       first.
+
+       * configure.in: Set KRB_ERR_C to krb_err.c on Darwin.
+
+2003-06-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * RealmsConfig-glue.c (krb_get_krbhst): Don't fall back to DNS if
+       entries were found in krb.conf, and just not enough to fill the
+       request.
+
+2003-06-06  Ken Raeburn  <raeburn@mit.edu>
+
+       * RealmsConfig-glue.c: Include k5-int.h.
+       (dnscache): New variable.
+       (DNS_CACHE_TIMEOUT): New macro.
+       (krb_get_krbhst) [KRB5_DNS_LOOKUP]: If no krb.conf info is found,
+       try DNS SRV records for "kerberos-iv".  Cache results in case
+       they're immediately requested again.
+
+2003-06-06  Tom Yu  <tlyu@mit.edu>
+
+       * g_cnffile.c (krb__get_srvtabname): Make retname be a static
+       array rather than a static pointer, to avoid callers' possible
+       retention of free()d pointers.  Yes, this may cause difficulty
+       with making this function thread-safe.
+
+2003-06-04  Tom Yu  <tlyu@mit.edu>
+
+       * password_to_key.c (mit_passwd_to_key, afs_passwd_to_key): Delete
+       spurious space from prompt.
+
+2003-06-03  Ken Raeburn  <raeburn@mit.edu>
+
+       * RealmsConfig-glue.c (get_krbhst_default): Deleted.
+       (krb_get_krbhst): Don't call it.
+
+2003-06-03  Sam Hartman  <hartmans@mit.edu>
+
+       * g_pw_in_tkt.c (passwd_to_key): Fix password prompt
+
+       * password_to_key.c (mit_passwd_to_key): Fix password prompt
+       (afs_passwd_to_key): Fix password prompt
+
+       * g_in_tkt.c (krb_get_in_tkt_preauth_creds): Keep copy of
+       ciphertext while trying different keyprocs 
+
+2003-06-02  Tom Yu  <tlyu@mit.edu>
+
+       * change_password.c (krb_change_password): Explicitly zero the
+       session key.  Zero the key derived from the new password.
+
+       * mk_req.c (krb_mk_req): Explicitly zero the session key.
+       (krb_mk_req_creds_prealm): Don't zero the session key, in case the
+       caller wants to make use of it.
+
+2003-05-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * lifetime.c (krb_life_to_time, krb_time_to_life): Rewrite to use
+       support functions in the krb5 library via krb5int_accessor.  Moved
+       old implementation into krb5 library.
+
+2003-05-12  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in: Add setting of KRB_ERR on Windows.
+
+2003-05-11  Sam Hartman  <hartmans@mit.edu>
+
+       * Makefile.in: Build krb_err.c when appropriate.
+
+       * configure.in: Set KRB_ERR to be the object file generated by
+       krb_err.c on non-Darwin
+
+       * err_txt.c :  Don't include krb_err.c on non-Darwin UNIX.  Doing
+       so may break with some compile_et implementations.  Also not
+       included on Windows.
+
+2003-05-01  Alexandra Ellwood  <lxs@mit.edu>
+ ÊÊ
+    * kadm_stream.c: Fixed vts_long() and vts_short() so they return a
+    pointer to the beginning of the memory they allocate and place 
+    their data at the end of the buffer which was passed in.
+
+2003-04-15  Alexandra Ellwood  <lxs@mit.edu>
+ ÊÊ
+    * g_ad_tkt.c: accidentally checked a non-space character into
+    the USE_LOGIN_LIBRARY part of get_ad_tkt so it doesn't build
+    on the Mac.  Oops.
+    
+2003-04-14  Alexandra Ellwood  <lxs@mit.edu>
+ ÊÊ
+    * g_ad_tkt.c: Added support for login library to get_ad_tkt.
+    Support is copied from Mac Kerberos4 library and conditionalized
+    for USE_LOGIN_LIBRARY to avoid changing get_ad_tkt's behavior for
+    non-Kerberos Login Library builds.
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
 
     * CCache-glue.c: Added prototypes for deprecated functions.
index 0a8ecff3e2f9bb8f356db2512859edbecffdd290..572a3ad0f1d28bfaeaeac327f37f4c170995953d 100644 (file)
@@ -29,6 +29,12 @@ SHLIB_DIRS=-L$(TOPLIBD)
 SHLIB_RDIRS=$(KRB5_LIBDIR)
 
 EHDRDIR=$(BUILDTOP)$(S)include$(S)kerberosIV
+KRB_ERR=@KRB_ERR@
+##DOS##KRB_ERR=$(OUTPRE)krb_err.$(OBJEXT)
+
+# Name of generated krb_err.c, needed for err_txt.* dependency on Darwin.
+KRB_ERR_C=@KRB_ERR_C@
+##DOS##KRB_ERR_C=
 
 OBJS   = \
        $(OUTPRE)change_password.$(OBJEXT) \
@@ -72,7 +78,7 @@ OBJS  = \
        $(OUTPRE)rd_preauth.$(OBJEXT) \
        $(OUTPRE)mk_preauth.$(OBJEXT) \
        $(OSOBJS) $(CACHEOBJS) $(SETENVOBJS) $(STRCASEOBJS) $(SHMOBJS) \
-       $(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS)
+       $(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS) $(KRB_ERR)
 
 SRCS = \
        change_password.c \
@@ -217,7 +223,7 @@ krb_err_txt.c: krb_err.et $(srcdir)$(S)et_errtxt.awk
 # Will be empty on Darwin, krb_err_txt.c elsewhere.
 KRB_ERR_TXT=@KRB_ERR_TXT@
 ##DOS##KRB_ERR_TXT=krb_err_txt.c
-err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(KRB_ERR_TXT)
+err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(KRB_ERR_C) $(KRB_ERR_TXT)
 
 depend-dependencies: krb_err.h $(EHDRDIR)$(S)krb_err.h \
        kadm_err.h $(EHDRDIR)$(S)kadm_err.h \
@@ -335,11 +341,14 @@ kname_parse.so kname_parse.po $(OUTPRE)kname_parse.$(OBJEXT): kname_parse.c $(SR
 err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  krb_err.c
+  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
 lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): lifetime.c $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
-  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h
 g_in_tkt.so g_in_tkt.po $(OUTPRE)g_in_tkt.$(OBJEXT): g_in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h \
@@ -409,9 +418,10 @@ send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): send_to_kdc.c $(SR
   $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \
   $(SRCTOP)/include/kerberosIV/prot.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/kdb.h krb4int.h
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/krb5/kdb.h \
+  krb4int.h
 stime.so stime.po $(OUTPRE)stime.$(OBJEXT): stime.c $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h \
@@ -434,9 +444,9 @@ tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): tf_util.c $(SRCTOP)/include/ke
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  krb4int.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h krb4int.h
 dest_tkt.so dest_tkt.po $(OUTPRE)dest_tkt.$(OBJEXT): dest_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \
@@ -489,9 +499,9 @@ rd_svc_key.so rd_svc_key.po $(OUTPRE)rd_svc_key.$(OBJEXT): rd_svc_key.c $(SRCTOP
   $(KRB_ERR_H_DEP) $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
   krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb54proto.h \
-  $(SRCTOP)/include/kerberosIV/prot.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+  $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/kerberosIV/prot.h
 cr_err_repl.so cr_err_repl.po $(OUTPRE)cr_err_repl.$(OBJEXT): cr_err_repl.c $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
@@ -538,12 +548,14 @@ g_cnffile.so g_cnffile.po $(OUTPRE)g_cnffile.$(OBJEXT): g_cnffile.c $(SRCTOP)/in
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  krb4int.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h krb4int.h
 RealmsConfig-glue.so RealmsConfig-glue.po $(OUTPRE)RealmsConfig-glue.$(OBJEXT): RealmsConfig-glue.c \
   $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 
index 52437ee9855b9c9fd03d41cadf37733b8bd40363..0635284c05b54d4b63c92c59b1d801c751e8bd9c 100644 (file)
@@ -37,6 +37,7 @@
 #include "profile.h"
 #include "krb.h"
 #include "krb4int.h"
+#include "k5-int.h"            /* for accessor, addrlist stuff */
 #include "port-sockets.h"
 
 #define KRB5_PRIVATE 1
@@ -142,10 +143,11 @@ krb_prof_get_nth(
     }
     if (result == KSUCCESS) {
        /* Return error rather than truncating. */
+       /* Don't strncpy because retlen is a guess for some callers */
        if (strlen(value) >= retlen)
            result = KFAILURE;
        else
-           strncpy(ret, value, retlen);
+           strcpy(ret, value);
     }
 cleanup:
     if (name != NULL)
@@ -188,76 +190,112 @@ krb_get_lrealm(
     char       *realm,
     int                n)
 {
-    long       profErr = 0;
-    char       *realmString = NULL;
-    char       *realmStringV4 = NULL;
-    profile_t  profile = NULL;
-    int                result;
-    FILE       *cnffile = NULL;
-    char       scratch[SCRATCHSZ];
-
-    if (n != 1 || realm == NULL)
-       return KFAILURE;
+    int         result = KSUCCESS;
+    profile_t   profile = NULL;
+    char       *profileDefaultRealm = NULL;
+    char      **profileV4Realms = NULL;
+    int         profileHasDefaultRealm = 0;
+    int         profileDefaultRealmIsV4RealmInProfile = 0;
+    char        krbConfLocalRealm[REALM_SZ];
+    int         krbConfHasLocalRealm = 0;
 
-    result = KFAILURE;         /* Start out with failure. */
-
-    profErr = krb_get_profile(&profile);
-    if (profErr)
-       goto cleanup;
+    if ((realm == NULL) || (n != 1)) { result = KFAILURE; }
 
-    profErr = profile_get_string(profile, REALMS_V4_PROF_LIBDEFAULTS_SECTION,
-                                REALMS_V4_DEFAULT_REALM, NULL, NULL,
-                                &realmString);
-    if (profErr || realmString == NULL)
-       goto cleanup;
+    if (result == KSUCCESS) {
+        /* Some callers don't check the return value so we initialize
+         * to an empty string in case it never gets filled in. */
+        realm [0] = '\0';  
+    }
+    
+    if (result == KSUCCESS) {
+        int profileErr = krb_get_profile (&profile);
+
+        if (!profileErr) {
+            /* Get the default realm from the profile */
+            profileErr = profile_get_string(profile, REALMS_V4_PROF_LIBDEFAULTS_SECTION,
+                                            REALMS_V4_DEFAULT_REALM, NULL, NULL,
+                                            &profileDefaultRealm);
+            if (profileDefaultRealm == NULL) { profileErr = KFAILURE; }
+        }
+
+        if (!profileErr) {
+            /* If there is an equivalent v4 realm to the default realm, use that instead */
+            char *profileV4EquivalentRealm = NULL;
+
+            if (profile_get_string (profile, "realms", profileDefaultRealm, "v4_realm", NULL,
+                                    &profileV4EquivalentRealm) == 0 &&
+                profileV4EquivalentRealm != NULL) {
+
+                profile_release_string (profileDefaultRealm);
+                profileDefaultRealm = profileV4EquivalentRealm;
+            }
+        }
+
+        if (!profileErr) {
+            if (strlen (profileDefaultRealm) < REALM_SZ) {
+                profileHasDefaultRealm = 1;  /* a reasonable default realm */
+            } else {
+                profileErr = KFAILURE;
+            }
+        }
+
+        if (!profileErr) {
+            /* Walk through the v4 realms list looking for the default realm */
+            const char *profileV4RealmsList[] = { REALMS_V4_PROF_REALMS_SECTION, NULL };
+
+            if (profile_get_subsection_names (profile, profileV4RealmsList,
+                                              &profileV4Realms) == 0 &&
+                profileV4Realms != NULL) {
+
+                char **profileRealm;
+                for (profileRealm = profileV4Realms; *profileRealm != NULL; profileRealm++) {
+                    if (strcmp (*profileRealm, profileDefaultRealm) == 0) {
+                        /* default realm is a v4 realm */
+                        profileDefaultRealmIsV4RealmInProfile = 1;
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    
+    if (result == KSUCCESS) {
+        /* Try to get old-style config file lookup for fallback. */
+        FILE   *cnffile = NULL;
+        char   scratch[SCRATCHSZ];
+
+        cnffile = krb__get_cnffile();
+        if (cnffile != NULL) {
+            if (fscanf(cnffile, SCNSCRATCH, scratch) == 1) {
+                if (strlen(scratch) < REALM_SZ) {
+                    strncpy(krbConfLocalRealm, scratch, REALM_SZ);
+                    krbConfHasLocalRealm = 1;
+                }
+            }
+            fclose(cnffile);
+        }
+    }
 
-    if (strlen(realmString) >= REALM_SZ)
-       goto cleanup;
-    strncpy(realm, realmString, REALM_SZ);
-    /*
-     * Step 2: the default realm is actually v5 realm, so we have to
-     * check for the case where v4 and v5 realms are different.
-     */
-    profErr = profile_get_string(profile, "realms", realm, "v4_realm",
-                                NULL, &realmStringV4);
-    if (profErr || realmStringV4 == NULL)
-       goto cleanup;
+    if (result == KSUCCESS) {
+        /*
+         * We want to favor the profile value over the krb.conf value
+         * but not stop suppporting its use with a v5-only profile. 
+         * So we only use the krb.conf realm when the default profile
+         * realm doesn't exist in the v4 realm section of the profile.
+         */
+        if (krbConfHasLocalRealm && !profileDefaultRealmIsV4RealmInProfile) {
+            strncpy (realm, krbConfLocalRealm, REALM_SZ);
+        } else if (profileHasDefaultRealm) {
+            strncpy (realm, profileDefaultRealm, REALM_SZ);
+        } else {
+            result = KFAILURE;  /* No default realm */
+        }
+    }
 
-    if (strlen(realmStringV4) >= REALM_SZ)
-       goto cleanup;
-    strncpy(realm, realmStringV4, REALM_SZ);
-    result = KSUCCESS;
-cleanup:
-    if (realmString != NULL)
-       profile_release_string(realmString);
-    if (realmStringV4 != NULL)
-       profile_release_string(realmStringV4);
-    if (profile != NULL)
-       profile_abandon(profile);
+    if (profileDefaultRealm != NULL) { profile_release_string (profileDefaultRealm); }
+    if (profileV4Realms     != NULL) { profile_free_list (profileV4Realms); }
+    if (profile             != NULL) { profile_abandon (profile); }
 
-    if (result == KSUCCESS)
-       return result;
-    /*
-     * Do old-style config file lookup.
-     */
-    do {
-       cnffile = krb__get_cnffile();
-       if (cnffile == NULL)
-           break;
-       if (fscanf(cnffile, SCNSCRATCH, scratch) == 1) {
-           if (strlen(scratch) >= REALM_SZ)
-               result = KFAILURE;
-           else {
-               strncpy(realm, scratch, REALM_SZ);
-               result = KSUCCESS;
-           }
-       }
-       fclose(cnffile);
-    } while (0);
-    if (result == KFAILURE && strlen(KRB_REALM) < REALM_SZ) {
-       strncpy(realm, KRB_REALM, REALM_SZ);
-       result = KSUCCESS;
-    }
     return result;
 }
 
@@ -359,23 +397,6 @@ krb_get_kpasswdhst(
                            REALMS_V4_PROF_KPASSWD_KDC);
 }
 
-static int
-get_krbhst_default(h, r, n)
-    char *h;
-    char *r;
-    int n;
-{
-    if (n != 1)
-       return KFAILURE;
-    if (strlen(KRB_HOST) + 1 + strlen(r) >= MAXHOSTNAMELEN)
-       return KFAILURE;
-    /* KRB_HOST.REALM (ie. kerberos.CYGNUS.COM) */
-    strcpy(h, KRB_HOST);
-    strcat(h, ".");
-    strcat(h, r);
-    return KSUCCESS;
-}
-
 /*
  * Realm, index -> KDC mapping
  *
@@ -411,6 +432,15 @@ get_krbhst_default(h, r, n)
  * kerberos.  In the long run, this functionality will be provided by a
  * nameserver.
  */
+#ifdef KRB5_DNS_LOOKUP
+static struct {
+    time_t when;
+    char realm[REALM_SZ+1];
+    struct srv_dns_entry *srv;
+} dnscache = { 0, { 0 }, 0 };
+#define DNS_CACHE_TIMEOUT      60 /* seconds */
+#endif
+
 int KRB5_CALLCONV
 krb_get_krbhst(
     char       *host,
@@ -423,10 +453,36 @@ krb_get_krbhst(
     char       linebuf[BUFSIZ];
     char       tr[SCRATCHSZ];
     char       scratch[SCRATCHSZ];
+#ifdef KRB5_DNS_LOOKUP
+    time_t now;
+#endif
 
     if (n < 1 || host == NULL || realm == NULL)
        return KFAILURE;
 
+#ifdef KRB5_DNS_LOOKUP
+    /* We'll only have this realm's info in the DNS cache if there is
+       no data in the local config files.
+
+       XXX The files could've been updated in the last few seconds.
+       Do we care?  */
+    if (!strncmp(dnscache.realm, realm, REALM_SZ)
+       && (time(&now), abs(dnscache.when - now) < DNS_CACHE_TIMEOUT)) {
+       struct srv_dns_entry *entry;
+
+    get_from_dnscache:
+       /* n starts at 1, addrs indices run 0..naddrs */
+       for (i = 1, entry = dnscache.srv; i < n && entry; i++)
+           entry = entry->next;
+       if (entry == NULL)
+           return KFAILURE;
+       if (strlen(entry->host) + 6 >= MAXHOSTNAMELEN)
+           return KFAILURE;
+       sprintf(host, "%s:%d", entry->host, entry->port);
+       return KSUCCESS;
+    }
+#endif
+
     result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n,
                              REALMS_V4_PROF_REALMS_SECTION,
                              REALMS_V4_PROF_KDC);
@@ -461,14 +517,43 @@ krb_get_krbhst(
                i++;
        }
        fclose(cnffile);
-       if (result == KSUCCESS && strlen(scratch) < MAXHOSTNAMELEN)
+       if (result == KSUCCESS && strlen(scratch) < MAXHOSTNAMELEN) {
            strcpy(host, scratch);
-       else
-           result = KFAILURE;
+           return KSUCCESS;
+       }
+       if (i > 0)
+           /* Found some, but not as many as requested.  */
+           return KFAILURE;
     } while (0);
-    if (result == KFAILURE)
-       result = get_krbhst_default(host, realm, n);
-    return result;
+#ifdef KRB5_DNS_LOOKUP
+    do {
+       krb5int_access k5;
+       krb5_error_code err;
+       krb5_data realmdat;
+       struct srv_dns_entry *srv;
+
+       err = krb5int_accessor(&k5, KRB5INT_ACCESS_VERSION);
+       if (err)
+           break;
+
+       realmdat.data = realm;
+       realmdat.length = strlen(realm);
+       err = k5.make_srv_query_realm(&realmdat, "_kerberos-iv", "_udp", &srv);
+       if (err)
+           break;
+
+       if (srv == 0)
+           break;
+
+       if (dnscache.srv)
+           k5.free_srv_dns_data(dnscache.srv);
+       dnscache.srv = srv;
+       strncpy(dnscache.realm, realm, REALM_SZ);
+       dnscache.when = now;
+       goto get_from_dnscache;
+    } while (0);
+#endif
+    return KFAILURE;
 }
 
 /*
index a6e4d7b2916b47f183698fccb7f2c184e47b5574..7c3bcd01d0cc365002cf8487fc71f266bce80249 100644 (file)
@@ -100,6 +100,7 @@ krb_change_password(char *principal, char *instance, char *realm,
     p = key;
     KRB4_GET32BE(tempKey, p);
     sendSize += vts_long(tempKey, &sendStream, (int)sendSize);
+    tempKey = 0;
 
     if (newPassword) {
        sendSize += vts_string(newPassword, &sendStream, (int)sendSize);
@@ -120,5 +121,7 @@ disconnect:
     kadm_cli_disconn(&client_parm);
 
 cleanup:
+    memset(&client_parm.creds.session, 0, sizeof(client_parm.creds.session));
+    memset(&key, 0, sizeof(key));
     return err;
 }
index 87aeebccf927fe7e1369f122ea86ab7f0ebc5ceb..d4286567b4329d24f5a04ba52b7e5b6df6e63d11 100644 (file)
@@ -3,14 +3,20 @@ CONFIG_RULES
 AC_TYPE_MODE_T
 AC_TYPE_UID_T
 case $krb5_cv_host in
-     powerpc-apple-darwin*)
+     *-apple-darwin*)
      KRB_ERR_TXT=
+     KRB_ERR=
+     KRB_ERR_C=krb_err.c
      ;;
      *)
+     KRB_ERR='$(OUTPRE)krb_err.$(OBJEXT)'
      KRB_ERR_TXT=krb_err_txt.c
+     KRB_ERR_C=
      ;;
 esac
 AC_SUBST([KRB_ERR_TXT])
+AC_SUBST([KRB_ERR])
+AC_SUBST([KRB_ERR_C])
 AC_PROG_AWK
 KRB5_BUILD_LIBOBJS
 KRB5_BUILD_LIBRARY_WITH_DEPS
index 9d942a071cd82d60abcf84124a7e3a4dc9c62b5b..a7a290c947a327fddaf76c684ec0bbba4d2d243a 100644 (file)
  * This is gross.  We want krb_err_txt to match the contents of the
  * com_err error table, but the text is static in krb_err.c.  We can't
  * alias it by making a pointer to it, either, so we have to suck in
- * another copy of it that is named differently.  Also, to avoid
- * multiple registrations of the error table, we want to override
- * initialize_krb_error_table() in case someone decides to call it.
- */
+ * another copy of it that is named differently.   */
+#if TARGET_OS_MAC
 #undef initialize_krb_error_table
 #define initialize_krb_error_table     krb4int_init_krb_err_tbl
 void krb4int_init_krb_err_tbl(void);
 #include "krb_err.c"
 #undef initialize_krb_error_table
 
-#if TARGET_OS_MAC
 /*
  * Depends on the name of the static table generated by compile_et,
  * but since this is only on Darwin, where we will always use a
@@ -68,12 +65,6 @@ krb4int_et_init(void)
     inited = 1;\
 }
 
-void
-initialize_krb_error_table(void)
-{
-    krb4int_et_init();
-}
-
 void
 krb4int_et_fini(void)
 {
index daae7515fbbe13acabc90df6f14936bf4101abfd..353fdcee5ee844e6191a7f947431b60a0f13e4ea 100644 (file)
@@ -256,6 +256,15 @@ get_ad_tkt(service, sinstance, realm, lifetime)
     size_t snamelen, sinstlen;
 
     kerror = krb_get_tf_realm(TKT_FILE, lrealm);
+#if USE_LOGIN_LIBRARY
+    if (kerror == GC_NOTKT) {
+        /* No tickets... call krb_get_cred (KLL will prompt) and try again. */
+        if ((kerror = krb_get_cred ("krbtgt", realm, realm, &cr)) == KSUCCESS) {
+            /* Now get the realm again. */
+            kerror = krb_get_tf_realm (TKT_FILE, lrealm);
+        }
+    }
+#endif
     if (kerror != KSUCCESS)
        return kerror;
 
index 8d61f50565aaef7576489682d057d10b288b7ad0..dd5ed5c60d3cd272329e328334280979f5dbd573 100644 (file)
@@ -56,7 +56,7 @@ krb__get_srvtabname(default_srvtabname)
        const char* names[3];
        char **full_name = 0, **cpp;
        krb5_error_code retval;
-       static char *retname;
+       static char retname[MAXPATHLEN];
 
        if (!krb5__krb4_context)
                krb5_init_context(&krb5__krb4_context);
@@ -67,18 +67,16 @@ krb__get_srvtabname(default_srvtabname)
            retval = profile_get_values(krb5__krb4_context->profile, names, 
                                        &full_name);
            if (retval == 0 && full_name && full_name[0]) {
-               if (retname != NULL)
-                   free(retname);
-               retname = strdup(full_name[0]);
+               retname[0] = '\0';
+               strncat(retname, full_name[0], sizeof(retname));
                for (cpp = full_name; *cpp; cpp++) 
                    krb5_xfree(*cpp);
                krb5_xfree(full_name);
                return retname;
            }
        }
-       if (retname != NULL)
-           free(retname);
-       retname = strdup(default_srvtabname);
+       retname[0] = '\0';
+       strncat(retname, default_srvtabname, sizeof(retname));
        return retname;
 }
 
index 4d5286a98ba981454033e6472952f77522b0a3d8..58a91b00df92591227a85bee218449f3773a2b93 100644 (file)
@@ -424,6 +424,9 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
     /* Attempt to decrypt the reply.  Loop trying password_to_key algorithms 
        until we succeed or we get an error other than "bad password" */
     do {
+       KTEXT_ST cip_copy_st;
+       memcpy(&cip_copy_st, &cip_st, sizeof(cip_st));
+       cip = &cip_copy_st;
         if (decrypt_proc == NULL) {
             decrypt_tkt (user, instance, realm, arg, keyprocs[i], &cip);
         } else {
@@ -432,6 +435,7 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
         kerror = krb_parse_in_tkt_creds(user, instance, realm,
                     service, sinstance, life, cip, byteorder, creds);
     } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW));
+    cip = &cip_st;
 
     /* Fill in the local address if the caller wants it */
     if (laddrp != NULL) {
index 494a05951b618d570b64a2ee5ca75b558ab5fa6e..d68781857c3bc54f2ee6da020ae0d3fdb77c0d14 100644 (file)
@@ -79,7 +79,7 @@ passwd_to_key(user,instance,realm,passwd,key)
     if (passwd)
         string_to_key(passwd, key);
     else {
-        des_read_password((des_cblock *)key, "Password", 0);
+        des_read_password((des_cblock *)key, "Password", 0);
     }
 #endif /* NOENCRYPTION */
 #endif /* unix */
index 3a9861eda46e0d9f39318a510c336870a1d0a68c..dc9fef1107378a2e80932a2451ac0e9b9af10e79 100644 (file)
@@ -129,8 +129,11 @@ vts_short(KRB_UINT32 dat, u_char **st, int loc)
     if (p == NULL)
        return -1;
 
+    *st = p; /* KRB4_PUT32BE will modify p */
+
+    p += loc; /* place bytes at the end */
     KRB4_PUT16BE(p, dat);
-    *st = p;
+
     return 2;
 }
 
@@ -145,8 +148,11 @@ vts_long(KRB_UINT32 dat, u_char **st, int loc)
     if (p == NULL)
        return -1;
 
+    *st = p; /* KRB4_PUT32BE will modify p */
+
+    p += loc; /* place bytes at the end */
     KRB4_PUT32BE(p, dat);
-    *st = p;
+
     return 4;
 }
 
index b43ed4523622d2cdf1064d9fc0eaf3425f13b6a7..826e090df171d70fa56219ae9b8243d0b2f2123f 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000, 2001 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
  */
 
 #include "krb.h"
-
-/*
- * Only lifetime bytes values less than 128 are on a linear scale.
- * The following table contains an exponential scale that covers the
- * lifetime values 128 to 191 inclusive (a total of 64 values).
- * Values greater than 191 get interpreted the same as 191, but they
- * will never be generated by the functions in this file.
- *
- * The ratio is approximately 1.069144898 (actually exactly
- * exp(log(67.5)/63), where 67.5 = 2592000/38400, and 259200 = 30
- * days, and 38400 = 128*5 minutes.  This allows a lifetime byte of
- * 191 to correspond to a ticket life of exactly 30 days and a
- * lifetime byte of 128 to correspond to exactly 128*5 minutes, with
- * the other values spread on an exponential curve fit in between
- * them.  This table should correspond exactly to the set of extended
- * ticket lifetime values used by AFS and CMU.
- *
- * The following awk script is sufficient to reproduce the table:
- * BEGIN {
- *     r = exp(log(2592000/38400)/63);
- *     x = 38400;
- *     for (i=0;i<64;i++) {
- *         printf("%d\n",x+0.5);
- *         x *= r;
- *     }
- * }
- */
-#ifndef SHORT_LIFETIME
-#define NLIFETIMES 64
-static const KRB4_32 lifetimes[NLIFETIMES] = {
-    38400, 41055,              /* 00:10:40:00, 00:11:24:15 */
-    43894, 46929,              /* 00:12:11:34, 00:13:02:09 */
-    50174, 53643,              /* 00:13:56:14, 00:14:54:03 */
-    57352, 61318,              /* 00:15:55:52, 00:17:01:58 */
-    65558, 70091,              /* 00:18:12:38, 00:19:28:11 */
-    74937, 80119,              /* 00:20:48:57, 00:22:15:19 */
-    85658, 91581,              /* 00:23:47:38, 01:01:26:21 */
-    97914, 104684,             /* 01:03:11:54, 01:05:04:44 */
-    111922, 119661,            /* 01:07:05:22, 01:09:14:21 */
-    127935, 136781,            /* 01:11:32:15, 01:13:59:41 */
-    146239, 156350,            /* 01:16:37:19, 01:19:25:50 */
-    167161, 178720,            /* 01:22:26:01, 02:01:38:40 */
-    191077, 204289,            /* 02:05:04:37, 02:08:44:49 */
-    218415, 233517,            /* 02:12:40:15, 02:16:51:57 */
-    249664, 266926,            /* 02:21:21:04, 03:02:08:46 */
-    285383, 305116,            /* 03:07:16:23, 03:12:45:16 */
-    326213, 348769,            /* 03:18:36:53, 04:00:52:49 */
-    372885, 398668,            /* 04:07:34:45, 04:14:44:28 */
-    426234, 455705,            /* 04:22:23:54, 05:06:35:05 */
-    487215, 520904,            /* 05:15:20:15, 06:00:41:44 */
-    556921, 595430,            /* 06:10:42:01, 06:21:23:50 */
-    636601, 680618,            /* 07:08:50:01, 07:21:03:38 */
-    727680, 777995,            /* 08:10:08:00, 09:00:06:35 */
-    831789, 889303,            /* 09:15:03:09, 10:07:01:43 */
-    950794, 1016537,           /* 11:00:06:34, 11:18:22:17 */
-    1086825, 1161973,          /* 12:13:53:45, 13:10:46:13 */
-    1242318, 1328218,          /* 14:09:05:18, 15:08:56:58 */
-    1420057, 1518247,          /* 16:10:27:37, 17:13:44:07 */
-    1623226, 1735464,          /* 18:18:53:46, 20:02:04:24 */
-    1855462, 1983758,          /* 21:11:24:22, 22:23:02:38 */
-    2120925, 2267576,          /* 24:13:08:45, 26:05:52:56 */
-    2424367, 2592000           /* 28:01:26:07, 30:00:00:00 */
-};
-#define MINFIXED 0x80
-#define MAXFIXED (MINFIXED + NLIFETIMES - 1)
-#endif /* !SHORT_LIFETIME */
+#include "k5-int.h"
 
 /*
  * krb_life_to_time
@@ -100,17 +35,12 @@ static const KRB4_32 lifetimes[NLIFETIMES] = {
 KRB4_32 KRB5_CALLCONV
 krb_life_to_time(KRB4_32 start, int life)
 {
-    if (life < 0 || life > 255)        /* possibly sign botch in caller */
+    krb5int_access k5internals;
+
+    if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION)
+       || k5internals.krb_life_to_time == NULL)
        return start;
-#ifndef SHORT_LIFETIME
-    if (life < MINFIXED)
-       return start + life * 5 * 60;
-    if (life > MAXFIXED)
-       return start + lifetimes[NLIFETIMES - 1];
-    return start + lifetimes[life - MINFIXED];
-#else  /* SHORT_LIFETIME */
-    return start + life * 5 * 60;
-#endif /* SHORT_LIFETIME */
+    return k5internals.krb_life_to_time(start, life);
 }
 
 /*
@@ -123,27 +53,10 @@ krb_life_to_time(KRB4_32 start, int life)
 int KRB5_CALLCONV
 krb_time_to_life(KRB4_32 start, KRB4_32 end)
 {
-    KRB4_32 dt;
-#ifndef SHORT_LIFETIME
-    int i;
-#endif
+    krb5int_access k5internals;
 
-    dt = end - start;
-    if (dt <= 0)
+    if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION)
+       || k5internals.krb_time_to_life == NULL)
        return 0;
-#ifndef SHORT_LIFETIME
-    if (dt < lifetimes[0])
-       return (dt + 5 * 60 - 1) / (5 * 60);
-    /* This depends on the array being ordered. */
-    for (i = 0; i < NLIFETIMES; i++) {
-       if (lifetimes[i] >= dt)
-           return i + MINFIXED;
-    }
-    return MAXFIXED;
-#else  /* SHORT_LIFETIME */
-    if (dt > 5 * 60 * 255)
-       return 255;
-    else
-       return (dt + 5 * 60 - 1) / (5 * 60);
-#endif /* SHORT_LIFETIME */
+    return k5internals.krb_time_to_life(start, end);
 }
index 9159ce177b559e35e2d2a9bc41d69769b1028704..cf85ea2f87c8a07e6071a9c331f9ed7416a5d5a8 100644 (file)
@@ -230,7 +230,6 @@ krb_check_auth (buf, checksum, msg_data, session, schedule, laddr, faddr)
        return KFAILURE;
     cc = krb_rd_priv(buf->dat, (unsigned KRB4_32)buf->length, schedule,
                     (C_Block *)session, faddr, laddr, msg_data);
-    memset(schedule, 0, sizeof(schedule));
     if (cc)
        return cc;
 
index 698d2c2ad75449f5922f99a63b5b3189659b04f0..3066f43d71d33e38445afa08a9a165aa52293cfc 100644 (file)
@@ -114,7 +114,6 @@ krb_mk_req_creds_prealm(authent, creds, checksum, myrealm)
                                + 1 + 1 + ticket->length)
        || ticket->length < 0 || ticket->length > 255) {
        authent->length = 0;
-       memset(creds->session, 0, sizeof(creds->session));
        return KFAILURE;
     }
 
@@ -150,7 +149,6 @@ krb_mk_req_creds_prealm(authent, creds, checksum, myrealm)
     myrealmlen = strlen(myrealm) + 1;
     if (sizeof(req_id->dat) / 8 < (pnamelen + pinstlen + myrealmlen
                                   + 4 + 1 + 4 + 7) / 8) {
-       memset(creds->session, 0, sizeof(creds->session));
        return KFAILURE;
     }
 
@@ -185,7 +183,6 @@ krb_mk_req_creds_prealm(authent, creds, checksum, myrealm)
                  (long)req_id->length, key_s, &creds->session, 1);
     /* clean up */
     memset(key_s, 0, sizeof(key_s));
-    memset(creds->session, 0, sizeof(creds->session));
 #endif /* NOENCRYPTION */
 
     /* Copy it into the authenticator */
@@ -252,7 +249,9 @@ krb_mk_req(authent, service, instance, realm, checksum)
     if (retval != KSUCCESS)
        return retval;
 
-    return krb_mk_req_creds_prealm(authent, &creds, checksum, myrealm);
+    retval = krb_mk_req_creds_prealm(authent, &creds, checksum, myrealm);
+    memset(&creds.session, 0, sizeof(creds.session));
+    return retval;
 }
 
 int KRB5_CALLCONV
index 56b5f8e04dad0b85d880463af9cefb57f6ab7ae8..c6e60d98cdafc296015a53cca112a11252819b0e 100644 (file)
@@ -90,7 +90,7 @@ mit_passwd_to_key(
         des_string_to_key(passwd, key);
     } else {
 #if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY))
-        des_read_password((des_cblock *)key, "Password", 0);
+        des_read_password((des_cblock *)key, "Password", 0);
 #else
         return (-1);
 #endif
@@ -143,7 +143,7 @@ afs_passwd_to_key(
         afs_string_to_key(passwd, realm, key);
     } else {
 #if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY))
-        des_read_password((des_cblock *)key, "Password", 0);
+        des_read_password((des_cblock *)key, "Password", 0);
 #else
         return (-1);
 #endif
index d5a3c33f5fd1b30c17f976f6a3acf57717d0448e..11814cebdb460b70d7013e89c9e4f4692b48ddd6 100644 (file)
@@ -54,3 +54,33 @@ EXPORTS
 ;      kstream_destroy
 ;      kstream_set_buffer_mode
        krb_in_tkt
+
+; Added to match exports from KfM
+    krb_change_password
+    decomp_ticket
+    krb_err_txt
+    ;krb_ad_tkt
+    krb_get_in_tkt
+    krb_get_in_tkt_creds
+    krb_get_pw_in_tkt_creds
+    ;krb_pw_tkt
+    k_isrealm
+    k_isinst
+    k_isname
+    kname_unparse
+    ;kuserok
+    krb_set_lifetime
+    krb_rd_req_int
+    krb_sendauth
+    ;tkt_string
+    krb_set_tkt_string
+    krb_get_num_cred
+    krb_get_nth_cred
+    krb_delete_cred
+    dest_all_tkts
+    krb_get_profile 
+    ;FSp_krb_get_svc_in_tkt
+    ;FSp_put_svc_key
+    ;FSp_read_service_key
+    krb_time_to_life
+    krb_life_to_time
index dc5c7b9df25d3008a493bd73b446ab16fed6bb16..96efb5628e202645c361c4ab3719d3e56aa52d24 100644 (file)
@@ -130,8 +130,8 @@ install-unix:: install-libs
 # Makefile dependencies follow.  This must be the last section in
 # the Makefile.in file
 #
-krb5_libinit.so krb5_libinit.po $(OUTPRE)krb5_libinit.$(OBJEXT): krb5_libinit.c $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(BUILDTOP)/include/krb5_err.h $(BUILDTOP)/include/kv5m_err.h \
-  $(BUILDTOP)/include/asn1_err.h $(BUILDTOP)/include/kdb5_err.h \
-  krb5_libinit.h
+krb5_libinit.so krb5_libinit.po $(OUTPRE)krb5_libinit.$(OBJEXT): krb5_libinit.c $(COM_ERR_DEPS) \
+  $(BUILDTOP)/include/krb5.h $(BUILDTOP)/include/krb5_err.h \
+  $(BUILDTOP)/include/kv5m_err.h $(BUILDTOP)/include/asn1_err.h \
+  $(BUILDTOP)/include/kdb5_err.h krb5_libinit.h
 
index b1ff161c4f61e1b529eee24cde6fd89bb4cbc8d3..18e4c073d80426be013512eb8faf7c946825c7ac 100644 (file)
@@ -1,3 +1,103 @@
+2003-10-08  Tom Yu  <tlyu@mit.edu>
+
+       * asn1_k_encode.c (asn1_encode_krb_saved_safe_body): New function;
+       kludge to insert a raw pre-encoded KRB-SAFE-BODY.
+
+       * asn1_k_encode.h (asn1_encode_krb_saved_safe_body): Add
+       prototype.
+
+       * krb5_decode.c (decode_krb5_safe_with_body): New function; saves
+       a copy of the encoding of the KRB-SAFE-BODY to avoid problems
+       caused by re-encoding it during verification.
+
+       * krb5_encode.c (encode_krb5_safe_with_body): New function;
+       re-encode a KRB-SAFE using a saved KRB-SAFE-BODY encoding, to
+       avoid trouble with re-encoding a KRB-SAFE-BODY.
+
+2003-07-22  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * asn1_k_decode.c (asn1_decode_etype_info2_entry_1_3): Decoder for
+       the broken 1.3 ASN.1 behavior for  etype_info2; see bug 1681.
+
+       * asn1_k_decode.h (asn1_decode_etype_info2): Add v1_3_behavior
+       flag for parsing the broken 1.3 behavior  of using an octetString
+       instead of generalString
+
+       * asn1_k_decode.c (asn1_decode_etype_info2_entry):  Expect etype_info2 as generalstring not octetstring
+
+2003-06-20  Sam Hartman  <hartmans@mit.edu>
+
+       * asn1_k_decode.h (asn1_decode_etype_info2): Prototype.  Also
+       deleted prototype for asn1_decode_etype_info_entry as that is not
+       used outside asn1_k_decode.c
+
+       * krb5_decode.c (decode_krb5_etype_info2): Call etype_info2 decoder
+
+       * asn1_k_decode.c (asn1_decode_etype_info_entry): Split out
+       etype_info2 and etype_info decoder  so we ignore tag 2 in the
+       heimdal encoder
+       (asn1_decode_etype_info2): new function
+
+2003-05-23  Sam Hartman  <hartmans@mit.edu>
+
+       * asn1_k_decode.c (asn1_decode_etype_info_entry): Fix logic error
+       that incorrectly set up s2kparams.data 
+
+2003-05-20  Ezra Peisach  <epeisach@bu.edu>
+
+       * asn1_k_encode.c (asn1_encode_krb_safe_body): Use
+       asn1_encode_unsigned_integer for sequence number.
+
+       * asn1_k_decode.c (asn1_decode_krb_safe_body): Use
+       asn1_decode_seqnum to decode sequence number.
+       
+
+2003-05-18  Tom Yu  <tlyu@mit.edu>
+
+       * asn1_decode.c (asn1_decode_maybe_unsigned): New function; decode
+       negative 32-bit numbers into positive unsigned numbers for the
+       sake of backwards compatibility with old code.
+
+       * asn1_decode.h: Add prototype for asn1_decode_maybe_unsigned.
+
+       * asn1_k_decode.c (asn1_decode_seqnum): New function; wrapper
+       around asn1_decode_maybe_unsigned.
+
+       * asn1_k_decode.h: Add prototype for asn1_decode_seqnum.
+
+       * krb5_decode.c (decode_krb5_authenticator) 
+       (decode_krb5_ap_rep_enc_part, decode_krb5_enc_priv_part): Sequence
+       numbers are now unsigned.  Use asn1_decode_seqnum to handle
+       backwards compat with negative sequence numbers.
+
+       * krb5_encode.c (encode_krb5_authenticator) 
+       (encode_krb5_ap_rep_enc_part, encode_krb5_enc_priv_part): Sequence
+       numbers are now unsigned.
+
+2003-05-06  Sam Hartman  <hartmans@mit.edu>
+
+       * krb5_decode.c (decode_krb5_etype_info2): New function; currently
+       the same code as decode_krb5_etype_info.  This means that we can
+       manage to accept s2kparams in etype_info which is wrong but
+       probably harmless.
+
+       * asn1_k_decode.c (asn1_decode_etype_info_entry): Add etype_info2
+       support 
+
+       * asn1_k_encode.c (asn1_encode_etype_info_entry):  Add support for
+       etype-info2 
+
+       * krb5_encode.c (encode_krb5_etype_info2): New function
+
+2003-04-15  Sam Hartman  <hartmans@mit.edu>
+
+       * krb5_encode.c (encode_krb5_setpw_req): new function
+
+2003-04-13  Ezra Peisach  <epeisach@mit.edu>
+
+       * asn1_k_decode.c (asn1_decode_kdc_req_body): Fix memory leak if
+       optional server field is lacking,
+
 2003-03-11  Ken Raeburn  <raeburn@mit.edu>
 
        * asn1_get.c (asn1_get_tag): Deleted.
index 6757046cb05f31cdfa96c9a078e6fc50e0d813ef..8de97f0e4a398c42aca9fd85345ecd826da29d5d 100644 (file)
@@ -61,61 +61,66 @@ clean-unix:: clean-libobjs
 #
 asn1_decode.so asn1_decode.po $(OUTPRE)asn1_decode.$(OBJEXT): asn1_decode.c asn1_decode.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  krbasn1.h asn1buf.h asn1_get.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h krbasn1.h asn1buf.h asn1_get.h
 asn1_k_decode.so asn1_k_decode.po $(OUTPRE)asn1_k_decode.$(OBJEXT): asn1_k_decode.c asn1_k_decode.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  krbasn1.h asn1buf.h asn1_decode.h asn1_get.h asn1_misc.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h krbasn1.h asn1buf.h asn1_decode.h \
+  asn1_get.h asn1_misc.h
 asn1_encode.so asn1_encode.po $(OUTPRE)asn1_encode.$(OBJEXT): asn1_encode.c asn1_encode.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  krbasn1.h asn1buf.h asn1_make.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h krbasn1.h asn1buf.h asn1_make.h
 asn1_get.so asn1_get.po $(OUTPRE)asn1_get.$(OBJEXT): asn1_get.c asn1_get.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  krbasn1.h asn1buf.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h krbasn1.h asn1buf.h
 asn1_make.so asn1_make.po $(OUTPRE)asn1_make.$(OBJEXT): asn1_make.c asn1_make.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  krbasn1.h asn1buf.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h krbasn1.h asn1buf.h
 asn1buf.so asn1buf.po $(OUTPRE)asn1buf.$(OBJEXT): asn1buf.c asn1buf.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h krbasn1.h asn1_get.h
+  krbasn1.h asn1_get.h
 krb5_decode.so krb5_decode.po $(OUTPRE)krb5_decode.$(OBJEXT): krb5_decode.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) krbasn1.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  asn1_k_decode.h asn1buf.h asn1_decode.h asn1_get.h
+  $(SRCTOP)/include/krb5/kdb.h asn1_k_decode.h asn1buf.h \
+  asn1_decode.h asn1_get.h
 krb5_encode.so krb5_encode.po $(OUTPRE)krb5_encode.$(OBJEXT): krb5_encode.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) asn1_k_encode.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  asn1buf.h krbasn1.h asn1_encode.h asn1_make.h
+  $(SRCTOP)/include/krb5/kdb.h asn1buf.h krbasn1.h asn1_encode.h \
+  asn1_make.h
 asn1_k_encode.so asn1_k_encode.po $(OUTPRE)asn1_k_encode.$(OBJEXT): asn1_k_encode.c asn1_k_encode.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  asn1buf.h krbasn1.h asn1_make.h asn1_encode.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h asn1buf.h krbasn1.h asn1_make.h \
+  asn1_encode.h
 asn1_misc.so asn1_misc.po $(OUTPRE)asn1_misc.$(OBJEXT): asn1_misc.c asn1_misc.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  krbasn1.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h krbasn1.h
 
index 56904c5eea1b29a1ec35a24da0fe97f53179b03b..65863202aab129da693849ae44ca0b4f91a7b64e 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * src/lib/krb5/asn.1/asn1_decode.c
  * 
- * Copyright 1994 by the Massachusetts Institute of Technology.
+ * Copyright 1994, 2003 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -106,6 +106,50 @@ asn1_error_code asn1_decode_unsigned_integer(asn1buf *buf, long unsigned int *va
   cleanup();
 }
 
+/*
+ * asn1_decode_maybe_unsigned
+ *
+ * This is needed because older releases of MIT krb5 have signed
+ * sequence numbers.  We want to accept both signed and unsigned
+ * sequence numbers, in the range -2^31..2^32-1, mapping negative
+ * numbers into their positive equivalents in the same way that C's
+ * normal integer conversions do, i.e., would preserve bits on a
+ * two's-complement architecture.
+ */
+asn1_error_code asn1_decode_maybe_unsigned(asn1buf *buf, unsigned long *val)
+{
+  setup();
+  asn1_octet o;
+  unsigned long n, bitsremain;
+  unsigned int i;
+
+  tag(ASN1_INTEGER);
+  o = 0;
+  n = 0;
+  bitsremain = ~0UL;
+  for (i = 0; i < length; i++) {
+    /* Accounts for u_long width not being a multiple of 8. */
+    if (bitsremain < 0xff) return ASN1_OVERFLOW;
+    retval = asn1buf_remove_octet(buf, &o);
+    if (retval) return retval;
+    if (bitsremain == ~0UL) {
+      if (i == 0)
+       n = (o & 0x80) ? ~0UL : 0UL; /* grab sign bit */
+      /*
+       * Skip leading zero or 0xFF octets to humor non-compliant encoders.
+       */
+      if (n == 0 && o == 0)
+       continue;
+      if (n == ~0UL && o == 0xff)
+       continue;
+    }
+    n = (n << 8) | o;
+    bitsremain >>= 8;
+  }
+  *val = n;
+  cleanup();
+}
+
 asn1_error_code asn1_decode_oid(asn1buf *buf, unsigned int *retlen, asn1_octet **val)
 {
   setup();
index 449a589003b72e97236a8dbdfa99629b10d3210d..cafbf3fd34846e49a997f8bebbfc651c852103ff 100644 (file)
@@ -62,6 +62,8 @@ asn1_error_code asn1_decode_integer
        (asn1buf *buf, long *val);
 asn1_error_code asn1_decode_unsigned_integer
        (asn1buf *buf, unsigned long *val);
+asn1_error_code asn1_decode_maybe_unsigned
+       (asn1buf *buf, unsigned long *val);
 asn1_error_code asn1_decode_null
        (asn1buf *buf);
 
index c64ebb84e025ccc0ad967678a80f350a89ab5356..3ffb701fe4d12e5969b1b4d099291c0c84e5b1fd 100644 (file)
@@ -320,6 +320,17 @@ integer_convert(asn1_decode_authdatatype,krb5_authdatatype)
 unsigned_integer_convert(asn1_decode_ui_2,krb5_ui_2)
 unsigned_integer_convert(asn1_decode_ui_4,krb5_ui_4)
 
+asn1_error_code asn1_decode_seqnum(asn1buf *buf, krb5_ui_4 *val)
+{
+  asn1_error_code retval;
+  unsigned long n;
+
+  retval = asn1_decode_maybe_unsigned(buf, &n);
+  if (retval) return retval;
+  *val = (krb5_ui_4)n & 0xffffffff;
+  return 0;
+}
+
 asn1_error_code asn1_decode_msgtype(asn1buf *buf, krb5_msgtype *val)
 {
   asn1_error_code retval;
@@ -541,7 +552,9 @@ asn1_error_code asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val)
 asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val)
 {
   setup();
-  { begin_structure();
+  { 
+    krb5_principal psave;
+    begin_structure();
     get_field(val->kdc_options,0,asn1_decode_kdc_options);
     if(tagnum == 1){ alloc_field(val->client,krb5_principal_data); }
     opt_field(val->client,1,asn1_decode_principal_name,NULL);
@@ -550,7 +563,19 @@ asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val)
     if(val->client != NULL){
       retval = asn1_krb5_realm_copy(val->client,val->server);
       if(retval) return retval; }
+
+    /* If opt_field server is missing, memory reference to server is
+       lost and results in memory leak */
+    psave = val->server;
     opt_field(val->server,3,asn1_decode_principal_name,NULL);
+    if(val->server == NULL){
+      if(psave->realm.data) {
+       free(psave->realm.data);
+       psave->realm.data = NULL;
+       psave->realm.length=0;
+      }
+      free(psave);
+    }
     opt_field(val->from,4,asn1_decode_kerberos_time,0);
     get_field(val->till,5,asn1_decode_kerberos_time);
     opt_field(val->rtime,6,asn1_decode_kerberos_time,0);
@@ -580,7 +605,7 @@ asn1_error_code asn1_decode_krb_safe_body(asn1buf *buf, krb5_safe *val)
     get_lenfield(val->user_data.length,val->user_data.data,0,asn1_decode_charstring);
     opt_field(val->timestamp,1,asn1_decode_kerberos_time,0);
     opt_field(val->usec,2,asn1_decode_int32,0);
-    opt_field(val->seq_number,3,asn1_decode_int32,0);
+    opt_field(val->seq_number,3,asn1_decode_seqnum,0);
     alloc_field(val->s_address,krb5_address);
     get_field(*(val->s_address),4,asn1_decode_host_address);
     if(tagnum == 5){
@@ -782,7 +807,33 @@ asn1_error_code asn1_decode_sequence_of_checksum(asn1buf *buf, krb5_checksum ***
   decode_array_body(krb5_checksum, asn1_decode_checksum);
 }
 
-asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry *val)
+static asn1_error_code asn1_decode_etype_info2_entry(asn1buf *buf, krb5_etype_info_entry *val )
+{
+  setup();
+  { begin_structure();
+    get_field(val->etype,0,asn1_decode_enctype);
+    if (tagnum == 1) {
+           get_lenfield(val->length,val->salt,1,asn1_decode_generalstring);
+    } else {
+           val->length = KRB5_ETYPE_NO_SALT;
+           val->salt = 0;
+    }
+    if ( tagnum ==2) {
+      krb5_octet *params ;
+      get_lenfield( val->s2kparams.length, params,
+                     2, asn1_decode_octetstring);
+      val->s2kparams.data = ( char *) params;
+    } else {
+       val->s2kparams.data = NULL;
+       val->s2kparams.length = 0;
+    }
+    end_structure();
+    val->magic = KV5M_ETYPE_INFO_ENTRY;
+  }
+  cleanup();
+}
+
+static asn1_error_code asn1_decode_etype_info2_entry_1_3(asn1buf *buf, krb5_etype_info_entry *val )
 {
   setup();
   { begin_structure();
@@ -793,17 +844,59 @@ asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry
            val->length = KRB5_ETYPE_NO_SALT;
            val->salt = 0;
     }
+    if ( tagnum ==2) {
+      krb5_octet *params ;
+      get_lenfield( val->s2kparams.length, params,
+                     2, asn1_decode_octetstring);
+      val->s2kparams.data = ( char *) params;
+    } else {
+       val->s2kparams.data = NULL;
+       val->s2kparams.length = 0;
+    }
     end_structure();
     val->magic = KV5M_ETYPE_INFO_ENTRY;
   }
   cleanup();
 }
 
-asn1_error_code asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***val)
+
+static asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry *val )
+{
+  setup();
+  { begin_structure();
+    get_field(val->etype,0,asn1_decode_enctype);
+    if (tagnum == 1) {
+           get_lenfield(val->length,val->salt,1,asn1_decode_octetstring);
+    } else {
+           val->length = KRB5_ETYPE_NO_SALT;
+           val->salt = 0;
+    }
+    val->s2kparams.data = NULL;
+    val->s2kparams.length = 0;
+    
+    end_structure();
+    val->magic = KV5M_ETYPE_INFO_ENTRY;
+  }
+  cleanup();
+}
+
+asn1_error_code asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***val )
 {
   decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info_entry);
 }
 
+asn1_error_code asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***val ,
+                                       krb5_boolean v1_3_behavior)
+{
+    if (v1_3_behavior) {
+       decode_array_body(krb5_etype_info_entry,
+                         asn1_decode_etype_info2_entry_1_3);
+    } else {
+       decode_array_body(krb5_etype_info_entry,
+                         asn1_decode_etype_info2_entry);
+    }
+}
+
 asn1_error_code asn1_decode_passwdsequence(asn1buf *buf, passwd_phrase_element *val)
 {
   setup();
index 8f8b0bcffe98451f81bf52d465688ff2c26a351d..1852e762f7a397743fea3b0583224a56b69a85b2 100644 (file)
@@ -89,6 +89,8 @@ asn1_error_code asn1_decode_ui_2
        (asn1buf *buf, krb5_ui_2 *val);
 asn1_error_code asn1_decode_ui_4
        (asn1buf *buf, krb5_ui_4 *val);
+asn1_error_code asn1_decode_seqnum
+       (asn1buf *buf, krb5_ui_4 *val);
 asn1_error_code asn1_decode_kerberos_time
        (asn1buf *buf, krb5_timestamp *val);
 asn1_error_code asn1_decode_sam_flags
@@ -185,6 +187,8 @@ asn1_error_code asn1_decode_sequence_of_passwdsequence
 
 asn1_error_code asn1_decode_etype_info
        (asn1buf *buf, krb5_etype_info_entry ***val);
+asn1_error_code asn1_decode_etype_info2
+       (asn1buf *buf, krb5_etype_info_entry ***val, krb5_boolean v1_3_behavior);
 
 
 #endif
index 9226f7ca2493ee0ea5c4efefb09d2b232100d1ba..00cfab0322f9a6a8b69fb38f1e80fcf7fcfef80d 100644 (file)
@@ -27,6 +27,7 @@
 #include "asn1_k_encode.h"
 #include "asn1_make.h"
 #include "asn1_encode.h"
+#include <assert.h>
 
 /**** asn1 macros ****/
 #if 0
@@ -643,7 +644,7 @@ asn1_error_code asn1_encode_krb_safe_body(asn1buf *buf, const krb5_safe *val, un
     asn1_addfield(val->r_address,5,asn1_encode_host_address);
   asn1_addfield(val->s_address,4,asn1_encode_host_address);
   if(val->seq_number)
-    asn1_addfield(val->seq_number,3,asn1_encode_integer);
+    asn1_addfield(val->seq_number,3,asn1_encode_unsigned_integer);
   if(val->timestamp){
     asn1_addfield(val->usec,2,asn1_encode_integer);
     asn1_addfield(val->timestamp,1,asn1_encode_kerberos_time);
@@ -708,24 +709,33 @@ asn1_error_code asn1_encode_krb_cred_info(asn1buf *buf, const krb5_cred_info *va
   asn1_cleanup();
 }
 
-asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info_entry *val, unsigned int *retlen)
+asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info_entry *val,
+                                            unsigned int *retlen, int etype_info2)
 {
   asn1_setup();
 
+  assert(val->s2kparams.data == NULL || etype_info2);
   if(val == NULL || (val->length > 0 && val->length != KRB5_ETYPE_NO_SALT &&
                     val->salt == NULL))
      return ASN1_MISSING_FIELD;
-
-  if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT)
+  if(val->s2kparams.data != NULL)
+      asn1_addlenfield(val->s2kparams.length, val->s2kparams.data, 2,
+                      asn1_encode_octetstring);
+  if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT){
+      if (etype_info2)
          asn1_addlenfield(val->length,val->salt,1,
-                          asn1_encode_octetstring);
-  asn1_addfield(val->etype,0,asn1_encode_integer);
+                          asn1_encode_generalstring)
+      else       asn1_addlenfield(val->length,val->salt,1,
+                                  asn1_encode_octetstring);
+  }
+asn1_addfield(val->etype,0,asn1_encode_integer);
   asn1_makeseq();
 
   asn1_cleanup();
 }
 
-asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry **val, unsigned int *retlen)
+asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry **val,
+                                      unsigned int *retlen, int etype_info2)
 {
     asn1_setup();
     int i;
@@ -734,7 +744,7 @@ asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry
   
     for(i=0; val[i] != NULL; i++); /* get to the end of the array */
     for(i--; i>=0; i--){
-       retval = asn1_encode_etype_info_entry(buf,val[i],&length);
+       retval = asn1_encode_etype_info_entry(buf,val[i],&length, etype_info2);
        if(retval) return retval;
        sum += length;
     }
@@ -932,3 +942,20 @@ asn1_error_code asn1_encode_predicted_sam_response(asn1buf *buf, const krb5_pred
 
   asn1_cleanup();
 }
+
+/*
+ * Do some ugliness to insert a raw pre-encoded KRB-SAFE-BODY.
+ */
+asn1_error_code asn1_encode_krb_saved_safe_body(asn1buf *buf, const krb5_data *body, unsigned int *retlen)
+{
+  asn1_error_code retval;
+
+  retval = asn1buf_insert_octetstring(buf, body->length,
+                                     (krb5_octet *)body->data);
+  if (retval){
+    asn1buf_destroy(&buf);
+    return retval; 
+  }
+  *retlen = body->length;
+  return 0;
+}
index 5914e0981795815b4b1f0fc90560d8c2d4b2ecee..caa46c570cb98a0c7e1cc65264d4431452593393 100644 (file)
@@ -219,11 +219,11 @@ asn1_error_code asn1_encode_alt_method
 
 asn1_error_code asn1_encode_etype_info_entry
        (asn1buf *buf, const krb5_etype_info_entry *val,
-                  unsigned int *retlen);
+                  unsigned int *retlen, int etype_info2);
 
 asn1_error_code asn1_encode_etype_info
        (asn1buf *buf, const krb5_etype_info_entry **val,
-                  unsigned int *retlen);
+                  unsigned int *retlen, int etype_info2);
 
 asn1_error_code asn1_encode_passwdsequence
        (asn1buf *buf, const passwd_phrase_element *val, unsigned int *retlen);
@@ -266,4 +266,7 @@ asn1_error_code asn1_encode_predicted_sam_response
        (asn1buf *buf, const krb5_predicted_sam_response *val, 
                   unsigned int *retlen);
 
+asn1_error_code asn1_encode_krb_saved_safe_body
+       (asn1buf *buf, const krb5_data *body, unsigned int *retlen);
+
 #endif
index 03a30295b82ddfa7ccbaa0b3f9e2c4d949640c21..596997fe953ff060bc2cef3bd3273912ac7b70bf 100644 (file)
@@ -90,6 +90,7 @@ if((var) == NULL) clean_return(ENOMEM)
   construction = t2.construction;              \
   tagnum = t2.tagnum;                          \
   indef = t2.indef;                            \
+  taglen = t2.length;                          \
 }
 
 #define get_eoc()                                              \
@@ -107,6 +108,7 @@ if((var) == NULL) clean_return(ENOMEM)
 
 /* decode sequence header and initialize tagnum with the first field */
 #define begin_structure()\
+unsigned int taglen;\
 asn1buf subbuf;\
 int seqindef;\
 int indef;\
@@ -219,7 +221,7 @@ krb5_error_code decode_krb5_authenticator(const krb5_data *code, krb5_authentica
     get_field((*rep)->ctime,5,asn1_decode_kerberos_time);
     if(tagnum == 6){ alloc_field((*rep)->subkey,krb5_keyblock); }
     opt_field(*((*rep)->subkey),6,asn1_decode_encryption_key);
-    opt_field((*rep)->seq_number,7,asn1_decode_int32);
+    opt_field((*rep)->seq_number,7,asn1_decode_seqnum);
     opt_field((*rep)->authorization_data,8,asn1_decode_authorization_data);
     (*rep)->magic = KV5M_AUTHENTICATOR;
     end_structure();
@@ -440,7 +442,7 @@ krb5_error_code decode_krb5_ap_rep_enc_part(const krb5_data *code, krb5_ap_rep_e
     get_field((*rep)->cusec,1,asn1_decode_int32);
     if(tagnum == 2){ alloc_field((*rep)->subkey,krb5_keyblock); }
     opt_field(*((*rep)->subkey),2,asn1_decode_encryption_key);
-    opt_field((*rep)->seq_number,3,asn1_decode_int32);
+    opt_field((*rep)->seq_number,3,asn1_decode_seqnum);
     end_structure();
     (*rep)->magic = KV5M_AP_REP_ENC_PART;
   }
@@ -494,8 +496,26 @@ krb5_error_code decode_krb5_kdc_req_body(const krb5_data *code, krb5_kdc_req **r
   cleanup(free);
 }
 
-krb5_error_code decode_krb5_safe(const krb5_data *code, krb5_safe **rep)
+/*
+ * decode_krb5_safe_with_body
+ *
+ * Like decode_krb5_safe(), but grabs the encoding of the
+ * KRB-SAFE-BODY as well, in case re-encoding would produce a
+ * different encoding.  (Yes, we're using DER, but there's this
+ * annoying problem with pre-1.3.x code using signed sequence numbers,
+ * which we permissively decode and cram into unsigned 32-bit numbers.
+ * When they're re-encoded, they're no longer negative if they started
+ * out negative, so checksum verification fails.)
+ *
+ * This does *not* perform any copying; the returned pointer to the
+ * encoded KRB-SAFE-BODY points into the input buffer.
+ */
+krb5_error_code decode_krb5_safe_with_body(
+  const krb5_data *code,
+  krb5_safe **rep,
+  krb5_data *body)
 {
+  krb5_data tmpbody;
   setup();
   alloc_field(*rep,krb5_safe);
   clear_field(rep,checksum);
@@ -511,12 +531,26 @@ krb5_error_code decode_krb5_safe(const krb5_data *code, krb5_safe **rep)
       if(msg_type != KRB5_SAFE) clean_return(KRB5_BADMSGTYPE);
 #endif
     }
+    /*
+     * Gross kludge to extract pointer to encoded safe-body.  Relies
+     * on tag prefetch done by next_tag().  Don't handle indefinite
+     * encoding, as it's too much work.
+     */
+    if (!indef) {
+      tmpbody.length = taglen;
+      tmpbody.data = subbuf.next;
+    } else {
+      tmpbody.length = 0;
+      tmpbody.data = NULL;
+    }
     get_field(**rep,2,asn1_decode_krb_safe_body);
     alloc_field((*rep)->checksum,krb5_checksum);
     get_field(*((*rep)->checksum),3,asn1_decode_checksum);
   (*rep)->magic = KV5M_SAFE;
     end_structure();
   }
+  if (body != NULL)
+    *body = tmpbody;
   cleanup_manual();
 error_out:
   if (rep && *rep) {
@@ -526,6 +560,11 @@ error_out:
   return retval;
 }
 
+krb5_error_code decode_krb5_safe(const krb5_data *code, krb5_safe **rep)
+{
+  return decode_krb5_safe_with_body(code, rep, NULL);
+}
+
 krb5_error_code decode_krb5_priv(const krb5_data *code, krb5_priv **rep)
 {
   setup();
@@ -561,7 +600,7 @@ krb5_error_code decode_krb5_enc_priv_part(const krb5_data *code, krb5_priv_enc_p
     get_lenfield((*rep)->user_data.length,(*rep)->user_data.data,0,asn1_decode_charstring);
     opt_field((*rep)->timestamp,1,asn1_decode_kerberos_time);
     opt_field((*rep)->usec,2,asn1_decode_int32);
-    opt_field((*rep)->seq_number,3,asn1_decode_int32);
+    opt_field((*rep)->seq_number,3,asn1_decode_seqnum);
     alloc_field((*rep)->s_address,krb5_address);
     get_field(*((*rep)->s_address),4,asn1_decode_host_address);
     if(tagnum == 5){ alloc_field((*rep)->r_address,krb5_address); }
@@ -744,6 +783,21 @@ krb5_error_code decode_krb5_etype_info(const krb5_data *code, krb5_etype_info_en
   cleanup_none();              /* we're not allocating anything here */
 }
 
+krb5_error_code decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_entry ***rep)
+{
+    setup_buf_only();
+    *rep = 0;
+    retval = asn1_decode_etype_info2(&buf,rep, 0);
+    if (retval == ASN1_BAD_ID) {
+       retval = asn1buf_wrap_data(&buf,code);
+       if(retval) clean_return(retval);
+       retval = asn1_decode_etype_info2(&buf, rep, 1);
+    }
+    if(retval) clean_return(retval);
+    cleanup_none();            /* we're not allocating anything here */
+}
+
+
 krb5_error_code decode_krb5_enc_data(const krb5_data *code, krb5_enc_data **rep)
 {
   setup_buf_only();
index 2a4f7bb14089dea251fade673403adcc4a31b350..ecdfa18787a3a883de1089337a1cc8f31ae88796 100644 (file)
@@ -166,7 +166,7 @@ krb5_error_code encode_krb5_authenticator(const krb5_authenticator *rep, krb5_da
 
   /* seq-number[7]             INTEGER OPTIONAL */
   if(rep->seq_number != 0)
-    krb5_addfield(rep->seq_number,7,asn1_encode_integer);
+    krb5_addfield(rep->seq_number,7,asn1_encode_unsigned_integer);
 
   /* subkey[6]                 EncryptionKey OPTIONAL */
   if(rep->subkey != NULL)
@@ -305,6 +305,7 @@ krb5_error_code encode_krb5_enc_kdc_rep_part(const krb5_enc_kdc_rep_part *rep, k
 #ifdef KRB5_ENCKRB5KDCREPPART_COMPAT
   krb5_apptag(26);
 #else
+  /* XXX WRONG!!! Should use 25 || 26, not the outer KDC_REP tags! */
   if (rep->msg_type == KRB5_AS_REP) { krb5_apptag(ASN1_KRB_AS_REP); }
   else if (rep->msg_type == KRB5_TGS_REP) { krb5_apptag(ASN1_KRB_TGS_REP); }
   else return KRB5_BADMSGTYPE;
@@ -395,7 +396,7 @@ krb5_error_code encode_krb5_ap_rep_enc_part(const krb5_ap_rep_enc_part *rep, krb
 
   /* seq-number[3]     INTEGER OPTIONAL */
   if(rep->seq_number)
-    krb5_addfield(rep->seq_number,3,asn1_encode_integer);
+    krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer);
 
   /* subkey[2]         EncryptionKey OPTIONAL */
   if(rep->subkey != NULL)
@@ -477,6 +478,43 @@ krb5_error_code encode_krb5_safe(const krb5_safe *rep, krb5_data **code)
   krb5_cleanup();
 }
 
+/*
+ * encode_krb5_safe_with_body
+ *
+ * Like encode_krb5_safe(), except takes a saved KRB-SAFE-BODY
+ * encoding to avoid problems with re-encoding.
+ */
+krb5_error_code encode_krb5_safe_with_body(
+  const krb5_safe *rep,
+  const krb5_data *body,
+  krb5_data **code)
+{
+  krb5_setup();
+
+  if (body == NULL) {
+      asn1buf_destroy(&buf);
+      return ASN1_MISSING_FIELD;
+  }
+
+  /* cksum[3]          Checksum */
+  krb5_addfield(rep->checksum,3,asn1_encode_checksum);
+
+  /* safe-body[2]      KRB-SAFE-BODY */
+  krb5_addfield(body,2,asn1_encode_krb_saved_safe_body);
+
+  /* msg-type[1]       INTEGER */
+  krb5_addfield(ASN1_KRB_SAFE,1,asn1_encode_integer);
+
+  /* pvno[0]           INTEGER */
+  krb5_addfield(KVNO,0,asn1_encode_integer);
+
+  /* KRB-SAFE ::= [APPLICATION 20] SEQUENCE */
+  krb5_makeseq();
+  krb5_apptag(20);
+
+  krb5_cleanup();
+}
+
 krb5_error_code encode_krb5_priv(const krb5_priv *rep, krb5_data **code)
 {
   krb5_setup();
@@ -510,7 +548,7 @@ krb5_error_code encode_krb5_enc_priv_part(const krb5_priv_enc_part *rep, krb5_da
 
   /* seq-number[3]     INTEGER OPTIONAL */
   if(rep->seq_number)
-    krb5_addfield(rep->seq_number,3,asn1_encode_integer);
+    krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer);
 
   /* usec[2]           INTEGER OPTIONAL */
   if(rep->timestamp){
@@ -678,11 +716,21 @@ krb5_error_code encode_krb5_alt_method(const krb5_alt_method *rep, krb5_data **c
 krb5_error_code encode_krb5_etype_info(const krb5_etype_info_entry **rep, krb5_data **code)
 {
   krb5_setup();
-  retval = asn1_encode_etype_info(buf,rep,&length);
+  retval = asn1_encode_etype_info(buf,rep,&length, 0);
+  if(retval) return retval;
+  sum += length;
+  krb5_cleanup();
+}
+
+krb5_error_code encode_krb5_etype_info2(const krb5_etype_info_entry **rep, krb5_data **code)
+{
+  krb5_setup();
+  retval = asn1_encode_etype_info(buf,rep,&length, 1);
   if(retval) return retval;
   sum += length;
   krb5_cleanup();
 }
+  
 
 krb5_error_code encode_krb5_enc_data(const krb5_enc_data *rep, krb5_data **code)
 {
@@ -822,3 +870,20 @@ krb5_error_code encode_krb5_predicted_sam_response(const krb5_predicted_sam_resp
   sum += length;
   krb5_cleanup();
 }
+
+krb5_error_code encode_krb5_setpw_req(const krb5_principal target,
+                                     char *password, krb5_data **code)
+{
+  /* Macros really want us to have a variable called rep which we do not need*/
+  const char *rep = "dummy string";
+
+  krb5_setup();
+
+  krb5_addfield(target,2,asn1_encode_realm);
+  krb5_addfield(target,1,asn1_encode_principal_name);
+  krb5_addlenfield(strlen(password), password,0,asn1_encode_octetstring);
+  krb5_makeseq();
+
+
+  krb5_cleanup();
+}
index 0b44b4d5416ef16457af69cfcd527bc6e0126cb7..1f129eaf763d5af114edd0c458c0ab3a28ddc381 100644 (file)
@@ -1,3 +1,221 @@
+2004-05-25  Jeffrey Altman <jaltman@mit.edu>
+
+    * cc_mslsa.c:  GetMSTGT().  Initialize pTicketRequest to NULL 
+      to prevent it being freed prior to allocation.  Add krb5_context
+      parameter to allow krb5_get_permitted_enctype() to be called
+      instead of using a hardcoded list of enctypes which may change
+      in the future.
+      krb5_lcc_get_name(): fix return value if Kerberos is not supported.
+
+2004-05-15  Jeffrey Altman <jaltman@mit.edu>
+
+    * cc_mslsa.c:  The FAILED() macro only considered an error 
+      to be a failure if the value is negative.  ConstructTicketRequest()
+      returns positive errors.  Do not use FAILED() to test the result.
+      Fix a potential leak of LSA allocated memory.  Fix a leak of 
+      LocalAlloc memory.
+
+2004-04-13  Jeffrey Altman <jaltman@mit.edu>
+
+    * ccbase.c:
+      Since we have to reserve all the single letter
+      prefixes make them apply to all platforms
+
+2004-04-13  Jeffrey Altman <jaltman@mit.edu>
+
+    * ccbase.c:
+      On Windows, if there is a ccache name provided without
+      a prefix but which appears to start with a drive letter,
+      treat it as a FILE: ccache instead of failing with a
+      ccache type unknown error.
+     
+2004-04-06  Jeffrey Altman <jaltman@mit.edu>
+
+    * cc_mslsa.c:
+      In at least one case on Win2003 it appears that it is possible 
+      for the logon session to be authenticated via NTLM and yet for
+      there to be Kerberos credentials obtained by the LSA on behalf
+      of the logged in user.  Therefore, we are removing the test 
+      for IsKerberosLogon() within krb5_lcc_resolve()
+      which was meant to avoid the need to perform GetMSTGT() when
+      there was no possibility of credentials being found.
+
+2004-03-31  Jeffrey Altman <jaltman@mit.edu>
+
+    * cc_mslsa.c: Add IsWindows2000() function and use it to return 
+      errors whenever the MSLSA: ccache type is used on platforms
+      older than Windows 2000.  This is needed to prevent calls to
+      the functions loaded from ADVAPI32.DLL and SECUR32.DLL which 
+      do not exist on the Windows 9x platforms.
+
+2004-03-18  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_mslsa.c:
+     Add missing return statements in krb5_lcc_start_seq_get()
+
+     Return error if principal name cannot be determined during
+     krb5_lcc_resolve()
+
+   * cc-int.h:
+     New file - Add prototypes for cc internal functions
+
+   * cc_retr.c - include cc-int.h
+
+2004-02-04  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_mslsa.c:
+     Remove reference to <ntstatus.h> as it is not present in the August 2001
+     Platform SDK used by Pismere.  Instead copy the error value.
+
+2004-02-02  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_msla.c: 
+     GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the
+     value to assign to TicketRequest->TicketFlags.  This field is blindly
+     inserted into the kdc-options[0] field of the TGS_REQ.  If there are
+     bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result
+     in an unknown TGS_OPTION being processed by the KDC.
+
+     This has been fixed by mapping the Ticket Flags to KDC options.
+     We only map Forwardable, Forwarded, Proxiable, and Renewable.  The others
+     should not be used.
+
+2004-02-02  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_mslsa.c: the MSLSA code was crashing on Pismere machines when 
+     logging on with cross realm credentials.  On these machines there are
+     8 tickets within the LSA cache from two different realms.  One of the
+     krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but
+     a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe
+     processes.  The attempt to access the ticket returns a SubStatus code
+     of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that
+     the logon attempt was invalid due to bad authentication information.
+     kerbtray has no problem listing this ticket.  The other seven tickets
+     in the cache including the Initial Ticket are accessible.  Modified 
+     krb5_lcc_next_cred() to skip to the next ticket if an attempt to read
+     a single ticket fails.
+
+2004-01-31  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_mslsa.c: Optimize the get next logic by storing a handle to
+     the MS TGT in the lcc_cursor data structure
+
+2004-01-31  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_mslsa.c: Do not return tickets to the caller if they contain
+     NULL session keys.  This is to prevent useless TGTs from being
+     placed into the MIT credential cache.
+
+2004-01-30  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_mslsa.c: As per extensive conversations with Doug Engert we have
+     concluded that MS is not specifying a complete set of domain information
+     when it comes to service tickets other than the initial TGT.  What happens
+     is the client principal domain cannot be derived from the fields they
+     export.  Code has now been added to obtain the domain from the initial
+     TGT and use that when constructing the client principals for all tickets.
+
+     This behavior can be turned off by setting a registry either on a per-user
+     or a system-wide basis:
+
+        {HKCU,HKLM}\Software\MIT\Kerberos5
+            PreserveInitialTicketIdentity = 0x0 (DWORD)
+           
+
+2004-01-06  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_file.c, cc_memory.c:
+     Add stub implementations for unimplemented krb5_cc_remove_cred()
+     Returns KRB5_CC_NOSUPP
+
+   * cc_mslsa.c:
+     Add implementation for krb5_cc_remove_cred().  Returns KRB5_CC_READONLY.
+
+2003-12-18  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_retr.c:  Extract the test to determine if a credential matches
+     a requested credential according to the specified fields into 
+     a private function: krb5int_cc_creds_match_request()
+
+   * cc_mslsa.c: Extend the functionality of krb5_lcc_retrieve() to
+     perform a MS Kerberos LSA ticket request if there is no matching
+     credential in the cache.  The MS Kerberos LSA places the following
+     restriction on what tickets it will place into the LSA cache:
+         tickets obtained by an application request for a specific
+         set of kerberos flags or enctype will not be cached.
+     Therefore, we first make a request with no flags or enctype in 
+     the hope that we will be lucky and get the right ones anyway.
+     If not, we make the application's request and return that ticket
+     if it matches the other criteria.
+
+     Implemented a similar technique for krb5_lcc_store().  Since we
+     can not write to the cache, when a store request is made we 
+     instead perform a ticket request through the lsa for a matching
+     credential.  If we receive one, we return success.  Otherwise,
+     we return the KRB5_CC_READONLY error.
+
+   With these changes I am now able to operate entirely with the MSLSA
+   ccache as the default cache provided the MS LSA credentials are
+   for the principal I wish to use.  Obviously, one cannot change
+   principals while the MSLSA ccache is the default.
+
+2003-12-15  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_msla.c:   Enable purging of the MS Kerberos LSA cache when the TGT
+     has expired.  This will force the LSA to get a new TGT instead of 
+     returning the expired version.
+
+2003-12-15  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_mslsa.c:  Perform a GetMSTGT() call as part of krb5_lcc_start_seq_get
+     to ensure that the tgt is refreshed
+
+2003-12-13  Jeffrey Altman <jaltman@mit.edu>
+
+   * Makefile.in: Remove extranenous spaces in ##WIN32## constructs
+     defining MSLSA_SRC MSLSA_OBJ
+
+2003-12-12  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in: Move ##WIN32## constructs from inside
+       backslash-continued lists, as it was breaking them.  Move explicit
+       dependency information from under automatic dependencies.
+
+2003-12-11  Jeffrey Altman <jaltman@mit.edu>
+
+    * Makefile.in, ccbase.c, cc_mslsa.c (new)
+
+    Remove all of the code which was duplicated between ms2mit.c
+    and the KfW Leash libraries (and who knows how many applications
+    shipped by third parties) and use it as the basis for a new
+    krb5_ccache type, "MSLSA:".  The "MSLSA:" ccache type is a
+    read-only ccache which can be used either as a monitor of the
+    contents of the Microsoft LSA cache or as a source for copying
+    the contents to another ccache type.  The purpose of migrating
+    this code to the krb5_32.dll is to avoid the need for applications
+    to be consistently updated each time Microsoft makes a change
+    to the behavior of the LSA cache.  Changes have occurred with
+    the release of 2000, XP, and 2003 so far.  Also, the code for
+    working with the MS LSA cache is not well documented and many
+    mistakes were made in the original versions of the ms2mit.c
+    code base.  Unfortunately, the ms2mit.c code has been copied
+    into many other applications.  
+
+    With access to this new ccache type, the ms2mit.c source file
+    is reduced from 890 lines to 80 lines including the copyright
+    banner.
+
+2003-11-26  Jeffrey Altman <jaltman@mit.edu>
+
+    * cc_default.c: Add support for Leash Kinit Dialog on Windows to
+            krb5int_c_default()
+
+2003-07-22  Sam Hartman  <hartmans@mit.edu>
+
+       * ccbase.c: Always register the file credentials cache type.  If
+       we do not, then when USE_CCAPI is defined, it will not be
+       available. 
+
 2003-03-06  Alexandra Ellwood <lxs@mit.edu>
 
     * ccdefault.c: Remove Mac header goober and include
index bbf61bebb9005d8ad6b75a6006958bc10925580b..01e654462f24f2d65a721ad7faa608208c488469 100644 (file)
@@ -17,6 +17,9 @@ LOCALINCLUDES = -I$(srcdir)$(S)ccapi $(WIN_INCLUDES)
 ##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
 ##WIN16##LIBNAME=..\krb5.lib
 
+##WIN32##MSLSA_OBJ = $(OUTPRE)cc_mslsa.$(OBJEXT)
+##WIN32##MSLSA_SRC = $(srcdir)/cc_mslsa.c
+
 MAC_SUBDIRS = ccapi
 
 STLIBOBJS= \
@@ -37,7 +40,7 @@ OBJS= $(OUTPRE)ccbase.$(OBJEXT) \
        $(OUTPRE)cc_file.$(OBJEXT) \
        $(OUTPRE)cc_memory.$(OBJEXT) \
        $(OUTPRE)ccfns.$(OBJEXT) \
-       $(OUTPRE)ser_cc.$(OBJEXT)
+       $(OUTPRE)ser_cc.$(OBJEXT) $(MSLSA_OBJ)
 
 SRCS=  $(srcdir)/ccbase.c \
        $(srcdir)/cccopy.c \
@@ -47,7 +50,7 @@ SRCS= $(srcdir)/ccbase.c \
        $(srcdir)/cc_file.c \
        $(srcdir)/cc_memory.c \
        $(srcdir)/ccfns.c \
-       $(srcdir)/ser_cc.c
+       $(srcdir)/ser_cc.c $(MSLSA_SRC)
 
 ##DOS##OBJS=$(OBJS) $(OUTPRE)ccfns.$(OBJEXT)
 
@@ -97,7 +100,7 @@ check-unix:: t_cc
 clean-unix::
        $(RM) t_cc t_cc.o
 
-
+##WIN32## $(OUTPRE)cc_mslsa.$(OBJEXT): cc_mslsa.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS)
 
 # @libobj_frag@
 
@@ -108,47 +111,49 @@ clean-unix::
 #
 ccbase.so ccbase.po $(OUTPRE)ccbase.$(OBJEXT): ccbase.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  fcc.h
 cccopy.so cccopy.po $(OUTPRE)cccopy.$(OBJEXT): cccopy.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ccdefault.so ccdefault.po $(OUTPRE)ccdefault.$(OBJEXT): ccdefault.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ccdefops.so ccdefops.po $(OUTPRE)ccdefops.$(OBJEXT): ccdefops.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h fcc.h
+  fcc.h
 cc_retr.so cc_retr.po $(OUTPRE)cc_retr.$(OBJEXT): cc_retr.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 cc_file.so cc_file.po $(OUTPRE)cc_file.$(OBJEXT): cc_file.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 cc_memory.so cc_memory.po $(OUTPRE)cc_memory.$(OBJEXT): cc_memory.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ccfns.so ccfns.po $(OUTPRE)ccfns.$(OBJEXT): ccfns.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ser_cc.so ser_cc.po $(OUTPRE)ser_cc.$(OBJEXT): ser_cc.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 
diff --git a/src/lib/krb5/ccache/cc-int.h b/src/lib/krb5/ccache/cc-int.h
new file mode 100644 (file)
index 0000000..48ee4fb
--- /dev/null
@@ -0,0 +1,39 @@
+/*
+ * lib/krb5/ccache/file/cc-int.h
+ *
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * This file contains constant and function declarations used in the
+ * file-based credential cache routines.
+ */
+
+#ifndef __KRB5_CCACHE_H__
+#define __KRB5_CCACHE_H__
+
+#include "k5-int.h"
+
+krb5_boolean
+krb5int_cc_creds_match_request(krb5_context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds);
+
+#endif /* __KRB5_CCACHE_H__ */
index eb051c150a617b185f644246fd3639ddad58e53a..dff3038bd7134547a4a386a649e4e20aab018f82 100644 (file)
@@ -2305,6 +2305,18 @@ lose:
 #undef TCHECK
 }
 
+/* 
+ * Non-functional stub implementation for krb5_fcc_remove
+ * 
+ * Errors:
+ *    KRB5_CC_NOSUPP - not implemented
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_fcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+                     krb5_creds *creds)
+{
+    return KRB5_CC_NOSUPP;
+}
 
 /*
  * Requires:
@@ -2413,7 +2425,7 @@ const krb5_cc_ops krb5_fcc_ops = {
      krb5_fcc_start_seq_get,
      krb5_fcc_next_cred,
      krb5_fcc_end_seq_get,
-     NULL, /* XXX krb5_fcc_remove, */
+     krb5_fcc_remove_cred,
      krb5_fcc_set_flags,
 };
 
@@ -2473,6 +2485,6 @@ const krb5_cc_ops krb5_cc_file_ops = {
      krb5_fcc_start_seq_get,
      krb5_fcc_next_cred,
      krb5_fcc_end_seq_get,
-     NULL, /* XXX krb5_fcc_remove, */
+     krb5_fcc_remove_cred,
      krb5_fcc_set_flags,
 };
index 97ec32752d732c55138549fcbfc6ef505cb29605..c3aeb1e8b5d81d4cc744e4dd3eef90a4348a81e0 100644 (file)
@@ -519,6 +519,20 @@ krb5_mcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
      return ret;
 }
 
+/* 
+ * Non-functional stub implementation for krb5_mcc_remove
+ * 
+ * Errors:
+ *    KRB5_CC_NOSUPP - not implemented
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_mcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+                     krb5_creds *creds)
+{
+    return KRB5_CC_NOSUPP;
+}
+
+
 /*
  * Requires:
  * id is a cred cache returned by krb5_mcc_resolve or
@@ -553,6 +567,6 @@ const krb5_cc_ops krb5_mcc_ops = {
      krb5_mcc_start_seq_get,
      krb5_mcc_next_cred,
      krb5_mcc_end_seq_get,
-     NULL, /* XXX krb5_mcc_remove, */
+     krb5_mcc_remove_cred,
      krb5_mcc_set_flags,
 };
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
new file mode 100644 (file)
index 0000000..1b3d759
--- /dev/null
@@ -0,0 +1,1611 @@
+/*
+ * lib/krb5/ccache/cc_mslsa.c
+ *
+ * Copyright 2003 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ * Copyright 2000 by Carnegie Mellon University
+ *
+ * All Rights Reserved
+ * 
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted,
+ * provided that the above copyright notice appear in all copies and that
+ * both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Carnegie Mellon
+ * University not be used in advertising or publicity pertaining to
+ * distribution of the software without specific, written prior
+ * permission.
+ * 
+ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR
+ * ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Implementation of read-only microsoft windows lsa credentials cache
+ */
+
+#ifdef _WIN32
+#define UNICODE
+#define _UNICODE
+
+#include "k5-int.h"
+#include "com_err.h"
+#include "cc-int.h"
+
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <conio.h>
+#include <time.h>
+#define SECURITY_WIN32
+#include <security.h>
+#include <ntsecapi.h>
+
+#define MAX_MSG_SIZE 256
+#define MAX_MSPRINC_SIZE 1024
+
+static BOOL IsWindows2000 (void)
+{
+   static BOOL fChecked = FALSE;
+   static BOOL fIsWin2K = FALSE;
+
+   if (!fChecked)
+   {
+       OSVERSIONINFO Version;
+       fChecked = TRUE;
+
+       memset (&Version, 0x00, sizeof(Version));
+       Version.dwOSVersionInfoSize = sizeof(Version);
+
+       if (GetVersionEx (&Version))
+       {
+           if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+                Version.dwMajorVersion >= 5)
+               fIsWin2K = TRUE;
+       }
+   }
+
+   return fIsWin2K;
+}
+
+static VOID
+ShowWinError(LPSTR szAPI, DWORD dwError)
+{
+
+    // TODO - Write errors to event log so that scripts that don't
+    // check for errors will still get something in the event log
+
+    WCHAR szMsgBuf[MAX_MSG_SIZE];
+    DWORD dwRes;
+
+    printf("Error calling function %s: %lu\n", szAPI, dwError);
+
+    dwRes = FormatMessage (
+        FORMAT_MESSAGE_FROM_SYSTEM,
+        NULL,
+        dwError,
+        MAKELANGID (LANG_ENGLISH, SUBLANG_ENGLISH_US),
+        szMsgBuf,
+        MAX_MSG_SIZE,
+        NULL);
+    if (0 == dwRes) {
+        printf("FormatMessage failed with %d\n", GetLastError());
+        ExitProcess(EXIT_FAILURE);
+    }
+
+    printf("%S",szMsgBuf);
+}
+
+static VOID
+ShowLsaError(LPSTR szAPI, NTSTATUS Status)
+{
+    //
+    // Convert the NTSTATUS to Winerror. Then call ShowWinError().
+    //
+    ShowWinError(szAPI, LsaNtStatusToWinError(Status));
+}
+
+
+
+static BOOL
+WINAPI
+UnicodeToANSI(LPTSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen)
+{
+    CPINFO CodePageInfo;
+
+    GetCPInfo(CP_ACP, &CodePageInfo);
+
+    if (CodePageInfo.MaxCharSize > 1)
+        // Only supporting non-Unicode strings
+        return FALSE;
+    else if (((LPBYTE) lpInputString)[1] == '\0')
+    {
+        // Looks like unicode, better translate it
+        WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1,
+                            lpszOutputString, nOutStringLen, NULL, NULL);
+    }
+    else
+        lstrcpyA(lpszOutputString, (LPSTR) lpInputString);
+    return TRUE;
+}  // UnicodeToANSI
+
+static VOID
+WINAPI
+ANSIToUnicode(LPSTR  lpInputString, LPTSTR lpszOutputString, int nOutStringLen)
+{
+
+    CPINFO CodePageInfo;
+
+    lstrcpy(lpszOutputString, (LPTSTR) lpInputString);
+
+    GetCPInfo(CP_ACP, &CodePageInfo);
+
+    if (CodePageInfo.MaxCharSize > 1)
+        // It must already be a Unicode string
+        return;
+    else if (((LPBYTE) lpInputString)[1] != '\0')
+    {
+        // Looks like ANSI, better translate it
+        MultiByteToWideChar(CP_ACP, 0, (LPCSTR) lpInputString, -1,
+                            (LPWSTR) lpszOutputString, nOutStringLen);
+    }
+    else
+        lstrcpy(lpszOutputString, (LPTSTR) lpInputString);
+}  // ANSIToUnicode
+
+
+static void
+MITPrincToMSPrinc(krb5_context context, krb5_principal principal, UNICODE_STRING * msprinc)
+{
+    char *aname = NULL;
+
+    if (!krb5_unparse_name(context, principal, &aname)) {
+        msprinc->Length = strlen(aname) * sizeof(WCHAR);
+        ANSIToUnicode(aname, msprinc->Buffer, msprinc->MaximumLength);
+        krb5_free_unparsed_name(context,aname);
+    }
+}
+
+static void
+MSPrincToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_context context, krb5_principal *principal)
+{
+    WCHAR princbuf[512],tmpbuf[128];
+    char aname[512];
+    USHORT i;
+    princbuf[0]=0;
+    for (i=0;i<msprinc->NameCount;i++) {
+        wcsncpy(tmpbuf, msprinc->Names[i].Buffer,
+                msprinc->Names[i].Length/sizeof(WCHAR));
+        tmpbuf[msprinc->Names[i].Length/sizeof(WCHAR)]=0;
+        if (princbuf[0])
+            wcscat(princbuf, L"/");
+        wcscat(princbuf, tmpbuf);
+    }
+    wcscat(princbuf, L"@");
+    wcscat(princbuf, realm);
+    UnicodeToANSI(princbuf, aname, sizeof(aname));
+    krb5_parse_name(context, aname, principal);
+}
+
+
+static time_t
+FileTimeToUnixTime(LARGE_INTEGER *ltime)
+{
+    FILETIME filetime, localfiletime;
+    SYSTEMTIME systime;
+    struct tm utime;
+    filetime.dwLowDateTime=ltime->LowPart;
+    filetime.dwHighDateTime=ltime->HighPart;
+    FileTimeToLocalFileTime(&filetime, &localfiletime);
+    FileTimeToSystemTime(&localfiletime, &systime);
+    utime.tm_sec=systime.wSecond;
+    utime.tm_min=systime.wMinute;
+    utime.tm_hour=systime.wHour;
+    utime.tm_mday=systime.wDay;
+    utime.tm_mon=systime.wMonth-1;
+    utime.tm_year=systime.wYear-1900;
+    utime.tm_isdst=-1;
+    return(mktime(&utime));
+}
+
+static void
+MSSessionKeyToMITKeyblock(KERB_CRYPTO_KEY *mskey, krb5_context context, krb5_keyblock *keyblock)
+{
+    krb5_keyblock tmpblock;
+    tmpblock.magic=KV5M_KEYBLOCK;
+    tmpblock.enctype=mskey->KeyType;
+    tmpblock.length=mskey->Length;
+    tmpblock.contents=mskey->Value;
+    krb5_copy_keyblock_contents(context, &tmpblock, keyblock);
+}
+
+
+static void
+MSFlagsToMITFlags(ULONG msflags, ULONG *mitflags)
+{
+    *mitflags=msflags;
+}
+
+static void
+MSTicketToMITTicket(KERB_EXTERNAL_TICKET *msticket, krb5_context context, krb5_data *ticket)
+{
+    krb5_data tmpdata, *newdata;
+    tmpdata.magic=KV5M_DATA;
+    tmpdata.length=msticket->EncodedTicketSize;
+    tmpdata.data=msticket->EncodedTicket;
+
+    // TODO: fix this up a little. this is ugly and will break krb5_free_data()
+    krb5_copy_data(context, &tmpdata, &newdata);
+    memcpy(ticket, newdata, sizeof(krb5_data));
+}
+
+/*
+ * PreserveInitialTicketIdentity()
+ *
+ * This will find the "PreserveInitialTicketIdentity" key in the registry.  
+ * Returns 1 to preserve and 0 to not.
+ */
+
+static DWORD
+PreserveInitialTicketIdentity(void)
+{
+    HKEY hKey;
+    DWORD size = sizeof(DWORD);
+    DWORD type = REG_DWORD;
+    const char *key_path = "Software\\MIT\\Kerberos5";
+    const char *value_name = "PreserveInitialTicketIdentity";
+    DWORD retval = 1;     /* default to Preserve */
+
+    if (RegOpenKeyExA(HKEY_CURRENT_USER, key_path, 0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
+        goto syskey;
+    if (RegQueryValueExA(hKey, value_name, 0, &type, (LPBYTE)&retval, &size) != ERROR_SUCCESS)
+    {
+        RegCloseKey(hKey);
+        goto syskey;
+    }
+    RegCloseKey(hKey);
+    goto done;
+
+  syskey:
+    if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, key_path, 0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
+        goto done;
+    if (RegQueryValueExA(hKey, value_name, 0, &type, (LPBYTE)&retval, &size) != ERROR_SUCCESS)
+    {
+        RegCloseKey(hKey);
+        goto done;
+    }
+    RegCloseKey(hKey);
+
+  done:
+    return retval;
+}
+
+
+static void
+MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING InitialTicketDomain, 
+                krb5_context context, krb5_creds *creds)
+{
+    WCHAR wrealm[128];
+    ZeroMemory(creds, sizeof(krb5_creds));
+    creds->magic=KV5M_CREDS;
+
+    // construct Client Principal
+    if ( PreserveInitialTicketIdentity() ) {
+        wcsncpy(wrealm, InitialTicketDomain.Buffer, InitialTicketDomain.Length/sizeof(WCHAR));
+        wrealm[InitialTicketDomain.Length/sizeof(WCHAR)]=0;
+    } else {
+        wcsncpy(wrealm, msticket->DomainName.Buffer, msticket->DomainName.Length/sizeof(WCHAR));
+        wrealm[msticket->DomainName.Length/sizeof(WCHAR)]=0;
+    }
+    MSPrincToMITPrinc(msticket->ClientName, wrealm, context, &creds->client);
+
+    // construct Service Principal
+    wcsncpy(wrealm, msticket->DomainName.Buffer,
+            msticket->DomainName.Length/sizeof(WCHAR));
+    wrealm[msticket->DomainName.Length/sizeof(WCHAR)]=0;
+    MSPrincToMITPrinc(msticket->ServiceName, wrealm, context, &creds->server);
+
+    MSSessionKeyToMITKeyblock(&msticket->SessionKey, context, 
+                              &creds->keyblock);
+    MSFlagsToMITFlags(msticket->TicketFlags, &creds->ticket_flags);
+    creds->times.starttime=FileTimeToUnixTime(&msticket->StartTime);
+    creds->times.endtime=FileTimeToUnixTime(&msticket->EndTime);
+    creds->times.renew_till=FileTimeToUnixTime(&msticket->RenewUntil);
+
+    /* MS Tickets are addressless.  MIT requires an empty address
+     * not a NULL list of addresses.
+     */
+    creds->addresses = (krb5_address **)malloc(sizeof(krb5_address *));
+    memset(creds->addresses, 0, sizeof(krb5_address *));
+
+    MSTicketToMITTicket(msticket, context, &creds->ticket);
+}
+
+static BOOL
+PackageConnectLookup(HANDLE *pLogonHandle, ULONG *pPackageId)
+{
+    LSA_STRING Name;
+    NTSTATUS Status;
+
+    Status = LsaConnectUntrusted(
+        pLogonHandle
+        );
+
+    if (FAILED(Status))
+    {
+        ShowLsaError("LsaConnectUntrusted", Status);
+        return FALSE;
+    }
+
+    Name.Buffer = MICROSOFT_KERBEROS_NAME_A;
+    Name.Length = strlen(Name.Buffer);
+    Name.MaximumLength = Name.Length + 1;
+
+    Status = LsaLookupAuthenticationPackage(
+        *pLogonHandle,
+        &Name,
+        pPackageId
+        );
+
+    if (FAILED(Status))
+    {
+        ShowLsaError("LsaLookupAuthenticationPackage", Status);
+        return FALSE;
+    }
+
+    return TRUE;
+
+}
+
+
+static DWORD
+ConcatenateUnicodeStrings(UNICODE_STRING *pTarget, UNICODE_STRING Source1, UNICODE_STRING Source2)
+{
+    //
+    // The buffers for Source1 and Source2 cannot overlap pTarget's
+    // buffer.  Source1.Length + Source2.Length must be <= 0xFFFF,
+    // otherwise we overflow...
+    //
+
+    USHORT TotalSize = Source1.Length + Source2.Length;
+    PBYTE buffer = (PBYTE) pTarget->Buffer;
+
+    if (TotalSize > pTarget->MaximumLength)
+        return ERROR_INSUFFICIENT_BUFFER;
+
+    if ( pTarget->Buffer != Source1.Buffer )
+        memcpy(buffer, Source1.Buffer, Source1.Length);
+    memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length);
+
+    pTarget->Length = TotalSize;
+    return ERROR_SUCCESS;
+}
+
+static BOOL
+get_STRING_from_registry(HKEY hBaseKey, char * key, char * value, char * outbuf, DWORD  outlen)
+{
+    HKEY hKey;
+    DWORD dwCount;
+    LONG rc;
+
+       if (!outbuf || outlen == 0)
+               return FALSE;
+
+    rc = RegOpenKeyExA(hBaseKey, key, 0, KEY_QUERY_VALUE, &hKey);
+    if (rc)
+        return FALSE;
+
+    dwCount = outlen;
+    rc = RegQueryValueExA(hKey, value, 0, 0, (LPBYTE) outbuf, &dwCount);
+    RegCloseKey(hKey);
+
+    return rc?FALSE:TRUE;
+}
+
+static BOOL
+GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData)
+{
+    NTSTATUS Status = 0;
+    HANDLE  TokenHandle;
+    TOKEN_STATISTICS Stats;
+    DWORD   ReqLen;
+    BOOL    Success;
+
+    if (!ppSessionData)
+        return FALSE;
+    *ppSessionData = NULL;
+
+    Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle );
+    if ( !Success )
+        return FALSE;
+
+    Success = GetTokenInformation( TokenHandle, TokenStatistics, &Stats, sizeof(TOKEN_STATISTICS), &ReqLen );
+    CloseHandle( TokenHandle );
+    if ( !Success )
+        return FALSE;
+
+    Status = LsaGetLogonSessionData( &Stats.AuthenticationId, ppSessionData );
+    if ( FAILED(Status) || !ppSessionData )
+        return FALSE;
+
+    return TRUE;
+}
+
+//
+// IsKerberosLogon() does not validate whether or not there are valid tickets in the 
+// cache.  It validates whether or not it is reasonable to assume that if we 
+// attempted to retrieve valid tickets we could do so.  Microsoft does not 
+// automatically renew expired tickets.  Therefore, the cache could contain
+// expired or invalid tickets.  Microsoft also caches the user's password 
+// and will use it to retrieve new TGTs if the cache is empty and tickets
+// are requested.
+
+static BOOL
+IsKerberosLogon(VOID)
+{
+    PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
+    BOOL    Success = FALSE;
+
+    if ( GetSecurityLogonSessionData(&pSessionData) ) {
+        if ( pSessionData->AuthenticationPackage.Buffer ) {
+            WCHAR buffer[256];
+            WCHAR *usBuffer;
+            int usLength;
+
+            Success = FALSE;
+            usBuffer = (pSessionData->AuthenticationPackage).Buffer;
+            usLength = (pSessionData->AuthenticationPackage).Length;
+            if (usLength < 256)
+            {
+                lstrcpyn (buffer, usBuffer, usLength);
+                lstrcat (buffer,L"");
+                if ( !lstrcmp(L"Kerberos",buffer) )
+                    Success = TRUE;
+            }
+        }
+        LsaFreeReturnBuffer(pSessionData);
+    }
+    return Success;
+}
+
+static DWORD
+ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST * outRequest, ULONG * outSize)
+{
+    DWORD Error;
+    UNICODE_STRING TargetPrefix;
+    USHORT TargetSize;
+    ULONG RequestSize;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+
+    *outRequest = NULL;
+    *outSize = 0;
+
+    //
+    // Set up the "krbtgt/" target prefix into a UNICODE_STRING so we
+    // can easily concatenate it later.
+    //
+
+    TargetPrefix.Buffer = L"krbtgt/";
+    TargetPrefix.Length = wcslen(TargetPrefix.Buffer) * sizeof(WCHAR);
+    TargetPrefix.MaximumLength = TargetPrefix.Length;
+
+    //
+    // We will need to concatenate the "krbtgt/" prefix and the 
+    // Logon Session's DnsDomainName into our request's target name.
+    //
+    // Therefore, first compute the necessary buffer size for that.
+    //
+    // Note that we might theoretically have integer overflow.
+    //
+
+    TargetSize = TargetPrefix.Length + DomainName.Length;
+
+    //
+    // The ticket request buffer needs to be a single buffer.  That buffer
+    // needs to include the buffer for the target name.
+    //
+
+    RequestSize = sizeof(*pTicketRequest) + TargetSize;
+
+    //
+    // Allocate the request buffer and make sure it's zero-filled.
+    //
+
+    pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
+    if (!pTicketRequest)
+        return GetLastError();
+
+    //
+    // Concatenate the target prefix with the previous reponse's
+    // target domain.
+    //
+
+    pTicketRequest->TargetName.Length = 0;
+    pTicketRequest->TargetName.MaximumLength = TargetSize;
+    pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
+    Error = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName),
+                                        TargetPrefix,
+                                        DomainName);
+    *outRequest = pTicketRequest;
+    *outSize    = RequestSize;
+    return Error;
+}
+
+static BOOL
+PurgeMSTGT(HANDLE LogonHandle, ULONG  PackageId)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    KERB_PURGE_TKT_CACHE_REQUEST PurgeRequest;
+
+    PurgeRequest.MessageType = KerbPurgeTicketCacheMessage;
+    PurgeRequest.LogonId.LowPart = 0;
+    PurgeRequest.LogonId.HighPart = 0;
+    PurgeRequest.ServerName.Buffer = L"";
+    PurgeRequest.ServerName.Length = 0;
+    PurgeRequest.ServerName.MaximumLength = 0;
+    PurgeRequest.RealmName.Buffer = L"";
+    PurgeRequest.RealmName.Length = 0;
+    PurgeRequest.RealmName.MaximumLength = 0;
+    Status = LsaCallAuthenticationPackage(LogonHandle,
+                                           PackageId,
+                                           &PurgeRequest,
+                                           sizeof(PurgeRequest),
+                                           NULL,
+                                           NULL,
+                                           &SubStatus
+                                           );
+    if (FAILED(Status) || FAILED(SubStatus))
+        return FALSE;
+    return TRUE;
+}
+
+#define ENABLE_PURGING 1
+// to allow the purging of expired tickets from LSA cache.  This is necessary
+// to force the retrieval of new TGTs.  Microsoft does not appear to retrieve
+// new tickets when they expire.  Instead they continue to accept the expired
+// tickets.  This is safe to do because the LSA purges its cache when it 
+// retrieves a new TGT (ms calls this renew) but not when it renews the TGT
+// (ms calls this refresh).
+
+static BOOL
+GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
+{
+    //
+    // INVARIANTS:
+    //
+    //   (FAILED(Status) || FAILED(SubStatus)) ==> error
+    //   bIsLsaError ==> LsaCallAuthenticationPackage() error
+    //
+
+    BOOL bIsLsaError = FALSE;
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    DWORD   Error;
+
+    KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+    PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
+    ULONG RequestSize;
+    ULONG ResponseSize;
+#ifdef ENABLE_PURGING
+    int    purge_cache = 0;
+#endif /* ENABLE_PURGING */
+    int    ignore_cache = 0;
+
+    memset(&CacheRequest, 0, sizeof(KERB_QUERY_TKT_CACHE_REQUEST));
+    CacheRequest.MessageType = KerbRetrieveTicketMessage;
+    CacheRequest.LogonId.LowPart = 0;
+    CacheRequest.LogonId.HighPart = 0;
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        &CacheRequest,
+        sizeof(CacheRequest),
+        &pTicketResponse,
+        &ResponseSize,
+        &SubStatus
+        );
+
+    if (FAILED(Status))
+    {
+        // if the call to LsaCallAuthenticationPackage failed we cannot
+        // perform any queries most likely because the Kerberos package 
+        // is not available or we do not have access
+        bIsLsaError = TRUE;
+        goto cleanup;
+    }
+
+    if (FAILED(SubStatus)) {
+        PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
+        BOOL    Success = FALSE;
+        OSVERSIONINFOEX verinfo;
+        int supported = 0;
+
+        // SubStatus 0x8009030E is not documented.  However, it appears
+        // to mean there is no TGT
+        if (SubStatus != 0x8009030E) {
+            bIsLsaError = TRUE;
+            goto cleanup;
+        }
+
+        verinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
+        GetVersionEx((OSVERSIONINFO *)&verinfo);
+        supported = (verinfo.dwMajorVersion > 5) || 
+            (verinfo.dwMajorVersion == 5 && verinfo.dwMinorVersion >= 1);
+
+        // If we could not get a TGT from the cache we won't know what the
+        // Kerberos Domain should have been.  On Windows XP and 2003 Server
+        // we can extract it from the Security Logon Session Data.  However,
+        // the required fields are not supported on Windows 2000.  :(
+        if ( supported && GetSecurityLogonSessionData(&pSessionData) ) {
+            if ( pSessionData->DnsDomainName.Buffer ) {
+                Error = ConstructTicketRequest(pSessionData->DnsDomainName,
+                                                &pTicketRequest, &RequestSize);
+                LsaFreeReturnBuffer(pSessionData);
+                if ( Error )
+                    goto cleanup;
+            } else {
+                LsaFreeReturnBuffer(pSessionData);
+                bIsLsaError = TRUE;
+                goto cleanup;
+            }
+        } else {
+            CHAR  UserDnsDomain[256];
+            WCHAR UnicodeUserDnsDomain[256];
+            UNICODE_STRING wrapper;
+            if ( !get_STRING_from_registry(HKEY_CURRENT_USER,
+                                          "Volatile Environment",
+                                          "USERDNSDOMAIN",
+                                           UserDnsDomain,
+                                           sizeof(UserDnsDomain)
+                                           ) )
+            {
+                goto cleanup;
+            }
+
+            ANSIToUnicode(UserDnsDomain,UnicodeUserDnsDomain,256);
+            wrapper.Buffer = UnicodeUserDnsDomain;
+            wrapper.Length = wcslen(UnicodeUserDnsDomain) * sizeof(WCHAR);
+            wrapper.MaximumLength = 256;
+
+            Error = ConstructTicketRequest(wrapper,
+                                             &pTicketRequest, &RequestSize);
+            if ( Error )
+                goto cleanup;
+        }
+    } else {
+        /* We have succeeded in obtaining a credential from the cache. 
+         * Assuming the enctype is one that we support and the ticket
+         * has not expired and is not marked invalid we will use it.
+         * Otherwise, we must create a new ticket request and obtain
+         * a credential we can use. 
+         */
+
+#ifdef PURGE_ALL
+        purge_cache = 1;
+#else
+        /* Check Supported Enctypes */
+        if ( krb5_is_permitted_enctype(context, pTicketResponse->Ticket.SessionKey.KeyType) ) {
+            FILETIME Now, MinLife, EndTime, LocalEndTime;
+            __int64  temp;
+            // FILETIME is in units of 100 nano-seconds
+            // If obtained tickets are either expired or have a lifetime
+            // less than 20 minutes, retry ...
+            GetSystemTimeAsFileTime(&Now);
+            EndTime.dwLowDateTime=pTicketResponse->Ticket.EndTime.LowPart;
+            EndTime.dwHighDateTime=pTicketResponse->Ticket.EndTime.HighPart;
+            FileTimeToLocalFileTime(&EndTime, &LocalEndTime);
+            temp = Now.dwHighDateTime;
+            temp <<= 32;
+            temp = Now.dwLowDateTime;
+            temp += 1200 * 10000;
+            MinLife.dwHighDateTime = (DWORD)((temp >> 32) & 0xFFFFFFFF);
+            MinLife.dwLowDateTime = (DWORD)(temp & 0xFFFFFFFF);
+            if (CompareFileTime(&MinLife, &LocalEndTime) >= 0) {
+#ifdef ENABLE_PURGING
+                purge_cache = 1;
+#else
+                ignore_cache = 1;
+#endif /* ENABLE_PURGING */
+            }
+            if (pTicketResponse->Ticket.TicketFlags & KERB_TICKET_FLAGS_invalid) {
+                ignore_cache = 1;   // invalid, need to attempt a TGT request
+            }
+            goto cleanup;           // we have a valid ticket, all done
+        } else {
+            // not supported
+            ignore_cache = 1;
+        }
+#endif /* PURGE_ALL */
+
+        Error = ConstructTicketRequest(pTicketResponse->Ticket.TargetDomainName,
+                                        &pTicketRequest, &RequestSize);
+        if ( Error ) {
+            goto cleanup;
+        }
+
+        //
+        // Free the previous response buffer so we can get the new response.
+        //
+
+        if ( pTicketResponse ) {
+            memset(pTicketResponse,0,sizeof(KERB_RETRIEVE_TKT_RESPONSE));
+            LsaFreeReturnBuffer(pTicketResponse);
+            pTicketResponse = NULL;
+        }
+
+#ifdef ENABLE_PURGING
+        if ( purge_cache ) {
+            //
+            // Purge the existing tickets which we cannot use so new ones can 
+            // be requested.  It is not possible to purge just the TGT.  All
+            // service tickets must be purged.
+            //
+            PurgeMSTGT(LogonHandle, PackageId);
+        }
+#endif /* ENABLE_PURGING */
+    }
+    
+    //
+    // Intialize the request of the request.
+    //
+
+    pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
+    pTicketRequest->LogonId.LowPart = 0;
+    pTicketRequest->LogonId.HighPart = 0;
+    // Note: pTicketRequest->TargetName set up above
+#ifdef ENABLE_PURGING
+    pTicketRequest->CacheOptions = ((ignore_cache || !purge_cache) ? 
+                                     KERB_RETRIEVE_TICKET_DONT_USE_CACHE : 0L);
+#else
+    pTicketRequest->CacheOptions = (ignore_cache ? KERB_RETRIEVE_TICKET_DONT_USE_CACHE : 0L);
+#endif /* ENABLE_PURGING */
+    pTicketRequest->TicketFlags = 0L;
+    pTicketRequest->EncryptionType = 0L;
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        pTicketRequest,
+        RequestSize,
+        &pTicketResponse,
+        &ResponseSize,
+        &SubStatus
+        );
+
+    if (FAILED(Status) || FAILED(SubStatus))
+    {
+        bIsLsaError = TRUE;
+        goto cleanup;
+    }
+
+    //
+    // Check to make sure the new tickets we received are of a type we support
+    //
+
+    /* Check Supported Enctypes */
+    if ( krb5_is_permitted_enctype(context, pTicketResponse->Ticket.SessionKey.KeyType) ) {
+        goto cleanup;       // we have a valid ticket, all done
+    }
+
+    //
+    // Try once more but this time specify the Encryption Type
+    // (This will not store the retrieved tickets in the LSA cache)
+    //
+    pTicketRequest->EncryptionType = ENCTYPE_DES_CBC_CRC;
+    pTicketRequest->CacheOptions = KERB_RETRIEVE_TICKET_DONT_USE_CACHE;
+
+    if ( pTicketResponse ) {
+        memset(pTicketResponse,0,sizeof(KERB_RETRIEVE_TKT_RESPONSE));
+        LsaFreeReturnBuffer(pTicketResponse);
+        pTicketResponse = NULL;
+    }
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        pTicketRequest,
+        RequestSize,
+        &pTicketResponse,
+        &ResponseSize,
+        &SubStatus
+        );
+
+    if (FAILED(Status) || FAILED(SubStatus))
+    {
+        bIsLsaError = TRUE;
+        goto cleanup;
+    }
+
+  cleanup:
+    if ( pTicketRequest )
+        LocalFree(pTicketRequest);
+
+    if (FAILED(Status) || FAILED(SubStatus))
+    {
+        if (bIsLsaError)
+        {
+            // XXX - Will be fixed later
+            if (FAILED(Status))
+                ShowLsaError("LsaCallAuthenticationPackage", Status);
+            if (FAILED(SubStatus))
+                ShowLsaError("LsaCallAuthenticationPackage", SubStatus);
+        }
+        else
+        {
+            ShowWinError("GetMSTGT", Status);
+        }
+
+        if (pTicketResponse) {
+            memset(pTicketResponse,0,sizeof(KERB_RETRIEVE_TKT_RESPONSE));
+            LsaFreeReturnBuffer(pTicketResponse);
+            pTicketResponse = NULL;
+        }
+        return(FALSE);
+    }
+
+    *ticket = &(pTicketResponse->Ticket);
+    return(TRUE);
+}
+
+static BOOL
+GetQueryTktCacheResponse( HANDLE LogonHandle, ULONG PackageId,
+                          PKERB_QUERY_TKT_CACHE_RESPONSE * ppResponse)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+
+    KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
+    PKERB_QUERY_TKT_CACHE_RESPONSE pQueryResponse = NULL;
+    ULONG ResponseSize;
+    
+    CacheRequest.MessageType = KerbQueryTicketCacheMessage;
+    CacheRequest.LogonId.LowPart = 0;
+    CacheRequest.LogonId.HighPart = 0;
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        &CacheRequest,
+        sizeof(CacheRequest),
+        &pQueryResponse,
+        &ResponseSize,
+        &SubStatus
+        );
+
+    if ( !(FAILED(Status) || FAILED(SubStatus)) ) {
+        *ppResponse = pQueryResponse;
+        return TRUE;
+    }
+
+    return FALSE;
+}
+
+static void
+FreeQueryResponse(PKERB_QUERY_TKT_CACHE_RESPONSE  pResponse)
+{
+    LsaFreeReturnBuffer(pResponse);
+}
+
+
+static BOOL
+GetMSCacheTicketFromMITCred( HANDLE LogonHandle, ULONG PackageId,
+                  krb5_context context, krb5_creds *creds, PKERB_EXTERNAL_TICKET *ticket)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    ULONG RequestSize;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+    PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
+    ULONG ResponseSize;
+
+    RequestSize = sizeof(*pTicketRequest) + MAX_MSPRINC_SIZE;
+
+    pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
+    if (!pTicketRequest)
+        return FALSE;
+
+    pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
+    pTicketRequest->LogonId.LowPart = 0;
+    pTicketRequest->LogonId.HighPart = 0;
+
+    pTicketRequest->TargetName.Length = 0;
+    pTicketRequest->TargetName.MaximumLength = MAX_MSPRINC_SIZE;
+    pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
+    MITPrincToMSPrinc(context, creds->server, &pTicketRequest->TargetName);
+    pTicketRequest->CacheOptions = 0;
+    pTicketRequest->TicketFlags = creds->ticket_flags;
+    pTicketRequest->EncryptionType = creds->keyblock.enctype;
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        pTicketRequest,
+        RequestSize,
+        &pTicketResponse,
+        &ResponseSize,
+        &SubStatus
+        );
+
+    LocalFree(pTicketRequest);
+
+    if (FAILED(Status) || FAILED(SubStatus))
+        return(FALSE);
+    
+    /* otherwise return ticket */
+    *ticket = &(pTicketResponse->Ticket);
+    return(TRUE);
+
+}
+
+static BOOL
+GetMSCacheTicketFromCacheInfo( HANDLE LogonHandle, ULONG PackageId,
+                  PKERB_TICKET_CACHE_INFO tktinfo, PKERB_EXTERNAL_TICKET *ticket)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    ULONG RequestSize;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+    PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
+    ULONG ResponseSize;
+
+    RequestSize = sizeof(*pTicketRequest) + tktinfo->ServerName.Length;
+
+    pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
+    if (!pTicketRequest)
+        return FALSE;
+
+    pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
+    pTicketRequest->LogonId.LowPart = 0;
+    pTicketRequest->LogonId.HighPart = 0;
+    pTicketRequest->TargetName.Length = tktinfo->ServerName.Length;
+    pTicketRequest->TargetName.MaximumLength = tktinfo->ServerName.Length;
+    pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
+    memcpy(pTicketRequest->TargetName.Buffer,tktinfo->ServerName.Buffer, tktinfo->ServerName.Length);
+    pTicketRequest->CacheOptions = 0;
+    pTicketRequest->EncryptionType = tktinfo->EncryptionType;
+    pTicketRequest->TicketFlags = 0;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_forwardable )
+        pTicketRequest->TicketFlags |= KDC_OPT_FORWARDABLE;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_forwarded )
+        pTicketRequest->TicketFlags |= KDC_OPT_FORWARDED;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_proxiable )
+        pTicketRequest->TicketFlags |= KDC_OPT_PROXIABLE;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_renewable )
+        pTicketRequest->TicketFlags |= KDC_OPT_RENEWABLE;
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        pTicketRequest,
+        RequestSize,
+        &pTicketResponse,
+        &ResponseSize,
+        &SubStatus
+        );
+
+    LocalFree(pTicketRequest);
+
+    if (FAILED(Status) || FAILED(SubStatus))
+        return(FALSE);
+    
+    /* otherwise return ticket */
+    *ticket = &(pTicketResponse->Ticket);
+    return(TRUE);
+
+}
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_close
+        (krb5_context, krb5_ccache id);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_destroy
+        (krb5_context, krb5_ccache id);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_end_seq_get
+        (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_generate_new
+        (krb5_context, krb5_ccache *id);
+
+static const char * KRB5_CALLCONV krb5_lcc_get_name
+        (krb5_context, krb5_ccache id);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_get_principal
+        (krb5_context, krb5_ccache id, krb5_principal *princ);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_initialize
+        (krb5_context, krb5_ccache id, krb5_principal princ);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_next_cred
+        (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor,
+        krb5_creds *creds);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_resolve
+        (krb5_context, krb5_ccache *id, const char *residual);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_retrieve
+        (krb5_context, krb5_ccache id, krb5_flags whichfields,
+        krb5_creds *mcreds, krb5_creds *creds);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_start_seq_get
+        (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_store
+        (krb5_context, krb5_ccache id, krb5_creds *creds);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_set_flags
+        (krb5_context, krb5_ccache id, krb5_flags flags);
+
+extern const krb5_cc_ops krb5_lcc_ops;
+
+krb5_error_code krb5_change_cache (void);
+
+krb5_boolean
+krb5int_cc_creds_match_request(krb5_context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds);
+
+#define KRB5_OK 0
+
+typedef struct _krb5_lcc_data {
+    HANDLE LogonHandle;
+    ULONG  PackageId;
+    char * cc_name;
+    krb5_principal princ;
+} krb5_lcc_data;
+
+typedef struct _krb5_lcc_cursor {
+    PKERB_QUERY_TKT_CACHE_RESPONSE  response;
+    int                             index;
+    PKERB_EXTERNAL_TICKET mstgt;
+} krb5_lcc_cursor;
+
+
+/*
+ * Requires:
+ * residual is ignored
+ *
+ * Modifies:
+ * id
+ * 
+ * Effects:
+ * Acccess the MS Kerberos LSA cache in the current logon session
+ * Ignore the residual.
+ * 
+ * Returns:
+ * A filled in krb5_ccache structure "id".
+ *
+ * Errors:
+ * KRB5_CC_NOMEM - there was insufficient memory to allocate the
+ * 
+ *             krb5_ccache.  id is undefined.
+ * permission errors
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
+{
+    krb5_ccache lid;
+    krb5_lcc_data *data;
+    HANDLE LogonHandle;
+    ULONG  PackageId;
+    KERB_EXTERNAL_TICKET *msticket;
+
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+#ifdef COMMENT
+    /* In at least one case on Win2003 it appears that it is possible 
+     * for the logon session to be authenticated via NTLM and yet for
+     * there to be Kerberos credentials obtained by the LSA on behalf
+     * of the logged in user.  Therefore, we are removing this test
+     * which was meant to avoid the need to perform GetMSTGT() when
+     * there was no possibility of credentials being found.
+     */
+    if (!IsKerberosLogon())
+        return KRB5_FCC_NOFILE;
+#endif
+
+    if(!PackageConnectLookup(&LogonHandle, &PackageId))
+        return KRB5_FCC_NOFILE;
+
+    lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
+    if (lid == NULL) {
+        CloseHandle(LogonHandle);
+        return KRB5_CC_NOMEM;
+    }
+
+    lid->ops = &krb5_lcc_ops;
+
+    lid->data = (krb5_pointer) malloc(sizeof(krb5_lcc_data));
+    if (lid->data == NULL) {
+        krb5_xfree(lid);
+        CloseHandle(LogonHandle);
+        return KRB5_CC_NOMEM;
+    }
+
+    lid->magic = KV5M_CCACHE;
+    data = (krb5_lcc_data *)lid->data;    
+    data->LogonHandle = LogonHandle;
+    data->PackageId = PackageId;
+
+    data->cc_name = (char *)malloc(strlen(residual)+1);
+    if (data->cc_name == NULL) {
+        krb5_xfree(lid->data);
+        krb5_xfree(lid);
+        CloseHandle(LogonHandle);
+        return KRB5_CC_NOMEM;
+    }
+    strcpy(data->cc_name, residual);
+
+    /*
+     * we must obtain a tgt from the cache in order to determine the principal
+     */
+    if (GetMSTGT(context, data->LogonHandle, data->PackageId, &msticket)) {
+        /* convert the ticket */
+        krb5_creds creds;
+        MSCredToMITCred(msticket, msticket->DomainName, context, &creds);
+        LsaFreeReturnBuffer(msticket);
+
+        krb5_copy_principal(context, creds.client, &data->princ);
+        krb5_free_cred_contents(context,&creds);
+    } else {
+        data->princ = 0;
+        krb5_xfree(data->cc_name);
+        krb5_xfree(lid->data);
+        krb5_xfree(lid);
+        CloseHandle(LogonHandle);
+        return KRB5_FCC_NOFILE;
+    }
+
+    /*
+     * other routines will get errors on open, and callers must expect them,
+     * if cache is non-existent/unusable 
+     */
+    *id = lid;
+    return KRB5_OK;
+}
+
+/*
+ *  not supported
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
+{
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    return KRB5_CC_READONLY;
+}
+
+
+/*
+ * Modifies:
+ * id
+ *
+ * Effects:
+ * Closes the microsoft lsa cache, invalidates the id, and frees any resources
+ * associated with the cache.
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_close(krb5_context context, krb5_ccache id)
+{
+    register int closeval = KRB5_OK;
+    register krb5_lcc_data *data;
+    
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    if (id) {
+        data = (krb5_lcc_data *) id->data;
+
+        if (data) {
+            CloseHandle(data->LogonHandle);
+            krb5_xfree(data);
+        }
+        krb5_xfree(id);
+    }
+    return closeval;
+}
+
+/*
+ * Effects:
+ * Destroys the contents of id.
+ *
+ * Errors:
+ * system errors
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_destroy(krb5_context context, krb5_ccache id)
+{
+    register krb5_lcc_data *data;
+    
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    if (id) { 
+        data = (krb5_lcc_data *) id->data;
+
+        return PurgeMSTGT(data->LogonHandle, data->PackageId) ? KRB5_FCC_INTERNAL : KRB5_OK;
+    }
+    return KRB5_FCC_INTERNAL;
+}
+
+/*
+ * Effects:
+ * Prepares for a sequential search of the credentials cache.
+ * Returns a krb5_cc_cursor to be used with krb5_lcc_next_cred and
+ * krb5_lcc_end_seq_get.
+ *
+ * If the cache is modified between the time of this call and the time
+ * of the final krb5_lcc_end_seq_get, the results are undefined.
+ *
+ * Errors:
+ * KRB5_CC_NOMEM
+ * KRB5_FCC_INTERNAL - system errors
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
+{
+    krb5_lcc_cursor *lcursor;
+    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+    KERB_EXTERNAL_TICKET *msticket;
+
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    lcursor = (krb5_lcc_cursor *) malloc(sizeof(krb5_lcc_cursor));
+    if (lcursor == NULL) {
+        *cursor = 0;
+        return KRB5_CC_NOMEM;
+    }
+
+    /*
+     * obtain a tgt to refresh the ccache in case the ticket is expired
+     */
+    if (!GetMSTGT(context, data->LogonHandle, data->PackageId, &lcursor->mstgt)) {
+        free(lcursor);
+        *cursor = 0;
+        return KRB5_FCC_INTERNAL;
+    }
+
+    if ( !GetQueryTktCacheResponse(data->LogonHandle, data->PackageId, &lcursor->response) ) {
+        LsaFreeReturnBuffer(lcursor->mstgt);
+        free(lcursor);
+        *cursor = 0;
+        return KRB5_FCC_INTERNAL;
+    }
+    lcursor->index = 0;
+    *cursor = (krb5_cc_cursor) lcursor;
+    return KRB5_OK;
+}
+
+
+/*
+ * Requires:
+ * cursor is a krb5_cc_cursor originally obtained from
+ * krb5_lcc_start_seq_get.
+ *
+ * Modifes:
+ * cursor
+ * 
+ * Effects:
+ * Fills in creds with the TGT obtained from the MS LSA
+ *
+ * The cursor is updated to indicate TGT retrieval
+ *
+ * Errors:
+ * KRB5_CC_END
+ * KRB5_FCC_INTERNAL - system errors
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds)
+{
+    krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
+    krb5_lcc_data *data;
+    KERB_EXTERNAL_TICKET *msticket;
+    krb5_error_code  retval = KRB5_OK;
+
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    data = (krb5_lcc_data *)id->data;
+
+  next_cred:
+    if ( lcursor->index >= lcursor->response->CountOfTickets ) {
+        if (retval == KRB5_OK)
+            return KRB5_CC_END;
+        else {
+            LsaFreeReturnBuffer(lcursor->mstgt);
+            LsaFreeReturnBuffer(lcursor->response);
+            free(*cursor);
+            *cursor = 0;
+            return retval;
+        }
+    }
+
+    if (!GetMSCacheTicketFromCacheInfo(data->LogonHandle, data->PackageId,
+                                        &lcursor->response->Tickets[lcursor->index++],&msticket)) {
+        retval = KRB5_FCC_INTERNAL;
+        goto next_cred;
+    }
+
+    /* Don't return tickets with NULL Session Keys */
+    if ( msticket->SessionKey.KeyType == KERB_ETYPE_NULL) {
+        LsaFreeReturnBuffer(msticket);
+        goto next_cred;
+    }
+
+    /* convert the ticket */
+    MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds);
+    LsaFreeReturnBuffer(msticket);
+    return KRB5_OK;
+}
+
+/*
+ * Requires:
+ * cursor is a krb5_cc_cursor originally obtained from
+ * krb5_lcc_start_seq_get.
+ *
+ * Modifies:
+ * id, cursor
+ *
+ * Effects:
+ * Finishes sequential processing of the file credentials ccache id,
+ * and invalidates the cursor (it must never be used after this call).
+ */
+/* ARGSUSED */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
+{
+    krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
+
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    if ( lcursor ) {
+        LsaFreeReturnBuffer(lcursor->mstgt);
+        LsaFreeReturnBuffer(lcursor->response);
+        free(*cursor);
+    }
+    *cursor = 0;
+
+    return KRB5_OK;
+}
+
+
+/*
+ * Errors:
+ * KRB5_CC_READONLY - not supported
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_generate_new (krb5_context context, krb5_ccache *id)
+{
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    return KRB5_CC_READONLY;
+}
+
+/*
+ * Requires:
+ * id is a ms lsa credential cache
+ * 
+ * Returns:
+ *   The ccname specified during the krb5_lcc_resolve call
+ */
+static const char * KRB5_CALLCONV
+krb5_lcc_get_name (krb5_context context, krb5_ccache id)
+{
+
+    if (!IsWindows2000())
+        return "";
+
+    if ( !id )
+        return "";
+
+    return (char *) ((krb5_lcc_data *) id->data)->cc_name;
+}
+
+/*
+ * Modifies:
+ * id, princ
+ *
+ * Effects:
+ * Retrieves the primary principal from id, as set with
+ * krb5_lcc_initialize.  The principal is returned is allocated
+ * storage that must be freed by the caller via krb5_free_principal.
+ *
+ * Errors:
+ * system errors
+ * KRB5_CC_NOT_KTYPE
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
+{
+    krb5_error_code kret = KRB5_OK;
+
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    /* obtain principal */
+    return krb5_copy_principal(context, ((krb5_lcc_data *) id->data)->princ, princ);
+}
+
+     
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, 
+                  krb5_creds *mcreds, krb5_creds *creds)
+{
+    krb5_error_code kret = KRB5_OK;
+    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+    KERB_EXTERNAL_TICKET *msticket = 0, *mstgt = 0;
+    krb5_creds * mcreds_noflags;
+    krb5_creds   fetchcreds;
+
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    memset(&fetchcreds, 0, sizeof(krb5_creds));
+
+    /* first try to find out if we have an existing ticket which meets the requirements */
+    kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds);
+    if ( !kret )
+        return KRB5_OK;
+    
+    /* if not, we must try to get a ticket without specifying any flags or etypes */
+    krb5_copy_creds(context, mcreds, &mcreds_noflags);
+    mcreds_noflags->ticket_flags = 0;
+    mcreds_noflags->keyblock.enctype = 0;
+
+    if (!GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId, context, mcreds_noflags, &msticket)) {
+        kret = KRB5_CC_NOTFOUND;
+        goto cleanup;
+    }
+
+    /* try again to find out if we have an existing ticket which meets the requirements */
+    kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds);
+    if ( !kret )
+        goto cleanup;
+
+    /* if not, obtain a ticket using the request flags and enctype even though it will not
+     * be stored in the LSA cache for future use.
+     */
+    if ( msticket ) {
+        LsaFreeReturnBuffer(msticket);
+        msticket = 0;
+    }
+
+    if (!GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId, context, mcreds, &msticket)) {
+        kret = KRB5_CC_NOTFOUND;
+        goto cleanup;
+    }
+
+    /* convert the ticket */
+    GetMSTGT(context, data->LogonHandle, data->PackageId, &mstgt);
+
+    MSCredToMITCred(msticket, mstgt ? mstgt->DomainName : msticket->DomainName, context, &fetchcreds);
+
+    /* check to see if this ticket matches the request using logic from
+     * krb5_cc_retrieve_cred_default()
+     */
+    if ( krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds) ) {
+        *creds = fetchcreds;
+    } else {
+        krb5_free_cred_contents(context, &fetchcreds);
+        kret = KRB5_CC_NOTFOUND;
+    }
+
+  cleanup:
+    if ( mstgt )
+        LsaFreeReturnBuffer(mstgt);
+    if ( msticket )
+        LsaFreeReturnBuffer(msticket);
+    if ( mcreds_noflags )
+        krb5_free_creds(context, mcreds_noflags);
+    return kret;
+}
+
+
+/*
+ * We can't write to the MS LSA cache.  So we request the cache to obtain a ticket for the same
+ * principal in the hope that next time the application requires a ticket for the service it
+ * is attempt to store, the retrieved ticket will be good enough.
+ *
+ * Errors:
+ * KRB5_CC_READONLY - not supported
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
+{
+    krb5_error_code kret = KRB5_OK;
+    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+    KERB_EXTERNAL_TICKET *msticket = 0;
+    krb5_creds * creds_noflags;
+
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    /* if not, we must try to get a ticket without specifying any flags or etypes */
+    krb5_copy_creds(context, creds, &creds_noflags);
+    creds_noflags->ticket_flags = 0;
+    creds_noflags->keyblock.enctype = 0;
+
+    if (GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId, context, creds_noflags, &msticket)) {
+        LsaFreeReturnBuffer(msticket);
+        return KRB5_OK;
+    }
+    return KRB5_CC_READONLY;
+}
+
+/* 
+ * The ability to remove a credential from the MS LSA cache cannot be implemented.
+ * 
+ * Errors:
+ *    KRB5_CC_READONLY: 
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+                     krb5_creds *creds)
+{
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    return KRB5_CC_READONLY;
+}
+
+
+/*
+ * Effects:
+ *   None - ignored
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
+{
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    return KRB5_OK;
+}
+
+const krb5_cc_ops krb5_lcc_ops = {
+     0,
+     "MSLSA",
+     krb5_lcc_get_name,
+     krb5_lcc_resolve,
+     krb5_lcc_generate_new,
+     krb5_lcc_initialize,
+     krb5_lcc_destroy,
+     krb5_lcc_close,
+     krb5_lcc_store,
+     krb5_lcc_retrieve,
+     krb5_lcc_get_principal,
+     krb5_lcc_start_seq_get,
+     krb5_lcc_next_cred,
+     krb5_lcc_end_seq_get,
+     krb5_lcc_remove_cred,
+     krb5_lcc_set_flags
+};
+#endif /* _WIN32 */
\ No newline at end of file
index ebd6193cd6df8cd46f7cc2321dd97317a1488a81..5ddb2cc63dc94bcd128137413030ad015b8968fc 100644 (file)
@@ -27,6 +27,7 @@
  */
 
 #include "k5-int.h"
+#include "cc-int.h"
 
 #define KRB5_OK 0
 
@@ -157,6 +158,40 @@ pref (krb5_enctype my_ktype, int nktypes, krb5_enctype *ktypes)
  * KRB5_CC_NOT_KTYPE
  */
 
+krb5_boolean
+krb5int_cc_creds_match_request(krb5_context context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds)
+{
+    if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
+                  srvname_match(context, mcreds, creds)) ||
+              standard_fields_match(context, mcreds, creds))
+             &&
+             (! set(KRB5_TC_MATCH_IS_SKEY) ||
+              mcreds->is_skey == creds->is_skey)
+             &&
+             (! set(KRB5_TC_MATCH_FLAGS_EXACT) ||
+              mcreds->ticket_flags == creds->ticket_flags)
+             &&
+             (! set(KRB5_TC_MATCH_FLAGS) ||
+              flags_match(mcreds->ticket_flags, creds->ticket_flags))
+             &&
+             (! set(KRB5_TC_MATCH_TIMES_EXACT) ||
+              times_match_exact(&mcreds->times, &creds->times))
+             &&
+             (! set(KRB5_TC_MATCH_TIMES) ||
+              times_match(&mcreds->times, &creds->times))
+             &&
+             ( ! set(KRB5_TC_MATCH_AUTHDATA) ||
+              authdata_match(mcreds->authdata, creds->authdata))
+             &&
+             (! set(KRB5_TC_MATCH_2ND_TKT) ||
+              data_match (&mcreds->second_ticket, &creds->second_ticket))
+             &&
+            ((! set(KRB5_TC_MATCH_KTYPE))||
+               (mcreds->keyblock.enctype == creds->keyblock.enctype)))
+        return TRUE;
+    return FALSE;
+}
+
 static krb5_error_code
 krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds, int nktypes, krb5_enctype *ktypes)
 {
@@ -178,34 +213,8 @@ krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id, krb5_flags whic
          return kret;
 
      while ((kret = krb5_cc_next_cred(context, id, &cursor, &fetchcreds)) == KRB5_OK) {
-        if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
-                  srvname_match(context, mcreds, &fetchcreds)) ||
-              standard_fields_match(context, mcreds, &fetchcreds))
-             &&
-             (! set(KRB5_TC_MATCH_IS_SKEY) ||
-              mcreds->is_skey == fetchcreds.is_skey)
-             &&
-             (! set(KRB5_TC_MATCH_FLAGS_EXACT) ||
-              mcreds->ticket_flags == fetchcreds.ticket_flags)
-             &&
-             (! set(KRB5_TC_MATCH_FLAGS) ||
-              flags_match(mcreds->ticket_flags, fetchcreds.ticket_flags))
-             &&
-             (! set(KRB5_TC_MATCH_TIMES_EXACT) ||
-              times_match_exact(&mcreds->times, &fetchcreds.times))
-             &&
-             (! set(KRB5_TC_MATCH_TIMES) ||
-              times_match(&mcreds->times, &fetchcreds.times))
-             &&
-             ( ! set(KRB5_TC_MATCH_AUTHDATA) ||
-              authdata_match(mcreds->authdata, fetchcreds.authdata))
-             &&
-             (! set(KRB5_TC_MATCH_2ND_TKT) ||
-              data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
-             &&
-            ((! set(KRB5_TC_MATCH_KTYPE))||
-               (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype)))
-         {
+      if (krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds))
+      {
              if (ktypes) {
                  fetched.pref = pref (fetchcreds.keyblock.enctype,
                                       nktypes, ktypes);
index ddd5e80d4bc3d2f4f9fc4be5bda55dc58690e0a3..8bb178e2ab05063089c27951dc3492aa49358f62 100644 (file)
@@ -29,6 +29,8 @@
 
 #include "k5-int.h"
 
+#include "fcc.h"
+
 struct krb5_cc_typelist
  {
   krb5_cc_ops *ops;
@@ -36,9 +38,19 @@ struct krb5_cc_typelist
  };
 extern const krb5_cc_ops krb5_mcc_ops;
 
-static struct krb5_cc_typelist cc_entry = { &krb5_mcc_ops, NULL };
+#ifdef _WIN32
+extern const krb5_cc_ops krb5_lcc_ops;
+static struct krb5_cc_typelist cc_lcc_entry = { &krb5_lcc_ops, NULL };
+static struct krb5_cc_typelist cc_mcc_entry = { &krb5_mcc_ops, &cc_lcc_entry };
+#else
+static struct krb5_cc_typelist cc_mcc_entry = { &krb5_mcc_ops, NULL };
+#endif
+
+static struct krb5_cc_typelist cc_fcc_entry = { &krb5_cc_file_ops,
+                                               &cc_mcc_entry };
+
+static struct krb5_cc_typelist *cc_typehead = &cc_fcc_entry;
 
-static struct krb5_cc_typelist *cc_typehead = &cc_entry;
 
 /*
  * Register a new credentials cache type
@@ -99,8 +111,22 @@ krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *cache)
     if (!pfx)
        return ENOMEM;
 
-    memcpy (pfx, name, pfxlen);
-    pfx[pfxlen] = '\0';
+    if ( pfxlen == 1 && isalpha(name[0]) ) {
+        /* We found a drive letter not a prefix - use FILE: */
+        pfx = strdup("FILE:");
+        if (!pfx)
+            return ENOMEM;
+
+        resid = name;
+    } else {
+        resid = name + pfxlen + 1;
+
+        pfx = malloc (pfxlen+1);
+        if (!pfx)
+            return ENOMEM;
+        memcpy (pfx, name, pfxlen);
+        pfx[pfxlen] = '\0';
+    }
 
     *cache = (krb5_ccache) 0;
 
index 71e6f9c9a59f393ddec42b3bec4b05a15a6666ad..3dfb1a32cf51813c6e009ed3ede79903da11cb43 100644 (file)
 
 #ifdef USE_LOGIN_LIBRARY
 #include "KerberosLoginPrivate.h"
+#else
+#ifdef USE_LEASH
+static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal) = NULL;
+static HANDLE hLeashDLL = INVALID_HANDLE_VALUE;
+#endif
 #endif
 
 
@@ -111,6 +116,29 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache)
                if (desiredPrincipal != nil)
                        KLDisposePrincipal (desiredPrincipal);
        }
+#else
+#ifdef USE_LEASH
+
+    if ( hLeashDLL == INVALID_HANDLE_VALUE ) {
+        hLeashDLL = LoadLibrary("leashw32.dll");
+        if ( hLeashDLL != INVALID_HANDLE_VALUE ) {
+            (FARPROC) pLeash_AcquireInitialTicketsIfNeeded =
+                GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded");
+        }
+    }
+
+    if ( pLeash_AcquireInitialTicketsIfNeeded )
+    {
+              krb5_os_context         os_ctx;
+
+        if (!context || context->magic != KV5M_CONTEXT)
+            return KV5M_CONTEXT;
+
+              os_ctx = context->os_context;
+
+        pLeash_AcquireInitialTicketsIfNeeded(context,os_ctx->default_ccprincipal);
+    }
+#endif
 #endif
 
     return krb5_cc_default (context, ccache);
index b9521624e11c96b0fdf6ec7d4b196a28a7e1da19..ba18e42bf385b6c03537c14a64508fe984f6d78c 100644 (file)
@@ -34,6 +34,7 @@ configure.in
 init_ets.c
 kdb5_err.et
 krb5_err.et
+krb524_err.et
 kv5m_err.et
 
 Things-to-lose:
index 2de7f07d25030d462f2c68d571094e8b15cb3666..c51b6c7a6cba0543ce57f13458b2290dee0acb55 100644 (file)
@@ -1,3 +1,30 @@
+2004-01-06  Jeffrey Altman <jaltman@mit.edu>
+
+    * krb5_err.et (KRB5_CC_NOSUPP) new ccache error code
+
+2003-12-12  Jeffrey Altman <jaltman@mit.edu>
+
+    * krb5_err.et (KRB5_CC_READONLY) new ccache error code
+
+2003-07-19  Ezra Peisach  <epeisach@mit.edu>
+
+       * init_ets.c (krb5_init_ets): Only initialize error tables once -
+       so that init_conext/free_context loops do not result in memory
+       leaks.
+
+2003-06-03  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb5_err.et (KRB5_ERR_NO_SERVICE): New error code.
+
+2003-05-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb524_err.et: New file, moved from ../../../krb524.  Add new
+       error code KRB524_KRB4_DISABLED.
+       * Makefile.in (STLIBOBJS, HDRS, OBJS, ETSRCS, SRCS, awk-windows):
+       Add it.
+       ($(OUTPRE)krb524_err.$(OBJEXT)): List dependence on .c file.
+       * init_ets.c (krb5_init_ets): Call initialize_k524_error_table.
+
 2003-03-04  Ken Raeburn  <raeburn@mit.edu>
 
        * krb5_err.et (KRB5_ERR_BAD_S2K_PARAMS): New error code.
index da1f7706720e643fd68709e756044d3dc3051f07..0192f79f01b1d5860c1a515f5d384de9b5084736 100644 (file)
@@ -12,13 +12,14 @@ THDRDIR=$(BUILDTOP)$(S)include
 EHDRDIR=$(BUILDTOP)$(S)include$(S)krb5
 
 STLIBOBJS= asn1_err.o kdb5_err.o krb5_err.o \
-      kv5m_err.o init_ets.o
+      kv5m_err.o krb524_err.o init_ets.o
 
-HDRS= asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h
+HDRS= asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h
 OBJS= $(OUTPRE)asn1_err.$(OBJEXT) $(OUTPRE)kdb5_err.$(OBJEXT) $(OUTPRE)krb5_err.$(OBJEXT) \
-      $(OUTPRE)kv5m_err.$(OBJEXT) $(OUTPRE)init_ets.$(OBJEXT)
-ETSRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c
-SRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c \
+      $(OUTPRE)kv5m_err.$(OBJEXT) $(OUTPRE)krb524_err.$(OBJEXT) \
+      $(OUTPRE)init_ets.$(OBJEXT)
+ETSRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c krb524_err.c
+SRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c krb524_err.c \
        $(srcdir)/init_ets.c
 
 ##DOS##LIBOBJS = $(OBJS)
@@ -40,14 +41,17 @@ awk-windows:
        $(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=kdb5_err.h kdb5_err.et
        $(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=krb5_err.h krb5_err.et
        $(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=kv5m_err.h kv5m_err.et
+       $(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=krb524_err.h krb524_err.et
        $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=asn1_err.c asn1_err.et
        $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=kdb5_err.c kdb5_err.et
        $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=krb5_err.c krb5_err.et
        $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=kv5m_err.c kv5m_err.et
+       $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=krb524_err.c krb524_err.et
        if exist asn1_err.h copy asn1_err.h "$(EHDRDIR)"
        if exist kdb5_err.h copy kdb5_err.h "$(EHDRDIR)"
        if exist krb5_err.h copy krb5_err.h "$(EHDRDIR)"
        if exist kv5m_err.h copy kv5m_err.h "$(EHDRDIR)"
+       if exist krb524_err.h copy krb524_err.h "$(EHDRDIR)"
 
 #
 # dependencies for traditional makes
@@ -56,6 +60,7 @@ $(OUTPRE)asn1_err.$(OBJEXT): asn1_err.c
 $(OUTPRE)kdb5_err.$(OBJEXT): kdb5_err.c
 $(OUTPRE)krb5_err.$(OBJEXT): krb5_err.c
 $(OUTPRE)kv5m_err.$(OBJEXT): kv5m_err.c
+$(OUTPRE)krb524_err.$(OBJEXT): krb524_err.c
 
 clean-unix:: clean-libobjs
        $(RM) $(HDRS) $(ETSRCS)
@@ -71,9 +76,10 @@ asn1_err.so asn1_err.po $(OUTPRE)asn1_err.$(OBJEXT): asn1_err.c $(COM_ERR_DEPS)
 kdb5_err.so kdb5_err.po $(OUTPRE)kdb5_err.$(OBJEXT): kdb5_err.c $(COM_ERR_DEPS)
 krb5_err.so krb5_err.po $(OUTPRE)krb5_err.$(OBJEXT): krb5_err.c $(COM_ERR_DEPS)
 kv5m_err.so kv5m_err.po $(OUTPRE)kv5m_err.$(OBJEXT): kv5m_err.c $(COM_ERR_DEPS)
+krb524_err.so krb524_err.po $(OUTPRE)krb524_err.$(OBJEXT): krb524_err.c $(COM_ERR_DEPS)
 init_ets.so init_ets.po $(OUTPRE)init_ets.$(OBJEXT): init_ets.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 
index 0ac810abe68cfd1b0f550b033a559e131c9c0875..56a750e75109ded310620ec61bd52299113692fa 100644 (file)
 void
 krb5_init_ets (krb5_context context)
 {
-    initialize_krb5_error_table();
-    initialize_kv5m_error_table();
-    initialize_kdb5_error_table();
-    initialize_asn1_error_table();
+    static int inited = 0;
+
+    if (inited == 0) {
+           initialize_krb5_error_table();
+           initialize_kv5m_error_table();
+           initialize_kdb5_error_table();
+           initialize_asn1_error_table();
+           initialize_k524_error_table();
+           inited++;
+    }
 }
 
 void
similarity index 95%
rename from src/krb524/krb524_err.et
rename to src/lib/krb5/error_tables/krb524_err.et
index 471252e569123ee60f1a6e4c68321206aa4037b3..5a4a004c7723adbcabd6a2005cb2139703dff640 100644 (file)
@@ -29,5 +29,6 @@ error_code KRB524_V4ERR, "Kerberos V4 error"
 error_code KRB524_ENCFULL, "Encoding too large"
 error_code KRB524_DECEMPTY, "Decoding out of data"
 error_code KRB524_NOTRESP, "Service not responding"
+error_code KRB524_KRB4_DISABLED,       "Kerberos version 4 support is disabled"
 
 end
index b401c92bf2905337acbd71a2c146b92c7d58fe51..b03d3769d94f18b827462615d44b69cffe3ba217 100644 (file)
@@ -336,4 +336,8 @@ error_code KRB5_ERR_NUMERIC_REALM, "Cannot determine realm for numeric host addr
 
 error_code KRB5_ERR_BAD_S2K_PARAMS, "Invalid key generation parameters from KDC"
 
+error_code KRB5_ERR_NO_SERVICE,        "service not available"
+
+error_code KRB5_CC_READONLY,    "Ccache function not supported: read-only ccache type"
+error_code KRB5_CC_NOSUPP,      "Ccache function not supported: not implemented"
 end
index ef0e702f175ae4f375a43201d085c76d482f0260..ab8200d40304c0c4e5a2730c17a8cae0dde2fff4 100644 (file)
@@ -1,3 +1,42 @@
+2004-04-13  Jeffrey Altman <jaltman@mit.edu>
+
+    * ktbase.c:
+      Since we have to reserve all the single letter
+      prefixes make them apply to all platforms
+
+2004-04-13  Jeffrey Altman <jaltman@mit.edu>
+
+    * ktbase.c:  On Windows, improve the treat drive letter
+      prefix string as a FILE: keytab change to work if the
+      default keytab type was changed to not be of type FILE:
+
+2004-04-08  Jeffrey Altman <jaltman@mit.edu>
+
+    * ktbase.c:  Restore the thread safety fixes
+
+2004-04-08  Jeffrey Altman <jaltman@mit.edu>
+
+    * ktbase.c:  On Windows, if we see a colon do not assume it means
+      we found a prefix string unless the length of the prefix is 
+      not equal to one.  If it is one, it means we found a drive letter
+      and not a prefix.  
+
+2003-05-22  Tom Yu  <tlyu@mit.edu>
+
+       * kt_file.c (krb5_ktfile_get_entry): Check principal name prior to
+       checking enctype.  Suggested by Wyllys Ingersoll.
+
+2003-05-19  Sam Hartman  <hartmans@mit.edu>
+
+       * ktbase.c: Register writable keytab by default
+
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kt_file.c (krb5_ktfileint_internal_read_entry): Use
+       krb5_princ_size instead of direct field access.
+       (krb5_ktfileint_write_entry, krb5_ktfileint_size_entry):
+       Likewise.
+
 2003-02-08  Tom Yu  <tlyu@mit.edu>
 
        * kt_file.c (krb5_ktfile_get_entry): Fix comment; not going to
index 545cd27849c26d65796d350d4836065c8e06311b..731c34beb95cf1bfa4ceb3b5766bd7a54dabbdfc 100644 (file)
@@ -64,47 +64,47 @@ clean-windows::
 #
 ktadd.so ktadd.po $(OUTPRE)ktadd.$(OBJEXT): ktadd.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ktbase.so ktbase.po $(OUTPRE)ktbase.$(OBJEXT): ktbase.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ktdefault.so ktdefault.po $(OUTPRE)ktdefault.$(OBJEXT): ktdefault.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ktfr_entry.so ktfr_entry.po $(OUTPRE)ktfr_entry.$(OBJEXT): ktfr_entry.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ktremove.so ktremove.po $(OUTPRE)ktremove.$(OBJEXT): ktremove.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ktfns.so ktfns.po $(OUTPRE)ktfns.$(OBJEXT): ktfns.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 kt_file.so kt_file.po $(OUTPRE)kt_file.$(OBJEXT): kt_file.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 kt_srvtab.so kt_srvtab.po $(OUTPRE)kt_srvtab.$(OBJEXT): kt_srvtab.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 read_servi.so read_servi.po $(OUTPRE)read_servi.$(OBJEXT): read_servi.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 
index 9e4f15aa7de5d9863af190b6a263eb49cdf48964..3175de75185aa1870388a55f4b8df01d2d09dedb 100644 (file)
@@ -258,6 +258,14 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal
           and copy new_entry there, or free new_entry.  Otherwise, it
           leaks. */
 
+       /* if the principal isn't the one requested, free new_entry
+          and continue to the next. */
+
+       if (!krb5_principal_compare(context, principal, new_entry.principal)) {
+           krb5_kt_free_entry(context, &new_entry);
+           continue;
+       }
+
        /* if the enctype is not ignored and doesn't match, free new_entry
           and continue to the next */
 
@@ -281,14 +289,6 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal
 
        }
 
-       /* if the principal isn't the one requested, free new_entry
-          and continue to the next. */
-
-       if (!krb5_principal_compare(context, principal, new_entry.principal)) {
-           krb5_kt_free_entry(context, &new_entry);
-           continue;
-       }
-
        if (kvno == IGNORE_VNO) {
            /* if this is the first match, or if the new vno is
               bigger, free the current and keep the new.  Otherwise,
@@ -1324,7 +1324,7 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke
     return 0;
 fail:
     
-    for (i = 0; i < ret_entry->principal->length; i++) {
+    for (i = 0; i < krb5_princ_size(context, ret_entry->principal); i++) {
            princ = krb5_princ_component(context, ret_entry->principal, i);
            if (princ->data)
                    free(princ->data);
@@ -1375,9 +1375,9 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent
     }
 
     if (KTVERSION(id) == KRB5_KT_VNO_1) {
-           count = (krb5_int16) entry->principal->length + 1;
+           count = (krb5_int16) krb5_princ_size(context, entry->principal) + 1;
     } else {
-           count = htons((u_short) entry->principal->length);
+           count = htons((u_short) krb5_princ_size(context, entry->principal));
     }
     
     if (!xfwrite(&count, sizeof(count), 1, KTFILEP(id))) {
@@ -1396,7 +1396,7 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent
            goto abend;
     }
 
-    count = (krb5_int16) entry->principal->length;
+    count = (krb5_int16) krb5_princ_size(context, entry->principal);
     for (i = 0; i < count; i++) {
        princ = krb5_princ_component(context, entry->principal, i);
        size = princ->length;
@@ -1494,7 +1494,7 @@ krb5_ktfileint_size_entry(krb5_context context, krb5_keytab_entry *entry, krb5_i
     krb5_int32 total_size, i;
     krb5_error_code retval = 0;
 
-    count = (krb5_int16) entry->principal->length;
+    count = (krb5_int16) krb5_princ_size(context, entry->principal);
         
     total_size = sizeof(count);
     total_size += krb5_princ_realm(context, entry->principal)->length + (sizeof(krb5_int16));
index 41f473d47ceaa80976b823922a9bc3cebc2f5103..a03379d58341d5046b707dc4e16e39e4ec190029 100644 (file)
 #include "k5-int.h"
 
 extern const krb5_kt_ops krb5_ktf_ops;
+extern const krb5_kt_ops krb5_ktf_writable_ops;
 extern const krb5_kt_ops krb5_kts_ops;
 
 struct krb5_kt_typelist {
     const krb5_kt_ops *ops;
     struct krb5_kt_typelist *next;
 };
+static struct krb5_kt_typelist krb5_kt_typelist_wrfile  = {
+    &krb5_ktf_writable_ops,
+    0
+};
 static struct krb5_kt_typelist krb5_kt_typelist_file  = {
     &krb5_ktf_ops,
-    0
+    &krb5_kt_typelist_wrfile
 };
 static struct krb5_kt_typelist krb5_kt_typelist_srvtab = {
     &krb5_kts_ops,
@@ -93,14 +98,31 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid)
     }
 
     pfxlen = cp - name;
-    resid = name + pfxlen + 1;
+
+#if defined(_WIN32)
+    if ( pfxlen == 1 ) {
+        /* We found a drive letter not a prefix */
+        return (*krb5_kt_dfl_ops.resolve)(context, name, ktid);
+    }
+#endif
+
+    if ( pfxlen == 1 && isalpha(name[0]) ) {
+        /* We found a drive letter not a prefix - use FILE: */
+        pfx = strdup("FILE:");
+        if (!pfx)
+            return ENOMEM;
+
+        resid = name;
+    } else {
+        resid = name + pfxlen + 1;
        
-    pfx = malloc (pfxlen+1);
-    if (!pfx)
-       return ENOMEM;
+        pfx = malloc (pfxlen+1);
+        if (!pfx)
+            return ENOMEM;
 
-    memcpy (pfx, name, pfxlen);
-    pfx[pfxlen] = '\0';
+        memcpy (pfx, name, pfxlen);
+        pfx[pfxlen] = '\0';
+    }
 
     *ktid = (krb5_keytab) 0;
 
index 7457c840786ba0655c330b63badcef22d86787d3..a2ab3a0d09ce3dfd55a1ea55cd2564f001ccf839 100644 (file)
@@ -37,6 +37,7 @@ chk_trans.c
 cleanup.h
 configure
 configure.in
+conv_creds.c
 conv_princ.c
 copy_addrs.c
 copy_athctr.c
@@ -60,8 +61,6 @@ gen_seqnum.c
 gen_subkey.c
 get_creds.c
 get_in_tkt.c
-in_tkt_ktb.c
-in_tkt_pwd.c
 in_tkt_sky.c
 init_ctx.c
 int-proto.h
@@ -106,6 +105,7 @@ t_ref_kerb.out
 t_ser.c
 tgtname.c
 unparse.c
+v4lifetime.c
 valid_times.c
 walk_rtree.c
 
index c936ca4fd6504acdec007584f52a704e6282c0fe..274245a3fbe9a66b098e855f24fb51001f6c679e 100644 (file)
@@ -1,3 +1,328 @@
+2004-05-12  Jeffrey Altman <jaltman@mit.edu>
+
+    * send_tgs.c: krb5_send_tgs() was broken in the case of a KRB_ERROR
+      message.  The krb5_response message_type field was never set 
+      resulting in stack garbage being used instead.  This would 
+      break code which used transitive cross-realm to obtain service
+      tickets.
+
+2004-04-15  Sam Hartman  <hartmans@mit.edu>
+
+       * gic_pwd.c (krb5_get_init_creds_password): Free the as reply in
+       the !use_master case  (Thanks to Lijian Liu)
+
+2004-02-06  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * init_ctx.c (DEFAULT_ETYPE_LIST): Include aes128-cts
+
+2003-12-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * mk_req_ext.c (krb5int_generate_and_save_subkey): New function,
+       split out from krb5_mk_req_extended.
+       (krb5_mk_req_extended): Call it.
+       * mk_rep.c (krb5_mk_rep): If KRB5_AUTH_CONTEXT_USE_SUBKEY flag is
+       set, call krb5int_generate_and_save_subkey to set up a new subkey
+       to send to the client.
+
+       * serialize.c (krb5_ser_pack_int64, krb5_ser_unpack_int64): New
+       functions.
+
+2003-10-30  Tom Yu  <tlyu@mit.edu>
+
+       * gen_seqnum.c (krb5_generate_seq_number): Fix mask; was short by
+       4 bits.
+
+2003-10-08  Tom Yu  <tlyu@mit.edu>
+
+       * rd_safe.c (krb5_rd_safe_basic): Save the encoded KRB-SAFE-BODY
+       to avoid trouble caused by re-encoding.  Also, handle correctly
+       implemented RFC 1510 KRB-SAFE, i.e., checksummed over
+       KRB-SAFE-BODY only.
+
+2003-09-02  Tom Yu  <tlyu@mit.edu>
+
+       * conv_creds.c (krb524_convert_creds_plain): Apply patch from
+       Cesar Garcia to fix lifetime computation.
+
+2003-08-19  SamHartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * rd_cred.c (decrypt_credencdata): Don't double free credentials.
+
+2003-08-08  Tom Yu  <tlyu@mit.edu>
+
+       * gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is
+       turned off, the second call to get_init_creds() will fail with
+       KRB5_REALM_UNKNOWN under certain circumstances.  If that happens,
+       return the error from the first call to get_init_creds(), which
+       will be more useful to the user.
+
+2003-07-22  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * preauth2.c (krb5_do_preauth): Use the etype_info2 decoder for decoding etype_info2
+       (krb5_do_preauth): If an invalid encoding of etype_info or
+       etype_info2 is received, ignore it rather  than failing the request
+
+2003-07-09  Alexandra Ellwood  <lxs@mit.edu>
+
+        * init_ctx.c: Export krb5_get_permitted_enctypes for Samba.
+
+2003-06-27  Tom Yu  <tlyu@mit.edu>
+
+       * gic_keytab.c (krb5_get_in_tkt_with_keytab): Pass (void*)keytab,
+       not &keytab, to get_init_creds.  Thanks to Herb Lewis.
+
+2003-06-16  Sam Hartman  <hartmans@mit.edu>
+
+       * fwd_tgt.c (krb5_fwd_tgt_creds): Set use_conf_ktypes to true while getting the TGT key
+
+2003-06-13  Tom Yu  <tlyu@mit.edu>
+
+       * rd_rep.c (krb5_rd_rep): Free subkeys before replacing them, if
+       needed.  This avoids a memory leak.
+
+2003-06-11  Tom Yu  <tlyu@mit.edu>
+
+       * srv_rcache.c (krb5_get_server_rcache): Octal escapes begin with
+       hyphen now, since backslash is a pathname separator on DOS.
+
+2003-06-06  Sam Hartman  <hartmans@mit.edu>
+
+       * get_in_tkt.c (krb5_get_init_creds): Mask out renewable_ok if the
+       request is for a renewable ticket with rtime greater than till 
+
+2003-06-06  Ezra Peisach  <epeisach@mit.edu>
+
+       * mk_req_ext.c (krb5_generate_authenticator): Sequence numbers are
+       unsigned now.
+
+2003-05-30  Ken Raeburn  <raeburn@mit.edu>
+
+       * get_in_tkt.c (krb5_get_init_creds): Change hardcoded default
+       ticket lifetime from 10 hours to 24 hours.
+
+       * init_ctx.c (DEFAULT_KDC_TIMESYNC): Define as 1 always.
+       (DEFAULT_CCACHE_TYPE): Define as 4 always.
+
+2003-05-30  Alexandra Ellwood <lxs@mit.edu>
+
+       * get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime
+       of tickets whose request options included KDC_OPT_RENEWABLE_OK
+       if those options did not also include KDC_OPT_RENEWABLE.   Otherwise 
+       verify_as_reply() will fail for all renewable tickets.
+
+2003-05-27  Ken Raeburn  <raeburn@mit.edu>
+
+       * conv_creds.c: Enable support on Windows always.
+       (krb5_524_convert_creds): Renamed from krb524_convert_creds_kdc.
+       (krb524_convert_creds_kdc, krb524_init_ets) [!_WIN32]: Backwards
+       compatibility functions.
+
+2003-05-27  Sam Hartman  <hartmans@mit.edu>
+
+       * gic_keytab.c (krb5_get_in_tkt_with_keytab): as below
+
+       * gic_pwd.c (krb5_get_in_tkt_with_password): Store client and
+       server principals to avoid memory leak  
+
+2003-05-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * conv_creds.c: New file, moved from krb524/conv_creds.c and
+       krb524/encode.c.  Rename exported encode routine, make other
+       encode and decode routines static.  If KRB5_KRB4_COMPAT is not
+       defined, return an error.
+       * v4lifetime.c: New file, moved from lib/krb4/lifetime.c.  Renamed
+       functions, changed interface to use krb5 types.
+       * Makefile.in (STLIBOBJS, OBJS, SRCS): Add them.
+
+2003-05-23  Sam Hartman  <hartmans@mit.edu>
+
+       * get_in_tkt.c (krb5_get_init_creds): Initialize options based on
+       context.kdc_default_options 
+
+2003-05-22  Tom Yu  <tlyu@mit.edu>
+
+       * gen_seqnum.c (krb5_generate_seq_number): Fix think-o on sequence
+       number mask.
+
+       * auth_con.c (krb5int_auth_con_chkseqnum): New function; implement
+       heuristic for broken Heimdal sequence number encoding.
+       (chk_heimdal_seqnum): Auxiliary function for above.
+
+       * auth_con.h: Add flags for sequence number heuristic.
+
+       * rd_priv.c: Use krb5int_auth_con_chkseqnum.
+
+       * rd_safe.c: Use krb5int_auth_con_chkseqnum.
+
+2003-05-22  Sam Hartman  <hartmans@mit.edu>
+
+       * gic_pwd.c (krb5int_populate_gic_opt): returns void
+
+2003-05-21  Tom Yu  <tlyu@mit.edu>
+
+       * gic_pwd.c (krb5_get_in_tkt_with_password): Set pw0.length
+       correctly if a password is passed in.
+
+2003-05-20  Sam Hartman  <hartmans@mit.edu>
+
+       * Makefile.in (SRCS): Remove in_ktb.c
+
+       * gic_keytab.c (krb5_get_in_tkt_with_keytab): Move from
+       in_tkt_keytab.c and rewrite to use krb5_get_init_creds 
+
+       * gic_pwd.c (krb5_get_in_tkt_with_password): Moved here from
+       in_tkt_pwd.c so it can share code with
+       krb5_get_init_creds_password.  Rewritten to call
+       krb5_get_in_tkt_password 
+
+       * Makefile.in (SRCS): Delete in_tkt_pwd.c
+
+2003-05-18  Tom Yu  <tlyu@mit.edu>
+
+       * auth_con.h: Sequence numbers are now unsigned.
+
+       * gen_seqnum.c (krb5_generate_seq_number): Constrain initial
+       sequence number space to facilitate backwards compatibility.
+
+2003-05-16  Ken Raeburn  <raeburn@mit.edu>
+
+       * chpw.c (krb5int_rd_chpw_rep): Allow new kpasswd error codes up
+       through _INITIAL_FLAG_NEEDED.
+
+2003-05-13  Sam Hartman  <hartmans@mit.edu>
+
+       * fwd_tgt.c (krb5_fwd_tgt_creds): Try with no specified enctype if
+       forwarding a specific enctype fails. l
+
+       * get_in_tkt.c (krb5_get_init_creds): Free s2kparams
+
+       * preauth2.c (krb5_do_preauth): Fix memory management
+       (pa_salt): Use copy_data_contents
+
+       * copy_data.c (krb5int_copy_data_contents): New function
+
+2003-05-09  Sam Hartman  <hartmans@mit.edu>
+
+       * preauth2.c: Patch from Sun to reorganize code   for handling
+       etype_info requests.  More efficient  and easier to implement etype_info2
+       (krb5_do_preauth): Support enctype_info2
+
+2003-05-08  Sam Hartman  <hartmans@mit.edu>
+
+       * preauth2.c: Add s2kparams to the declaration of a preauth
+       function, to every instance of a preauth function and to every
+       call to gak_fct 
+
+       * get_in_tkt.c (krb5_get_init_creds): Add s2kparams support
+
+       * gic_keytab.c (krb5_get_as_key_keytab): Add s2kparams
+
+       * gic_pwd.c (krb5_get_as_key_password): Add s2kparams support
+
+2003-05-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * init_ctx.c (init_common): Copy tgs_ktypes array to
+       conf_tgs_ktypes.  Clear use_conf_ktypes.
+       (krb5_free_context): Free conf_tgs_ktypes.
+       (krb5_get_tgs_ktypes): Use use_conf_ktypes to choose between
+       tgs_ktypes and conf_tgs_ktypes.
+
+       * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Set use_conf_ktypes
+       in context to 1 for all operations except the acquisition of the
+       desired service ticket.
+
+2003-05-09  Tom Yu  <tlyu@mit.edu>
+
+       * auth_con.c (krb5_auth_con_setsendsubkey) 
+       (krb5_auth_con_setrecvsubkey, krb5_auth_con_getsendsubkey) 
+       (krb5_auth_con_getrecvsubkey): New functions.  Set or retrieve
+       subkeys from an auth_context.
+       (krb5_auth_con_getlocalsubkey, krb5_auth_con_getremotesubkey):
+       Reimplement in terms of the above.
+
+       * auth_con.h, ser_actx.c: Rename {local,remote}_subkey ->
+       {send,recv}_subkey.
+
+       * chpw.c (krb5int_rd_chpw_rep): Save send_subkey prior to rd_rep;
+       use saved send_subkey to smash recv_subkey obtained from rd_rep.
+
+       * mk_req_ext.c (krb5_mk_req_extended): Rename
+       {local,remote}_subkey -> {send,recv}_subkey.  Set both subkeys if
+       subkey generation is requested.
+
+       * mk_cred.c, mk_priv.c, mk_safe.c: Rename {local,remote}_subkey ->
+       {send,recv}_subkey.  Use either send_subkey or keyblock, in that
+       order.
+
+       * rd_cred.c, rd_priv.c, rd_safe.c: Rename {local,remote}_subkey ->
+       {send,recv}_subkey.  Use either recv_subkey or keyblock, in that
+       order.
+
+       * rd_rep.c (krb5_rd_rep): Rename {local,remote}_subkey ->
+       {send,recv}_subkey.  Set both subkeys if a subkey is present in
+       the AP-REP message.
+
+       * rd_req_dec.c (krb5_rd_req_decoded_opt): Rename
+       {local,remote}_subkey -> {send,recv}_subkey.  Set both subkeys if
+       a subkey is present in the AP-REQ message.
+
+2003-05-06  Sam Hartman  <hartmans@mit.edu>
+
+       * kfree.c (krb5_free_etype_info): Free s2kparams
+
+2003-04-27  Sam Hartman  <hartmans@mit.edu>
+
+       * chpw.c (krb5int_setpw_result_code_string): Make internal 
+
+2003-04-25  Sam Hartman  <hartmans@mit.edu>
+
+       * chpw.c (krb5int_rd_setpw_rep): Fix error handling; allow
+       krberrors to be read correctly; fix memory alloctaion so that
+       allocated structures are freed. 
+
+2003-04-24  Ezra Peisach  <epeisach@mit.edu>
+
+       * kfree.c (krb5_free_pwd_sequences): Correction to previous
+       fix. Free contents of krb5_data - not just the pointer.
+
+2003-04-23  Ezra Peisach  <epeisach@mit.edu>
+
+       * kfree.c (krb5_free_pwd_sequences): Actually free the entire
+       sequence of passwd_phase_elements and not just the first one.
+
+2003-04-16  Sam Hartman  <hartmans@mit.edu>
+
+       * chpw.c (krb5int_mk_setpw_req): Use encode_krb5_setpw_req.  Fix
+       memory handling to free data that is allocated  
+
+2003-04-15  Sam Hartman  <hartmans@mit.edu>
+
+       * chpw.c (krb5int_mk_setpw_req krb5int_rd_setpw_rep): New function
+
+2003-04-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * init_ctx.c (DEFAULT_ETYPE_LIST): Add AES with 256 bits at the
+       front of the list.  No 128-bit support by defaut.
+
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Check principal name
+       length before examining components.
+
+       * parse.c (krb5_parse_name): Double-check principal name length
+       before filling in components.
+
+       * srv_rcache.c (krb5_get_server_rcache): Check for null pointer
+       supplied in place of name.
+
+       * unparse.c (krb5_unparse_name_ext): Don't move buffer pointer
+       backwards if nothing has been put into the buffer yet.
+
+2003-04-01  Sam Hartman  <hartmans@mit.edu>
+
+       * rd_req.c (krb5_rd_req): If AUTH_CONTEXT_DO_TIME is cleared,
+       don't set up a replay cache. 
+
 2003-03-08  Ezra Peisach  <epeisach@mit.edu>
 
        * t_kerb.c: Only include krb.h if krb4 support compiled in,
index 18627b12a303097d05b18c7fff35ed9c5518b28d..b703e56aa8c13930a30ec2ca2a78b2d777dd9514 100644 (file)
@@ -23,6 +23,7 @@ STLIBOBJS= \
        bld_princ.o     \
        chk_trans.o     \
        chpw.o          \
+       conv_creds.o    \
        conv_princ.o    \
        copy_addrs.o    \
        copy_auth.o     \
@@ -51,8 +52,6 @@ STLIBOBJS= \
        gic_keytab.o    \
        gic_opt.o       \
        gic_pwd.o       \
-       in_tkt_ktb.o    \
-       in_tkt_pwd.o    \
        in_tkt_sky.o    \
        init_ctx.o      \
        init_keyblock.o \
@@ -95,6 +94,7 @@ STLIBOBJS= \
        str_conv.o      \
        tgtname.o       \
        unparse.o       \
+       v4lifetime.o    \
        valid_times.o   \
        vfy_increds.o   \
        vic_opt.o       \
@@ -109,6 +109,7 @@ OBJS=       $(OUTPRE)addr_comp.$(OBJEXT)    \
        $(OUTPRE)bld_princ.$(OBJEXT)    \
        $(OUTPRE)chk_trans.$(OBJEXT)    \
        $(OUTPRE)chpw.$(OBJEXT)         \
+       $(OUTPRE)conv_creds.$(OBJEXT)   \
        $(OUTPRE)conv_princ.$(OBJEXT)   \
        $(OUTPRE)copy_addrs.$(OBJEXT)   \
        $(OUTPRE)copy_auth.$(OBJEXT)    \
@@ -137,8 +138,6 @@ OBJS=       $(OUTPRE)addr_comp.$(OBJEXT)    \
        $(OUTPRE)gic_keytab.$(OBJEXT)   \
        $(OUTPRE)gic_opt.$(OBJEXT)      \
        $(OUTPRE)gic_pwd.$(OBJEXT)      \
-       $(OUTPRE)in_tkt_ktb.$(OBJEXT)   \
-       $(OUTPRE)in_tkt_pwd.$(OBJEXT)   \
        $(OUTPRE)in_tkt_sky.$(OBJEXT)   \
        $(OUTPRE)init_ctx.$(OBJEXT)     \
        $(OUTPRE)init_keyblock.$(OBJEXT) \
@@ -181,6 +180,7 @@ OBJS=       $(OUTPRE)addr_comp.$(OBJEXT)    \
        $(OUTPRE)str_conv.$(OBJEXT)     \
        $(OUTPRE)tgtname.$(OBJEXT)      \
        $(OUTPRE)unparse.$(OBJEXT)      \
+       $(OUTPRE)v4lifetime.$(OBJEXT)   \
        $(OUTPRE)valid_times.$(OBJEXT)  \
        $(OUTPRE)vfy_increds.$(OBJEXT)  \
        $(OUTPRE)vic_opt.$(OBJEXT)      \
@@ -196,6 +196,7 @@ SRCS=       $(srcdir)/addr_comp.c   \
        $(srcdir)/brand.c       \
        $(srcdir)/chk_trans.c   \
        $(srcdir)/chpw.c        \
+       $(srcdir)/conv_creds.c  \
        $(srcdir)/conv_princ.c  \
        $(srcdir)/copy_addrs.c  \
        $(srcdir)/copy_auth.c   \
@@ -224,8 +225,6 @@ SRCS=       $(srcdir)/addr_comp.c   \
        $(srcdir)/gic_keytab.c  \
        $(srcdir)/gic_opt.c     \
        $(srcdir)/gic_pwd.c     \
-       $(srcdir)/in_tkt_ktb.c  \
-       $(srcdir)/in_tkt_pwd.c  \
        $(srcdir)/in_tkt_sky.c  \
        $(srcdir)/init_ctx.c    \
        $(srcdir)/init_keyblock.c \
@@ -268,6 +267,7 @@ SRCS=       $(srcdir)/addr_comp.c   \
        $(srcdir)/str_conv.c    \
        $(srcdir)/tgtname.c     \
        $(srcdir)/unparse.c     \
+       $(srcdir)/v4lifetime.c  \
        $(srcdir)/valid_times.c \
        $(srcdir)/vfy_increds.c \
        $(srcdir)/vic_opt.c     \
@@ -367,449 +367,482 @@ clean::
 #
 addr_comp.so addr_comp.po $(OUTPRE)addr_comp.$(OBJEXT): addr_comp.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 addr_order.so addr_order.po $(OUTPRE)addr_order.$(OBJEXT): addr_order.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 addr_srch.so addr_srch.po $(OUTPRE)addr_srch.$(OBJEXT): addr_srch.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 appdefault.so appdefault.po $(OUTPRE)appdefault.$(OBJEXT): appdefault.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 auth_con.so auth_con.po $(OUTPRE)auth_con.$(OBJEXT): auth_con.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h auth_con.h
+  auth_con.h
 bld_pr_ext.so bld_pr_ext.po $(OUTPRE)bld_pr_ext.$(OBJEXT): bld_pr_ext.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 bld_princ.so bld_princ.po $(OUTPRE)bld_princ.$(OBJEXT): bld_princ.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 brand.so brand.po $(OUTPRE)brand.$(OBJEXT): brand.c
 chk_trans.so chk_trans.po $(OUTPRE)chk_trans.$(OBJEXT): chk_trans.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 chpw.so chpw.po $(OUTPRE)chpw.$(OBJEXT): chpw.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/krb5_err.h \
-  auth_con.h
-conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5_err.h auth_con.h
+conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): conv_creds.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+  $(KRB_ERR_H_DEP)
+conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 copy_addrs.so copy_addrs.po $(OUTPRE)copy_addrs.$(OBJEXT): copy_addrs.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 copy_auth.so copy_auth.po $(OUTPRE)copy_auth.$(OBJEXT): copy_auth.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 copy_athctr.so copy_athctr.po $(OUTPRE)copy_athctr.$(OBJEXT): copy_athctr.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 copy_cksum.so copy_cksum.po $(OUTPRE)copy_cksum.$(OBJEXT): copy_cksum.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 copy_creds.so copy_creds.po $(OUTPRE)copy_creds.$(OBJEXT): copy_creds.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 copy_data.so copy_data.po $(OUTPRE)copy_data.$(OBJEXT): copy_data.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 copy_key.so copy_key.po $(OUTPRE)copy_key.$(OBJEXT): copy_key.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 copy_princ.so copy_princ.po $(OUTPRE)copy_princ.$(OBJEXT): copy_princ.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 copy_tick.so copy_tick.po $(OUTPRE)copy_tick.$(OBJEXT): copy_tick.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 cp_key_cnt.so cp_key_cnt.po $(OUTPRE)cp_key_cnt.$(OBJEXT): cp_key_cnt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 decode_kdc.so decode_kdc.po $(OUTPRE)decode_kdc.$(OBJEXT): decode_kdc.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 decrypt_tk.so decrypt_tk.po $(OUTPRE)decrypt_tk.$(OBJEXT): decrypt_tk.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 deltat.so deltat.po $(OUTPRE)deltat.$(OBJEXT): deltat.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 enc_helper.so enc_helper.po $(OUTPRE)enc_helper.$(OBJEXT): enc_helper.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 encode_kdc.so encode_kdc.po $(OUTPRE)encode_kdc.$(OBJEXT): encode_kdc.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 encrypt_tk.so encrypt_tk.po $(OUTPRE)encrypt_tk.$(OBJEXT): encrypt_tk.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 free_rtree.so free_rtree.po $(OUTPRE)free_rtree.$(OBJEXT): free_rtree.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 fwd_tgt.so fwd_tgt.po $(OUTPRE)fwd_tgt.$(OBJEXT): fwd_tgt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 gc_frm_kdc.so gc_frm_kdc.po $(OUTPRE)gc_frm_kdc.$(OBJEXT): gc_frm_kdc.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 gc_via_tkt.so gc_via_tkt.po $(OUTPRE)gc_via_tkt.$(OBJEXT): gc_via_tkt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 gen_seqnum.so gen_seqnum.po $(OUTPRE)gen_seqnum.$(OBJEXT): gen_seqnum.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 gen_subkey.so gen_subkey.po $(OUTPRE)gen_subkey.$(OBJEXT): gen_subkey.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 get_creds.so get_creds.po $(OUTPRE)get_creds.$(OBJEXT): get_creds.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 get_in_tkt.so get_in_tkt.po $(OUTPRE)get_in_tkt.$(OBJEXT): get_in_tkt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h $(srcdir)/../os/os-proto.h
+  int-proto.h $(srcdir)/../os/os-proto.h
 gic_keytab.so gic_keytab.po $(OUTPRE)gic_keytab.$(OBJEXT): gic_keytab.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 gic_opt.so gic_opt.po $(OUTPRE)gic_opt.$(OBJEXT): gic_opt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 gic_pwd.so gic_pwd.po $(OUTPRE)gic_pwd.$(OBJEXT): gic_pwd.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
-in_tkt_ktb.so in_tkt_ktb.po $(OUTPRE)in_tkt_ktb.$(OBJEXT): in_tkt_ktb.c $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
-in_tkt_pwd.so in_tkt_pwd.po $(OUTPRE)in_tkt_pwd.$(OBJEXT): in_tkt_pwd.c $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 in_tkt_sky.so in_tkt_sky.po $(OUTPRE)in_tkt_sky.$(OBJEXT): in_tkt_sky.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 init_ctx.so init_ctx.po $(OUTPRE)init_ctx.$(OBJEXT): init_ctx.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h brand.c $(srcdir)/../krb5_libinit.h
+  brand.c $(srcdir)/../krb5_libinit.h
 init_keyblock.so init_keyblock.po $(OUTPRE)init_keyblock.$(OBJEXT): init_keyblock.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 kdc_rep_dc.so kdc_rep_dc.po $(OUTPRE)kdc_rep_dc.$(OBJEXT): kdc_rep_dc.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 kfree.so kfree.po $(OUTPRE)kfree.$(OBJEXT): kfree.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 mk_cred.so mk_cred.po $(OUTPRE)mk_cred.$(OBJEXT): mk_cred.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+  cleanup.h auth_con.h
 mk_error.so mk_error.po $(OUTPRE)mk_error.$(OBJEXT): mk_error.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): mk_priv.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+  cleanup.h auth_con.h
 mk_rep.so mk_rep.po $(OUTPRE)mk_rep.$(OBJEXT): mk_rep.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h auth_con.h
+  auth_con.h
 mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): mk_req.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h auth_con.h
+  auth_con.h
 mk_req_ext.so mk_req_ext.po $(OUTPRE)mk_req_ext.$(OBJEXT): mk_req_ext.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h auth_con.h
+  auth_con.h
 mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): mk_safe.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+  cleanup.h auth_con.h
 parse.so parse.po $(OUTPRE)parse.$(OBJEXT): parse.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 pr_to_salt.so pr_to_salt.po $(OUTPRE)pr_to_salt.$(OBJEXT): pr_to_salt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 preauth.so preauth.po $(OUTPRE)preauth.$(OBJEXT): preauth.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 preauth2.so preauth2.po $(OUTPRE)preauth2.$(OBJEXT): preauth2.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 princ_comp.so princ_comp.po $(OUTPRE)princ_comp.$(OBJEXT): princ_comp.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 rd_cred.so rd_cred.po $(OUTPRE)rd_cred.$(OBJEXT): rd_cred.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+  cleanup.h auth_con.h
 rd_error.so rd_error.po $(OUTPRE)rd_error.$(OBJEXT): rd_error.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): rd_priv.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+  cleanup.h auth_con.h
 rd_rep.so rd_rep.po $(OUTPRE)rd_rep.$(OBJEXT): rd_rep.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h auth_con.h
+  auth_con.h
 rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): rd_req.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h auth_con.h
+  auth_con.h
 rd_req_dec.so rd_req_dec.po $(OUTPRE)rd_req_dec.$(OBJEXT): rd_req_dec.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h auth_con.h
+  auth_con.h
 rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): rd_safe.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+  cleanup.h auth_con.h
 recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): recvauth.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h auth_con.h
+  auth_con.h
 sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): sendauth.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h auth_con.h
+  auth_con.h
 send_tgs.so send_tgs.po $(OUTPRE)send_tgs.$(OBJEXT): send_tgs.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ser_actx.so ser_actx.po $(OUTPRE)ser_actx.$(OBJEXT): ser_actx.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h auth_con.h
+  int-proto.h auth_con.h
 ser_adata.so ser_adata.po $(OUTPRE)ser_adata.$(OBJEXT): ser_adata.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 ser_addr.so ser_addr.po $(OUTPRE)ser_addr.$(OBJEXT): ser_addr.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 ser_auth.so ser_auth.po $(OUTPRE)ser_auth.$(OBJEXT): ser_auth.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 ser_cksum.so ser_cksum.po $(OUTPRE)ser_cksum.$(OBJEXT): ser_cksum.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 ser_ctx.so ser_ctx.po $(OUTPRE)ser_ctx.$(OBJEXT): ser_ctx.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ser_eblk.so ser_eblk.po $(OUTPRE)ser_eblk.$(OBJEXT): ser_eblk.c
 ser_key.so ser_key.po $(OUTPRE)ser_key.$(OBJEXT): ser_key.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 ser_princ.so ser_princ.po $(OUTPRE)ser_princ.$(OBJEXT): ser_princ.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 serialize.so serialize.po $(OUTPRE)serialize.$(OBJEXT): serialize.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 set_realm.so set_realm.po $(OUTPRE)set_realm.$(OBJEXT): set_realm.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 srv_rcache.so srv_rcache.po $(OUTPRE)srv_rcache.$(OBJEXT): srv_rcache.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): str_conv.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 tgtname.so tgtname.po $(OUTPRE)tgtname.$(OBJEXT): tgtname.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 unparse.so unparse.po $(OUTPRE)unparse.$(OBJEXT): unparse.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
+v4lifetime.so v4lifetime.po $(OUTPRE)v4lifetime.$(OBJEXT): v4lifetime.c $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 valid_times.so valid_times.po $(OUTPRE)valid_times.$(OBJEXT): valid_times.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 vfy_increds.so vfy_increds.po $(OUTPRE)vfy_increds.$(OBJEXT): vfy_increds.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 vic_opt.so vic_opt.po $(OUTPRE)vic_opt.$(OBJEXT): vic_opt.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 walk_rtree.so walk_rtree.po $(OUTPRE)walk_rtree.$(OBJEXT): walk_rtree.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h int-proto.h
+  int-proto.h
 t_walk_rtree.so t_walk_rtree.po $(OUTPRE)t_walk_rtree.$(OBJEXT): t_walk_rtree.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 t_kerb.so t_kerb.po $(OUTPRE)t_kerb.$(OBJEXT): t_kerb.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
   $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
   $(BUILDTOP)/include/profile.h
 t_ser.so t_ser.po $(OUTPRE)t_ser.$(OBJEXT): t_ser.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h auth_con.h
+  auth_con.h
 t_deltat.so t_deltat.po $(OUTPRE)t_deltat.$(OBJEXT): t_deltat.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 t_expand.so t_expand.po $(OUTPRE)t_expand.$(OBJEXT): t_expand.c chk_trans.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h
 
index 09ccf9808efc524bcc50a78db26f89083002d8eb..cd3acf176c09d2900d314ebca3993a94b08f581c 100644 (file)
@@ -1,6 +1,8 @@
 #include "k5-int.h"
 #include "auth_con.h"
 
+static krb5_boolean chk_heimdal_seqnum(krb5_ui_4, krb5_ui_4);
+
 static krb5_error_code
 actx_copy_addr(krb5_context context, const krb5_address *inad, krb5_address **outad)
 {
@@ -59,10 +61,10 @@ krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context)
        krb5_free_authenticator(context, auth_context->authentp);
     if (auth_context->keyblock) 
        krb5_free_keyblock(context, auth_context->keyblock);
-    if (auth_context->local_subkey) 
-       krb5_free_keyblock(context, auth_context->local_subkey);
-    if (auth_context->remote_subkey) 
-       krb5_free_keyblock(context, auth_context->remote_subkey);
+    if (auth_context->send_subkey) 
+       krb5_free_keyblock(context, auth_context->send_subkey);
+    if (auth_context->recv_subkey) 
+       krb5_free_keyblock(context, auth_context->recv_subkey);
     if (auth_context->rcache)
        krb5_rc_close(context, auth_context->rcache);
     if (auth_context->permitted_etypes)
@@ -176,17 +178,53 @@ krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_
 krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
 {
-    if (auth_context->local_subkey)
-       return krb5_copy_keyblock(context,auth_context->local_subkey,keyblock);
+    return krb5_auth_con_getsendsubkey(context, auth_context, keyblock);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
+{
+    return krb5_auth_con_getrecvsubkey(context, auth_context, keyblock);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)
+{
+    if (ac->send_subkey != NULL)
+       krb5_free_keyblock(ctx, ac->send_subkey);
+    ac->send_subkey = NULL;
+    if (keyblock !=NULL)
+       return krb5_copy_keyblock(ctx, keyblock, &ac->send_subkey);
+    else
+       return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)
+{
+    if (ac->recv_subkey != NULL)
+       krb5_free_keyblock(ctx, ac->recv_subkey);
+    ac->recv_subkey = NULL;
+    if (keyblock != NULL)
+       return krb5_copy_keyblock(ctx, keyblock, &ac->recv_subkey);
+    else
+       return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
+{
+    if (ac->send_subkey != NULL)
+       return krb5_copy_keyblock(ctx, ac->send_subkey, keyblock);
     *keyblock = NULL;
     return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
+krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
 {
-    if (auth_context->remote_subkey)
-       return krb5_copy_keyblock(context,auth_context->remote_subkey,keyblock);
+    if (ac->recv_subkey != NULL)
+       return krb5_copy_keyblock(ctx, ac->recv_subkey, keyblock);
     *keyblock = NULL;
     return 0;
 }
@@ -359,3 +397,167 @@ krb5_auth_con_get_checksum_func( krb5_context context,
   *data = auth_context->checksum_func_data;
   return 0;
 }
+
+/*
+ * krb5int_auth_con_chkseqnum
+ *
+ * We use a somewhat complex heuristic for validating received
+ * sequence numbers.  We must accommodate both our older
+ * implementation, which sends negative sequence numbers, and the
+ * broken Heimdal implementation (at least as of 0.5.2), which
+ * violates X.690 BER for integer encodings.  The requirement of
+ * handling negative sequence numbers removes one of easier means of
+ * detecting a Heimdal implementation, so we resort to this mess
+ * here.
+ *
+ * X.690 BER (and consequently DER, which are the required encoding
+ * rules in RFC1510) encode all integer types as signed integers.
+ * This means that the MSB being set on the first octet of the
+ * contents of the encoding indicates a negative value.  Heimdal does
+ * not prepend the required zero octet to unsigned integer encodings
+ * which would otherwise have the MSB of the first octet of their
+ * encodings set.
+ *
+ * Our ASN.1 library implements a special decoder for sequence
+ * numbers, accepting both negative and positive 32-bit numbers but
+ * mapping them both into the space of positive unsigned 32-bit
+ * numbers in the obvious bit-pattern-preserving way.  This maintains
+ * compatibility with our older implementations.  This also means that
+ * encodings emitted by Heimdal are ambiguous.
+ *
+ * Heimdal counter value       received uint32 value
+ *
+ * 0x00000080                  0xFFFFFF80
+ * 0x000000FF                  0xFFFFFFFF
+ * 0x00008000                  0xFFFF8000
+ * 0x0000FFFF                  0xFFFFFFFF
+ * 0x00800000                  0xFF800000
+ * 0x00FFFFFF                  0xFFFFFFFF
+ * 0xFF800000                  0xFF800000
+ * 0xFFFFFFFF                  0xFFFFFFFF
+ *
+ * We use two auth_context flags, SANE_SEQ and HEIMDAL_SEQ, which are
+ * only set after we can unambiguously determine the sanity of the
+ * sending implementation.  Once one of these flags is set, we accept
+ * only the sequence numbers appropriate to the remote implementation
+ * type.  We can make the determination in two different ways.  The
+ * first is to note the receipt of a "negative" sequence number when a
+ * "positive" one was expected.  The second is to note the receipt of
+ * a sequence number that wraps through "zero" in a weird way.  The
+ * latter corresponds to the receipt of an initial sequence number in
+ * the ambiguous range.
+ *
+ * There are 2^7 + 2^15 + 2^23 + 2^23 = 16810112 total ambiguous
+ * initial Heimdal counter values, but we receive them as one of 2^23
+ * possible values.  There is a ~1/256 chance of a Heimdal
+ * implementation sending an intial sequence number in the ambiguous
+ * range.
+ *
+ * We have to do special treatment when receiving sequence numbers
+ * between 0xFF800000..0xFFFFFFFF, or when wrapping through zero
+ * weirdly (due to ambiguous initial sequence number).  If we are
+ * expecting a value corresponding to an ambiguous Heimdal counter
+ * value, and we receive an exact match, we can mark the remote end as
+ * sane.
+ */
+krb5_boolean
+krb5int_auth_con_chkseqnum(
+    krb5_context ctx,
+    krb5_auth_context ac,
+    krb5_ui_4 in_seq)
+{
+    krb5_ui_4 exp_seq;
+
+    exp_seq = ac->remote_seq_number;
+
+    /*
+     * If sender is known to be sane, accept _only_ exact matches.
+     */
+    if (ac->auth_context_flags & KRB5_AUTH_CONN_SANE_SEQ)
+       return in_seq == exp_seq;
+
+    /*
+     * If sender is not known to be sane, first check the ambiguous
+     * range of received values, 0xFF800000..0xFFFFFFFF.
+     */
+    if ((in_seq & 0xFF800000) == 0xFF800000) {
+       /*
+        * If expected sequence number is in the range
+        * 0xFF800000..0xFFFFFFFF, then we can't make any
+        * determinations about the sanity of the sending
+        * implementation.
+        */
+       if ((exp_seq & 0xFF800000) == 0xFF800000 && in_seq == exp_seq)
+           return 1;
+       /*
+        * If sender is not known for certain to be a broken Heimdal
+        * implementation, check for exact match.
+        */
+       if (!(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)
+           && in_seq == exp_seq)
+           return 1;
+       /*
+        * Now apply hairy algorithm for matching sequence numbers
+        * sent by broken Heimdal implementations.  If it matches, we
+        * know for certain it's a broken Heimdal sender.
+        */
+       if (chk_heimdal_seqnum(exp_seq, in_seq)) {
+           ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ;
+           return 1;
+       }
+       return 0;
+    }
+
+    /*
+     * Received value not in the ambiguous range?  If the _expected_
+     * value is in the range of ambiguous Hemidal counter values, and
+     * it matches the received value, sender is known to be sane.
+     */
+    if (in_seq == exp_seq) {
+       if ((   exp_seq & 0xFFFFFF80) == 0x00000080
+           || (exp_seq & 0xFFFF8000) == 0x00008000
+           || (exp_seq & 0xFF800000) == 0x00800000)
+           ac->auth_context_flags |= KRB5_AUTH_CONN_SANE_SEQ;
+       return 1;
+    }
+
+    /*
+     * Magic wraparound for the case where the intial sequence number
+     * is in the ambiguous range.  This means that the sender's
+     * counter is at a different count than ours, so we correct ours,
+     * and mark the sender as being a broken Heimdal implementation.
+     */
+    if (exp_seq == 0
+       && !(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)) {
+       switch (in_seq) {
+       case 0x100:
+       case 0x10000:
+       case 0x1000000:
+           ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ;
+           exp_seq = in_seq;
+           return 1;
+       default:
+           return 0;
+       }
+    }
+    return 0;
+}
+
+static krb5_boolean
+chk_heimdal_seqnum(krb5_ui_4 exp_seq, krb5_ui_4 in_seq)
+{
+    if (( exp_seq & 0xFF800000) == 0x00800000
+       && (in_seq & 0xFF800000) == 0xFF800000
+       && (in_seq & 0x00FFFFFF) == exp_seq)
+       return 1;
+    else if ((  exp_seq & 0xFFFF8000) == 0x00008000
+            && (in_seq & 0xFFFF8000) == 0xFFFF8000
+            && (in_seq & 0x0000FFFF) == exp_seq)
+       return 1;
+    else if ((  exp_seq & 0xFFFFFF80) == 0x00000080
+            && (in_seq & 0xFFFFFF80) == 0xFFFFFF80
+            && (in_seq & 0x000000FF) == exp_seq)
+       return 1;
+    else
+       return 0;
+}
index d83d6b86e87912b6cc4ff08c10232b6bf258704e..9543de355e35dedc601930e99aaf5e5361e15674 100644 (file)
@@ -9,12 +9,12 @@ struct _krb5_auth_context {
     krb5_address      *        local_addr;
     krb5_address      *        local_port;
     krb5_keyblock     * keyblock;
-    krb5_keyblock     * local_subkey;
-    krb5_keyblock     * remote_subkey;
+    krb5_keyblock     * send_subkey;
+    krb5_keyblock     * recv_subkey;
 
     krb5_int32         auth_context_flags;
-    krb5_int32         remote_seq_number;
-    krb5_int32         local_seq_number;
+    krb5_ui_4          remote_seq_number;
+    krb5_ui_4          local_seq_number;
     krb5_authenticator *authentp;              /* mk_req, rd_req, mk_rep, ...*/
     krb5_cksumtype     req_cksumtype;          /* mk_safe, ... */
     krb5_cksumtype     safe_cksumtype;         /* mk_safe, ... */
@@ -30,5 +30,7 @@ struct _krb5_auth_context {
 #define KRB5_AUTH_CONN_INITIALIZED     0x00010000
 #define KRB5_AUTH_CONN_USED_W_MK_REQ   0x00020000
 #define KRB5_AUTH_CONN_USED_W_RD_REQ   0x00040000
+#define KRB5_AUTH_CONN_SANE_SEQ                0x00080000
+#define KRB5_AUTH_CONN_HEIMDAL_SEQ     0x00100000
 
 #endif
index bb2cfe9c7dc1ad1fc1e1aa6439c832815ea94eeb..a455cc40b8c0c87cddfbf630f3fb4862f8c75453 100644 (file)
@@ -1,11 +1,15 @@
+/*
+** set password functions added by Paul W. Nelson, Thursby Software Systems, Inc.
+*/
 #include <string.h>
 
 #include "k5-int.h"
 #include "krb5_err.h"
 #include "auth_con.h"
 
-krb5_error_code KRB5_CALLCONV
-krb5_mk_chpw_req(krb5_context context, krb5_auth_context auth_context, krb5_data *ap_req, char *passwd, krb5_data *packet)
+
+krb5_error_code 
+krb5int_mk_chpw_req(krb5_context context, krb5_auth_context auth_context, krb5_data *ap_req, char *passwd, krb5_data *packet)
 {
     krb5_error_code ret = 0;
     krb5_data clearpw;
@@ -66,8 +70,8 @@ cleanup:
     return(ret);
 }
 
-krb5_error_code KRB5_CALLCONV
-krb5_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *packet, int *result_code, krb5_data *result_data)
+krb5_error_code 
+krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *packet, int *result_code, krb5_data *result_data)
 {
     char *ptr;
     int plen, vno;
@@ -116,8 +120,18 @@ krb5_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data
        ap_rep.data = ptr;
        ptr += ap_rep.length;
 
-       if ((ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc)))
+       /*
+        * Save send_subkey to later smash recv_subkey.
+        */
+       ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmp);
+       if (ret)
+           return ret;
+
+       ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc);
+       if (ret) {
+           krb5_free_keyblock(context, tmp);
            return(ret);
+       }
 
        krb5_free_ap_rep_enc_part(context, ap_rep_enc);
 
@@ -126,18 +140,17 @@ krb5_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data
        cipherresult.data = ptr;
        cipherresult.length = (packet->data + packet->length) - ptr;
 
-       /* XXX there's no api to do this right. The problem is that
-          if there's a remote subkey, it will be used.  This is
-          not what the spec requires */
-
-       tmp = auth_context->remote_subkey;
-       auth_context->remote_subkey = NULL;
+       /*
+        * Smash recv_subkey to be send_subkey, per spec.
+        */
+       ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmp);
+       krb5_free_keyblock(context, tmp);
+       if (ret)
+           return ret;
 
        ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
                           &replay);
 
-       auth_context->remote_subkey = tmp;
-
        if (ret)
            return(ret);
     } else {
@@ -161,7 +174,7 @@ krb5_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data
     *result_code = (*result_code<<8) | (*ptr++ & 0xff);
 
     if ((*result_code < KRB5_KPASSWD_SUCCESS) ||
-       (*result_code > KRB5_KPASSWD_SOFTERROR)) {
+       (*result_code > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)) {
        ret = KRB5KRB_AP_ERR_MODIFIED;
        goto cleanup;
     }
@@ -221,3 +234,284 @@ krb5_chpw_result_code_string(krb5_context context, int result_code, char **code_
 
    return(0);
 }
+
+krb5_error_code 
+krb5int_mk_setpw_req(
+     krb5_context context,
+     krb5_auth_context auth_context,
+     krb5_data *ap_req,
+     krb5_principal targprinc,
+     char *passwd,
+     krb5_data *packet )
+{
+    krb5_error_code ret;
+    krb5_data  cipherpw;
+    krb5_data  *encoded_setpw;
+
+    char *ptr;
+     int count = 2;
+
+     cipherpw.data = NULL;
+     cipherpw.length = 0;
+     
+    if (ret = krb5_auth_con_setflags(context, auth_context,
+                                    KRB5_AUTH_CONTEXT_DO_SEQUENCE))
+               return(ret);
+
+    ret = encode_krb5_setpw_req(targprinc, passwd, &encoded_setpw);
+    if (ret) {
+       return ret;
+    }
+
+    if ( (ret = krb5_mk_priv(context, auth_context, encoded_setpw, &cipherpw, NULL)) != 0) {
+       krb5_free_data( context, encoded_setpw);
+       return(ret);
+    }
+    krb5_free_data( context, encoded_setpw);
+    
+
+    packet->length = 6 + ap_req->length + cipherpw.length;
+    packet->data = (char *) malloc(packet->length);
+    if (packet->data  == NULL) {
+       ret = ENOMEM;
+       goto cleanup;
+    }
+    ptr = packet->data;
+/*
+** build the packet -
+*/
+/* put in the length */
+    *ptr++ = (packet->length>>8) & 0xff;
+    *ptr++ = packet->length & 0xff;
+/* put in the version */
+    *ptr++ = (char)0xff;
+    *ptr++ = (char)0x80;
+/* the ap_req length is big endian */
+    *ptr++ = (ap_req->length>>8) & 0xff;
+    *ptr++ = ap_req->length & 0xff;
+/* put in the request data */
+    memcpy(ptr, ap_req->data, ap_req->length);
+    ptr += ap_req->length;
+/*
+** put in the "private" password data -
+*/
+    memcpy(ptr, cipherpw.data, cipherpw.length);
+    ret = 0;
+ cleanup:
+    if (cipherpw.data)
+       krb5_free_data_contents(context, &cipherpw);
+    if ((ret != 0) && packet->data) {
+       free( packet->data);
+       packet->data = NULL;
+    }
+    return ret;
+}
+
+krb5_error_code 
+krb5int_rd_setpw_rep( krb5_context context, krb5_auth_context auth_context, krb5_data *packet,
+     int *result_code, krb5_data *result_data )
+{
+    char *ptr;
+    unsigned int message_length, version_number;
+    krb5_data ap_rep;
+    krb5_ap_rep_enc_part *ap_rep_enc;
+    krb5_error_code ret;
+    krb5_data cipherresult;
+    krb5_data clearresult;
+    krb5_replay_data replay;
+    krb5_keyblock *tmpkey;
+/*
+** validate the packet length -
+*/
+    if (packet->length < 4)
+       return(KRB5KRB_AP_ERR_MODIFIED);
+
+    ptr = packet->data;
+
+/*
+** see if it is an error
+*/
+    if (krb5_is_krb_error(packet)) {
+       krb5_error *krberror;
+       if (ret = krb5_rd_error(context, packet, &krberror))
+           return(ret);
+       if (krberror->e_data.data  == NULL) {
+           ret = ERROR_TABLE_BASE_krb5 + krberror->error;
+           krb5_free_error(context, krberror);
+           return (ret);
+       }
+       clearresult = krberror->e_data;
+       krberror->e_data.data  = NULL; /*So we can free it later*/
+       krberror->e_data.length = 0;
+       krb5_free_error(context, krberror);
+               
+    } else { /* Not an error*/
+
+/*
+** validate the message length -
+** length is big endian 
+*/
+       message_length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+       ptr += 2;
+/*
+** make sure the message length and packet length agree -
+*/
+       if (message_length != packet->length)
+           return(KRB5KRB_AP_ERR_MODIFIED);
+/*
+** get the version number -
+*/
+       version_number = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+       ptr += 2;
+/*
+** make sure we support the version returned -
+*/
+/*
+** set password version is 0xff80, change password version is 1
+*/
+       if (version_number != 0xff80 && version_number != 1)
+           return(KRB5KDC_ERR_BAD_PVNO);
+/*
+** now fill in ap_rep with the reply -
+*/
+/*
+** get the reply length -
+*/
+       ap_rep.length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+       ptr += 2;
+/*
+** validate ap_rep length agrees with the packet length -
+*/
+       if (ptr + ap_rep.length >= packet->data + packet->length)
+           return(KRB5KRB_AP_ERR_MODIFIED);
+/*
+** if data was returned, set the ap_rep ptr -
+*/
+       if( ap_rep.length ) {
+           ap_rep.data = ptr;
+           ptr += ap_rep.length;
+
+           /*
+            * Save send_subkey to later smash recv_subkey.
+            */
+           ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmpkey);
+           if (ret)
+               return ret;
+
+           ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc);
+           if (ret) {
+               krb5_free_keyblock(context, tmpkey);
+               return(ret);
+           }
+
+           krb5_free_ap_rep_enc_part(context, ap_rep_enc);
+/*
+** now decrypt the result -
+*/
+           cipherresult.data = ptr;
+           cipherresult.length = (packet->data + packet->length) - ptr;
+
+           /*
+            * Smash recv_subkey to be send_subkey, per spec.
+            */
+           ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmpkey);
+           krb5_free_keyblock(context, tmpkey);
+           if (ret)
+               return ret;
+
+           ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
+                              NULL);
+           if (ret)
+               return(ret);
+       } /*We got an ap_rep*/
+       else
+           return (KRB5KRB_AP_ERR_MODIFIED);
+    } /*Response instead of error*/
+
+/*
+** validate the cleartext length 
+*/
+    if (clearresult.length < 2) {
+       ret = KRB5KRB_AP_ERR_MODIFIED;
+       goto cleanup;
+    }
+/*
+** now decode the result -
+*/
+    ptr = clearresult.data;
+
+    *result_code = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+    ptr += 2;
+
+/*
+** result code 5 is access denied
+*/
+    if ((*result_code < KRB5_KPASSWD_SUCCESS) || (*result_code > 5))
+    {
+       ret = KRB5KRB_AP_ERR_MODIFIED;
+       goto cleanup;
+    }
+/*
+** all success replies should be authenticated/encrypted
+*/
+    if( (ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS) )
+    {
+       ret = KRB5KRB_AP_ERR_MODIFIED;
+       goto cleanup;
+    }
+
+    if (result_data) {
+       result_data->length = (clearresult.data + clearresult.length) - ptr;
+
+       if (result_data->length)
+       {
+           result_data->data = (char *) malloc(result_data->length);
+           if (result_data->data)
+               memcpy(result_data->data, ptr, result_data->length);
+       }
+       else
+           result_data->data = NULL;
+    }
+    ret = 0;
+
+ cleanup:
+    krb5_free_data_contents(context, &clearresult);
+    return(ret);
+}
+
+krb5_error_code 
+krb5int_setpw_result_code_string( krb5_context context, int result_code, const char **code_string )
+{
+   switch (result_code)
+   {
+   case KRB5_KPASSWD_MALFORMED:
+      *code_string = "Malformed request error";
+      break;
+   case KRB5_KPASSWD_HARDERROR:
+      *code_string = "Server error";
+      break;
+   case KRB5_KPASSWD_AUTHERROR:
+      *code_string = "Authentication error";
+      break;
+   case KRB5_KPASSWD_SOFTERROR:
+      *code_string = "Password change rejected";
+      break;
+   case 5: /* access denied */
+      *code_string = "Access denied";
+      break;
+   case 6:     /* bad version */
+      *code_string = "Wrong protocol version";
+      break;
+   case 7: /* initial flag is needed */
+      *code_string = "Initial password required";
+      break;
+   case 0:
+         *code_string = "Success";
+   default:
+      *code_string = "Password change failed";
+      break;
+   }
+
+   return(0);
+}
+
diff --git a/src/lib/krb5/krb/conv_creds.c b/src/lib/krb5/krb/conv_creds.c
new file mode 100644 (file)
index 0000000..3a4e66d
--- /dev/null
@@ -0,0 +1,277 @@
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "k5-int.h"
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "port-sockets.h"
+#include "socket-utils.h"
+
+#if defined(KRB5_KRB4_COMPAT) || defined(_WIN32) /* yuck */
+#include "kerberosIV/krb.h"
+
+#ifdef USE_CCAPI
+#include <CredentialsCache.h>
+#endif
+
+#define krb524_debug krb5int_krb524_debug
+int krb524_debug = 0;
+
+static krb5_error_code krb524_convert_creds_plain
+(krb5_context context, krb5_creds *v5creds, 
+                  CREDENTIALS *v4creds);
+
+static int decode_v4tkt
+       (struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
+
+krb5_error_code KRB5_CALLCONV
+krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
+                      CREDENTIALS *v4creds)
+{
+     krb5_error_code ret;
+     krb5_data reply;
+     char *p;
+     struct sockaddr_storage ss;
+     socklen_t slen = sizeof(ss);
+
+     ret = krb524_convert_creds_plain(context, v5creds, v4creds);
+     if (ret)
+        return ret;
+
+     reply.data = NULL;
+     ret = krb5int_524_sendto_kdc(context, &v5creds->ticket,
+                                 &v5creds->server->realm, &reply,
+                                 ss2sa(&ss), &slen);
+     if (ret)
+        return ret;
+
+#if TARGET_OS_MAC
+#ifdef USE_CCAPI
+     v4creds->stk_type = cc_v4_stk_des;
+#endif
+     if (slen == sizeof(struct sockaddr_in)
+        && ss2sa(&ss)->sa_family == AF_INET) {
+        v4creds->address = ss2sin(&ss)->sin_addr.s_addr;
+     }
+     /* Otherwise, leave it set to all-zero.  */
+#endif
+
+     p = reply.data;
+     ret = ntohl(*((krb5_error_code *) p));
+     p += sizeof(krb5_int32);
+     reply.length -= sizeof(krb5_int32);
+     if (ret)
+        goto fail;
+
+     v4creds->kvno = ntohl(*((krb5_error_code *) p));
+     p += sizeof(krb5_int32);
+     reply.length -= sizeof(krb5_int32);
+     ret = decode_v4tkt(&v4creds->ticket_st, p, &reply.length);
+
+fail:
+     if (reply.data) 
+        free(reply.data);
+     reply.data = NULL;
+     return ret;
+}
+
+static krb5_error_code
+krb524_convert_creds_plain(context, v5creds, v4creds)
+     krb5_context context;
+     krb5_creds *v5creds;
+     CREDENTIALS *v4creds;
+{
+     int ret;
+     krb5_timestamp endtime;
+     char dummy[REALM_SZ];
+     memset((char *) v4creds, 0, sizeof(CREDENTIALS));
+
+     if ((ret = krb5_524_conv_principal(context, v5creds->client,
+                                       v4creds->pname, v4creds->pinst,
+                                       dummy)))
+        return ret;
+     if ((ret = krb5_524_conv_principal(context, v5creds->server,
+                                       v4creds->service, v4creds->instance,
+                                       v4creds->realm)))
+        return ret;
+
+     /* Check enctype too */
+     if (v5creds->keyblock.length != sizeof(C_Block)) {
+         if (krb524_debug)
+              fprintf(stderr, "v5 session keyblock length %d != C_Block size %d\n",
+                      v5creds->keyblock.length,
+                      (int) sizeof(C_Block));
+         return KRB524_BADKEY;
+     } else
+         memcpy(v4creds->session, (char *) v5creds->keyblock.contents,
+                sizeof(C_Block));
+
+     /* V4 has no concept of authtime or renew_till, so ignore them */
+     v4creds->issue_date = v5creds->times.starttime;
+     v4creds->lifetime = krb5int_krb_time_to_life(v5creds->times.starttime,
+                                                 v5creds->times.endtime);
+     endtime = krb5int_krb_life_to_time(v4creds->issue_date,
+                                       v4creds->lifetime);
+     /*
+      * Adjust start time backwards to deal with rounding up in
+      * krb_time_to_life(), to match code on server side.
+      */
+     if (endtime > v5creds->times.endtime)
+        v4creds->issue_date -= endtime - v5creds->times.endtime;
+
+     return 0;
+}
+
+/* this used to be krb524/encode.c, under same copyright as above */
+/*
+ * I'm sure that this is reinventing the wheel, but I don't know where
+ * the wheel is hidden.
+ */
+
+int  encode_v4tkt (KTEXT_ST *, char *, unsigned int *);
+static int encode_bytes (char **, int *, char *, unsigned int),
+    encode_int32 (char **, int *, krb5_int32 *);
+
+static int decode_bytes (char **, int *, char *, unsigned int),
+    decode_int32 (char **, int *, krb5_int32 *);
+
+static int encode_bytes(out, outlen, in, len)
+     char **out;
+     int *outlen;
+     char *in;
+     unsigned int len;
+{
+     if (len > *outlen)
+         return KRB524_ENCFULL;
+     memcpy(*out, in, len);
+     *out += len;
+     *outlen -= len;
+     return 0;
+}
+
+static int encode_int32(out, outlen, v)
+     char **out;
+     int *outlen;
+     krb5_int32 *v;
+{
+     krb5_int32 nv; /* Must be 4 bytes */
+
+     nv = htonl(*v);
+     return encode_bytes(out, outlen, (char *) &nv, sizeof(nv));
+}
+
+int krb5int_encode_v4tkt(v4tkt, buf, encoded_len)
+     KTEXT_ST *v4tkt;
+     char *buf;
+     unsigned int *encoded_len;
+{
+     int buflen, ret;
+
+     buflen = *encoded_len;
+
+     if ((ret = encode_int32(&buf, &buflen, &v4tkt->length)))
+         return ret;
+     if ((ret = encode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
+         return ret;
+     if ((ret = encode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz)))
+         return ret;
+
+     *encoded_len -= buflen;
+     return 0;
+}
+
+/* decode functions */
+
+static int decode_bytes(out, outlen, in, len)
+     char **out;
+     int *outlen;
+     char *in; 
+     unsigned int len;
+{
+     if (len > *outlen)
+         return KRB524_DECEMPTY;
+     memcpy(in, *out, len);
+     *out += len;
+     *outlen -= len;
+     return 0;
+}
+
+static int decode_int32(out, outlen, v)
+     char **out;
+     int *outlen;
+     krb5_int32 *v;
+{
+     int ret;
+     krb5_int32 nv; /* Must be four bytes */
+
+     if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv))))
+         return ret;
+     *v = ntohl(nv);
+     return 0;
+}
+
+static int decode_v4tkt(v4tkt, buf, encoded_len)
+     KTEXT_ST *v4tkt;
+     char *buf;
+     unsigned int *encoded_len;
+{
+     int buflen, ret;
+
+     buflen = *encoded_len;
+     if ((ret = decode_int32(&buf, &buflen, &v4tkt->length)))
+         return ret;
+     if ((ret = decode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
+         return ret;
+     if ((ret = decode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz)))
+         return ret;
+     *encoded_len -= buflen;
+     return 0;
+}
+
+#else /* no krb4 compat */
+
+krb5_error_code KRB5_CALLCONV
+krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
+                      struct credentials *v4creds)
+{
+    return KRB524_KRB4_DISABLED;
+}
+
+#endif
+
+/* These may be needed for object-level backwards compatibility on Mac
+   OS and UNIX, but Windows should be okay.  */
+#ifndef _WIN32
+#undef krb524_convert_creds_kdc
+krb5_error_code KRB5_CALLCONV
+krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds,
+                        struct credentials *v4creds)
+{
+    return krb5_524_convert_creds(context, v5creds, v4creds);
+}
+
+#undef krb524_init_ets
+void KRB5_CALLCONV krb524_init_ets ()
+{
+}
+#endif
index 2899c5a88ba2cc1e28aac95e60a4f3d2a200ed26..1be2a2da59384758a5d6ef32740d186f943f3f53 100644 (file)
@@ -58,3 +58,25 @@ krb5_copy_data(krb5_context context, const krb5_data *indata, krb5_data **outdat
     *outdata = tempdata;
     return 0;
 }
+
+krb5_error_code 
+krb5int_copy_data_contents(krb5_context context, const krb5_data *indata, krb5_data *outdata)
+{
+    if (!indata) {
+       return EINVAL;
+    }
+    
+
+    outdata->length = indata->length;
+    if (outdata->length) {
+       if (!(outdata->data = malloc(outdata->length))) {
+           krb5_xfree(outdata);
+           return ENOMEM;
+       }
+       memcpy((char *)outdata->data, (char *)indata->data, outdata->length);
+    } else
+       outdata->data = 0;
+    outdata->magic = KV5M_DATA;
+
+    return 0;
+}
index aa42f8cc16139f17b2e6105e44f765cc172a92f1..4e2c8f04b8232140e36484237784598c19a8e81f 100644 (file)
@@ -56,6 +56,7 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *r
     int free_rhost = 0;
     krb5_enctype enctype = 0;
     krb5_keyblock *session_key;
+    krb5_boolean old_use_conf_ktypes = context->use_conf_ktypes;
 
     memset((char *)&creds, 0, sizeof(creds));
     memset((char *)&tgt, 0, sizeof(creds));
@@ -109,8 +110,10 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *r
        goto errout;
        
     /* fetch tgt directly from cache */
+    context->use_conf_ktypes = 1;
     retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES,
                                    &creds, &tgt);
+    context->use_conf_ktypes = old_use_conf_ktypes;
     if (retval)
        goto errout;
 
@@ -161,9 +164,15 @@ retval = KRB5_FWD_BAD_PRINCIPAL;
       kdcoptions &= ~(KDC_OPT_FORWARDABLE);
 
     if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
-                                       addrs, &creds, &pcreds)))
-        goto errout;
-
+                                       addrs, &creds, &pcreds))) {
+       if (enctype) {
+           creds.keyblock.enctype = 0;
+           if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
+                                               addrs, &creds, &pcreds))) 
+               goto errout;
+       }
+       else goto errout;
+    }
     retval = krb5_mk_1cred(context, auth_context, pcreds,
                            &scratch, &replaydata);
     krb5_free_creds(context, pcreds);
index fdf00e6b1108b7b94dbc8cde755264e65f86301e..8ca62cce634ed8fcaf2cd038691adddd995a2c98 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994 by the Massachusetts Institute of Technology.
+ * Copyright (c) 1994,2003 by the Massachusetts Institute of Technology.
  * Copyright (c) 1994 CyberSAFE Corporation
  * Copyright (c) 1993 Open Computing Security Group
  * Copyright (c) 1990,1991 by the Massachusetts Institute of Technology.
@@ -76,6 +76,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
   krb5_principal  *top_server = NULL;
   krb5_principal  *next_server = NULL;
   unsigned int    nservers = 0;
+  krb5_boolean   old_use_conf_ktypes = context->use_conf_ktypes;
 
   /* in case we never get a TGT, zero the return */
 
@@ -114,6 +115,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
       goto cleanup;
   }
 
+    context->use_conf_ktypes = 1;
   if ((retval = krb5_cc_retrieve_cred(context, ccache,
                                      KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
                                      &tgtq, &tgt))) {
@@ -231,21 +233,17 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
     
        krb5_free_cred_contents(context, &tgtq);
        memset(&tgtq, 0, sizeof(tgtq));
-#ifdef HAVE_C_STRUCTURE_ASSIGNMENT
        tgtq.times        = tgt.times;
-#else
-       memcpy(&tgtq.times, &tgt.times, sizeof(krb5_ticket_times));
-#endif
-
        if ((retval = krb5_copy_principal(context, tgt.client, &tgtq.client)))
            goto cleanup;
        if ((retval = krb5_copy_principal(context, int_server, &tgtq.server)))
            goto cleanup;
        tgtq.is_skey      = FALSE;
        tgtq.ticket_flags = tgt.ticket_flags;
-       if ((retval = krb5_get_cred_via_tkt(context, &tgt,
-                                           FLAGS2OPTS(tgtq.ticket_flags),
-                                           tgt.addresses, &tgtq, &tgtr))) {
+       retval = krb5_get_cred_via_tkt(context, &tgt,
+                                      FLAGS2OPTS(tgtq.ticket_flags),
+                                      tgt.addresses, &tgtq, &tgtr);
+       if (retval) {
              
        /*
        * couldn't get one so now loop backwards through the realms
@@ -301,12 +299,12 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
                  goto cleanup;
              tgtq.is_skey      = FALSE;
              tgtq.ticket_flags = tgt.ticket_flags;
-             if ((retval = krb5_get_cred_via_tkt(context, &tgt,
-                                                 FLAGS2OPTS(tgtq.ticket_flags),
-                                                 tgt.addresses,
-                                                 &tgtq, &tgtr))) {
+             retval = krb5_get_cred_via_tkt(context, &tgt,
+                                            FLAGS2OPTS(tgtq.ticket_flags),
+                                            tgt.addresses,
+                                            &tgtq, &tgtr);
+             if (retval)
                  continue;
-             }
              
              /* save tgt in return array */
              if ((retval = krb5_copy_creds(context, tgtr,
@@ -341,7 +339,9 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
        for (next_server = top_server; *next_server; next_server++) {
             krb5_data *realm_1 = krb5_princ_component(context, next_server[0], 1);
             krb5_data *realm_2 = krb5_princ_component(context, tgtr->server, 1);
-            if (realm_1->length == realm_2->length &&
+           if (realm_1 != NULL &&
+               realm_2 != NULL &&
+                realm_1->length == realm_2->length &&
                 !memcmp(realm_1->data, realm_2->data, realm_1->length)) {
                break;
             }
@@ -374,10 +374,12 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
     goto cleanup;
   }
 
-  retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgt.ticket_flags) |
-                                kdcopt | 
-                                       (in_cred->second_ticket.length ? 
-                                        KDC_OPT_ENC_TKT_IN_SKEY : 0),
+  context->use_conf_ktypes = old_use_conf_ktypes;
+  retval = krb5_get_cred_via_tkt(context, &tgt,
+                                FLAGS2OPTS(tgt.ticket_flags) |
+                                kdcopt |
+                                (in_cred->second_ticket.length ?
+                                 KDC_OPT_ENC_TKT_IN_SKEY : 0),
                                 tgt.addresses, in_cred, out_cred);
 
   /* cleanup and return */
@@ -393,6 +395,7 @@ cleanup:
       if (ret_tgts)  free(ret_tgts);
       krb5_free_cred_contents(context, &tgt);
   }
+  context->use_conf_ktypes = old_use_conf_ktypes;
   return(retval);
 }
 
index 196a4374474e53da0ef584fb537a2faf6a1cd0c4..3737640977065530e7b2a1a590008634c9ec7c86 100644 (file)
@@ -36,7 +36,7 @@
 #endif
 
 krb5_error_code
-krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_int32 *seqno)
+krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui_4 *seqno)
 {
     krb5_data seed;
     krb5_error_code retval;
@@ -48,5 +48,20 @@ krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_in
 
     seed.length = sizeof(*seqno);
     seed.data = (char *) seqno;
-    return(krb5_c_random_make_octets(context, &seed));
+    retval = krb5_c_random_make_octets(context, &seed);
+    if (retval)
+       return retval;
+    /*
+     * Work around implementation incompatibilities by not generating
+     * initial sequence numbers greater than 2^30.  Previous MIT
+     * implementations use signed sequence numbers, so initial
+     * sequence numbers 2^31 to 2^32-1 inclusive will be rejected.
+     * Letting the maximum initial sequence number be 2^30-1 allows
+     * for about 2^30 messages to be sent before wrapping into
+     * "negative" numbers.
+     */
+    *seqno &= 0x3fffffff;
+    if (*seqno == 0)
+       *seqno = 1;
+    return 0;
 }
index dc06c535391b2be89e82db9a3993dbdb683e89df..df5ebaf7110b19d9e0448129fcbc829ae7f9314f 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/krb/get_in_tkt.c
  *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991, 2003 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -262,6 +262,7 @@ verify_as_reply(krb5_context                context,
            (request->rtime != 0) &&
            (as_reply->enc_part2->times.renew_till > request->rtime))
        || ((request->kdc_options & KDC_OPT_RENEWABLE_OK) &&
+           !(request->kdc_options & KDC_OPT_RENEWABLE) &&
            (as_reply->enc_part2->flags & KDC_OPT_RENEWABLE) &&
            (request->till != 0) &&
            (as_reply->enc_part2->times.renew_till > request->till))
@@ -409,6 +410,15 @@ make_preauth_list(krb5_context     context,
 }
 
 #define MAX_IN_TKT_LOOPS 16
+static krb5_enctype get_in_tkt_enctypes[] = {
+    ENCTYPE_DES3_CBC_SHA1,
+    ENCTYPE_ARCFOUR_HMAC,
+    ENCTYPE_DES_CBC_MD5,
+    ENCTYPE_DES_CBC_MD4,
+    ENCTYPE_DES_CBC_CRC,
+    0
+};
+
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_in_tkt(krb5_context context,
@@ -460,8 +470,13 @@ krb5_get_in_tkt(krb5_context context,
     request.from = creds->times.starttime;
     request.till = creds->times.endtime;
     request.rtime = creds->times.renew_till;
-    if ((retval = krb5_get_default_in_tkt_ktypes(context, &request.ktype)))
+
+    request.ktype = malloc (sizeof(get_in_tkt_enctypes));
+    if (request.ktype == NULL) {
+       retval = ENOMEM;
        goto cleanup;
+    }
+    memcpy(request.ktype, get_in_tkt_enctypes, sizeof(get_in_tkt_enctypes));
     for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++);
     if (ktypes) {
        int i, req, next = 0;
@@ -734,6 +749,7 @@ krb5_get_init_creds(krb5_context context,
     krb5_deltat renew_life;
     int loopcount;
     krb5_data salt;
+    krb5_data s2kparams;
     krb5_keyblock as_key;
     krb5_error *err_reply;
     krb5_kdc_rep *local_as_reply;
@@ -742,6 +758,8 @@ krb5_get_init_creds(krb5_context context,
 
     /* initialize everything which will be freed at cleanup */
 
+    s2kparams.data = NULL;
+    s2kparams.length = 0;
     request.server = NULL;
     request.ktype = NULL;
     request.addresses = NULL;
@@ -761,7 +779,7 @@ krb5_get_init_creds(krb5_context context,
 
     /* request.padata is filled in later */
 
-    request.kdc_options = 0;
+    request.kdc_options = context->kdc_default_options;
 
     /* forwardable */
 
@@ -854,11 +872,13 @@ krb5_get_init_creds(krb5_context context,
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE))
        request.till += options->tkt_life;
     else
-       request.till += 10*60*60; /* this used to be hardcoded in kinit.c */
+       request.till += 24*60*60; /* this used to be hardcoded in kinit.c */
 
     if (renew_life > 0) {
        request.rtime = request.from;
        request.rtime += renew_life;
+       if (request.rtime >= request.till)
+           request.kdc_options &= ~(KDC_OPT_RENEWABLE_OK);
     } else {
        request.rtime = 0;
     }
@@ -927,7 +947,7 @@ krb5_get_init_creds(krb5_context context,
 
        if ((ret = krb5_do_preauth(context, &request,
                                  padata, &request.padata,
-                                 &salt, &etype, &as_key, prompter,
+                                 &salt, &s2kparams, &etype, &as_key, prompter,
                                   prompter_data, gak_fct, gak_data)))
            goto cleanup;
 
@@ -973,7 +993,7 @@ krb5_get_init_creds(krb5_context context,
 
     if ((ret = krb5_do_preauth(context, &request,
                               local_as_reply->padata, &padata,
-                              &salt, &etype, &as_key, prompter,
+                              &salt, &s2kparams, &etype, &as_key, prompter,
                               prompter_data, gak_fct, gak_data)))
        goto cleanup;
 
@@ -1005,7 +1025,7 @@ krb5_get_init_creds(krb5_context context,
 
        if ((ret = ((*gak_fct)(context, request.client,
                               local_as_reply->enc_part.enctype,
-                              prompter, prompter_data, &salt,
+                              prompter, prompter_data, &salt, &s2kparams,
                               &as_key, gak_data))))
            goto cleanup;
 
@@ -1050,6 +1070,7 @@ cleanup:
     if (salt.data &&
        (!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT))))
        krb5_xfree(salt.data);
+    krb5_free_data_contents(context, &s2kparams);
     if (as_reply)
        *as_reply = local_as_reply;
     else if (local_as_reply)
index a7cb773a097706335f081370e3780563629b2ade..38a88ee140206c024dbd809d6bd3b5ccda6a0c6f 100644 (file)
@@ -1,3 +1,29 @@
+/*
+ * lib/krb5/krb/gic_keytab.c
+ *
+ * Copyright (C) 2002, 2003 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
 #include "k5-int.h"
 
 static krb5_error_code
@@ -8,6 +34,7 @@ krb5_get_as_key_keytab(
     krb5_prompter_fct prompter,
     void *prompter_data,
     krb5_data *salt,
+    krb5_data *params,
     krb5_keyblock *as_key,
     void *gak_data)
 {
@@ -115,3 +142,57 @@ cleanup:
 
    return(ret);
 }
+krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
+                             krb5_address *const *addrs, krb5_enctype *ktypes,
+                             krb5_preauthtype *pre_auth_types,
+                             krb5_keytab arg_keytab, krb5_ccache ccache,
+                             krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+{
+    krb5_error_code retval;
+    krb5_get_init_creds_opt opt;
+    char * server = NULL;
+    krb5_keytab keytab;
+    krb5_principal client_princ, server_princ;
+    
+    krb5int_populate_gic_opt(context, &opt,
+                            options, addrs, ktypes,
+                            pre_auth_types);
+    if (arg_keytab == NULL) {
+       retval = krb5_kt_default(context, &keytab);
+       if (retval)
+           return retval;
+    }
+    else keytab = arg_keytab;
+    
+    retval = krb5_unparse_name( context, creds->server, &server);
+    if (retval)
+       goto cleanup;
+    server_princ = creds->server;
+    client_princ = creds->client;
+    retval = krb5_get_init_creds (context,
+                                 creds, creds->client,  
+                                 krb5_prompter_posix,  NULL,
+                                 0, server, &opt,
+                                 krb5_get_as_key_keytab, (void *)keytab,
+                                 0, ret_as_reply);
+    krb5_free_unparsed_name( context, server);
+    if (retval) {
+       goto cleanup;
+    }
+       if (creds->server)
+           krb5_free_principal( context, creds->server);
+       if (creds->client)
+           krb5_free_principal( context, creds->client);
+       creds->client = client_princ;
+       creds->server = server_princ;
+       
+    /* store it in the ccache! */
+    if (ccache)
+       if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+           goto cleanup;
+ cleanup:    if (arg_keytab == NULL)
+     krb5_kt_close(context, keytab);
+    return retval;
+}
+
index 7b5e0bab307e191cb2a5ac43590ab51e1a2aeee1..af95b972a4302bc513c630d08808fe2f55a55ee6 100644 (file)
@@ -9,6 +9,7 @@ krb5_get_as_key_password(
     krb5_prompter_fct prompter,
     void *prompter_data,
     krb5_data *salt,
+    krb5_data *params,
     krb5_keyblock *as_key,
     void *gak_data)
 {
@@ -42,7 +43,7 @@ krb5_get_as_key_password(
            return(EIO);
 
        if ((ret = krb5_unparse_name(context, client, &clientstr)))
-           return(ret);
+         return(ret);
 
        strcpy(promptstr, "Password for ");
        strncat(promptstr, clientstr, sizeof(promptstr)-strlen(promptstr)-1);
@@ -74,7 +75,8 @@ krb5_get_as_key_password(
        defsalt.length = 0;
     }
 
-    ret = krb5_c_string_to_key(context, etype, password, salt, as_key);
+    ret = krb5_c_string_to_key_with_params(context, etype, password, salt,
+                                          params->data?params:NULL, as_key);
 
     if (defsalt.length)
        krb5_xfree(defsalt.data);
@@ -144,6 +146,10 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ
    if (!use_master) {
       use_master = 1;
 
+      if (as_reply) {
+         krb5_free_kdc_rep( context, as_reply);
+         as_reply = NULL;
+      }
       ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
                                 start_time, in_tkt_service, options,
                                 krb5_get_as_key_password, (void *) &pw0,
@@ -158,7 +164,8 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ
         slave we were able to contact */
 
       if ((ret2 == KRB5_KDC_UNREACH) ||
-                 (ret2 == KRB5_REALM_CANT_RESOLVE))
+         (ret2 == KRB5_REALM_CANT_RESOLVE) ||
+         (ret2 == KRB5_REALM_UNKNOWN))
         goto cleanup;
 
       ret = ret2;
@@ -366,3 +373,109 @@ cleanup:
 
    return(ret);
 }
+void krb5int_populate_gic_opt (
+    krb5_context context, krb5_get_init_creds_opt *opt,
+    krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
+    krb5_preauthtype *pre_auth_types)
+{
+  int i;
+    krb5_get_init_creds_opt_init(opt);
+    if (addrs)
+      krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs);
+    if (ktypes) {
+       for (i=0; ktypes[i]; i++);
+       if (i)
+           krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i);
+    }
+    if (pre_auth_types) {
+       for (i=0; pre_auth_types[i]; i++);
+       if (i)
+           krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i);
+    }
+    if (options&KDC_OPT_FORWARDABLE)
+       krb5_get_init_creds_opt_set_forwardable(opt, 1);
+    else krb5_get_init_creds_opt_set_forwardable(opt, 0);
+    if (options&KDC_OPT_PROXIABLE)
+       krb5_get_init_creds_opt_set_proxiable(opt, 1);
+    else krb5_get_init_creds_opt_set_proxiable(opt, 0);
+    
+
+}
+
+/*
+  Rewrites get_in_tkt in terms of newer get_init_creds API.
+ Attempts to get an initial ticket for creds->client to use server
+ creds->server, (realm is taken from creds->client), with options
+ options, and using creds->times.starttime, creds->times.endtime,
+ creds->times.renew_till as from, till, and rtime.  
+ creds->times.renew_till is ignored unless the RENEWABLE option is requested.
+
+ If addrs is non-NULL, it is used for the addresses requested.  If it is
+ null, the system standard addresses are used.
+
+ If password is non-NULL, it is converted using the cryptosystem entry
+ point for a string conversion routine, seeded with the client's name.
+ If password is passed as NULL, the password is read from the terminal,
+ and then converted into a key.
+
+ A succesful call will place the ticket in the credentials cache ccache.
+
+ returns system errors, encryption errors
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
+                             krb5_address *const *addrs, krb5_enctype *ktypes,
+                             krb5_preauthtype *pre_auth_types,
+                             const char *password, krb5_ccache ccache,
+                             krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+{
+    krb5_error_code retval;
+    krb5_data pw0;
+    char pw0array[1024];
+    krb5_get_init_creds_opt opt;
+    char * server;
+    krb5_principal server_princ, client_princ;
+
+    pw0array[0] = '\0';
+    pw0.data = pw0array;
+    if (password) {
+       pw0.length = strlen(password);
+       if (pw0.length > sizeof(pw0array))
+           return EINVAL;
+       strncpy(pw0.data, password, sizeof(pw0array));
+       if (pw0.length == 0)
+           pw0.length = sizeof(pw0array);
+    } else {
+       pw0.length = sizeof(pw0array);
+    }
+    krb5int_populate_gic_opt(context, &opt,
+                            options, addrs, ktypes,
+                            pre_auth_types);
+    retval = krb5_unparse_name( context, creds->server, &server);
+    if (retval)
+      return (retval);
+    server_princ = creds->server;
+    client_princ = creds->client;
+        retval = krb5_get_init_creds (context,
+                                          creds, creds->client,  
+                                          krb5_prompter_posix,  NULL,
+                                          0, server, &opt,
+                                     krb5_get_as_key_password, &pw0,
+                                     0, ret_as_reply);
+         krb5_free_unparsed_name( context, server);
+       if (retval) {
+         return (retval);
+       }
+       if (creds->server)
+           krb5_free_principal( context, creds->server);
+       if (creds->client)
+           krb5_free_principal( context, creds->client);
+       creds->client = client_princ;
+       creds->server = server_princ;
+       /* store it in the ccache! */
+       if (ccache)
+         if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+           return (retval);
+       return retval;
+  }
+
diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c
deleted file mode 100644 (file)
index db4f3b4..0000000
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * lib/krb5/krb/in_tkt_ktb.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * krb5_get_in_tkt_with_keytab()
- *     
- */
-
-#include "k5-int.h"
-
-struct keytab_keyproc_arg {
-    krb5_keytab        keytab;
-    krb5_principal client;
-};
-
-/*
- * Key-generator for in_tkt_keytab, below.
- * "keyseed" is actually a krb5_keytab, or NULL if we should fetch
- * from system area.
- */
-static krb5_error_code keytab_keyproc
-    (krb5_context,
-               const krb5_enctype,
-               krb5_data *,
-               krb5_const_pointer,
-               krb5_keyblock **);
-
-static krb5_error_code
-keytab_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt,
-              krb5_const_pointer keyseed, krb5_keyblock **key)
-{
-    const struct keytab_keyproc_arg * arg = 
-       (const struct keytab_keyproc_arg *)keyseed;
-    krb5_keyblock *realkey;
-    krb5_error_code retval = 0;
-    krb5_keytab kt_id;
-    krb5_keytab_entry kt_ent;
-
-    kt_id = arg->keytab;
-
-    if (!krb5_c_valid_enctype(type))
-       return KRB5_PROG_ETYPE_NOSUPP;
-
-    if (kt_id == NULL)
-       /* Fetch from default keytab location */
-       if ((retval = krb5_kt_default(context, &kt_id)))
-           return retval;
-
-
-    if ((retval = krb5_kt_get_entry(context, kt_id, arg->client,
-                                   0, /* don't have vno available */
-                                   type, &kt_ent)))
-           goto cleanup;
-
-    if ((retval = krb5_copy_keyblock(context, &kt_ent.key, &realkey))) {
-       (void) krb5_kt_free_entry(context, &kt_ent);
-       goto cleanup;
-    }
-
-    (void) krb5_kt_free_entry(context, &kt_ent);
-    *key = realkey;
-    
-cleanup:
-    if (! arg->keytab) 
-       krb5_kt_close(context, kt_id);
-    return retval;
-}
-
-/*
- Similar to krb5_get_in_tkt_with_skey.
-
- Attempts to get an initial ticket for creds->client to use server
- creds->server, (realm is taken from creds->client), with options
- options, and using creds->times.starttime, creds->times.endtime, 
- creds->times.renew_till as from, till, and rtime. 
- creds->times.renew_till is ignored unless the RENEWABLE option is requested.
-
- If addrs is non-NULL, it is used for the addresses requested.  If it is
- null, the system standard addresses are used.
-
- A succesful call will place the ticket in the credentials cache ccache.
-
- returns system errors, encryption errors
-
- */
-krb5_error_code KRB5_CALLCONV
-krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
-                           krb5_address *const *addrs, krb5_enctype *ktypes,
-                           krb5_preauthtype *pre_auth_types,
-                           krb5_keytab keytab, krb5_ccache ccache,
-                           krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
-{
-    struct keytab_keyproc_arg arg;
-
-    arg.keytab = keytab;
-    arg.client = creds->client;
-
-    return(krb5_get_in_tkt(context, options, addrs, ktypes,
-                          pre_auth_types,
-                          keytab_keyproc, (krb5_pointer)&arg,
-                          krb5_kdc_rep_decrypt_proc, 0, creds,
-                          ccache, ret_as_reply));
-}
diff --git a/src/lib/krb5/krb/in_tkt_pwd.c b/src/lib/krb5/krb/in_tkt_pwd.c
deleted file mode 100644 (file)
index 1d9ad2e..0000000
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * lib/krb5/krb/in_tkt_pwd.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * krb5_get_in_tkt_with_password()
- */
-
-#include "k5-int.h"
-
-extern char *krb5_default_pwd_prompt1;
-
-/* 
- * key-producing procedure for use by krb5_get_in_tkt_with_password.
- */
-static krb5_error_code pwd_keyproc
-    (krb5_context,
-               const krb5_enctype,
-               krb5_data *,
-               krb5_const_pointer,
-               krb5_keyblock **);
-
-static krb5_error_code
-pwd_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt,
-           krb5_const_pointer keyseed, krb5_keyblock **key)
-{
-    krb5_error_code retval;
-    krb5_data * password;
-    unsigned int pwsize;
-
-    password = (krb5_data *)keyseed;
-
-    if (!password->length) {
-       pwsize = BUFSIZ;
-       if ((password->data = malloc(pwsize)) == NULL)
-           return ENOMEM;
-       
-       if ((retval = krb5_read_password(context, krb5_default_pwd_prompt1, 0,
-                                        password->data, &pwsize))) {
-           return retval;
-       }
-       password->length = pwsize;
-    }
-
-    if (!(*key = (krb5_keyblock *)malloc(sizeof(**key))))
-       return ENOMEM;
-
-    if ((retval = krb5_c_string_to_key(context, type, password, salt, *key)))
-       krb5_xfree(*key);
-
-    return(retval);
-}
-
-/*
- Attempts to get an initial ticket for creds->client to use server
- creds->server, (realm is taken from creds->client), with options
- options, and using creds->times.starttime, creds->times.endtime,
- creds->times.renew_till as from, till, and rtime.  
- creds->times.renew_till is ignored unless the RENEWABLE option is requested.
-
- If addrs is non-NULL, it is used for the addresses requested.  If it is
- null, the system standard addresses are used.
-
- If password is non-NULL, it is converted using the cryptosystem entry
- point for a string conversion routine, seeded with the client's name.
- If password is passed as NULL, the password is read from the terminal,
- and then converted into a key.
-
- A succesful call will place the ticket in the credentials cache ccache.
-
- returns system errors, encryption errors
- */
-krb5_error_code KRB5_CALLCONV
-krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
-                             krb5_address *const *addrs, krb5_enctype *ktypes,
-                             krb5_preauthtype *pre_auth_types,
-                             const char *password, krb5_ccache ccache,
-                             krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
-{
-    krb5_error_code retval;
-    krb5_data data;
-
-
-    if ((data.data = (char *)password)) {
-       data.length = strlen(password);
-    } else {
-       data.length = 0;
-    }
-
-    retval = krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, 
-                            pwd_keyproc, (krb5_pointer) &data,
-                            krb5_kdc_rep_decrypt_proc, 0,
-                            creds, ccache, ret_as_reply);
-
-    if ((password == NULL) && (data.data)) {
-       memset(data.data, 0, strlen(data.data));
-       free(data.data);
-    }
-
-    return retval;
-}
-
index 59b6123e677ffc371fe40981ff977257dfac43ee..2740d83618b5ce7cff0eaa8a39ac214ac639c85e 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/krb/init_ctx.c
  *
- * Copyright 1994,1999,2000, 2002  by the Massachusetts Institute of Technology.
+ * Copyright 1994,1999,2000, 2002, 2003  by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
    them.  This'll be fixed, but for better compatibility, let's prefer
    des-crc for now.  */
 #define DEFAULT_ETYPE_LIST     \
+       "aes256-cts-hmac-sha1-96 " \
+       "aes128-cts-hmac-sha1-96 " \
        "des3-cbc-sha1 arcfour-hmac-md5 " \
        "des-cbc-crc des-cbc-md5 des-cbc-md4 "
 
+/* Not included:
+       "aes128-cts-hmac-sha1-96 " \
+ */
+
 #if (defined(_WIN32))
 extern krb5_error_code krb5_vercheck();
 extern void krb5_win_ccdll_load(krb5_context context);
@@ -142,6 +148,13 @@ init_common (krb5_context *context, krb5_boolean secure)
        if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL)))
                goto cleanup;
 
+       ctx->conf_tgs_ktypes = calloc(ctx->tgs_ktype_count, sizeof(krb5_enctype));
+       if (ctx->conf_tgs_ktypes == NULL && ctx->tgs_ktype_count != 0)
+           goto cleanup;
+       memcpy(ctx->conf_tgs_ktypes, ctx->tgs_ktypes,
+              sizeof(krb5_enctype) * ctx->tgs_ktype_count);
+       ctx->conf_tgs_ktypes_count = ctx->tgs_ktype_count;
+
        if ((retval = krb5_os_init_context(ctx)))
                goto cleanup;
 
@@ -189,11 +202,7 @@ init_common (krb5_context *context, krb5_boolean secure)
                            "kdc_default_options", 0,
                            KDC_OPT_RENEWABLE_OK, &tmp);
        ctx->kdc_default_options = tmp;
-#if TARGET_OS_MAC
 #define DEFAULT_KDC_TIMESYNC 1
-#else
-#define DEFAULT_KDC_TIMESYNC 0
-#endif
        profile_get_integer(ctx->profile, "libdefaults",
                            "kdc_timesync", 0, DEFAULT_KDC_TIMESYNC,
                            &tmp);
@@ -207,16 +216,13 @@ init_common (krb5_context *context, krb5_boolean secure)
         * Note: DCE 1.0.3a only supports a cache type of 1
         *      DCE 1.1 supports a cache type of 2.
         */
-#if TARGET_OS_MAC
 #define DEFAULT_CCACHE_TYPE 4
-#else
-#define DEFAULT_CCACHE_TYPE 3
-#endif
        profile_get_integer(ctx->profile, "libdefaults", "ccache_type",
                            0, DEFAULT_CCACHE_TYPE, &tmp);
        ctx->fcc_default_format = tmp + 0x0500;
        ctx->scc_default_format = tmp + 0x0500;
        ctx->prompt_types = 0;
+       ctx->use_conf_ktypes = 0;
 
        ctx->udp_pref_limit = -1;
        *context = ctx;
@@ -243,6 +249,11 @@ krb5_free_context(krb5_context ctx)
          ctx->tgs_ktypes = 0;
      }
 
+     if (ctx->conf_tgs_ktypes) {
+        free(ctx->conf_tgs_ktypes);
+        ctx->conf_tgs_ktypes = 0;
+     }
+
      if (ctx->default_realm) {
          free(ctx->default_realm);
          ctx->default_realm = 0;
@@ -291,7 +302,8 @@ krb5_set_default_in_tkt_ktypes(krb5_context context, const krb5_enctype *ktypes)
 }
 
 static krb5_error_code
-get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profstr, int ctx_count, krb5_enctype *ctx_list)
+get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profstr,
+                      int ctx_count, krb5_enctype *ctx_list)
 {
     krb5_enctype *old_ktypes;
 
@@ -426,12 +438,19 @@ krb5_error_code
 KRB5_CALLCONV
 krb5_get_tgs_ktypes(krb5_context context, krb5_const_principal princ, krb5_enctype **ktypes)
 {
-    return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
-                                 context->tgs_ktype_count,
-                                 context->tgs_ktypes));
+    if (context->use_conf_ktypes)
+       /* This one is set *only* by reading the config file; it's not
+          set by the application.  */
+       return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
+                                     context->conf_tgs_ktypes_count,
+                                     context->conf_tgs_ktypes));
+    else
+       return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
+                                     context->tgs_ktype_count,
+                                     context->tgs_ktypes));
 }
 
-krb5_error_code
+krb5_error_code KRB5_CALLCONV
 krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes)
 {
     return(get_profile_etype_list(context, ktypes, "permitted_enctypes",
index 46d485d32085e4a026ae01bd33e3826a1f889e2f..47004397155f5a31ade21e85daa245c1a7d5895d 100644 (file)
@@ -246,6 +246,7 @@ void krb5_free_etype_info(krb5_context context, krb5_etype_info info)
   for(i=0; info[i] != NULL; i++) {
       if (info[i]->salt)
          free(info[i]->salt);
+      krb5_free_data_contents( context, &info[i]->s2kparams);
       free(info[i]);
   }
   free(info);
@@ -429,14 +430,20 @@ krb5_free_pwd_data(krb5_context context, krb5_pwd_data *val)
 void KRB5_CALLCONV
 krb5_free_pwd_sequences(krb5_context context, passwd_phrase_element **val)
 {
-    if ((*val)->passwd) {
-       krb5_xfree((*val)->passwd);
-       (*val)->passwd = 0;
-    }
-    if ((*val)->phrase) {
-       krb5_xfree((*val)->phrase);
-       (*val)->phrase = 0;
+    register passwd_phrase_element **temp;
+
+    for (temp = val; *temp; temp++) {
+       if ((*temp)->passwd) {
+          krb5_free_data(context, (*temp)->passwd);
+          (*temp)->passwd = 0;
+       }
+       if ((*temp)->phrase) {
+          krb5_free_data(context, (*temp)->phrase);
+          (*temp)->phrase = 0;
+       }
+       krb5_xfree(*temp);
     }
+    krb5_xfree(val);
 }
 
 
index 6389298610f0fa65f44888e5af1fad70d94c551f..04248c08d1ed09167e8cd18b2c8353e32e0f859c 100644 (file)
@@ -182,9 +182,8 @@ krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, krb5_creds *
     memset(pcred->tickets, 0, sizeof(krb5_ticket *) * (ncred +1));
 
     /* Get keyblock */
-    if ((keyblock = auth_context->local_subkey) == NULL) 
-       if ((keyblock = auth_context->remote_subkey) == NULL) 
-           keyblock = auth_context->keyblock;
+    if ((keyblock = auth_context->send_subkey) == NULL) 
+       keyblock = auth_context->keyblock;
 
     /* Get replay info */
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
index 196b6eea00293c7fe6ac96f4064eb35e56f7fbb0..efe254ac090ac2242be6f396111b2803fb1ae86b 100644 (file)
@@ -119,9 +119,8 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
     memset((char *) &replaydata, 0, sizeof(krb5_replay_data));
 
     /* Get keyblock */
-    if ((keyblock = auth_context->local_subkey) == NULL)
-        if ((keyblock = auth_context->remote_subkey) == NULL)
-            keyblock = auth_context->keyblock;
+    if ((keyblock = auth_context->send_subkey) == NULL)
+       keyblock = auth_context->keyblock;
 
     /* Get replay info */
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
index 31f3fe50013888c25aeca5dd0044d196c33e314e..393f634bb1652dd0efbc0d645c06fd1c1fcc1c11 100644 (file)
@@ -59,7 +59,14 @@ krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *out
 
     repl.ctime = auth_context->authentp->ctime;    
     repl.cusec = auth_context->authentp->cusec;    
-    repl.subkey = auth_context->authentp->subkey;    
+    if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
+       retval = krb5int_generate_and_save_subkey (context, auth_context,
+                                                  auth_context->keyblock);
+       if (retval)
+           return retval;
+       repl.subkey = auth_context->send_subkey;
+    } else
+       repl.subkey = auth_context->authentp->subkey;
     repl.seq_number = auth_context->local_seq_number;
 
     /* encode it before encrypting */
index 1ed14a9226079fc56db723ccd02d4c8ef87c627e..cdb8f6950d188e47f77def87d0bd3ea2c5e9b7e1 100644 (file)
@@ -68,7 +68,39 @@ static krb5_error_code
 krb5_generate_authenticator (krb5_context,
                                       krb5_authenticator *, krb5_principal,
                                       krb5_checksum *, krb5_keyblock *,
-                                      krb5_int32, krb5_authdata ** );
+                                      krb5_ui_4, krb5_authdata ** );
+
+krb5_error_code
+krb5int_generate_and_save_subkey (krb5_context context,
+                                 krb5_auth_context auth_context,
+                                 krb5_keyblock *keyblock)
+{
+    /* Provide some more fodder for random number code.
+       This isn't strong cryptographically; the point here is not
+       to guarantee randomness, but to make it less likely that multiple
+       sessions could pick the same subkey.  */
+    struct {
+       krb5_int32 sec, usec;
+    } rnd_data;
+    krb5_data d;
+    krb5_error_code retval;
+
+    krb5_crypto_us_timeofday (&rnd_data.sec, &rnd_data.usec);
+    d.length = sizeof (rnd_data);
+    d.data = (char *) &rnd_data;
+    (void) krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_TIMING, &d);
+
+    if ((retval = krb5_generate_subkey(context, keyblock, &auth_context->send_subkey)))
+       return retval;
+    retval = krb5_copy_keyblock(context, auth_context->send_subkey,
+                               &auth_context->recv_subkey);
+    if (retval) {
+       krb5_free_keyblock(context, auth_context->send_subkey);
+       auth_context->send_subkey = NULL;
+       return retval;
+    }
+    return 0;
+}
 
 krb5_error_code KRB5_CALLCONV
 krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
@@ -130,22 +162,10 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
            goto cleanup;
     }
 
-    if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->local_subkey)) {
-       /* Provide some more fodder for random number code.
-          This isn't strong cryptographically; the point here is not
-          to guarantee randomness, but to make it less likely that multiple
-          sessions could pick the same subkey.  */
-       struct {
-           krb5_int32 sec, usec;
-       } rnd_data;
-       krb5_data d;
-       krb5_crypto_us_timeofday (&rnd_data.sec, &rnd_data.usec);
-       d.length = sizeof (rnd_data);
-       d.data = (char *) &rnd_data;
-       (void) krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_TIMING, &d);
-
-       if ((retval = krb5_generate_subkey(context, &(in_creds)->keyblock, 
-                                          &(*auth_context)->local_subkey)))
+    if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) {
+       retval = krb5int_generate_and_save_subkey (context, *auth_context,
+                                                  &in_creds->keyblock);
+       if (retval)
            goto cleanup;
     }
 
@@ -178,7 +198,7 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
     if ((retval = krb5_generate_authenticator(context,
                                              (*auth_context)->authentp,
                                              (in_creds)->client, checksump,
-                                             (*auth_context)->local_subkey,
+                                             (*auth_context)->send_subkey,
                                              (*auth_context)->local_seq_number,
                                              (in_creds)->authdata)))
        goto cleanup_cksum;
@@ -232,7 +252,7 @@ cleanup:
 }
 
 static krb5_error_code
-krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, krb5_principal client, krb5_checksum *cksum, krb5_keyblock *key, krb5_int32 seq_number, krb5_authdata **authorization)
+krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, krb5_principal client, krb5_checksum *cksum, krb5_keyblock *key, krb5_ui_4 seq_number, krb5_authdata **authorization)
 {
     krb5_error_code retval;
     
index 992a456a903646f389875a85517f73e3330d6de5..eefcab7cd473d2233b3ef0da6af6de511b469980 100644 (file)
@@ -120,9 +120,8 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, const krb5_da
     memset((char *) &replaydata, 0, sizeof(krb5_replay_data));
 
     /* Get keyblock */
-    if ((keyblock = auth_context->local_subkey) == NULL)
-        if ((keyblock = auth_context->remote_subkey) == NULL)
-            keyblock = auth_context->keyblock;
+    if ((keyblock = auth_context->send_subkey) == NULL)
+       keyblock = auth_context->keyblock;
 
     /* Get replay info */
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
index abbcfbe2d3d363ebb522a11262e00095cd0de201..3debb6acf1b89854a40c334afb66ec17af86c1d4 100644 (file)
@@ -170,11 +170,13 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip
                                cp++;
                                size++;
                        } else if (c == COMPONENT_SEP) {
-                               krb5_princ_component(context, principal, i)->length = size;
+                               if (krb5_princ_size(context, principal) > i)
+                                       krb5_princ_component(context, principal, i)->length = size;
                                size = 0;
                                i++;
                        } else if (c == REALM_SEP) {
-                               krb5_princ_component(context, principal, i)->length = size;
+                               if (krb5_princ_size(context, principal) > i)
+                                       krb5_princ_component(context, principal, i)->length = size;
                                size = 0;
                                parsed_realm = cp+1;
                        } else
@@ -183,7 +185,8 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip
                if (parsed_realm)
                        krb5_princ_realm(context, principal)->length = size;
                else
-                       krb5_princ_component(context, principal, i)->length = size;
+                       if (krb5_princ_size(context, principal) > i)
+                               krb5_princ_component(context, principal, i)->length = size;
                if (i + 1 != components) {
 #if !defined(_WIN32) && !defined(macintosh)
                        fprintf(stderr,
index e50440e2b63f8964e3e450dd744ab3c313473086..6238a8276fc1c01ff7854366c3e11a01cb564eb5 100644 (file)
@@ -35,7 +35,7 @@ typedef krb5_error_code (*pa_function)(krb5_context,
                                       krb5_kdc_req *request,
                                       krb5_pa_data *in_padata,
                                       krb5_pa_data **out_padata,
-                                      krb5_data *salt,
+                                      krb5_data *salt, krb5_data *s2kparams,
                                       krb5_enctype *etype,
                                       krb5_keyblock *as_key,
                                       krb5_prompter_fct prompter_fct,
@@ -57,7 +57,7 @@ krb5_error_code pa_salt(krb5_context context,
                        krb5_kdc_req *request,
                        krb5_pa_data *in_padata,
                        krb5_pa_data **out_padata,
-                       krb5_data *salt,
+                       krb5_data *salt, krb5_data *s2kparams,
                        krb5_enctype *etype,
                        krb5_keyblock *as_key,
                        krb5_prompter_fct prompter, void *prompter_data,
@@ -65,22 +65,11 @@ krb5_error_code pa_salt(krb5_context context,
 {
     krb5_data tmp;
 
-    /* screw the abstraction.  If there was a *reasonable* copy_data,
-       I'd use it.  But I'm inside the library, which is the twilight
-       zone of source code, so I can do anything. */
-
+    tmp.data = in_padata->contents;
     tmp.length = in_padata->length;
-    if (tmp.length) {
-       if ((tmp.data = malloc(tmp.length)) == NULL)
-           return ENOMEM;
-       memcpy(tmp.data, in_padata->contents, tmp.length);
-    } else {
-       tmp.data = NULL;
-    }
-
-    *salt = tmp;
-
-    /* assume that no other salt was allocated */
+    krb5_free_data_contents(context, salt);
+    krb5int_copy_data_contents(context, &tmp, salt);
+    
 
     if (in_padata->pa_type == KRB5_PADATA_AFS3_SALT)
        salt->length = SALT_TYPE_AFS_LENGTH;
@@ -94,6 +83,7 @@ krb5_error_code pa_enc_timestamp(krb5_context context,
                                 krb5_pa_data *in_padata,
                                 krb5_pa_data **out_padata,
                                 krb5_data *salt,
+                                krb5_data *s2kparams,
                                 krb5_enctype *etype,
                                 krb5_keyblock *as_key,
                                 krb5_prompter_fct prompter,
@@ -119,7 +109,7 @@ krb5_error_code pa_enc_timestamp(krb5_context context,
        if ((ret = ((*gak_fct)(context, request->client,
                              *etype ? *etype : request->ktype[0],
                              prompter, prompter_data,
-                             salt, as_key, gak_data))))
+                             salt, s2kparams, as_key, gak_data))))
            return(ret);
     }
 
@@ -233,6 +223,7 @@ krb5_error_code pa_sam(krb5_context context,
                       krb5_pa_data *in_padata,
                       krb5_pa_data **out_padata,
                       krb5_data *salt,
+                      krb5_data *s2kparams,
                       krb5_enctype *etype,
                       krb5_keyblock *as_key,
                       krb5_prompter_fct prompter,
@@ -283,7 +274,7 @@ krb5_error_code pa_sam(krb5_context context,
           *etype = ENCTYPE_DES_CBC_CRC;
 
        if ((ret = (gak_fct)(context, request->client, *etype, prompter,
-                       prompter_data, salt, as_key, gak_data)))
+                       prompter_data, salt, s2kparams, as_key, gak_data)))
           return(ret);
     }
     sprintf(name, "%.*s",
@@ -472,6 +463,7 @@ krb5_error_code pa_sam_2(krb5_context context,
                                krb5_pa_data *in_padata,
                                krb5_pa_data **out_padata,
                                krb5_data *salt,
+                        krb5_data *s2kparams,
                                krb5_enctype *etype,
                                krb5_keyblock *as_key,
                                krb5_prompter_fct prompter,
@@ -542,7 +534,7 @@ krb5_error_code pa_sam_2(krb5_context context,
 
        retval = (gak_fct)(context, request->client,
                        sc2b->sam_etype, prompter,
-                       prompter_data, salt, as_key, gak_data);
+                       prompter_data, salt, s2kparams, as_key, gak_data);
        if (retval) {
           krb5_free_sam_challenge_2(context, sc2);
           krb5_free_sam_challenge_2_body(context, sc2b);
@@ -827,87 +819,19 @@ static const pa_types_t pa_types[] = {
     },
 };
 
-static void
-sort_etype_info(krb5_context  context, krb5_kdc_req *request,
-                krb5_etype_info_entry **etype_info)
-{
-/* Originally adapted from a proposed solution in ticket 1006.  This
- * solution  is  not efficient, but implementing an efficient sort
- * with a comparison function based on order in the kdc request would
- * be difficult.*/
-    krb5_etype_info_entry *tmp;
-    int i, j, e;
-    krb5_boolean similar;
-
-    if (etype_info == NULL)
-       return;
-
-    /* First, move up etype_info_entries whose enctype exactly matches a
-     * requested enctype.
-     */
-    e = 0;
-    for ( i = 0 ; i < request->nktypes && etype_info[e] != NULL ; i++ )
-    {
-       if (request->ktype[i] == etype_info[e]->etype)
-       {
-           e++;
-           continue;
-       }
-       for ( j = e+1 ; etype_info[j] ; j++ )
-           if (request->ktype[i] == etype_info[j]->etype)
-               break;
-       if (etype_info[j] == NULL)
-           continue;
-
-       tmp = etype_info[j];
-       etype_info[j] = etype_info[e];
-       etype_info[e] = tmp;
-       e++;
-    }
-
-    /* Then move up etype_info_entries whose enctype is similar to a
-     * requested enctype.
-     */
-    for ( i = 0 ; i < request->nktypes && etype_info[e] != NULL ; i++ )
-    {
-       if (krb5_c_enctype_compare(context, request->ktype[i], etype_info[e]->etype, &similar) != 0)
-           continue;
-
-       if (similar)
-       {
-           e++;
-           continue;
-       }
-       for ( j = e+1 ; etype_info[j] ; j++ )
-       {
-           if (krb5_c_enctype_compare(context, request->ktype[i], etype_info[j]->etype, &similar) != 0)
-               continue;
-
-           if (similar)
-               break;
-       }
-       if (etype_info[j] == NULL)
-           continue;
-
-       tmp = etype_info[j];
-       etype_info[j] = etype_info[e];
-       etype_info[e] = tmp;
-       e++;
-    }
-}
-
-
 krb5_error_code
 krb5_do_preauth(krb5_context context,
                krb5_kdc_req *request,
                krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
-               krb5_data *salt, krb5_enctype *etype,
+               krb5_data *salt, krb5_data *s2kparams,
+               krb5_enctype *etype,
                krb5_keyblock *as_key,
                krb5_prompter_fct prompter, void *prompter_data,
                krb5_gic_get_as_key_fct gak_fct, void *gak_data)
 {
     int h, i, j, out_pa_list_size;
-    krb5_pa_data *out_pa, **out_pa_list;
+    int seen_etype_info2 = 0;
+    krb5_pa_data *out_pa = NULL, **out_pa_list = NULL;
     krb5_data scratch;
     krb5_etype_info etype_info = NULL;
     krb5_error_code ret;
@@ -938,6 +862,7 @@ krb5_do_preauth(krb5_context context,
     for (h=0; h<(sizeof(paorder)/sizeof(paorder[0])); h++) {
        realdone = 0;
        for (i=0; in_padata[i] && !realdone; i++) {
+           int k, l, etype_found, valid_etype_found;
            /*
             * This is really gross, but is necessary to prevent
             * lossge when talking to a 1.0.x KDC, which returns an
@@ -946,27 +871,81 @@ krb5_do_preauth(krb5_context context,
             */
            switch (in_padata[i]->pa_type) {
            case KRB5_PADATA_ETYPE_INFO:
-               if (etype_info)
-                   continue;
+           case KRB5_PADATA_ETYPE_INFO2:
+           {
+               krb5_preauthtype pa_type = in_padata[i]->pa_type;
+               if (etype_info) {
+                   if (seen_etype_info2 || pa_type != KRB5_PADATA_ETYPE_INFO2)
+                       continue;
+                   if (pa_type == KRB5_PADATA_ETYPE_INFO2) {
+                       krb5_free_etype_info( context, etype_info);
+                       etype_info = NULL;
+                   }
+               }
+
                scratch.length = in_padata[i]->length;
                scratch.data = (char *) in_padata[i]->contents;
-               ret = decode_krb5_etype_info(&scratch, &etype_info);
+               if (pa_type == KRB5_PADATA_ETYPE_INFO2) {
+                   seen_etype_info2++;
+                   ret = decode_krb5_etype_info2(&scratch, &etype_info);
+               }
+               else ret = decode_krb5_etype_info(&scratch, &etype_info);
                if (ret) {
-                   if (out_pa_list) {
-                       out_pa_list[out_pa_list_size++] = NULL;
-                       krb5_free_pa_data(context, out_pa_list);
-                   }
-                   return ret;
+                   ret = 0; /*Ignore error and etype_info element*/
+                   krb5_free_etype_info( context, etype_info);
+                   etype_info = NULL;
+                   continue;
                }
                if (etype_info[0] == NULL) {
                    krb5_free_etype_info(context, etype_info);
                    etype_info = NULL;
                    break;
                }
-                sort_etype_info(context, request, etype_info);
-               salt->data = (char *) etype_info[0]->salt;
-               salt->length = etype_info[0]->length;
-               *etype = etype_info[0]->etype;
+               /*
+                * Select first etype in our request which is also in
+                * etype-info (preferring client request ktype order).
+                */
+               for (etype_found = 0, valid_etype_found = 0, k = 0;
+                    !etype_found && k < request->nktypes; k++) {
+                   for (l = 0; etype_info[l]; l++) {
+                       if (etype_info[l]->etype == request->ktype[k]) {
+                           etype_found++;
+                           break;
+                       }
+                       /* check if program has support for this etype for more
+                        * precise error reporting.
+                        */
+                       if (valid_enctype(etype_info[l]->etype))
+                           valid_etype_found++;
+                   }
+               }
+               if (!etype_found) {
+                 if (valid_etype_found) {
+                       /* supported enctype but not requested */
+                   ret =  KRB5_CONFIG_ETYPE_NOSUPP;
+                   goto cleanup;
+                 }
+                 else {
+                   /* unsupported enctype */
+                   ret =  KRB5_PROG_ETYPE_NOSUPP;
+                   goto cleanup;
+                 }
+
+               }
+               scratch.data = (char *) etype_info[l]->salt;
+               scratch.length = etype_info[l]->length;
+               krb5_free_data_contents(context, salt);
+               if (scratch.length == KRB5_ETYPE_NO_SALT) 
+                 salt->data = NULL;
+               else
+                   if ((ret = krb5int_copy_data_contents( context, &scratch, salt)) != 0)
+                 goto cleanup;
+               *etype = etype_info[l]->etype;
+               krb5_free_data_contents(context, s2kparams);
+               if ((ret = krb5int_copy_data_contents(context,
+                                                     &etype_info[l]->s2kparams,
+                                                     s2kparams)) != 0)
+                 goto cleanup;
 #ifdef DEBUG
                for (j = 0; etype_info[j]; j++) {
                    krb5_etype_info_entry *e = etype_info[j];
@@ -978,6 +957,7 @@ krb5_do_preauth(krb5_context context,
                }
 #endif
                break;
+           }
            case KRB5_PADATA_PW_SALT:
            case KRB5_PADATA_AFS3_SALT:
                if (etype_info)
@@ -993,16 +973,10 @@ krb5_do_preauth(krb5_context context,
 
                    if ((ret = ((*pa_types[j].fct)(context, request,
                                                   in_padata[i], &out_pa,
-                                                  salt, etype, as_key,
+                                                  salt, s2kparams, etype, as_key,
                                                   prompter, prompter_data,
                                                   gak_fct, gak_data)))) {
-                       if (out_pa_list) {
-                           out_pa_list[out_pa_list_size++] = NULL;
-                           krb5_free_pa_data(context, out_pa_list);
-                       }
-                       if (etype_info)
-                           krb5_free_etype_info(context, etype_info);
-                       return(ret);
+                     goto cleanup;
                    }
 
                    if (out_pa) {
@@ -1010,18 +984,22 @@ krb5_do_preauth(krb5_context context,
                            if ((out_pa_list =
                                 (krb5_pa_data **)
                                 malloc(2*sizeof(krb5_pa_data *)))
-                               == NULL)
-                               return(ENOMEM);
+                               == NULL) {
+                             ret = ENOMEM;
+                             goto cleanup;
+                           }
                        } else {
                            if ((out_pa_list =
                                 (krb5_pa_data **)
                                 realloc(out_pa_list,
                                         (out_pa_list_size+2)*
                                         sizeof(krb5_pa_data *)))
-                               == NULL)
-                               /* XXX this will leak the pointers which
+                               == NULL) {
+                             /* XXX this will leak the pointers which
                                   have already been allocated.  oh well. */
-                               return(ENOMEM);
+                             ret = ENOMEM;
+                             goto cleanup;
+                           }
                        }
                        
                        out_pa_list[out_pa_list_size++] = out_pa;
@@ -1037,6 +1015,16 @@ krb5_do_preauth(krb5_context context,
        out_pa_list[out_pa_list_size++] = NULL;
 
     *out_padata = out_pa_list;
-
+    if (etype_info)
+      krb5_free_etype_info(context, etype_info);
+    
     return(0);
+ cleanup:
+    if (out_pa_list) {
+      out_pa_list[out_pa_list_size++] = NULL;
+      krb5_free_pa_data(context, out_pa_list);
+    }
+    if (etype_info)
+      krb5_free_etype_info(context, etype_info);
+    return (ret);
 }
index 228219f765cb9fca628ba7b1e37250086f22cf20..11be47f0506bc41c5a98b23320a3a2dce3745acb 100644 (file)
@@ -33,15 +33,11 @@ decrypt_credencdata(krb5_context context, krb5_cred *pcred, krb5_keyblock *pkeyb
 
     /*  now decode the decrypted stuff */
     if ((retval = decode_krb5_enc_cred_part(&scratch, &ppart)))
-       goto cleanup_encpart;
+       goto cleanup;
 
     *pcredenc = *ppart;
     retval = 0;
 
-cleanup_encpart:
-    memset(ppart, 0, sizeof(*ppart));
-    krb5_xfree(ppart);
-
 cleanup:
     memset(scratch.data, 0, scratch.length);
     krb5_xfree(scratch.data);
@@ -169,9 +165,8 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data *pc
     krb5_replay_data      replaydata;
 
     /* Get keyblock */
-    if ((keyblock = auth_context->remote_subkey) == NULL)
-       if ((keyblock = auth_context->local_subkey) == NULL)
-            keyblock = auth_context->keyblock;
+    if ((keyblock = auth_context->recv_subkey) == NULL)
+       keyblock = auth_context->keyblock;
 
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
       (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
index 813205662354f58118a3138b678123d2f892813e..cf74807793944ab0b09fa472c563d751ea24bcda 100644 (file)
@@ -156,9 +156,8 @@ krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_da
     krb5_replay_data     replaydata;
 
     /* Get keyblock */
-    if ((keyblock = auth_context->remote_subkey) == NULL)
-       if ((keyblock = auth_context->local_subkey) == NULL)
-            keyblock = auth_context->keyblock;
+    if ((keyblock = auth_context->recv_subkey) == NULL)
+       keyblock = auth_context->keyblock;
 
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
       (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
@@ -247,7 +246,8 @@ krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_da
     }
 
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-       if (auth_context->remote_seq_number != replaydata.seq) {
+       if (!krb5int_auth_con_chkseqnum(context, auth_context,
+                                       replaydata.seq)) {
            retval =  KRB5KRB_AP_ERR_BADORDER;
            goto error;
        }
index e35e43f5d2f838b5cfb4ca5184ea00fcd44c53c3..80192294e8bd3ac795238125181d677f1eed6ba9 100644 (file)
@@ -81,8 +81,24 @@ krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, const krb5_dat
 
     /* Set auth subkey */
     if ((*repl)->subkey) {
+       if (auth_context->recv_subkey) {
+           krb5_free_keyblock(context, auth_context->recv_subkey);
+           auth_context->recv_subkey = NULL;
+       }
        retval = krb5_copy_keyblock(context, (*repl)->subkey,
-                                   &auth_context->remote_subkey);
+                                   &auth_context->recv_subkey);
+       if (retval)
+           goto clean_scratch;
+       if (auth_context->send_subkey) {
+           krb5_free_keyblock(context, auth_context->send_subkey);
+           auth_context->send_subkey = NULL;
+       }
+       retval = krb5_copy_keyblock(context, (*repl)->subkey,
+                                   &auth_context->send_subkey);
+       if (retval) {
+           krb5_free_keyblock(context, auth_context->send_subkey);
+           auth_context->send_subkey = NULL;
+       }
     }
 
     /* Get remote sequence number */
index f844e3cd64a037a8ab215f69b83f72c611dfb891..9a2f4589d7f12b779f04f5fb2313fef06fc8fc2b 100644 (file)
@@ -83,7 +83,9 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_da
        server = request->ticket->server;
     }
     /* Get an rcache if necessary. */
-    if (((*auth_context)->rcache == NULL) && server) {
+    if (((*auth_context)->rcache == NULL)
+       && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME)
+&& server) {
        if ((retval = krb5_get_server_rcache(context,
      krb5_princ_component(context,server,0), &(*auth_context)->rcache)))
            goto cleanup_auth_context;
index fa126b4abd8509adf63e853b4220f43e41ecd5d2..3c398aed1a947addb1c4d6be0c083c265f0623a8 100644 (file)
@@ -290,10 +290,18 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, c
     if ((*auth_context)->authentp->subkey) {
        if ((retval = krb5_copy_keyblock(context,
                                         (*auth_context)->authentp->subkey,
-                                        &((*auth_context)->remote_subkey))))
+                                        &((*auth_context)->recv_subkey))))
            goto cleanup;
+       retval = krb5_copy_keyblock(context, (*auth_context)->authentp->subkey,
+                                   &((*auth_context)->send_subkey));
+       if (retval) {
+           krb5_free_keyblock(context, (*auth_context)->recv_subkey);
+           (*auth_context)->recv_subkey = NULL;
+           goto cleanup;
+       }
     } else {
-       (*auth_context)->remote_subkey = 0;
+       (*auth_context)->recv_subkey = 0;
+       (*auth_context)->send_subkey = 0;
     }
 
     if ((retval = krb5_copy_keyblock(context, req->ticket->enc_part2->session,
index 0f6cec27ff6ae73d4cac07e0de5179534a2d1c90..15dc6dcccd6923fad9831826e567f6c4f6a72cb5 100644 (file)
@@ -51,6 +51,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb
 {
     krb5_error_code      retval;
     krb5_safe          * message;
+    krb5_data safe_body;
     krb5_checksum our_cksum, *his_cksum;
     krb5_octet zero_octet = 0;
     krb5_data *scratch;
@@ -59,7 +60,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb
     if (!krb5_is_krb_safe(inbuf))
        return KRB5KRB_AP_ERR_MSG_TYPE;
 
-    if ((retval = decode_krb5_safe(inbuf, &message)))
+    if ((retval = decode_krb5_safe_with_body(inbuf, &message, &safe_body)))
        return retval;
 
     if (!krb5_c_valid_cksumtype(message->checksum->checksum_type)) {
@@ -113,7 +114,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb
 
     message->checksum = &our_cksum;
 
-    if ((retval = encode_krb5_safe(message, &scratch)))
+    if ((retval = encode_krb5_safe_with_body(message, &safe_body, &scratch)))
        goto cleanup;
 
     message->checksum = his_cksum;
@@ -126,8 +127,17 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb
     krb5_free_data(context, scratch);
     
     if (!valid) {
-       retval = KRB5KRB_AP_ERR_MODIFIED;
-       goto cleanup;
+       /*
+        * Checksum over only the KRB-SAFE-BODY, like RFC 1510 says, in
+        * case someone actually implements it correctly.
+        */
+       retval = krb5_c_verify_checksum(context, keyblock,
+                                       KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
+                                       &safe_body, his_cksum, &valid);
+       if (!valid) {
+           retval = KRB5KRB_AP_ERR_MODIFIED;
+           goto cleanup;
+       }
     }
 
     replaydata->timestamp = message->timestamp;
@@ -161,9 +171,8 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_da
        return KRB5_RC_REQUIRED;
 
     /* Get keyblock */
-    if ((keyblock = auth_context->remote_subkey) == NULL)
-       if ((keyblock = auth_context->local_subkey) == NULL)
-            keyblock = auth_context->keyblock;
+    if ((keyblock = auth_context->recv_subkey) == NULL)
+       keyblock = auth_context->keyblock;
 
 {
     krb5_address * premote_fulladdr = NULL;
@@ -240,7 +249,8 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_da
     }
 
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-       if (auth_context->remote_seq_number != replaydata.seq) {
+       if (!krb5int_auth_con_chkseqnum(context, auth_context,
+                                       replaydata.seq)) {
            retval =  KRB5KRB_AP_ERR_BADORDER;
            goto error;
        }
index 244d18e123089524b049b86397cc07dfa3d5e6c1..34a98c042d39b6750cd3846471372be389dc2748 100644 (file)
@@ -278,6 +278,7 @@ send_again:
                }
                krb5_free_error(context, err_reply);
            }
+           rep->message_type = KRB5_ERROR;
        } else if (krb5_is_tgs_rep(&rep->response))
            rep->message_type = KRB5_TGS_REP;
         else /* XXX: assume it's an error */
index a8ec90ee6fcd808e2a91338d87149a33b164e864..32519e19f00ea8119157f682a860b2f9ab9ebbc3 100644 (file)
@@ -151,21 +151,21 @@ krb5_auth_context_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
                required += sizeof(krb5_int32);
        }
 
-       /* Calculate size required by local_subkey, if appropriate */
-       if (!kret && auth_context->local_subkey) {
+       /* Calculate size required by send_subkey, if appropriate */
+       if (!kret && auth_context->send_subkey) {
            kret = krb5_size_opaque(kcontext,
                                    KV5M_KEYBLOCK,
-                                   (krb5_pointer) auth_context->local_subkey,
+                                   (krb5_pointer) auth_context->send_subkey,
                                    &required);
            if (!kret)
                required += sizeof(krb5_int32);
        }
 
-       /* Calculate size required by remote_subkey, if appropriate */
-       if (!kret && auth_context->remote_subkey) {
+       /* Calculate size required by recv_subkey, if appropriate */
+       if (!kret && auth_context->recv_subkey) {
            kret = krb5_size_opaque(kcontext,
                                    KV5M_KEYBLOCK,
-                                   (krb5_pointer) auth_context->remote_subkey,
+                                   (krb5_pointer) auth_context->recv_subkey,
                                    &required);
            if (!kret)
                required += sizeof(krb5_int32);
@@ -300,23 +300,23 @@ krb5_auth_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octe
            }
 
            /* Now handle subkey, if appropriate */
-           if (!kret && auth_context->local_subkey) {
+           if (!kret && auth_context->send_subkey) {
                (void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
                kret = krb5_externalize_opaque(kcontext,
                                               KV5M_KEYBLOCK,
                                               (krb5_pointer)
-                                              auth_context->local_subkey,
+                                              auth_context->send_subkey,
                                               &bp,
                                               &remain);
            }
 
            /* Now handle subkey, if appropriate */
-           if (!kret && auth_context->remote_subkey) {
+           if (!kret && auth_context->recv_subkey) {
                (void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
                kret = krb5_externalize_opaque(kcontext,
                                               KV5M_KEYBLOCK,
                                               (krb5_pointer)
-                                              auth_context->remote_subkey,
+                                              auth_context->recv_subkey,
                                               &bp,
                                               &remain);
            }
@@ -474,26 +474,26 @@ krb5_auth_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_oc
                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
            }
 
-           /* This is the local_subkey */
+           /* This is the send_subkey */
            if (!kret && (tag == TOKEN_LSKBLOCK)) {
                if (!(kret = krb5_internalize_opaque(kcontext,
                                                     KV5M_KEYBLOCK,
                                                     (krb5_pointer *)
                                                     &auth_context->
-                                                    local_subkey,
+                                                    send_subkey,
                                                     &bp,
                                                     &remain)))
                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
            }
 
-           /* This is the remote_subkey */
+           /* This is the recv_subkey */
            if (!kret) {
                if (tag == TOKEN_RSKBLOCK) {
                    kret = krb5_internalize_opaque(kcontext,
                                                   KV5M_KEYBLOCK,
                                                   (krb5_pointer *)
                                                   &auth_context->
-                                                  remote_subkey,
+                                                  recv_subkey,
                                                   &bp,
                                                   &remain);
                }
index 7c5f17a4cd009902417880aea7e727bc040eda69..9cbcef78d97231981735dec8d850f651d9d3866d 100644 (file)
@@ -174,7 +174,7 @@ krb5_internalize_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer *
 }
 \f
 /*
- * krb5_ser_pack_int32()       - Pack a 4-byte integer if space is availble.
+ * krb5_ser_pack_int32()       - Pack a 4-byte integer if space is available.
  *                               Update buffer pointer and remaining space.
  */
 krb5_error_code KRB5_CALLCONV
@@ -193,6 +193,23 @@ krb5_ser_pack_int32(krb5_int32 iarg, krb5_octet **bufp, size_t *remainp)
        return(ENOMEM);
 }
 \f
+/*
+ * krb5_ser_pack_int64()       - Pack an 8-byte integer if space is available.
+ *                               Update buffer pointer and remaining space.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_int64(krb5_int64 iarg, krb5_octet **bufp, size_t *remainp)
+{
+    if (*remainp >= sizeof(krb5_int64)) {
+       store_64_be(iarg, (unsigned char *)*bufp);
+       *bufp += sizeof(krb5_int64);
+       *remainp -= sizeof(krb5_int64);
+       return(0);
+    }
+    else
+       return(ENOMEM);
+}
+\f
 /*
  * krb5_ser_pack_bytes()       - Pack a string of bytes.
  */
@@ -228,6 +245,22 @@ krb5_ser_unpack_int32(krb5_int32 *intp, krb5_octet **bufp, size_t *remainp)
        return(ENOMEM);
 }
 \f
+/*
+ * krb5_ser_unpack_int64()     - Unpack an 8-byte integer if it's there.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_int64(krb5_int64 *intp, krb5_octet **bufp, size_t *remainp)
+{
+    if (*remainp >= sizeof(krb5_int64)) {
+       *intp = load_64_be((unsigned char *)*bufp);
+       *bufp += sizeof(krb5_int64);
+       *remainp -= sizeof(krb5_int64);
+       return(0);
+    }
+    else
+       return(ENOMEM);
+}
+\f
 /*
  * krb5_ser_unpack_bytes()     - Unpack a byte string if it's there.
  */
index aa41bc52bd8add6ba6d3fe5cd68f22ea2528a634..e66d2d36672c84e0f86e70c097c317e703ce7d1e 100644 (file)
@@ -48,6 +48,9 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache
     unsigned long uid = geteuid();
 #endif
     
+    if (piece == NULL)
+       return ENOMEM;
+    
     rcache = (krb5_rcache) malloc(sizeof(*rcache));
     if (!rcache)
        return ENOMEM;
@@ -58,7 +61,7 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache
 
     len = piece->length + 3 + 1;
     for (i = 0; i < piece->length; i++) {
-       if (piece->data[i] == '\\')
+       if (piece->data[i] == '-')
            len++;
        else if (!isvalidrcname((int) piece->data[i]))
            len += 3;
@@ -78,14 +81,14 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache
     strcpy(cachename, "rc_");
     p = 3;
     for (i = 0; i < piece->length; i++) {
-       if (piece->data[i] == '\\') {
-           cachename[p++] = '\\';
-           cachename[p++] = '\\';
+       if (piece->data[i] == '-') {
+           cachename[p++] = '-';
+           cachename[p++] = '-';
            continue;
        }
        if (!isvalidrcname((int) piece->data[i])) {
            sprintf(tmp, "%03o", piece->data[i]);
-           cachename[p++] = '\\';
+           cachename[p++] = '-';
            cachename[p++] = tmp[0];
            cachename[p++] = tmp[1];
            cachename[p++] = tmp[2];
index f0e52dceee7223437a0449a9032e14b625fc46ab..6f1a3c9e8b24ae8f6ec804b21d4fc1ca563d503d 100644 (file)
@@ -149,7 +149,8 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi
                *q++ = COMPONENT_SEP;
        }
 
-       q--;                    /* Back up last component separator */
+       if (i > 0)
+           q--;                /* Back up last component separator */
        *q++ = REALM_SEP;
        
        cp = krb5_princ_realm(context, principal)->data;
diff --git a/src/lib/krb5/krb/v4lifetime.c b/src/lib/krb5/krb/v4lifetime.c
new file mode 100644 (file)
index 0000000..94bf5f6
--- /dev/null
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include "k5-int.h"
+
+/*
+ * Only lifetime bytes values less than 128 are on a linear scale.
+ * The following table contains an exponential scale that covers the
+ * lifetime values 128 to 191 inclusive (a total of 64 values).
+ * Values greater than 191 get interpreted the same as 191, but they
+ * will never be generated by the functions in this file.
+ *
+ * The ratio is approximately 1.069144898 (actually exactly
+ * exp(log(67.5)/63), where 67.5 = 2592000/38400, and 259200 = 30
+ * days, and 38400 = 128*5 minutes.  This allows a lifetime byte of
+ * 191 to correspond to a ticket life of exactly 30 days and a
+ * lifetime byte of 128 to correspond to exactly 128*5 minutes, with
+ * the other values spread on an exponential curve fit in between
+ * them.  This table should correspond exactly to the set of extended
+ * ticket lifetime values used by AFS and CMU.
+ *
+ * The following awk script is sufficient to reproduce the table:
+ * BEGIN {
+ *     r = exp(log(2592000/38400)/63);
+ *     x = 38400;
+ *     for (i=0;i<64;i++) {
+ *         printf("%d\n",x+0.5);
+ *         x *= r;
+ *     }
+ * }
+ */
+#ifndef SHORT_LIFETIME
+#define NLIFETIMES 64
+static const krb5_int32 lifetimes[NLIFETIMES] = {
+    38400, 41055,              /* 00:10:40:00, 00:11:24:15 */
+    43894, 46929,              /* 00:12:11:34, 00:13:02:09 */
+    50174, 53643,              /* 00:13:56:14, 00:14:54:03 */
+    57352, 61318,              /* 00:15:55:52, 00:17:01:58 */
+    65558, 70091,              /* 00:18:12:38, 00:19:28:11 */
+    74937, 80119,              /* 00:20:48:57, 00:22:15:19 */
+    85658, 91581,              /* 00:23:47:38, 01:01:26:21 */
+    97914, 104684,             /* 01:03:11:54, 01:05:04:44 */
+    111922, 119661,            /* 01:07:05:22, 01:09:14:21 */
+    127935, 136781,            /* 01:11:32:15, 01:13:59:41 */
+    146239, 156350,            /* 01:16:37:19, 01:19:25:50 */
+    167161, 178720,            /* 01:22:26:01, 02:01:38:40 */
+    191077, 204289,            /* 02:05:04:37, 02:08:44:49 */
+    218415, 233517,            /* 02:12:40:15, 02:16:51:57 */
+    249664, 266926,            /* 02:21:21:04, 03:02:08:46 */
+    285383, 305116,            /* 03:07:16:23, 03:12:45:16 */
+    326213, 348769,            /* 03:18:36:53, 04:00:52:49 */
+    372885, 398668,            /* 04:07:34:45, 04:14:44:28 */
+    426234, 455705,            /* 04:22:23:54, 05:06:35:05 */
+    487215, 520904,            /* 05:15:20:15, 06:00:41:44 */
+    556921, 595430,            /* 06:10:42:01, 06:21:23:50 */
+    636601, 680618,            /* 07:08:50:01, 07:21:03:38 */
+    727680, 777995,            /* 08:10:08:00, 09:00:06:35 */
+    831789, 889303,            /* 09:15:03:09, 10:07:01:43 */
+    950794, 1016537,           /* 11:00:06:34, 11:18:22:17 */
+    1086825, 1161973,          /* 12:13:53:45, 13:10:46:13 */
+    1242318, 1328218,          /* 14:09:05:18, 15:08:56:58 */
+    1420057, 1518247,          /* 16:10:27:37, 17:13:44:07 */
+    1623226, 1735464,          /* 18:18:53:46, 20:02:04:24 */
+    1855462, 1983758,          /* 21:11:24:22, 22:23:02:38 */
+    2120925, 2267576,          /* 24:13:08:45, 26:05:52:56 */
+    2424367, 2592000           /* 28:01:26:07, 30:00:00:00 */
+};
+#define MINFIXED 0x80
+#define MAXFIXED (MINFIXED + NLIFETIMES - 1)
+#endif /* !SHORT_LIFETIME */
+
+/*
+ * krb_life_to_time
+ *
+ * Given a start date and a lifetime byte, compute the expiration
+ * date.
+ */
+krb5_int32
+krb5int_krb_life_to_time(krb5_int32 start, int life)
+{
+    if (life < 0 || life > 255)        /* possibly sign botch in caller */
+       return start;
+#ifndef SHORT_LIFETIME
+    if (life < MINFIXED)
+       return start + life * 5 * 60;
+    if (life > MAXFIXED)
+       return start + lifetimes[NLIFETIMES - 1];
+    return start + lifetimes[life - MINFIXED];
+#else  /* SHORT_LIFETIME */
+    return start + life * 5 * 60;
+#endif /* SHORT_LIFETIME */
+}
+
+/*
+ * krb_time_to_life
+ *
+ * Given the start date and the end date, compute the lifetime byte.
+ * Round up, since we can adjust the start date backwards if we are
+ * issuing the ticket to cause it to expire at the correct time.
+ */
+int
+krb5int_krb_time_to_life(krb5_int32 start, krb5_int32 end)
+{
+    krb5_int32 dt;
+#ifndef SHORT_LIFETIME
+    int i;
+#endif
+
+    dt = end - start;
+    if (dt <= 0)
+       return 0;
+#ifndef SHORT_LIFETIME
+    if (dt < lifetimes[0])
+       return (dt + 5 * 60 - 1) / (5 * 60);
+    /* This depends on the array being ordered. */
+    for (i = 0; i < NLIFETIMES; i++) {
+       if (lifetimes[i] >= dt)
+           return i + MINFIXED;
+    }
+    return MAXFIXED;
+#else  /* SHORT_LIFETIME */
+    if (dt > 5 * 60 * 255)
+       return 255;
+    else
+       return (dt + 5 * 60 - 1) / (5 * 60);
+#endif /* SHORT_LIFETIME */
+}
index cf13ff1d44409e09810142e012c67859ad76810a..e17c876b9d070b94b2b1105a094ae07b3ecaafd6 100644 (file)
@@ -61,6 +61,7 @@ read_msg.c
 read_pwd.c
 realm_dom.c
 ref_std_conf.out
+send524.c
 sendto_kdc.c
 sn2princ.c
 timeofday.c
index 51638d9e44c9833a61bfa4ab48873723682a5107..074a62a52b2c8fe61661cfa07031ce0583ba2bdb 100644 (file)
@@ -1,3 +1,159 @@
+2004-06-02  Tom Yu  <tlyu@mit.edu>
+
+       * an_to_ln.c (do_replacement): Patch from Bill Dodd to fix missing
+       braces in previous security patch.
+
+2004-06-01  Sam Hartman  <hartmans@mit.edu>
+
+       * an_to_ln.c (rule_an_to_ln): Fix buffer overflow when parsing
+       principal names into components. 
+       (do_replacement): likewise
+       (aname_replacer): Support error return from do_replacement
+
+2004-05-07  Sam Hartman  <hartmans@mit.edu>
+
+       * an_to_ln.c: Patch from Matt Crawford  to allow matching on
+       realms of cross-realm principals.
+
+2004-03-22  Ken Raeburn  <raeburn@mit.edu>
+
+       * sendto_kdc.c (get_so_error): New function.
+       (service_tcp_fd): Call it for write fds as well as exception fds.
+
+2004-02-25  Ken Raeburn  <raeburn@mit.edu>
+
+       * sendto_kdc.c (start_connection): Close socket if connect() call
+       fails for an unexpected reason.
+
+2004-02-09  Sam Hartman  <hartmans@mit.edu>
+
+       * changepw.c (krb5_locate_kpasswd): Run htons on the default port
+
+2003-12-22  Jeffrey Altman <jaltman@mit.edu>
+
+    * dnssrv.c:  wrap within #ifdef KRB5_DNS_LOOKUP to prevent references
+      to resolver functions when DNS support is not being compiled 
+
+2003-12-18  Jeffrey Altman <jaltman@mit.edu>
+
+    * accessor.c: Add new functions for use by gssapi
+
+2003-12-12  Tom Yu  <tlyu@mit.edu>
+
+       * an_to_ln.c (krb5_aname_to_localname): Don't write one byte past
+       the end of a string.  Found by Christopher Nebergall.
+
+2003-10-27  Jeffrey Altman <jaltman@mit.edu>
+
+    * sendto_kdc.c: sockets must be closed with closesocket() and 
+      and not close() in order to ensure portability among different
+      operating systems.
+
+2003-08-21  Ken Raeburn  <raeburn@mit.edu>
+
+       * dnssrv.c: New file; split out DNS SRV RR query support...
+       * locate_kdc.c: ...from here.  Always compile in the calls.
+       * Makefile.in (STLIBOBJS, OBJS, SRCS): Add it.
+
+2003-07-25  Ken Raeburn  <raeburn@mit.edu>
+
+       * locate_kdc.c (krb5_locate_kdc): Always pass 0 to locate_server
+       as the get_masters argument.  Instead, if get_masters is set,
+       look up "master_kdc" in the config file instead of "kdc".
+
+2003-07-09  Alexandra Ellwood  <lxs@mit.edu>
+
+        * toffset.c: Export and krb5_set_real_time for Samba.
+
+2003-06-06  Ken Raeburn  <raeburn@mit.edu>
+
+       * locate_kdc.c (struct srv_dns_entry): Moved to k5-int.h.
+       (krb5int_make_srv_query_realm): Renamed from make_srv_query_realm.
+       (krb5int_free_srv_dns_data): New function.
+       (krb5_locate_srv_dns_1): Use it.
+
+       * accessor.c (krb5int_accessor): Fill in make_srv_query_realm and
+       free_srv_dns_data fields.
+
+2003-06-05  Ken Raeburn  <raeburn@mit.edu>
+
+       * locate_kdc.c (make_srv_query_realm): Punt if strdup fails.
+       Always return what data we can, even if memory allocation or other
+       problems prevent us from returning more.
+       (krb5_locate_srv_dns_1): Always return what data we can.  Fix
+       memory leak.  Free up temporary storage as quickly as possible,
+       while building up address list to return.
+
+2003-06-03  Ken Raeburn  <raeburn@mit.edu>
+
+       * accessor.c (krb5int_accessor): Initialize restored locate_server
+       field.
+
+       * locate_kdc.c (struct srv_dns_entry): Move to top level.
+       (make_srv_query_realm): Separate from krb5_locate_srv_dns_1; just
+       do query and return results.
+       (krb5_locate_srv_dns_1): Call it, and build addlist entries.
+       Check for one RR with a target of ".", and return an error.
+       (krb5_locate_srv_dns): Deleted.
+
+       * t_locate_kdc.c (main): Call krb5_locate_srv_dns_1.
+
+       * changepw.c (krb5_locate_kpasswd): Check specifically for certain
+       errors before using fallback heuristics.
+
+2003-06-03  Alexandra Ellwood  <lxs@mit.edu>
+
+        * init_os_ctx.c: Included header to get __KLAllowHomeDirectoryAccess().
+
+2003-05-27  Ken Raeburn  <raeburn@mit.edu>
+
+       * send524.c (krb5int_524_sendto_kdc): Enable support on Windows
+       always.
+
+2003-05-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * send524.c: New file, moved from krb524/sendmsg.c.  Rename
+       function to have krb5int_ prefix.  If KRB5_KRB4_COMPAT not
+       defined, return an error.
+       * accessor.c (krb5int_accessor): Update for deleted and added
+       fields.  If KRB5_KRB4_COMPAT is not defined, just use null
+       pointers for the new fields.
+
+2003-05-06  Alexandra Ellwood  <lxs@mit.edu>
+
+        * init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess()
+        function so that krb4, krb5 and gssapi will not access the user's homedir
+        if the application forbids it.
+
+2003-04-28  Sam Hartman  <hartmans@mit.edu>
+
+       * changepw.c (krb5_change_set_password): Locate server in realm of
+       creds.server, not in realm of target principal because target
+       principal is null in the  changepw case.
+
+2003-04-27  Sam Hartman  <hartmans@mit.edu>
+
+       * changepw.c (krb5_change_set_password): Call
+       krb5_setpw_result_code_string not krb5_setpw_result_code_string  
+
+2003-04-24  Sam Hartman  <hartmans@mit.edu>
+
+       * changepw.c (krb5_change_set_password): return error from
+       auth_con_setaddrs not last socket errno if auth_con_setaddrs fails 
+
+2003-04-15  Sam Hartman  <hartmans@mit.edu>
+
+       * changepw.c (krb5_change_set_password): Patches from Paul Nelson
+       to implement Microsoft set password protocol  
+       (krb5_set_password_using_ccache): Use kadmin/changepw in target realm, not local realm and use a two-component principal
+       (krb5_change_set_password): Find the kpasswd server for the realm
+       of the target principal not the client 
+
+2003-04-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * read_pwd.c (krb5_read_password): Always free temporary storage
+       used for verification version of password.
+
 2003-03-06  Alexandra Ellwood <lxs@mit.edu>
 
     * c_ustime.c: Removed Mac OS 9 code.
index acd37b22cb30041f5c3dda240bc6e8985b5414ff..27431a0f1f58205086c6a9102913dd36c93d15bb 100644 (file)
@@ -18,6 +18,7 @@ STLIBOBJS= \
        def_realm.o     \
        ccdefname.o     \
        changepw.o      \
+       dnssrv.o        \
        free_krbhs.o    \
        free_hstrl.o    \
        full_ipadr.o    \
@@ -46,6 +47,7 @@ STLIBOBJS= \
        read_pwd.o      \
        realm_dom.o     \
        realm_iter.o    \
+       send524.o       \
        sendto_kdc.o    \
        sn2princ.o      \
        timeofday.o     \
@@ -61,6 +63,7 @@ OBJS= \
        $(OUTPRE)def_realm.$(OBJEXT)    \
        $(OUTPRE)ccdefname.$(OBJEXT)    \
        $(OUTPRE)changepw.$(OBJEXT)     \
+       $(OUTPRE)dnssrv.$(OBJEXT)       \
        $(OUTPRE)free_krbhs.$(OBJEXT)   \
        $(OUTPRE)free_hstrl.$(OBJEXT)   \
        $(OUTPRE)full_ipadr.$(OBJEXT)   \
@@ -89,6 +92,7 @@ OBJS= \
        $(OUTPRE)read_pwd.$(OBJEXT)     \
        $(OUTPRE)realm_dom.$(OBJEXT)    \
        $(OUTPRE)realm_iter.$(OBJEXT)   \
+       $(OUTPRE)send524.$(OBJEXT)      \
        $(OUTPRE)sendto_kdc.$(OBJEXT)   \
        $(OUTPRE)sn2princ.$(OBJEXT)     \
        $(OUTPRE)timeofday.$(OBJEXT)    \
@@ -104,6 +108,7 @@ SRCS= \
        $(srcdir)/def_realm.c   \
        $(srcdir)/ccdefname.c   \
        $(srcdir)/changepw.c    \
+       $(srcdir)/dnssrv.c      \
        $(srcdir)/free_krbhs.c  \
        $(srcdir)/free_hstrl.c  \
        $(srcdir)/full_ipadr.c  \
@@ -132,6 +137,7 @@ SRCS= \
        $(srcdir)/realm_dom.c   \
        $(srcdir)/realm_iter.c  \
        $(srcdir)/port2ip.c     \
+       $(srcdir)/send524.c     \
        $(srcdir)/sendto_kdc.c  \
        $(srcdir)/sn2princ.c    \
        $(srcdir)/timeofday.c   \
@@ -235,210 +241,235 @@ clean::
 #
 accessor.so accessor.po $(OUTPRE)accessor.$(OBJEXT): accessor.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h os-proto.h
+  os-proto.h
 an_to_ln.so an_to_ln.po $(OUTPRE)an_to_ln.$(OBJEXT): an_to_ln.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 c_ustime.so c_ustime.po $(OUTPRE)c_ustime.$(OBJEXT): c_ustime.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 def_realm.so def_realm.po $(OUTPRE)def_realm.$(OBJEXT): def_realm.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h os-proto.h
+  os-proto.h
 ccdefname.so ccdefname.po $(OUTPRE)ccdefname.$(OBJEXT): ccdefname.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 changepw.so changepw.po $(OUTPRE)changepw.$(OBJEXT): changepw.c $(SRCTOP)/include/fake-addrinfo.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/krb5/kdb.h os-proto.h
+dnssrv.so dnssrv.po $(OUTPRE)dnssrv.$(OBJEXT): dnssrv.c $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
   os-proto.h
 free_krbhs.so free_krbhs.po $(OUTPRE)free_krbhs.$(OBJEXT): free_krbhs.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 free_hstrl.so free_hstrl.po $(OUTPRE)free_hstrl.$(OBJEXT): free_hstrl.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 full_ipadr.so full_ipadr.po $(OUTPRE)full_ipadr.$(OBJEXT): full_ipadr.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h os-proto.h
+  os-proto.h
 get_krbhst.so get_krbhst.po $(OUTPRE)get_krbhst.$(OBJEXT): get_krbhst.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 gen_port.so gen_port.po $(OUTPRE)gen_port.$(OBJEXT): gen_port.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h os-proto.h
+  os-proto.h
 genaddrs.so genaddrs.po $(OUTPRE)genaddrs.$(OBJEXT): genaddrs.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h os-proto.h
+  os-proto.h
 gen_rname.so gen_rname.po $(OUTPRE)gen_rname.$(OBJEXT): gen_rname.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h os-proto.h
+  os-proto.h
 gmt_mktime.so gmt_mktime.po $(OUTPRE)gmt_mktime.$(OBJEXT): gmt_mktime.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 hostaddr.so hostaddr.po $(OUTPRE)hostaddr.$(OBJEXT): hostaddr.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/fake-addrinfo.h
+  $(SRCTOP)/include/fake-addrinfo.h
 hst_realm.so hst_realm.po $(OUTPRE)hst_realm.$(OBJEXT): hst_realm.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h os-proto.h $(SRCTOP)/include/fake-addrinfo.h
+  os-proto.h $(SRCTOP)/include/fake-addrinfo.h
 init_os_ctx.so init_os_ctx.po $(OUTPRE)init_os_ctx.$(OBJEXT): init_os_ctx.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h os-proto.h
+  os-proto.h
 krbfileio.so krbfileio.po $(OUTPRE)krbfileio.$(OBJEXT): krbfileio.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ktdefname.so ktdefname.po $(OUTPRE)ktdefname.$(OBJEXT): ktdefname.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): kuserok.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 mk_faddr.so mk_faddr.po $(OUTPRE)mk_faddr.$(OBJEXT): mk_faddr.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h os-proto.h
+  os-proto.h
 localaddr.so localaddr.po $(OUTPRE)localaddr.$(OBJEXT): localaddr.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/foreachaddr.c
+  $(SRCTOP)/include/foreachaddr.c
 locate_kdc.so locate_kdc.po $(OUTPRE)locate_kdc.$(OBJEXT): locate_kdc.c $(SRCTOP)/include/fake-addrinfo.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  os-proto.h
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/krb5/kdb.h os-proto.h
 lock_file.so lock_file.po $(OUTPRE)lock_file.$(OBJEXT): lock_file.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 net_read.so net_read.po $(OUTPRE)net_read.$(OBJEXT): net_read.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 net_write.so net_write.po $(OUTPRE)net_write.$(OBJEXT): net_write.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 osconfig.so osconfig.po $(OUTPRE)osconfig.$(OBJEXT): osconfig.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 prompter.so prompter.po $(OUTPRE)prompter.$(OBJEXT): prompter.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 promptusr.so promptusr.po $(OUTPRE)promptusr.$(OBJEXT): promptusr.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 read_msg.so read_msg.po $(OUTPRE)read_msg.$(OBJEXT): read_msg.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 read_pwd.so read_pwd.po $(OUTPRE)read_pwd.$(OBJEXT): read_pwd.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 realm_dom.so realm_dom.po $(OUTPRE)realm_dom.$(OBJEXT): realm_dom.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 realm_iter.so realm_iter.po $(OUTPRE)realm_iter.$(OBJEXT): realm_iter.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 port2ip.so port2ip.po $(OUTPRE)port2ip.$(OBJEXT): port2ip.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h os-proto.h
+  os-proto.h
+send524.so send524.po $(OUTPRE)send524.$(OBJEXT): send524.c $(SRCTOP)/include/fake-addrinfo.h \
+  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/krb5/kdb.h os-proto.h
 sendto_kdc.so sendto_kdc.po $(OUTPRE)sendto_kdc.$(OBJEXT): sendto_kdc.c $(SRCTOP)/include/fake-addrinfo.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  os-proto.h $(SRCTOP)/include/cm.h
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/krb5/kdb.h os-proto.h $(SRCTOP)/include/cm.h
 sn2princ.so sn2princ.po $(OUTPRE)sn2princ.$(OBJEXT): sn2princ.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/fake-addrinfo.h
+  $(SRCTOP)/include/fake-addrinfo.h
 timeofday.so timeofday.po $(OUTPRE)timeofday.$(OBJEXT): timeofday.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 toffset.so toffset.po $(OUTPRE)toffset.$(OBJEXT): toffset.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 unlck_file.so unlck_file.po $(OUTPRE)unlck_file.$(OBJEXT): unlck_file.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ustime.so ustime.po $(OUTPRE)ustime.$(OBJEXT): ustime.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 write_msg.so write_msg.po $(OUTPRE)write_msg.$(OBJEXT): write_msg.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 
index 509d317fa3389b8141706b4e87c4e23956617cb4..4e907b1c4d1292652fadbd1640d9d36decba08e7 100644 (file)
@@ -35,18 +35,32 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version)
   if (version == KRB5INT_ACCESS_VERSION)
   {
     krb5int_access internals_temp;
-    internals_temp.krb5_locate_server = krb5int_locate_server;
-    internals_temp.krb5_locate_kdc = krb5_locate_kdc;
     internals_temp.free_addrlist = krb5int_free_addrlist;
-    internals_temp.krb5_max_skdc_timeout = krb5_max_skdc_timeout;
-    internals_temp.krb5_skdc_timeout_shift = krb5_skdc_timeout_shift;
-    internals_temp.krb5_skdc_timeout_1 = krb5_skdc_timeout_1;
-    internals_temp.krb5_max_dgram_size = krb5_max_dgram_size;
     internals_temp.krb5_hmac = krb5_hmac;
     internals_temp.md5_hash_provider = &krb5int_hash_md5;
     internals_temp.arcfour_enc_provider = &krb5int_enc_arcfour;
+    internals_temp.locate_server = &krb5int_locate_server;
     internals_temp.sendto_udp = &krb5int_sendto;
     internals_temp.add_host_to_list = krb5int_add_host_to_list;
+#ifdef KRB5_DNS_LOOKUP
+    internals_temp.make_srv_query_realm = krb5int_make_srv_query_realm;
+    internals_temp.free_srv_dns_data = krb5int_free_srv_dns_data;
+#else
+    internals_temp.make_srv_query_realm = 0;
+    internals_temp.free_srv_dns_data = 0;
+#endif
+#ifdef KRB5_KRB4_COMPAT
+    internals_temp.krb_life_to_time = krb5int_krb_life_to_time;
+    internals_temp.krb_time_to_life = krb5int_krb_time_to_life;
+    internals_temp.krb524_encode_v4tkt = krb5int_encode_v4tkt;
+#else
+    internals_temp.krb_life_to_time = 0;
+    internals_temp.krb_time_to_life = 0;
+    internals_temp.krb524_encode_v4tkt = 0;
+#endif
+    internals_temp.krb5int_c_mandatory_cksumtype = krb5int_c_mandatory_cksumtype;
+    internals_temp.krb5_ser_pack_int64 = krb5_ser_pack_int64;
+    internals_temp.krb5_ser_unpack_int64 = krb5_ser_unpack_int64;
     *internals = internals_temp;
     return 0;
   }
index 426399e1484d8a4b1809d485c358fac1113849c4..2430b27e2757f5c98ffd08960b4c653370b45611 100644 (file)
@@ -270,9 +270,14 @@ aname_do_match(char *string, char **contextp)
  * If no regcomp() then just return the input string verbatim in the output
  * string.
  */
-static void
+#define use_bytes(x) \
+    out_used += (x); \
+    if (out_used > MAX_FORMAT_BUFFER) goto mem_err
+
+static int
 do_replacement(char *regexp, char *repl, int doall, char *in, char *out)
 {
+    size_t out_used = 0;
 #if    HAVE_REGCOMP
     regex_t    match_exp;
     regmatch_t match_match;
@@ -287,17 +292,22 @@ do_replacement(char *regexp, char *repl, int doall, char *in, char *out)
        do {
            if (!regexec(&match_exp, cp, 1, &match_match, 0)) {
                if (match_match.rm_so) {
+                   use_bytes(match_match.rm_so);
                    strncpy(op, cp, match_match.rm_so);
                    op += match_match.rm_so;
                }
+               use_bytes(strlen(repl));
                strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out));
                op += strlen(op);
                cp += match_match.rm_eo;
-               if (!doall)
+               if (!doall) {
+                   use_bytes(strlen(cp));
                    strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
+               }
                matched = 1;
            }
            else {
+               use_bytes(strlen(cp));
                strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
                matched = 0;
            }
@@ -322,17 +332,22 @@ do_replacement(char *regexp, char *repl, int doall, char *in, char *out)
            sdispl = (size_t) (loc1 - cp);
            edispl = (size_t) (loc2 - cp);
            if (sdispl) {
+               use_bytes(sdispl);
                strncpy(op, cp, sdispl);
                op += sdispl;
            }
+           use_bytes(strlen(repl));
            strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out));
            op += strlen(repl);
            cp += edispl;
-           if (!doall)
+           if (!doall) {
+               use_bytes(strlen(cp));
                strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
+           }
            matched = 1;
        }
        else {
+           use_bytes(strlen(cp));
            strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
            matched = 0;
        }
@@ -340,7 +355,15 @@ do_replacement(char *regexp, char *repl, int doall, char *in, char *out)
 #else  /* HAVE_REGEXP_H */
     memcpy(out, in, MAX_FORMAT_BUFFER);
 #endif /* HAVE_REGCOMP */
+    return 1;
+ mem_err:
+#ifdef HAVE_REGCMP
+       regfree(&match_exp);
+#endif
+       return 0;
+       
 }
+#undef use_bytes
 
 /*
  * aname_replacer()    - Perform the specified substitutions on the input
@@ -412,7 +435,12 @@ aname_replacer(char *string, char **contextp, char **result)
 
                    /* Do the replacemenbt */
                    memset(out, '\0', MAX_FORMAT_BUFFER);
-                   do_replacement(rule, repl, doglobal, in, out);
+                   if (!do_replacement(rule, repl, doglobal, in, out)) {
+                       free(rule);
+                   free(repl);
+                       kret = KRB5_LNAME_NOTRANS;
+                       break;
+                   }
                    free(rule);
                    free(repl);
 
@@ -459,8 +487,9 @@ rule_an_to_ln(krb5_context context, char *rule, krb5_const_principal aname, cons
     char               *fprincname;
     char               *selstring = 0;
     int                        num_comps, compind;
+    size_t selstring_used;
     char               *cout;
-    krb5_data          *datap;
+    krb5_const krb5_data *datap;
     char               *outstring;
 
     /*
@@ -479,6 +508,7 @@ rule_an_to_ln(krb5_context context, char *rule, krb5_const_principal aname, cons
                     */
                    current = strchr(current, ':');
                    selstring = (char *) malloc(MAX_FORMAT_BUFFER);
+                   selstring_used = 0;
                    if (current && selstring) {
                        current++;
                        cout = selstring;
@@ -493,10 +523,20 @@ rule_an_to_ln(krb5_context context, char *rule, krb5_const_principal aname, cons
                            if (*current == '$') {
                                if ((sscanf(current+1, "%d", &compind) == 1) &&
                                    (compind <= num_comps) &&
-                                   (datap = krb5_princ_component(context,
-                                                                 aname,
-                                                                 compind-1))
+                                   (datap =
+                                    (compind > 0)
+                                    ? krb5_princ_component(context, aname,
+                                                           compind-1)
+                                    : krb5_princ_realm(context, aname))
                                    ) {
+                                   if ((datap->length < MAX_FORMAT_BUFFER)
+                                       &&  (selstring_used+datap->length
+                                            < MAX_FORMAT_BUFFER)) {
+                                       selstring_used += datap->length;
+                                   } else {
+                                       kret = ENOMEM;
+                                       goto errout;
+                                   }
                                    strncpy(cout,
                                            datap->data,
                                            (unsigned) datap->length);
@@ -527,7 +567,7 @@ rule_an_to_ln(krb5_context context, char *rule, krb5_const_principal aname, cons
                        else
                            kret = KRB5_CONFIG_BADFORMAT;
 
-                       if (kret)
+                       errout: if (kret)
                            free(selstring);
                    }
                }
@@ -643,7 +683,7 @@ krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, const
     const char         *hierarchy[5];
     char               **mapping_values;
     int                        i, nvalid;
-    char               *cp;
+    char               *cp, *s;
     char               *typep, *argp;
     unsigned int        lnsize;
 
@@ -677,11 +717,14 @@ krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, const
 
                    /* Just use the last one. */
                    /* Trim the value. */
-                   cp = &mapping_values[nvalid-1]
-                       [strlen(mapping_values[nvalid-1])];
-                   while (isspace((int) (*cp))) cp--;
-                   cp++;
-                   *cp = '\0';
+                   s = mapping_values[nvalid-1];
+                   cp = s + strlen(s);
+                   while (cp > s) {
+                       cp--;
+                       if (!isspace((int)(*cp)))
+                           break;
+                       *cp = '\0';
+                   }
 
                    /* Copy out the value if there's enough room */
                    if (strlen(mapping_values[nvalid-1])+1 <= (size_t) lnsize)
index 60cb3a9158ac89465722b08b2f2f4076f4af1a75..df558b6f2527842e7d5069414fad50512484f10a 100644 (file)
  * or implied warranty.
  *
  */
+/*
+ * krb5_set_password - Implements set password per RFC 3244
+ * Added by Paul W. Nelson, Thursby Software Systems, Inc.
+ */
 
 #define NEED_SOCKETS
 #include "fake-addrinfo.h"
@@ -49,8 +53,8 @@ krb5_locate_kpasswd(krb5_context context, const krb5_data *realm,
 
     code = krb5int_locate_server (context, realm, addrlist, 0,
                                  "kpasswd_server", "_kpasswd", 0,
-                                 DEFAULT_KPASSWD_PORT, 0, 0);
-    if (code) {
+                                 htons(DEFAULT_KPASSWD_PORT), 0, 0);
+    if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) {
        code = krb5int_locate_server (context, realm, addrlist, 0,
                                      "admin_server", "_kerberos-adm", 1,
                                      DEFAULT_KPASSWD_PORT, 0, 0);
@@ -69,8 +73,16 @@ krb5_locate_kpasswd(krb5_context context, const krb5_data *realm,
 }
 
 
+/*
+** The logic for setting and changing a password is mostly the same
+** krb5_change_set_password handles both cases 
+**     if set_password_for is NULL, then a password change is performed,
+**  otherwise, the password is set for the principal indicated in set_password_for
+*/
 krb5_error_code KRB5_CALLCONV
-krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string)
+krb5_change_set_password(
+       krb5_context context, krb5_creds *creds, char *newpw, krb5_principal set_password_for,
+       int *result_code, krb5_data *result_code_string, krb5_data *result_string)
 {
     krb5_auth_context auth_context;
     krb5_data ap_req, chpw_req, chpw_rep;
@@ -104,7 +116,7 @@ krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *
          goto cleanup;
 
     if ((code = krb5_locate_kpasswd(context,
-                                    krb5_princ_realm(context, creds->client),
+                                    krb5_princ_realm(context, creds->server),
                                    &al)))
         goto cleanup;
 
@@ -218,14 +230,15 @@ krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *
 
        if ((code = krb5_auth_con_setaddrs(context, auth_context,
                                           &local_kaddr, NULL))) {
-           code = SOCKET_ERRNO;
-           goto cleanup;
+         goto cleanup;
        }
 
-       if ((code = krb5_mk_chpw_req(context, auth_context, &ap_req,
-                                    newpw, &chpw_req)))
+       if( set_password_for )
+               code = krb5int_mk_setpw_req(context, auth_context, &ap_req, set_password_for, newpw, &chpw_req);
+       else
+               code = krb5int_mk_chpw_req(context, auth_context, &ap_req, newpw, &chpw_req);
+       if (code)
        {
-           code = SOCKET_ERRNO;
            goto cleanup;
        }
 
@@ -289,19 +302,23 @@ krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *
                                           NULL, &remote_kaddr)))
            goto cleanup;
 
-       if ((code = krb5_rd_chpw_rep(context, auth_context, &chpw_rep,
-                                    &local_result_code,
-                                    result_string)))
-           goto cleanup;
+       if( set_password_for )
+               code = krb5int_rd_setpw_rep(context, auth_context, &chpw_rep, &local_result_code, result_string);
+       else
+               code = krb5int_rd_chpw_rep(context, auth_context, &chpw_rep, &local_result_code, result_string);
+       if (code)
+               goto cleanup;
 
        if (result_code)
            *result_code = local_result_code;
 
        if (result_code_string) {
-           if ((code = krb5_chpw_result_code_string(context,
-                                                    local_result_code,
-                                                    &code_string)))
-               goto cleanup;
+               if( set_password_for )
+               code = krb5int_setpw_result_code_string(context, local_result_code, (const char **)&code_string);
+               else
+               code = krb5_chpw_result_code_string(context, local_result_code, &code_string);
+               if(code)
+                       goto cleanup;
 
            result_code_string->length = strlen(code_string);
            result_code_string->data = malloc(result_code_string->length);
@@ -343,3 +360,71 @@ cleanup:
 
     return(code);
 }
+
+krb5_error_code KRB5_CALLCONV
+krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string)
+{
+       return krb5_change_set_password(
+               context, creds, newpw, NULL, result_code, result_code_string, result_string );
+}
+
+/*
+ * krb5_set_password - Implements set password per RFC 3244
+ *
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_password(
+       krb5_context context,
+       krb5_creds *creds,
+       char *newpw,
+       krb5_principal change_password_for,
+       int *result_code, krb5_data *result_code_string, krb5_data *result_string
+       )
+{
+       return krb5_change_set_password(
+               context, creds, newpw, change_password_for, result_code, result_code_string, result_string );
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_password_using_ccache(
+       krb5_context context,
+       krb5_ccache ccache,
+       char *newpw,
+       krb5_principal change_password_for,
+       int *result_code, krb5_data *result_code_string, krb5_data *result_string
+       )
+{
+       krb5_creds              creds;
+       krb5_creds              *credsp;
+       krb5_error_code code;
+
+/*
+** get the proper creds for use with krb5_set_password -
+*/
+       memset( &creds, 0, sizeof(creds) );
+/*
+** first get the principal for the password service -
+*/
+       code = krb5_cc_get_principal( context, ccache, &creds.client );
+       if( !code )
+       {
+               code = krb5_build_principal( context, &creds.server, 
+                               krb5_princ_realm(context, change_password_for)->length,
+                               krb5_princ_realm(context, change_password_for)->data,
+                               "kadmin", "changepw", NULL );
+               if(!code)
+               {
+                       code = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
+                       if( ! code )
+                       {
+                               code = krb5_set_password(context, credsp, newpw, change_password_for,
+                                       result_code, result_code_string,
+                                       result_string);
+                               krb5_free_creds(context, credsp);
+                       }
+               }
+               krb5_free_cred_contents(context, &creds);
+       }
+       return code;
+}
diff --git a/src/lib/krb5/os/dnssrv.c b/src/lib/krb5/os/dnssrv.c
new file mode 100644 (file)
index 0000000..1c1586a
--- /dev/null
@@ -0,0 +1,273 @@
+/*
+ * lib/krb5/os/dnssrv.c
+ *
+ * Copyright 1990,2000,2001,2002,2003 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * do DNS SRV RR queries
+ */
+
+#ifdef KRB5_DNS_LOOKUP
+#define NEED_SOCKETS
+#include "k5-int.h"
+#include "os-proto.h"
+#include <stdio.h>
+#ifdef WSHELPER
+#include <wshelper.h>
+#else /* WSHELPER */
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#include <netdb.h>
+#endif /* WSHELPER */
+#ifndef T_SRV
+#define T_SRV 33
+#endif /* T_SRV */
+
+/* for old Unixes and friends ... */
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 64
+#endif
+
+#define MAX_DNS_NAMELEN (15*(MAXHOSTNAMELEN + 1)+1)
+
+/*
+ * Lookup a KDC via DNS SRV records
+ */
+
+void krb5int_free_srv_dns_data (struct srv_dns_entry *p)
+{
+    struct srv_dns_entry *next;
+    while (p) {
+       next = p->next;
+       free(p->host);
+       free(p);
+       p = next;
+    }
+}
+
+/* Do DNS SRV query, return results in *answers.
+
+   Make best effort to return all the data we can.  On memory or
+   decoding errors, just return what we've got.  Always return 0,
+   currently.  */
+
+krb5_error_code
+krb5int_make_srv_query_realm(const krb5_data *realm,
+                            const char *service,
+                            const char *protocol,
+                            struct srv_dns_entry **answers)
+{
+    union {
+        unsigned char bytes[2048];
+        HEADER hdr;
+    } answer;
+    unsigned char *p=NULL;
+    char host[MAX_DNS_NAMELEN], *h;
+    int type, rrclass;
+    int priority, weight, size, len, numanswers, numqueries, rdlen;
+    unsigned short port;
+    const int hdrsize = sizeof(HEADER);
+
+    struct srv_dns_entry *head = NULL;
+    struct srv_dns_entry *srv = NULL, *entry = NULL;
+
+    /*
+     * First off, build a query of the form:
+     *
+     * service.protocol.realm
+     *
+     * which will most likely be something like:
+     *
+     * _kerberos._udp.REALM
+     *
+     */
+
+    if (memchr(realm->data, 0, realm->length))
+       return 0;
+    if ( strlen(service) + strlen(protocol) + realm->length + 6 
+         > MAX_DNS_NAMELEN )
+       return 0;
+    sprintf(host, "%s.%s.%.*s", service, protocol, (int) realm->length,
+           realm->data);
+
+    /* Realm names don't (normally) end with ".", but if the query
+       doesn't end with "." and doesn't get an answer as is, the
+       resolv code will try appending the local domain.  Since the
+       realm names are absolutes, let's stop that.  
+
+       But only if a name has been specified.  If we are performing
+       a search on the prefix alone then the intention is to allow
+       the local domain or domain search lists to be expanded.  */
+
+    h = host + strlen (host);
+    if ((h[-1] != '.') && ((h - host + 1) < sizeof(host)))
+        strcpy (h, ".");
+
+#ifdef TEST
+    fprintf (stderr, "sending DNS SRV query for %s\n", host);
+#endif
+
+    size = res_search(host, C_IN, T_SRV, answer.bytes, sizeof(answer.bytes));
+
+    if ((size < hdrsize) || (size > sizeof(answer.bytes)))
+       goto out;
+
+    /*
+     * We got an answer!  First off, parse the header and figure out how
+     * many answers we got back.
+     */
+
+    p = answer.bytes;
+
+    numqueries = ntohs(answer.hdr.qdcount);
+    numanswers = ntohs(answer.hdr.ancount);
+
+    p += sizeof(HEADER);
+
+    /*
+     * We need to skip over all of the questions, so we have to iterate
+     * over every query record.  dn_expand() is able to tell us the size
+     * of compress DNS names, so we use it.
+     */
+
+#define INCR_CHECK(x,y) x += y; if (x > size + answer.bytes) goto out
+#define CHECK(x,y) if (x + y > size + answer.bytes) goto out
+#define NTOHSP(x,y) x[0] << 8 | x[1]; x += y
+
+    while (numqueries--) {
+       len = dn_expand(answer.bytes, answer.bytes + size, p, host, sizeof(host));
+       if (len < 0)
+           goto out;
+       INCR_CHECK(p, len + 4);
+    }
+
+    /*
+     * We're now pointing at the answer records.  Only process them if
+     * they're actually T_SRV records (they might be CNAME records,
+     * for instance).
+     *
+     * But in a DNS reply, if you get a CNAME you always get the associated
+     * "real" RR for that CNAME.  RFC 1034, 3.6.2:
+     *
+     * CNAME RRs cause special action in DNS software.  When a name server
+     * fails to find a desired RR in the resource set associated with the
+     * domain name, it checks to see if the resource set consists of a CNAME
+     * record with a matching class.  If so, the name server includes the CNAME
+     * record in the response and restarts the query at the domain name
+     * specified in the data field of the CNAME record.  The one exception to
+     * this rule is that queries which match the CNAME type are not restarted.
+     *
+     * In other words, CNAMEs do not need to be expanded by the client.
+     */
+
+    while (numanswers--) {
+
+       /* First is the name; use dn_expand to get the compressed size */
+       len = dn_expand(answer.bytes, answer.bytes + size, p, host, sizeof(host));
+       if (len < 0)
+           goto out;
+       INCR_CHECK(p, len);
+
+       /* Next is the query type */
+        CHECK(p, 2);
+       type = NTOHSP(p,2);
+
+       /* Next is the query class; also skip over 4 byte TTL */
+        CHECK(p, 6);
+       rrclass = NTOHSP(p,6);
+
+       /* Record data length */
+
+        CHECK(p,2);
+       rdlen = NTOHSP(p,2);
+
+       /*
+        * If this is an SRV record, process it.  Record format is:
+        *
+        * Priority
+        * Weight
+        * Port
+        * Server name
+        */
+
+       if (rrclass == C_IN && type == T_SRV) {
+            CHECK(p,2);
+           priority = NTOHSP(p,2);
+           CHECK(p, 2);
+           weight = NTOHSP(p,2);
+           CHECK(p, 2);
+           port = NTOHSP(p,2);
+           len = dn_expand(answer.bytes, answer.bytes + size, p, host, sizeof(host));
+           if (len < 0)
+               goto out;
+           INCR_CHECK(p, len);
+
+           /*
+            * We got everything!  Insert it into our list, but make sure
+            * it's in the right order.  Right now we don't do anything
+            * with the weight field
+            */
+
+           srv = (struct srv_dns_entry *) malloc(sizeof(struct srv_dns_entry));
+           if (srv == NULL)
+               goto out;
+       
+           srv->priority = priority;
+           srv->weight = weight;
+           srv->port = port;
+           srv->host = strdup(host);
+           if (srv->host == NULL) {
+               free(srv);
+               goto out;
+           }
+
+           if (head == NULL || head->priority > srv->priority) {
+               srv->next = head;
+               head = srv;
+           } else
+               /*
+                * This is confusing.  Only insert an entry into this
+                * spot if:
+                * The next person has a higher priority (lower priorities
+                * are preferred).
+                * Or
+                * There is no next entry (we're at the end)
+                */
+               for (entry = head; entry != NULL; entry = entry->next)
+                   if ((entry->next &&
+                        entry->next->priority > srv->priority) ||
+                       entry->next == NULL) {
+                       srv->next = entry->next;
+                       entry->next = srv;
+                       break;
+                   }
+       } else
+           INCR_CHECK(p, rdlen);
+    }
+       
+  out:
+    *answers = head;
+    return 0;
+}
+#endif
index eb2321d420592f7c29ceaea41d5ff9a0204e6b13..c43771d76b0d5a544d17f803fce7244140f6ff1b 100644 (file)
 #include "k5-int.h"
 #include "os-proto.h"
 
+#ifdef USE_LOGIN_LIBRARY
+#include "KerberosLoginPrivate.h"
+#endif
+
 #if defined(_WIN32)
 
 static krb5_error_code
@@ -234,8 +238,14 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
     unsigned int ent_len;
     const char *s, *t;
 
+#ifdef USE_LOGIN_LIBRARY
+    /* If __KLAllowHomeDirectoryAccess() == FALSE, we are probably
+        trying to authenticate to a fileserver for the user's homedir. */
+    if (secure || !__KLAllowHomeDirectoryAccess ()) {
+#else
     if (secure) {
-        filepath = DEFAULT_SECURE_PROFILE_PATH;
+#endif
+            filepath = DEFAULT_SECURE_PROFILE_PATH;
     } else { 
         filepath = getenv("KRB5_CONFIG");
         if (!filepath) filepath = DEFAULT_PROFILE_PATH;
index 9c9fed4d1b1a916cd81c05fb326590b5c86c78c7..ce90127af68a7778769c69a9857cdabe928e582f 100644 (file)
@@ -502,12 +502,6 @@ krb5_locate_srv_conf(krb5_context context, const krb5_data *realm,
 }
 #endif
 
-#ifdef KRB5_DNS_LOOKUP
-
-/*
- * Lookup a KDC via DNS SRV records
- */
-
 static krb5_error_code
 krb5_locate_srv_dns_1 (const krb5_data *realm,
                       const char *service,
@@ -515,196 +509,14 @@ krb5_locate_srv_dns_1 (const krb5_data *realm,
                       struct addrlist *addrlist,
                       int family)
 {
-    union {
-        unsigned char bytes[2048];
-        HEADER hdr;
-    } answer;
-    unsigned char *p=NULL;
-    char host[MAX_DNS_NAMELEN], *h;
-    int type, rrclass;
-    int priority, weight, size, len, numanswers, numqueries, rdlen;
-    unsigned short port;
-    const int hdrsize = sizeof(HEADER);
-    struct srv_dns_entry {
-       struct srv_dns_entry *next;
-       int priority;
-       int weight;
-       unsigned short port;
-       char *host;
-    };
-
     struct srv_dns_entry *head = NULL;
-    struct srv_dns_entry *srv = NULL, *entry = NULL;
+    struct srv_dns_entry *entry = NULL, *next;
     krb5_error_code code = 0;
 
-    /*
-     * First off, build a query of the form:
-     *
-     * service.protocol.realm
-     *
-     * which will most likely be something like:
-     *
-     * _kerberos._udp.REALM
-     *
-     */
-
-    if ( strlen(service) + strlen(protocol) + realm->length + 6 
-         > MAX_DNS_NAMELEN )
-        goto out;
-    sprintf(host, "%s.%s.%.*s", service, protocol, (int) realm->length,
-           realm->data);
-
-    /* Realm names don't (normally) end with ".", but if the query
-       doesn't end with "." and doesn't get an answer as is, the
-       resolv code will try appending the local domain.  Since the
-       realm names are absolutes, let's stop that.  
-
-       But only if a name has been specified.  If we are performing
-       a search on the prefix alone then the intention is to allow
-       the local domain or domain search lists to be expanded.  */
-
-    h = host + strlen (host);
-    if ((h > host) && (h[-1] != '.') && ((h - host + 1) < sizeof(host)))
-        strcpy (h, ".");
-
-#ifdef TEST
-    fprintf (stderr, "sending DNS SRV query for %s\n", host);
-#endif
-
-    size = res_search(host, C_IN, T_SRV, answer.bytes, sizeof(answer.bytes));
-
-    if ((size < hdrsize) || (size > sizeof(answer.bytes)))
-       goto out;
-
-    /*
-     * We got an answer!  First off, parse the header and figure out how
-     * many answers we got back.
-     */
-
-    p = answer.bytes;
-
-    numqueries = ntohs(answer.hdr.qdcount);
-    numanswers = ntohs(answer.hdr.ancount);
-
-    p += sizeof(HEADER);
-
-    /*
-     * We need to skip over all of the questions, so we have to iterate
-     * over every query record.  dn_expand() is able to tell us the size
-     * of compress DNS names, so we use it.
-     */
-
-#define INCR_CHECK(x,y) x += y; if (x > size + answer.bytes) goto out
-#define CHECK(x,y) if (x + y > size + answer.bytes) goto out
-#define NTOHSP(x,y) x[0] << 8 | x[1]; x += y
-
-    while (numqueries--) {
-       len = dn_expand(answer.bytes, answer.bytes + size, p, host, sizeof(host));
-       if (len < 0)
-           goto out;
-       INCR_CHECK(p, len + 4);
-    }
-
-    /*
-     * We're now pointing at the answer records.  Only process them if
-     * they're actually T_SRV records (they might be CNAME records,
-     * for instance).
-     *
-     * But in a DNS reply, if you get a CNAME you always get the associated
-     * "real" RR for that CNAME.  RFC 1034, 3.6.2:
-     *
-     * CNAME RRs cause special action in DNS software.  When a name server
-     * fails to find a desired RR in the resource set associated with the
-     * domain name, it checks to see if the resource set consists of a CNAME
-     * record with a matching class.  If so, the name server includes the CNAME
-     * record in the response and restarts the query at the domain name
-     * specified in the data field of the CNAME record.  The one exception to
-     * this rule is that queries which match the CNAME type are not restarted.
-     *
-     * In other words, CNAMEs do not need to be expanded by the client.
-     */
-
-    while (numanswers--) {
-
-       /* First is the name; use dn_expand to get the compressed size */
-       len = dn_expand(answer.bytes, answer.bytes + size, p, host, sizeof(host));
-       if (len < 0)
-           goto out;
-       INCR_CHECK(p, len);
-
-       /* Next is the query type */
-        CHECK(p, 2);
-       type = NTOHSP(p,2);
-
-       /* Next is the query class; also skip over 4 byte TTL */
-        CHECK(p, 6);
-       rrclass = NTOHSP(p,6);
-
-       /* Record data length */
-
-        CHECK(p,2);
-       rdlen = NTOHSP(p,2);
-
-       /*
-        * If this is an SRV record, process it.  Record format is:
-        *
-        * Priority
-        * Weight
-        * Port
-        * Server name
-        */
+    code = krb5int_make_srv_query_realm(realm, service, protocol, &head);
+    if (code)
+       return 0;
 
-       if (rrclass == C_IN && type == T_SRV) {
-            CHECK(p,2);
-           priority = NTOHSP(p,2);
-           CHECK(p, 2);
-           weight = NTOHSP(p,2);
-           CHECK(p, 2);
-           port = NTOHSP(p,2);
-           len = dn_expand(answer.bytes, answer.bytes + size, p, host, sizeof(host));
-           if (len < 0)
-               goto out;
-           INCR_CHECK(p, len);
-
-           /*
-            * We got everything!  Insert it into our list, but make sure
-            * it's in the right order.  Right now we don't do anything
-            * with the weight field
-            */
-
-           srv = (struct srv_dns_entry *) malloc(sizeof(struct srv_dns_entry));
-           if (srv == NULL)
-               goto out;
-       
-           srv->priority = priority;
-           srv->weight = weight;
-           srv->port = port;
-           srv->host = strdup(host);
-
-           if (head == NULL || head->priority > srv->priority) {
-               srv->next = head;
-               head = srv;
-           } else
-               /*
-                * This is confusing.  Only insert an entry into this
-                * spot if:
-                * The next person has a higher priority (lower priorities
-                * are preferred).
-                * Or
-                * There is no next entry (we're at the end)
-                */
-               for (entry = head; entry != NULL; entry = entry->next)
-                   if ((entry->next &&
-                        entry->next->priority > srv->priority) ||
-                       entry->next == NULL) {
-                       srv->next = entry->next;
-                       entry->next = srv;
-                       break;
-                   }
-       } else
-           INCR_CHECK(p, rdlen);
-    }
-       
     /*
      * Okay!  Now we've got a linked list of entries sorted by
      * priority.  Start looking up A records and returning
@@ -712,53 +524,44 @@ krb5_locate_srv_dns_1 (const krb5_data *realm,
      */
 
     if (head == NULL)
-       goto out;
+       return 0;
+
+    /* Check for the "." case indicating no support.  */
+    if (head->next == 0 && head->host[0] == 0) {
+       free(head->host);
+       free(head);
+       return KRB5_ERR_NO_SERVICE;
+    }
 
 #ifdef TEST
     fprintf (stderr, "walking answer list:\n");
 #endif
-    for (entry = head; entry != NULL; entry = entry->next) {
+    for (entry = head; entry != NULL; entry = next) {
 #ifdef TEST
        fprintf (stderr, "\tport=%d host=%s\n", entry->port, entry->host);
 #endif
+       next = entry->next;
        code = add_host_to_list (addrlist, entry->host, htons (entry->port), 0,
                                 (strcmp("_tcp", protocol)
                                  ? SOCK_DGRAM
                                  : SOCK_STREAM), family);
        if (code)
            break;
+       if (entry == head) {
+           free(entry->host);
+           free(entry);
+           head = next;
+           entry = 0;
+       }
     }
 #ifdef TEST
     fprintf (stderr, "[end]\n");
 #endif
 
-    for (entry = head; entry != NULL; ) {
-       free(entry->host);
-        entry->host = NULL;
-       srv = entry;
-       entry = entry->next;
-       free(srv);
-        srv = NULL;
-    }
-
-  out:
-    if (srv)
-        free(srv);
-
+    krb5int_free_srv_dns_data(head);
     return code;
 }
 
-#ifdef TEST
-static krb5_error_code
-krb5_locate_srv_dns(const krb5_data *realm,
-                   const char *service, const char *protocol,
-                   struct addrlist *al)
-{
-    return krb5_locate_srv_dns_1 (realm, service, protocol, al, 0);
-}
-#endif
-#endif /* KRB5_DNS_LOOKUP */
-
 /*
  * Wrapper function for the two backends
  */
@@ -852,7 +655,8 @@ krb5_locate_kdc(krb5_context context, const krb5_data *realm,
            sec_udpport = 0;
     }
 
-    return krb5int_locate_server(context, realm, addrlist, get_masters, "kdc",
+    return krb5int_locate_server(context, realm, addrlist, 0,
+                                get_masters ? "master_kdc" : "kdc",
                                 (get_masters
                                  ? "_kerberos-master"
                                  : "_kerberos"),
index 9023b8e98747dcf5b077ad5c0b83019872fba5c9..1bb631c6ae53c989fab7373c05a8f8d0908c363f 100644 (file)
@@ -64,15 +64,12 @@ krb5_read_password(krb5_context context, const char *prompt, const char *prompt2
            return ENOMEM;
        retval = krb5_prompter_posix(NULL,
                                     NULL,NULL, NULL, 1, &k5prompt);
-       if (retval) {
-           free(verify_data.data);
-       } else {
+       if (retval == 0) {
            /* compare */
-           if (strncmp(return_pwd, (char *)verify_data.data, *size_return)) {
+           if (strncmp(return_pwd, (char *)verify_data.data, *size_return))
                retval = KRB5_LIBOS_BADPWDMATCH;
-               free(verify_data.data);
-           }
        }
+       free(verify_data.data);
     }
     if (!retval)
        *size_return = k5prompt.reply->length;
similarity index 83%
rename from src/krb524/sendmsg.c
rename to src/lib/krb5/os/send524.c
index 5cbd324ac2b8bd585f5d6190acce3971adac1209..0ca8e93c33236bc6ff597729380ded3594906d58 100644 (file)
@@ -39,8 +39,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include <krb.h>
-#include "krb524.h"
+#include "os-proto.h"
 
 /*
  * krb524_sendto_kdc:
@@ -58,7 +57,7 @@
  */
 
 krb5_error_code
-krb524_sendto_kdc (context, message, realm, reply, addr, addrlen)
+krb5int_524_sendto_kdc (context, message, realm, reply, addr, addrlen)
     krb5_context context;
     const krb5_data * message;
     const krb5_data * realm;
@@ -66,16 +65,13 @@ krb524_sendto_kdc (context, message, realm, reply, addr, addrlen)
     struct sockaddr *addr;
     socklen_t *addrlen;
 {
+#if defined(KRB5_KRB4_COMPAT) || defined(_WIN32) /* yuck! */
     int i;
     struct addrlist al = ADDRLIST_INIT;
     struct servent *serv;
     krb5_error_code retval;
-    krb5int_access internals;
     int port;
 
-    retval = krb5int_accessor(&internals, KRB5INT_ACCESS_VERSION);
-    if (retval)
-       return retval;
     /*
      * find KDC location(s) for realm
      */
@@ -83,15 +79,14 @@ krb524_sendto_kdc (context, message, realm, reply, addr, addrlen)
     serv = getservbyname(KRB524_SERVICE, "udp");
     port = serv ? serv->s_port : htons (KRB524_PORT);
 
-    retval = internals.krb5_locate_server(context, realm, &al, 0,
-                                         "krb524_server", "_krb524",
-                                         SOCK_DGRAM, port,
-                                         0, PF_INET);
+    retval = krb5int_locate_server(context, realm, &al, 0,
+                                  "krb524_server", "_krb524",
+                                  SOCK_DGRAM, port,
+                                  0, PF_INET);
     if (retval == KRB5_REALM_CANT_RESOLVE || retval == KRB5_REALM_UNKNOWN) {
        /* Fallback heuristic: Assume krb524 port on every KDC might
           work.  */
-       retval = internals.krb5_locate_kdc(context, realm, &al, 0,
-                                          SOCK_DGRAM, PF_INET);
+       retval = krb5_locate_kdc(context, realm, &al, 0, SOCK_DGRAM, PF_INET);
        /*
         * Bash the ports numbers.
         */
@@ -107,8 +102,10 @@ krb524_sendto_kdc (context, message, realm, reply, addr, addrlen)
     if (al.naddrs == 0)
        return KRB5_REALM_UNKNOWN;
 
-    retval = internals.sendto_udp (context, message, &al, reply, addr,
-                                  addrlen);
-    internals.free_addrlist (&al);
+    retval = krb5int_sendto (context, message, &al, reply, addr, addrlen);
+    krb5int_free_addrlist (&al);
     return retval;
+#else
+    return KRB524_KRB4_DISABLED;
+#endif
 }
index 0f5b9f275d52652e52bc0f6472b75e7919f21d08..1b336a6195c773dc5604442a5a793555def67a70 100644 (file)
@@ -562,6 +562,7 @@ start_connection (struct conn_state *state, struct select_state *selstate)
            state->state = CONNECTING;
        } else {
            dprint("connect failed: %m\n", SOCKET_ERRNO);
+           (void) closesocket(fd);
            state->err = SOCKET_ERRNO;
            state->state = FAILED;
            return -2;
@@ -677,6 +678,25 @@ kill_conn(struct conn_state *conn, struct select_state *selstate, int err)
     selstate->nfds--;
 }
 
+/* Check socket for error.  */
+static int
+get_so_error(int fd)
+{
+    int e, sockerr;
+    socklen_t sockerrlen;
+
+    sockerr = 0;
+    sockerrlen = sizeof(sockerr);
+    e = getsockopt(fd, SOL_SOCKET, SO_ERROR, &sockerr, &sockerrlen);
+    if (e != 0) {
+       /* What to do now?  */
+       e = SOCKET_ERRNO;
+       dprint("getsockopt(SO_ERROR) on fd failed: %m\n", e);
+       return e;
+    }
+    return sockerr;
+}
+
 /* Return nonzero only if we're finished and the caller should exit
    its loop.  This happens in two cases: We have a complete message,
    or the socket has closed and no others are open.  */
@@ -706,35 +726,29 @@ service_tcp_fd (struct conn_state *conn, struct select_state *selstate,
            return e == 0;
        }
        if (ssflags & SSF_EXCEPTION) {
-#ifdef DEBUG
-           int sockerr;
-           socklen_t sockerrlen;
-#endif
        handle_exception:
-#ifdef DEBUG
-           sockerrlen = sizeof(sockerr);
-           e = getsockopt(conn->fd, SOL_SOCKET, SO_ERROR,
-                          &sockerr, &sockerrlen);
-           if (e != 0) {
-               /* What to do now?  */
-               e = SOCKET_ERRNO;
-               dprint("getsockopt(SO_ERROR) on exception fd failed: %m\n", e);
-               goto kill_conn;
-           }
-           /* Okay, got the error back.  Either way, kill the
-              connection.  */
-           e = sockerr;
-#else
-           e = 1;              /* need only be non-zero */
-#endif
+           e = get_so_error(conn->fd);
+           if (e)
+               dprint("socket error on exception fd: %m", e);
+           else
+               dprint("no socket error info available on exception fd");
            goto kill_conn;
        }
 
        /*
         * Connect finished -- but did it succeed or fail?
         * UNIX sets can_write if failed.
-        * Try writing, I guess, and find out.
+        * Call getsockopt to see if error pending.
+        *
+        * (For most UNIX systems it works to just try writing the
+        * first time and detect an error.  But Bill Dodd at IBM
+        * reports that some version of AIX, SIGPIPE can result.)
         */
+       e = get_so_error(conn->fd);
+       if (e) {
+           dprint("socket error on write fd: %m", e);
+           goto kill_conn;
+       }
        conn->state = WRITING;
        goto try_writing;
 
@@ -1073,7 +1087,7 @@ krb5int_sendto (krb5_context context, const krb5_data *message,
 egress:
     for (i = 0; i < n_conns; i++) {
        if (conns[i].fd != INVALID_SOCKET)
-           close(conns[i].fd);
+           closesocket(conns[i].fd);
        if (conns[i].state == READING
            && conns[i].x.in.buf != 0
            && conns[i].x.in.buf != udpbuf)
index a3d6828604d76691c8f65b2fbe07ada86f071567..03dac07ef42cc46ddf63fbb52b9b2c7015149771 100644 (file)
@@ -117,7 +117,7 @@ int main (int argc, char *argv[])
        break;
 
     case LOOKUP_DNS:
-       err = krb5_locate_srv_dns (&realm, "_kerberos", "_udp", &al);
+       err = krb5_locate_srv_dns_1 (&realm, "_kerberos", "_udp", &al, 0);
        break;
 
     case LOOKUP_WHATEVER:
index aad995a18491974dfd4b00c7cec35fdedef50014..4578f822af016c2ec8560d6a43cec20d76c826be 100644 (file)
@@ -35,7 +35,7 @@
  * between the system time and the "real time" as passed to this
  * routine
  */
-krb5_error_code 
+krb5_error_code KRB5_CALLCONV
 krb5_set_real_time(krb5_context context, krb5_int32 seconds, krb5_int32 microseconds)
 {
     krb5_os_context os_ctx = context->os_context;
index 79b6a282ec28faf15b04900e35967eb6dfd64fff..d67b044fad4118a8ae472a4f5d0b695a52620539 100644 (file)
@@ -49,38 +49,40 @@ clean-unix:: clean-libobjs
 #
 rc_base.so rc_base.po $(OUTPRE)rc_base.$(OBJEXT): rc_base.c rc_base.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 rc_dfl.so rc_dfl.po $(OUTPRE)rc_dfl.$(OBJEXT): rc_dfl.c rc_base.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h rc_dfl.h rc_io.h
+  rc_dfl.h rc_io.h
 rc_io.so rc_io.po $(OUTPRE)rc_io.$(OBJEXT): rc_io.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) rc_base.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  rc_dfl.h rc_io.h
+  $(SRCTOP)/include/krb5/kdb.h rc_dfl.h rc_io.h
 rcdef.so rcdef.po $(OUTPRE)rcdef.$(OBJEXT): rcdef.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h rc_dfl.h
+  rc_dfl.h
 rc_conv.so rc_conv.po $(OUTPRE)rc_conv.$(OBJEXT): rc_conv.c rc_base.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 ser_rc.so ser_rc.po $(OUTPRE)ser_rc.$(OBJEXT): ser_rc.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 rcfns.so rcfns.po $(OUTPRE)rcfns.$(OBJEXT): rcfns.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 
index 53172a85c3a846e017c9d20b81dc8e5fe8df42bb..58b4390df0f840a89883067bbc3753a1cbaa6d3c 100644 (file)
@@ -36,8 +36,10 @@ EXPORTS
        krb5_auth_con_getlocalseqnumber
        krb5_auth_con_getlocalsubkey
        krb5_auth_con_getrcache                 ; KRB5_CALLCONV_WRONG
+       krb5_auth_con_getrecvsubkey
        krb5_auth_con_getremoteseqnumber
        krb5_auth_con_getremotesubkey
+       krb5_auth_con_getsendsubkey
        krb5_auth_con_init
        krb5_auth_con_initivector               ; DEPRECATED
        krb5_auth_con_setaddrs                  ; KRB5_CALLCONV_WRONG
@@ -45,6 +47,8 @@ EXPORTS
        krb5_auth_con_setflags
        krb5_auth_con_setports
        krb5_auth_con_setrcache
+       krb5_auth_con_setrecvsubkey
+       krb5_auth_con_setsendsubkey
        krb5_auth_con_setuseruserkey
        krb5_build_principal
        krb5_build_principal_ext
@@ -63,6 +67,7 @@ EXPORTS
        krb5_c_random_make_octets
        krb5_c_random_seed
        krb5_c_string_to_key
+krb5_c_string_to_key_with_params
        krb5_c_valid_cksumtype
        krb5_c_valid_enctype
        krb5_c_verify_checksum
@@ -153,6 +158,7 @@ EXPORTS
        krb5_get_init_creds_opt_set_salt
        krb5_get_init_creds_opt_set_tkt_life
        krb5_get_init_creds_password
+       krb5_get_permitted_enctypes
        krb5_get_prompt_types
        krb5_get_renewed_creds
        krb5_get_server_rcache
@@ -187,6 +193,7 @@ EXPORTS
        krb5_os_localaddr
        krb5_parse_name
        krb5_principal_compare
+       krb5_principal2salt
        krb5_process_key
        krb5_prompter_posix
        krb5_random_key
@@ -204,7 +211,10 @@ EXPORTS
        krb5_sendauth
        krb5_set_default_realm
        krb5_set_default_tgs_enctypes
+krb5_set_password
+krb5_set_password_using_ccache
        krb5_set_principal_realm
+       krb5_set_real_time
        krb5_sname_to_principal
        krb5_string_to_cksumtype
        krb5_string_to_deltat
@@ -224,6 +234,10 @@ EXPORTS
        krb5_verify_init_creds_opt_init
        krb5_verify_init_creds_opt_set_ap_req_nofail
 
+       krb5_524_convert_creds
+; Don't add krb524_convert_creds_kdc or krb524_init_ets here;
+; they've never been exported by this library, and are deprecated. -KR
+
        krb5int_accessor        ; INTERNAL (to end all internals)
 
 ; To Add (exported on Mac OS X):
@@ -265,3 +279,4 @@ EXPORTS
        krb5_rc_close                           ; PRIVATE GSSAPI krb5.hin
        krb5_free_enc_tkt_part                  ; PRIVATE GSSAPI krb5.hin
        krb5_decrypt_tkt_part                   ; PRIVATE GSSAPI krb5.hin
+    
\ No newline at end of file
index 6534240549acd6c8a9c45e7a54c8f46ea9f0c943..279ec8adbfc8589aca38bbfc7b58753bd5667588 100644 (file)
@@ -1,3 +1,16 @@
+2003-04-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * bindresvport.c: Include errno.h.
+       (gssrpc_bindresvport): Don't declare errno.
+       * clnt_tcp.c: Don't declare errno.
+       * svc.c: Don't declare errno.  Include errno.h.
+
+2003-03-24  Tom Yu  <tlyu@mit.edu>
+
+       * xdr_mem.c (xdrmem_create): Perform some additional size checks.
+       (xdrmem_getlong, xdrmem_putlong, xdrmem_getbytes): Check x_handy
+       prior to decrementing it.
+
 2003-01-12  Ezra Peisach  <epeisach@bu.edu>
 
        * svc_auth_gssapi.c (_svcauth_gssapi_unset_names): If invoked more
index 36b3ed533b9cba45bc1654ae79dc29c9ab2fdd7f..28017d6cf5a1c31a39fa0e8914a8521b3d71354f 100644 (file)
@@ -41,6 +41,7 @@ static  char sccsid[] = "@(#)bindresvport.c   2.2 88/07/29 4.0 RPCSRC 1.8 88/02/08
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <gssrpc/rpc.h>
+#include <errno.h>
 
 /*
  * Bind a socket to a privileged IP port
@@ -53,7 +54,6 @@ gssrpc_bindresvport(sd, sockin)
        int res;
        static short port;
        struct sockaddr_in myaddr;
-       extern int errno;
        int i;
 
 #define STARTPORT 600
index abadf339c4910e154f50b1ee8583518815a2ebc6..9906bca0e9a2f1aa479f8217aef51fdfe8af8094 100644 (file)
@@ -60,8 +60,6 @@ static char sccsid[] = "@(#)clnt_tcp.c 1.37 87/10/05 Copyr 1984 Sun Micro";
 
 #define MCALL_MSG_SIZE 24
 
-extern int errno;
-
 static enum clnt_stat  clnttcp_call(CLIENT *, rpc_u_int32, xdrproc_t, void *,
                                     xdrproc_t, void *, struct timeval);
 static void            clnttcp_abort(CLIENT *);
index 7429acda1ae7b8b6cd746a4f3fbcacef8fa68214..9026815415bff9f1bf5f0750730a6082ce9985ca 100644 (file)
@@ -46,8 +46,7 @@ static char sccsid[] = "@(#)svc.c 1.41 87/10/13 Copyr 1984 Sun Micro";
 #include <gssrpc/pmap_clnt.h>
 #include <stdio.h>
 #include <string.h>
-
-extern int errno;
+#include <errno.h>
 
 #ifdef FD_SETSIZE
 static SVCXPRT **xports;
index e565321f2751309e1ab020e873405732738697b6..63ecf4467da0c7ec9ae7ff80b8c799119252a721 100644 (file)
@@ -1,3 +1,15 @@
+2004-02-13  Tom Yu  <tlyu@mit.edu>
+
+       * config/unix.exp (PRIOCNTL_HACK): Use "==" instead of "eq", which
+       is not present in tcl-8.3.
+
+2004-02-12  Tom Yu  <tlyu@mit.edu>
+
+       * configure.in: Invoke KRB5_AC_PRIOCNTL_HACK.
+
+       * config/unix.exp (PRIOCNTL_HACK): Wrap "spawn" to do priocntl
+       things to work around Solaris 9 pty-close bug.
+
 2003-01-07  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.ov: Deleted.
index a9ed5c3d7ccf226ada1f4933a9e8c7261b4391ef..a4c2fc52d4198fcd1c3d11e90d31e99665a6c8f6 100644 (file)
@@ -54,6 +54,7 @@ unit-test-body:
                $(RUNTEST) SERVER=./server CLIENT=./client \
                KINIT=$(BUILDTOP)/clients/kinit/kinit \
                KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
+               PRIOCNTL_HACK=@PRIOCNTL_HACK@ \
                PASS="$(PASS)" --tool rpc_test $(RUNTESTFLAGS) ; \
        then \
                echo Cleaning up... ; \
index 49ae4d1653e353da518ae4b20e895143153db437..495472e672a0a048954187beca4211d15135cdb9 100644 (file)
@@ -9,6 +9,44 @@ set kdestroy $KDESTROY
 
 set hostname [exec hostname]
 
+# Hack around Solaris 9 kernel race condition that causes last output
+# from a pty to get dropped.
+if { $PRIOCNTL_HACK } {
+    catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
+    rename spawn oldspawn
+    proc spawn { args } {
+       upvar 1 spawn_id spawn_id
+       set newargs {}
+       set inflags 1
+       set eatnext 0
+       foreach arg $args {
+           if { $arg == "-ignore" \
+                    || $arg == "-open" \
+                    || $arg == "-leaveopen" } {
+               lappend newargs $arg
+               set eatnext 1
+               continue
+           }
+           if [string match "-*" $arg] {
+               lappend newargs $arg
+               continue
+           }
+           if { $eatnext } {
+               set eatnext 0
+               lappend newargs $arg
+               continue
+           }
+           if { $inflags } {
+               set inflags 0
+               set newargs [concat $newargs {priocntl -e -c FX -p 0}]
+           }
+           lappend newargs $arg
+       }
+       set pid [eval oldspawn $newargs]
+       return $pid
+    }
+}
+
 # this will initialize the database and keytab
 load_lib "helpers.exp"
 
index 68ac8d10865f6a7ab25c6ebc162c7cb9d57bdb8f..d06cb6fb878425f024c60725f798af46d4aae4f7 100644 (file)
@@ -25,4 +25,5 @@ changequote([, ])
 AC_SUBST(PASS)
 dnl
 CHECK_SIGNALS
+KRB5_AC_PRIOCNTL_HACK
 V5_AC_OUTPUT_MAKEFILE
index 18265da817817ab1ea66bc43008fb6bbc0d9be08..58e2d82a377097f59330eda2a657e14295cc449e 100644 (file)
@@ -48,6 +48,7 @@ static char sccsid[] = "@(#)xdr_mem.c 1.19 87/08/11 Copyr 1984 Sun Micro";
 #include <netinet/in.h>
 #include <stdio.h>
 #include <string.h>
+#include <limits.h>
 
 static bool_t  xdrmem_getlong(XDR *, long *);
 static bool_t  xdrmem_putlong(XDR *, long *);
@@ -84,7 +85,7 @@ xdrmem_create(xdrs, addr, size, op)
        xdrs->x_op = op;
        xdrs->x_ops = &xdrmem_ops;
        xdrs->x_private = xdrs->x_base = addr;
-       xdrs->x_handy = size;
+       xdrs->x_handy = (size > INT_MAX) ? INT_MAX : size; /* XXX */
 }
 
 static void
@@ -99,8 +100,10 @@ xdrmem_getlong(xdrs, lp)
        long *lp;
 {
 
-       if ((xdrs->x_handy -= sizeof(rpc_int32)) < 0)
+       if (xdrs->x_handy < sizeof(rpc_int32))
                return (FALSE);
+       else
+               xdrs->x_handy -= sizeof(rpc_int32);
        *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private)));
        xdrs->x_private = (char *)xdrs->x_private + sizeof(rpc_int32);
        return (TRUE);
@@ -112,8 +115,10 @@ xdrmem_putlong(xdrs, lp)
        long *lp;
 {
 
-       if ((xdrs->x_handy -= sizeof(rpc_int32)) < 0)
+       if (xdrs->x_handy < sizeof(rpc_int32))
                return (FALSE);
+       else
+               xdrs->x_handy -= sizeof(rpc_int32);
        *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp));
        xdrs->x_private = (char *)xdrs->x_private + sizeof(rpc_int32);
        return (TRUE);
@@ -126,8 +131,10 @@ xdrmem_getbytes(xdrs, addr, len)
        register unsigned int len;
 {
 
-       if ((xdrs->x_handy -= len) < 0)
+       if (xdrs->x_handy < len)
                return (FALSE);
+       else
+               xdrs->x_handy -= len;
        memmove(addr, xdrs->x_private, len);
        xdrs->x_private = (char *)xdrs->x_private + len;
        return (TRUE);
@@ -140,8 +147,10 @@ xdrmem_putbytes(xdrs, addr, len)
        register unsigned int len;
 {
 
-       if ((xdrs->x_handy -= len) < 0)
+       if (xdrs->x_handy < len)
                return (FALSE);
+       else
+               xdrs->x_handy -= len;
        memmove(xdrs->x_private, addr, len);
        xdrs->x_private = (char *)xdrs->x_private + len;
        return (TRUE);
@@ -180,7 +189,7 @@ xdrmem_inline(xdrs, len)
 {
        rpc_int32 *buf = 0;
 
-       if (xdrs->x_handy >= len) {
+       if (len >= 0 && xdrs->x_handy >= len) {
                xdrs->x_handy -= len;
                buf = (rpc_int32 *) xdrs->x_private;
                xdrs->x_private = (char *)xdrs->x_private + len;
index 24acb48451d363c667588ee6466203c2ba05b922..acd5ebb4f1e4d97db4454129f037f65686cf7120 100644 (file)
 #define KRB4_USE_KEYTAB              1
 #define KRB5                         1
 #define KRB524_PRIVATE               1
-#define KRB5_DNS_LOOKUP              0
-#define KRB5_DNS_LOOKUP_KDC          0
+#define KRB5_DNS_LOOKUP              1
+#define KRB5_DNS_LOOKUP_KDC          1
 #define KRB5_KRB4_COMPAT             1
 #define KRB5_PRIVATE                 1
 #define krb5_sigtype                 void
index a3dfbe985c42bb9394861380a8730e3fdc5f1ec4..6cae45313a9e491c2faa142a1437189e3f7d5bc9 100644 (file)
        _krb5_c_random_make_octets
        _krb5_c_random_seed
 #
-# Will be added for 1.3
-#      _krb5_c_random_os_entropy
-#      _krb5_c_random_add_entropy
-#      _krb5_c_init_state
-#      _krb5_c_free_state
+# Added for 1.3
+       _krb5_c_random_os_entropy
+       _krb5_c_random_add_entropy
+       _krb5_c_init_state
+       _krb5_c_free_state
 #
        _krb5_c_string_to_key
+       _krb5_c_string_to_key_with_params
        _krb5_c_enctype_compare
        _krb5_c_make_checksum
        _krb5_c_verify_checksum
        _krb5_auth_con_getremotesubkey
        _krb5_auth_con_getlocalseqnumber
        _krb5_auth_con_getremoteseqnumber
+       _krb5_auth_con_getrecvsubkey
+       _krb5_auth_con_getsendsubkey
+       _krb5_auth_con_setrecvsubkey
+       _krb5_auth_con_setsendsubkey
        _krb5_auth_con_setrcache
        _krb5_auth_con_getrcache
        _krb5_auth_con_getauthenticator
        _krb5_verify_init_creds_opt_set_ap_req_nofail
 #
        _krb5_set_default_tgs_enctypes
+       _krb5_get_permitted_enctypes
 #
        _krb5_free_tgt_creds
 #
        _krb5_free_default_realm
 #
        _krb5_sname_to_principal
-    _krb5_principal2salt
+       _krb5_principal2salt
        _krb5_change_password
+#
+       _krb5_set_password
+       _krb5_set_password_using_ccache
 #
        _krb5_get_profile
 #
        _krb5_kuserok
 #
        _krb5_get_time_offsets
+       _krb5_set_real_time
 #
        _krb5_string_to_cksumtype
        _krb5_cksumtype_to_string
        _krb5_appdefault_boolean
 #
        _krb524_convert_creds_kdc
+       _krb5_524_convert_creds
 #
 #
 # DEPRECATED:
index c674f4b5bbf3320d039a64ad65375a2458c535b7..3168223364bf7ab17f8ca2af9c3a8e0b49646ce5 100644 (file)
@@ -3,62 +3,8 @@
        archiveVersion = 1;
        classes = {
        };
-       objectVersion = 38;
+       objectVersion = 39;
        objects = {
-               A12536AA040BC4FB003D8244 = {
-                       fileRef = F517343503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               A12536AB040BC50C003D8244 = {
-                       fileRef = F517343B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               A12536AC040BC534003D8244 = {
-                       fileRef = F517344703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               A12536AD040BC560003D8244 = {
-                       fileRef = F517346703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               A12536AE040BC56A003D8244 = {
-                       fileRef = F517346B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               A12536AF040BC56F003D8244 = {
-                       fileRef = F517346D03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               A12536B0040BC575003D8244 = {
-                       fileRef = F517346F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               A12536B1040BC57F003D8244 = {
-                       fileRef = F517347C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               A12536B2040BC841003D8244 = {
-                       fileRef = F517344B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
                A12536B3040BEC05003D8244 = {
                        children = (
                                A12536B5040BEC05003D8244,
                                A1253718040BEC06003D8244,
                                A1253725040BEC06003D8244,
                                A125374E040BEC06003D8244,
-                               A125376D040BEC06003D8244,
                        );
                        isa = PBXGroup;
                        path = kadmin;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536B5040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536B6040BEC05003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = cli;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536B7040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536B8040BEC05003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = attic;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536B9040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536BA040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.yacc;
                        path = getdate.y;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536BB040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.cpp.objcpp;
                        path = k5srvutil.M;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536BC040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = k5srvutil.sh;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536BD040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kadmin.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536BE040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
                        path = kadmin.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536BF040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.cpp.objcpp;
                        path = kadmin.local.M;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536C0040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.cpp.objcpp;
                        path = kadmin.M;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536C1040BEC05003D8244 = {
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = kadmin_ct.ct;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536C2040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = keytab.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536C3040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536C4040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = memmove.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536C5040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = ss_wrapper.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536C6040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = strftime.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536CA040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = configure.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536CD040BEC05003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = dbutil;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536CE040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536CF040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536D0040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = dump.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536D1040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = dumpv4.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536D2040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = import_err.et;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536D3040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kadm5_create.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536D4040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kdb5_create.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536D5040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kdb5_destroy.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536D6040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.cpp.objcpp;
                        path = kdb5_edit.M;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536D7040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kdb5_stash.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536D8040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kdb5_util.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536D9040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
                        path = kdb5_util.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536DA040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.cpp.objcpp;
                        path = kdb5_util.M;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536DB040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = loadv4.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536DC040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536DD040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
                        path = nstrtok.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536DE040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = ovload.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536DF040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = string_table.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536E0040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
                        path = string_table.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536E1040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = strtok.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536E2040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = tcl_wrapper.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536E3040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = util.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536EC040BEC05003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = kdbkeys;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536ED040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536EE040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.perl;
                        path = "do-test.pl";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536EF040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536F5040BEC05003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = ktutil;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536F6040BEC05003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536F7040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .Sanitize;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536F8040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536F9040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = ktutil.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536FA040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
                        path = ktutil.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536FB040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.cpp.objcpp;
                        path = ktutil.M;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536FC040BEC06003D8244 = {
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ktutil_ct.ct;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536FD040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = ktutil_funcs.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536FE040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12536FF040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253700040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = passwd;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253701040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253702040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253703040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kpasswd.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253704040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
                        path = kpasswd.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253705040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.cpp.objcpp;
                        path = kpasswd.M;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253706040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = kpasswd_strings.et;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253707040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253708040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = tty_kpasswd.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253709040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = "unit-test";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125370A040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125370B040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = config;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125370C040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = unix.exp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125370D040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = kpasswd.0;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125370E040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = changing.exp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125370F040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = connecting.exp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253710040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = principal.exp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253711040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = usage.exp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253712040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = lib;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253713040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = helpers.exp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253714040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253715040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = xm_kpasswd.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253716040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = scripts;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253717040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = "inst-hdrs.sh";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253718040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = server;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253719040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125371A040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.lex;
                        path = acls.l;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125371B040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125371C040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kadm_rpc_svc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125371D040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.cpp.objcpp;
                        path = kadmind.M;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125371E040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125371F040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = misc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253720040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
                        path = misc.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253721040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = ovsec_kadmd.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253722040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = schpw.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253723040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = server_glue_v1.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253724040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = server_stubs.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253725040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = testing;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253726040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253727040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253728040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = lib;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253729040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125372A040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = proto;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125372B040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125372C040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = kdc.conf.proto;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125372D040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = krb5.conf.proto;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125372E040BEC06003D8244 = {
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ovsec_adm.dict;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125372F040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = scripts;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253730040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253731040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253732040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.perl;
                        path = compare_dump.plin;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253733040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = "env-setup.shin";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253734040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = "find-make.sh";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253735040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.perl;
                        path = "fixup-conf-files.plin";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253736040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = init_db;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253737040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.perl;
                        path = "make-host-keytab.plin";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253738040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253739040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = qualname.plin;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125373A040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = save_files.sh;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125373B040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.perl;
                        path = simple_dump.plin;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125373C040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = start_servers;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125373D040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = start_servers_local;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125373E040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = stop_servers;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125373F040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = stop_servers_local;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253740040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.perl;
                        path = verify_xrunner_report.plin;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253741040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = tcl;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253742040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = util.t;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253743040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = util;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253744040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253745040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = bsddb_dump.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253746040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253747040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253748040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = tcl_kadm5.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253749040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
                        path = tcl_kadm5.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125374A040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = tcl_krb5_hash.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125374B040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = tcl_ovsec_kadm.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125374C040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = tcl_ovsec_kadm_syntax;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125374D040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = test.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125374E040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = v4server;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125374F040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253750040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = acl_files.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253751040BEC06003D8244 = {
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = acl_files.doc;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253752040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = admin_server.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253753040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = attic;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253754040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = build_pwfile.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253755040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253756040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kadm_funcs.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253757040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kadm_ser_wrap.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253758040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kadm_server.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253759040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
                        path = kadm_server.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125375A040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = kadm_supp.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125375B040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125375C040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = "unit-test";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125375D040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125375E040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = config;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125375F040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253760040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = unix.exp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253761040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = getpid.sh;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253762040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = lib;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253763040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = helpers.exp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253764040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253765040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = remove_changepw_perms.sh;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253766040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = v4server.0;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253767040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = "setup-srvtab.exp";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253768040BEC06003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = v4server.1;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253769040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = access.exp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125376A040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = "change-password.exp";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125376B040BEC06003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
                        path = usage.exp;
                        refType = 4;
-               };
-               A125376D040BEC06003D8244 = {
-                       children = (
-                               A125376E040BEC06003D8244,
-                               A125376F040BEC06003D8244,
-                               A1253770040BEC06003D8244,
-                               A1253771040BEC06003D8244,
-                               A1253772040BEC06003D8244,
-                               A1253773040BEC06003D8244,
-                               A1253774040BEC06003D8244,
-                               A1253775040BEC07003D8244,
-                               A1253776040BEC07003D8244,
-                               A1253777040BEC07003D8244,
-                               A1253778040BEC07003D8244,
-                       );
-                       isa = PBXGroup;
-                       path = v5passwdd;
-                       refType = 4;
-               };
-               A125376E040BEC06003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .cvsignore;
-                       refType = 4;
-               };
-               A125376F040BEC06003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = adm_conn.c;
-                       refType = 4;
-               };
-               A1253770040BEC06003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = adm_rw.c;
-                       refType = 4;
-               };
-               A1253771040BEC06003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
-               };
-               A1253772040BEC06003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kadm5_defs.h;
-                       refType = 4;
-               };
-               A1253773040BEC06003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kpasswd.c;
-                       refType = 4;
-               };
-               A1253774040BEC06003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = main.c;
-                       refType = 4;
-               };
-               A1253775040BEC07003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
-               };
-               A1253776040BEC07003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = proto_serv.c;
-                       refType = 4;
-               };
-               A1253777040BEC07003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = srv_net.c;
-                       refType = 4;
-               };
-               A1253778040BEC07003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = v5passwd.M;
-                       refType = 4;
+                       sourceTree = "<group>";
                };
                A1253780040BF748003D8244 = {
                        isa = PBXTargetDependency;
                        target = F5E59BD503FD803201120114;
-               };
-               A1253781040BF780003D8244 = {
-                       isa = PBXTargetDependency;
-                       target = F5CFD5E6022D8A9901120112;
-               };
-               A1253782040BF7B4003D8244 = {
-                       isa = PBXTargetDependency;
-                       target = F5CFD629022D922C01120112;
+                       targetProxy = A181DA4705CEFC0400E4C246;
                };
                A1253783040BF7E6003D8244 = {
                        fileEncoding = 4;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = KerberosDES.pbexp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253784040BF80F003D8244 = {
                        fileEncoding = 4;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Kerberos4.pbexp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A125378D040BFA0E003D8244 = {
                        fileEncoding = 4;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = KerberosProfile.pbexp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537EA040C0795003D8244 = {
                        children = (
                                A12537FE040C080B003D8244,
                                A1253803040C0D3E003D8244,
                                A12537EB040C0795003D8244,
-                               A12537EC040C0795003D8244,
-                               A12537ED040C0795003D8244,
                                A12537EE040C0795003D8244,
                        );
                        isa = PBXGroup;
                        path = include;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537EB040C0795003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = krb5.h;
                        refType = 4;
-               };
-               A12537EC040C0795003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb524.h;
-                       refType = 4;
-               };
-               A12537ED040C0795003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb524_err.h;
-                       refType = 4;
+                       sourceTree = "<group>";
                };
                A12537EE040C0795003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = profile.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537EF040C0795003D8244 = {
                        children = (
                                A12537F3040C0795003D8244,
                                A12537F4040C0795003D8244,
                                A12537F5040C0795003D8244,
-                               A12537F6040C0795003D8244,
-                               A12537F7040C0795003D8244,
                                A12537F8040C0795003D8244,
                                A12537F9040C0795003D8244,
                        );
                        isa = PBXGroup;
                        path = Kerberos;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537F0040C0795003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = des.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537F1040C0795003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = gssapi.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537F2040C0795003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = gssapi_generic.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537F3040C0795003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = gssapi_krb5.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537F4040C0795003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = krb.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537F5040C0795003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = krb5.h;
                        refType = 4;
-               };
-               A12537F6040C0795003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb524.h;
-                       refType = 4;
-               };
-               A12537F7040C0795003D8244 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb524_err.h;
-                       refType = 4;
+                       sourceTree = "<group>";
                };
                A12537F8040C0795003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = krb_err.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537F9040C0795003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = profile.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537FA040C080B003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = gssapi;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537FB040C080B003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = gssapi.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537FC040C080B003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = gssapi_generic.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537FD040C080B003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = gssapi_krb5.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537FE040C080B003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = kerberosIV;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A12537FF040C080B003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = des.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253800040C080B003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = krb.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253801040C080B003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = krb_err.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253803040C0D3E003D8244 = {
                        children = (
                        isa = PBXGroup;
                        path = krb5;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253804040C0D3E003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = autoconf.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A1253805040C0D3E003D8244 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = file;
                        path = osconf.h;
                        refType = 4;
+                       sourceTree = "<group>";
+               };
+               A125397605CF124D003BD89B = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = k5sealv3.c;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               A125399205CF12A2003BD89B = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mandatory_sumtype.c;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               A12539AD05CF12D5003BD89B = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = dnssrv.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
                A166BCC3040D36F8004AA618 = {
                        fileEncoding = 4;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = mac_des_glue.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               A166BCC4040D36F8004AA618 = {
-                       fileRef = A166BCC3040D36F8004AA618;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A16DA36604854EF700120112 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = conv_creds.c;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               A16DA36704854EF700120112 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = v4lifetime.c;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               A16DA36A0485503F00120112 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = krb524_err.et;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               A16DB01304868A7E00120112 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = send524.c;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               A181DA3F05CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5CFD5E6022D8A9901120112;
+                       remoteInfo = "Error Table Generation";
+               };
+               A181DA4005CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5CFD629022D922C01120112;
+                       remoteInfo = "Header Generation";
+               };
+               A181DA4105CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5CFD5E6022D8A9901120112;
+                       remoteInfo = "Error Table Generation";
+               };
+               A181DA4205CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5CFD629022D922C01120112;
+                       remoteInfo = "Header Generation";
+               };
+               A181DA4305CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5CFD629022D922C01120112;
+                       remoteInfo = "Header Generation";
+               };
+               A181DA4405CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5CFD5CD022D86AD01120112;
+                       remoteInfo = KerberosProfile;
+               };
+               A181DA4505CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5E2686C03F8336601120114;
+                       remoteInfo = KerberosDES;
+               };
+               A181DA4605CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5CFD5E6022D8A9901120112;
+                       remoteInfo = "Error Table Generation";
+               };
+               A181DA4705CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5E59BD503FD803201120114;
+                       remoteInfo = ServerBuild;
+               };
+               A181DA4805CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5CFD5E6022D8A9901120112;
+                       remoteInfo = "Error Table Generation";
+               };
+               A181DA4905CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5E2686C03F8336601120114;
+                       remoteInfo = KerberosDES;
+               };
+               A181DA4A05CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5CFD629022D922C01120112;
+                       remoteInfo = "Header Generation";
+               };
+               A181DA4B05CEFC0400E4C246 = {
+                       containerPortal = F5CFD36E022D854401120112;
+                       isa = PBXContainerItemProxy;
+                       proxyType = 1;
+                       remoteGlobalIDString = F5CFD5E6022D8A9901120112;
+                       remoteInfo = "Error Table Generation";
+               };
+               A181DA5405CF0BD800E4C246 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "k5-platform.h";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
                A198BBE10406D04A00120114 = {
                        children = (
                        isa = PBXGroup;
                        path = mac;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BBE60406D04A00120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BC050406D04A00120114 = {
                        children = (
                        isa = PBXGroup;
                        path = libraries;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BC0A0406D04A00120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BC180406D04A00120114 = {
                        children = (
                        isa = PBXGroup;
                        path = MacOSX;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BC190406D04A00120114 = {
                        children = (
                        isa = PBXGroup;
                        path = Headers;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BC1A0406D04A00120114 = {
                        children = (
                        isa = PBXGroup;
                        path = Projects;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BC1B0406D04A00120114 = {
                        children = (
                        isa = PBXGroup;
                        path = Kerberos5.pbproj;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BC1C0406D04A00120114 = {
                        children = (
                        isa = PBXGroup;
                        path = Scripts;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BC1D0406D04A00120114 = {
                        children = (
                        isa = PBXGroup;
                        path = Sources;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BC200406D04A00120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ReadMe;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                A198BC210406D04A00120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = "Release notes";
                        refType = 4;
-               };
-               A198BC270406D66000120114 = {
-                       fileRef = F517343303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+                       sourceTree = "<group>";
                };
                A198BC2A0406DA8F00120114 = {
                        fileEncoding = 4;
                        isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
                        path = prof_FSp_glue.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               A198BC2B0406DA8F00120114 = {
-                       fileRef = A198BC2A0406DA8F00120114;
-                       isa = PBXBuildFile;
-                       settings = {
+               A1AB1DEC05DDC40100526345 = {
+                       buildPhases = (
+                               A1AB1DEE05DDC40100526345,
+                               A1AB1DF005DDC40100526345,
+                               A1AB1DFF05DDC40100526345,
+                               A1AB1E0005DDC40100526345,
+                       );
+                       buildRules = (
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               GCC_PRECOMPILE_PREFIX_HEADER = YES;
+                               GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h;
+                               HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include";
+                               LIBRARY_STYLE = STATIC;
+                               PRODUCT_NAME = KerberosDES;
+                               REZ_EXECUTABLE = YES;
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
                        };
+                       dependencies = (
+                               A1AB1DED05DDC40100526345,
+                       );
+                       isa = PBXNativeTarget;
+                       name = KerberosDES;
+                       productInstallPath = /usr/local/lib;
+                       productName = KerberosDES;
+                       productReference = A1AB1E0205DDC40100526345;
+                       productType = "com.apple.product-type.library.static";
                };
-               A1B21F170417D6BC00120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aes_s2k.c;
-                       refType = 4;
+               A1AB1DED05DDC40100526345 = {
+                       isa = PBXTargetDependency;
+                       target = F5CFD629022D922C01120112;
+                       targetProxy = A181DA4205CEFC0400E4C246;
                };
-               A1B21F180417D6BC00120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aes_s2k.h;
-                       refType = 4;
+               A1AB1DEE05DDC40100526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               A1AB1DEF05DDC40100526345,
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1B21F190417D6BC00120114 = {
-                       fileRef = A1B21F170417D6BC00120114;
+               A1AB1DEF05DDC40100526345 = {
+                       fileRef = A1CA623604168DFE0013F915;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1B21F1A0417D6BC00120114 = {
-                       fileRef = A1B21F180417D6BC00120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1DF005DDC40100526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               A1AB1DF105DDC40100526345,
+                               A1AB1DF205DDC40100526345,
+                               A1AB1DF305DDC40100526345,
+                               A1AB1DF405DDC40100526345,
+                               A1AB1DF505DDC40100526345,
+                               A1AB1DF605DDC40100526345,
+                               A1AB1DF705DDC40100526345,
+                               A1AB1DF805DDC40100526345,
+                               A1AB1DF905DDC40100526345,
+                               A1AB1DFA05DDC40100526345,
+                               A1AB1DFB05DDC40100526345,
+                               A1AB1DFC05DDC40100526345,
+                               A1AB1DFD05DDC40100526345,
+                               A1AB1DFE05DDC40100526345,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1CA6042040F24850013F915 = {
-                       fileRef = F517325103F1B65901120114;
+               A1AB1DF105DDC40100526345 = {
+                       fileRef = F517332003F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6043040F24870013F915 = {
-                       fileRef = F517325303F1B65901120114;
+               A1AB1DF205DDC40100526345 = {
+                       fileRef = F517331E03F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6044040F24880013F915 = {
-                       fileRef = F517325403F1B65901120114;
+               A1AB1DF305DDC40100526345 = {
+                       fileRef = F517330C03F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6045040F24890013F915 = {
-                       fileRef = F517325503F1B65901120114;
+               A1AB1DF405DDC40100526345 = {
+                       fileRef = F517330E03F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6046040F248A0013F915 = {
-                       fileRef = F517325603F1B65901120114;
+               A1AB1DF505DDC40100526345 = {
+                       fileRef = F517330F03F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6047040F248D0013F915 = {
-                       fileRef = F517325703F1B65901120114;
+               A1AB1DF605DDC40100526345 = {
+                       fileRef = F517331103F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6048040F248E0013F915 = {
-                       fileRef = F517325803F1B65901120114;
+               A1AB1DF705DDC40100526345 = {
+                       fileRef = F517331203F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6049040F248F0013F915 = {
-                       fileRef = F517326503F1B65901120114;
+               A1AB1DF805DDC40100526345 = {
+                       fileRef = F517331403F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA604A040F24900013F915 = {
-                       fileRef = F517326603F1B65901120114;
+               A1AB1DF905DDC40100526345 = {
+                       fileRef = F517331503F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA604B040F24910013F915 = {
-                       fileRef = F517326703F1B65901120114;
+               A1AB1DFA05DDC40100526345 = {
+                       fileRef = F517331603F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA604D040F24950013F915 = {
-                       fileRef = F517326803F1B65901120114;
+               A1AB1DFB05DDC40100526345 = {
+                       fileRef = F517331703F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA604E040F249D0013F915 = {
-                       fileRef = F517329403F1B65901120114;
+               A1AB1DFC05DDC40100526345 = {
+                       fileRef = F517331803F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA604F040F249E0013F915 = {
-                       fileRef = F517329503F1B65901120114;
+               A1AB1DFD05DDC40100526345 = {
+                       fileRef = F517331903F1B65901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6050040F249F0013F915 = {
-                       fileRef = F517329603F1B65901120114;
+               A1AB1DFE05DDC40100526345 = {
+                       fileRef = A166BCC3040D36F8004AA618;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6051040F24A10013F915 = {
-                       fileRef = F517329703F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1DFF05DDC40100526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1CA6052040F24A20013F915 = {
-                       fileRef = F517329803F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E0005DDC40100526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1CA6053040F24A30013F915 = {
-                       fileRef = F517329903F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E0205DDC40100526345 = {
+                       explicitFileType = archive.ar;
+                       includeInIndex = 0;
+                       isa = PBXFileReference;
+                       path = libKerberosDES.a;
+                       refType = 3;
+                       sourceTree = BUILT_PRODUCTS_DIR;
                };
-               A1CA6054040F24A90013F915 = {
-                       fileRef = F51732A203F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
+               A1AB1E1005DDC43000526345 = {
+                       buildPhases = (
+                               A1AB1E1305DDC43000526345,
+                               A1AB1E1705DDC43000526345,
+                               A1AB1E1F05DDC43000526345,
+                               A1AB1E2005DDC43000526345,
+                       );
+                       buildRules = (
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               GCC_PRECOMPILE_PREFIX_HEADER = YES;
+                               GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h;
+                               HEADER_SEARCH_PATHS = "$(SRCROOT)/../../Common/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include";
+                               LIBRARY_STYLE = STATIC;
+                               PRODUCT_NAME = KerberosProfile;
+                               REZ_EXECUTABLE = YES;
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
                        };
+                       dependencies = (
+                               A1AB1E1105DDC43000526345,
+                               A1AB1E1205DDC43000526345,
+                       );
+                       isa = PBXNativeTarget;
+                       name = KerberosProfile;
+                       productInstallPath = /usr/local/lib;
+                       productName = KerberosProfile;
+                       productReference = A1AB1E2205DDC43000526345;
+                       productType = "com.apple.product-type.library.static";
                };
-               A1CA6055040F24AB0013F915 = {
-                       fileRef = F51732A403F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E1105DDC43000526345 = {
+                       isa = PBXTargetDependency;
+                       target = F5CFD5E6022D8A9901120112;
+                       targetProxy = A181DA4B05CEFC0400E4C246;
                };
-               A1CA6056040F24AC0013F915 = {
-                       fileRef = F51732A503F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E1205DDC43000526345 = {
+                       isa = PBXTargetDependency;
+                       target = F5CFD629022D922C01120112;
+                       targetProxy = A181DA4A05CEFC0400E4C246;
                };
-               A1CA6057040F24AE0013F915 = {
-                       fileRef = F51732B003F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E1305DDC43000526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               A1AB1E1405DDC43000526345,
+                               A1AB1E1505DDC43000526345,
+                               A1AB1E1605DDC43000526345,
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1CA6058040F24AF0013F915 = {
-                       fileRef = F51732B103F1B65901120114;
+               A1AB1E1405DDC43000526345 = {
+                       fileRef = F51737BD03F1B65B01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6059040F24B20013F915 = {
-                       fileRef = F51732C503F1B65901120114;
+               A1AB1E1505DDC43000526345 = {
+                       fileRef = F5E2662D03F443E901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA605A040F24B90013F915 = {
-                       fileRef = F51732CD03F1B65901120114;
+               A1AB1E1605DDC43000526345 = {
+                       fileRef = F5E2662F03F443E901120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA605B040F24C30013F915 = {
-                       fileRef = F51732CF03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E1705DDC43000526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               A1AB1E1805DDC43000526345,
+                               A1AB1E1905DDC43000526345,
+                               A1AB1E1A05DDC43000526345,
+                               A1AB1E1B05DDC43000526345,
+                               A1AB1E1C05DDC43000526345,
+                               A1AB1E1D05DDC43000526345,
+                               A1AB1E1E05DDC43000526345,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1CA605C040F24C40013F915 = {
-                       fileRef = F51732D003F1B65901120114;
+               A1AB1E1805DDC43000526345 = {
+                       fileRef = F51737BA03F1B65B01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA605D040F24C70013F915 = {
-                       fileRef = F51732E103F1B65901120114;
+               A1AB1E1905DDC43000526345 = {
+                       fileRef = F51737BB03F1B65B01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA605E040F24C70013F915 = {
-                       fileRef = F51732E203F1B65901120114;
+               A1AB1E1A05DDC43000526345 = {
+                       fileRef = F51737BC03F1B65B01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA605F040F24C80013F915 = {
-                       fileRef = F51732E303F1B65901120114;
+               A1AB1E1B05DDC43000526345 = {
+                       fileRef = F51737BE03F1B65B01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6060040F24C90013F915 = {
-                       fileRef = F51732E403F1B65901120114;
+               A1AB1E1C05DDC43000526345 = {
+                       fileRef = F51737BF03F1B65B01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6061040F24D20013F915 = {
-                       fileRef = F51732F103F1B65901120114;
+               A1AB1E1D05DDC43000526345 = {
+                       fileRef = F51737C003F1B65B01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6062040F24D20013F915 = {
-                       fileRef = F51732F203F1B65901120114;
+               A1AB1E1E05DDC43000526345 = {
+                       fileRef = A198BC2A0406DA8F00120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6064040F24D40013F915 = {
-                       fileRef = F51732F403F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E1F05DDC43000526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1CA6065040F250F0013F915 = {
-                       fileRef = F517323103F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E2005DDC43000526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1CA6066040F25110013F915 = {
-                       fileRef = F517323203F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E2205DDC43000526345 = {
+                       explicitFileType = archive.ar;
+                       includeInIndex = 0;
+                       isa = PBXFileReference;
+                       path = libKerberosProfile.a;
+                       refType = 3;
+                       sourceTree = BUILT_PRODUCTS_DIR;
                };
-               A1CA6067040F25140013F915 = {
-                       fileRef = F517323603F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
+               A1AB1E3005DDC45F00526345 = {
+                       buildPhases = (
+                               A1AB1E3405DDC45F00526345,
+                               A1AB1E3505DDC45F00526345,
+                               A1AB1E6C05DDC45F00526345,
+                               A1AB1E6D05DDC45F00526345,
+                       );
+                       buildRules = (
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               GCC_PRECOMPILE_PREFIX_HEADER = YES;
+                               GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h;
+                               HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/ErrorTables $(SRCROOT)/../../Common/Headers $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosDebug/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../../CredentialsCache/Headers $(SRCROOT)/../../CredentialsCache/Headers/Kerberos $(SRCROOT)/../../KerberosLogin/Headers $(SRCROOT)/../../KerberosLogin/Headers/Kerberos";
+                               LIBRARY_STYLE = STATIC;
+                               PRODUCT_NAME = Kerberos4;
+                               REZ_EXECUTABLE = YES;
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
                        };
+                       dependencies = (
+                               A1AB1E3105DDC45F00526345,
+                               A1AB1E3205DDC45F00526345,
+                               A1AB1E3305DDC45F00526345,
+                       );
+                       isa = PBXNativeTarget;
+                       name = Kerberos4;
+                       productInstallPath = /usr/local/lib;
+                       productName = Kerberos4;
+                       productReference = A1AB1E6F05DDC45F00526345;
+                       productType = "com.apple.product-type.library.static";
                };
-               A1CA6068040F252B0013F915 = {
-                       fileRef = F517324D03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E3105DDC45F00526345 = {
+                       isa = PBXTargetDependency;
+                       target = F5CFD5E6022D8A9901120112;
+                       targetProxy = A181DA4605CEFC0400E4C246;
                };
-               A1CA6069040F252C0013F915 = {
-                       fileRef = F517324B03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E3205DDC45F00526345 = {
+                       isa = PBXTargetDependency;
+                       target = A1AB1DEC05DDC40100526345;
+                       targetProxy = A181DA4505CEFC0400E4C246;
                };
-               A1CA606A040F252E0013F915 = {
-                       fileRef = F517324C03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E3305DDC45F00526345 = {
+                       isa = PBXTargetDependency;
+                       target = A1AB1E1005DDC43000526345;
+                       targetProxy = A181DA4405CEFC0400E4C246;
                };
-               A1CA606B040F252F0013F915 = {
-                       fileRef = F517325003F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E3405DDC45F00526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1CA606C040F25370013F915 = {
-                       fileRef = F517326103F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E3505DDC45F00526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               A1AB1E3605DDC45F00526345,
+                               A1AB1E3705DDC45F00526345,
+                               A1AB1E3805DDC45F00526345,
+                               A1AB1E3905DDC45F00526345,
+                               A1AB1E3A05DDC45F00526345,
+                               A1AB1E3B05DDC45F00526345,
+                               A1AB1E3C05DDC45F00526345,
+                               A1AB1E3D05DDC45F00526345,
+                               A1AB1E3E05DDC45F00526345,
+                               A1AB1E3F05DDC45F00526345,
+                               A1AB1E4005DDC45F00526345,
+                               A1AB1E4105DDC45F00526345,
+                               A1AB1E4205DDC45F00526345,
+                               A1AB1E4305DDC45F00526345,
+                               A1AB1E4405DDC45F00526345,
+                               A1AB1E4505DDC45F00526345,
+                               A1AB1E4605DDC45F00526345,
+                               A1AB1E4705DDC45F00526345,
+                               A1AB1E4805DDC45F00526345,
+                               A1AB1E4905DDC45F00526345,
+                               A1AB1E4A05DDC45F00526345,
+                               A1AB1E4B05DDC45F00526345,
+                               A1AB1E4C05DDC45F00526345,
+                               A1AB1E4D05DDC45F00526345,
+                               A1AB1E4E05DDC45F00526345,
+                               A1AB1E4F05DDC45F00526345,
+                               A1AB1E5005DDC45F00526345,
+                               A1AB1E5105DDC45F00526345,
+                               A1AB1E5205DDC45F00526345,
+                               A1AB1E5305DDC45F00526345,
+                               A1AB1E5405DDC45F00526345,
+                               A1AB1E5505DDC45F00526345,
+                               A1AB1E5605DDC45F00526345,
+                               A1AB1E5705DDC45F00526345,
+                               A1AB1E5805DDC45F00526345,
+                               A1AB1E5905DDC45F00526345,
+                               A1AB1E5A05DDC45F00526345,
+                               A1AB1E5B05DDC45F00526345,
+                               A1AB1E5C05DDC45F00526345,
+                               A1AB1E5D05DDC45F00526345,
+                               A1AB1E5E05DDC45F00526345,
+                               A1AB1E5F05DDC45F00526345,
+                               A1AB1E6005DDC45F00526345,
+                               A1AB1E6105DDC45F00526345,
+                               A1AB1E6205DDC45F00526345,
+                               A1AB1E6305DDC45F00526345,
+                               A1AB1E6405DDC45F00526345,
+                               A1AB1E6505DDC45F00526345,
+                               A1AB1E6605DDC45F00526345,
+                               A1AB1E6705DDC45F00526345,
+                               A1AB1E6805DDC45F00526345,
+                               A1AB1E6905DDC45F00526345,
+                               A1AB1E6A05DDC45F00526345,
+                               A1AB1E6B05DDC45F00526345,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1CA606D040F25380013F915 = {
-                       fileRef = F517325E03F1B65901120114;
+               A1AB1E3605DDC45F00526345 = {
+                       fileRef = F517345A03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA606E040F25420013F915 = {
-                       fileRef = F517326C03F1B65901120114;
+               A1AB1E3705DDC45F00526345 = {
+                       fileRef = F517345B03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA606F040F25440013F915 = {
-                       fileRef = F517326E03F1B65901120114;
+               A1AB1E3805DDC45F00526345 = {
+                       fileRef = F517345C03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6070040F25460013F915 = {
-                       fileRef = F517326F03F1B65901120114;
+               A1AB1E3905DDC45F00526345 = {
+                       fileRef = F517345D03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6071040F25470013F915 = {
-                       fileRef = F517327503F1B65901120114;
+               A1AB1E3A05DDC45F00526345 = {
+                       fileRef = F517346203F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6072040F254B0013F915 = {
-                       fileRef = F517327603F1B65901120114;
+               A1AB1E3B05DDC45F00526345 = {
+                       fileRef = F517346303F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6073040F254C0013F915 = {
-                       fileRef = F517327703F1B65901120114;
+               A1AB1E3C05DDC45F00526345 = {
+                       fileRef = F517346403F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6074040F254C0013F915 = {
-                       fileRef = F517327803F1B65901120114;
+               A1AB1E3D05DDC45F00526345 = {
+                       fileRef = F517346503F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6075040F254F0013F915 = {
-                       fileRef = F517327903F1B65901120114;
+               A1AB1E3E05DDC45F00526345 = {
+                       fileRef = F517346603F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6076040F254F0013F915 = {
-                       fileRef = F517327A03F1B65901120114;
+               A1AB1E3F05DDC45F00526345 = {
+                       fileRef = F517346803F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6077040F25510013F915 = {
-                       fileRef = F517327C03F1B65901120114;
+               A1AB1E4005DDC45F00526345 = {
+                       fileRef = F517346A03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6078040F25530013F915 = {
-                       fileRef = F517327F03F1B65901120114;
+               A1AB1E4105DDC45F00526345 = {
+                       fileRef = F517346C03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6079040F25550013F915 = {
-                       fileRef = F517328203F1B65901120114;
+               A1AB1E4205DDC45F00526345 = {
+                       fileRef = F517346E03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA607A040F25570013F915 = {
-                       fileRef = F517327003F1B65901120114;
+               A1AB1E4305DDC45F00526345 = {
+                       fileRef = F517347B03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA607B040F25620013F915 = {
-                       fileRef = F517328503F1B65901120114;
+               A1AB1E4405DDC45F00526345 = {
+                       fileRef = F517347E03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA607C040F25630013F915 = {
-                       fileRef = F517328603F1B65901120114;
+               A1AB1E4505DDC45F00526345 = {
+                       fileRef = F517348003F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA607D040F25650013F915 = {
-                       fileRef = F517328803F1B65901120114;
+               A1AB1E4605DDC45F00526345 = {
+                       fileRef = F517346903F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA607E040F25660013F915 = {
-                       fileRef = F517328903F1B65901120114;
+               A1AB1E4705DDC45F00526345 = {
+                       fileRef = F517345903F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA607F040F25680013F915 = {
-                       fileRef = F517328703F1B65901120114;
+               A1AB1E4805DDC45F00526345 = {
+                       fileRef = F517342403F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6080040F256B0013F915 = {
-                       fileRef = F517328B03F1B65901120114;
+               A1AB1E4905DDC45F00526345 = {
+                       fileRef = F517342503F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6081040F25720013F915 = {
-                       fileRef = F517329003F1B65901120114;
+               A1AB1E4A05DDC45F00526345 = {
+                       fileRef = F517342803F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6082040F25730013F915 = {
-                       fileRef = F517329103F1B65901120114;
+               A1AB1E4B05DDC45F00526345 = {
+                       fileRef = F517342903F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6083040F25740013F915 = {
-                       fileRef = F517329203F1B65901120114;
+               A1AB1E4C05DDC45F00526345 = {
+                       fileRef = F517342C03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6084040F25760013F915 = {
-                       fileRef = F517328E03F1B65901120114;
+               A1AB1E4D05DDC45F00526345 = {
+                       fileRef = F517342D03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6085040F25780013F915 = {
-                       fileRef = F517328D03F1B65901120114;
+               A1AB1E4E05DDC45F00526345 = {
+                       fileRef = F517342E03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6086040F25810013F915 = {
-                       fileRef = F517329C03F1B65901120114;
+               A1AB1E4F05DDC45F00526345 = {
+                       fileRef = F517343403F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6087040F25820013F915 = {
-                       fileRef = F517329D03F1B65901120114;
+               A1AB1E5005DDC45F00526345 = {
+                       fileRef = F517343703F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6088040F25840013F915 = {
-                       fileRef = F517329E03F1B65901120114;
+               A1AB1E5105DDC45F00526345 = {
+                       fileRef = F517343803F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6089040F25860013F915 = {
-                       fileRef = F51732A003F1B65901120114;
+               A1AB1E5205DDC45F00526345 = {
+                       fileRef = F517343903F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA608A040F25860013F915 = {
-                       fileRef = F517329F03F1B65901120114;
+               A1AB1E5305DDC45F00526345 = {
+                       fileRef = F517343A03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA608B040F258D0013F915 = {
-                       fileRef = F51732A903F1B65901120114;
+               A1AB1E5405DDC45F00526345 = {
+                       fileRef = F517343F03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA608C040F25910013F915 = {
-                       fileRef = F51732AA03F1B65901120114;
+               A1AB1E5505DDC45F00526345 = {
+                       fileRef = F517344003F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA608D040F25940013F915 = {
-                       fileRef = F51732AB03F1B65901120114;
+               A1AB1E5605DDC45F00526345 = {
+                       fileRef = F517344303F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA608E040F25950013F915 = {
-                       fileRef = F51732AC03F1B65901120114;
+               A1AB1E5705DDC45F00526345 = {
+                       fileRef = F517344403F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA608F040F25980013F915 = {
-                       fileRef = F51732AD03F1B65901120114;
+               A1AB1E5805DDC45F00526345 = {
+                       fileRef = F517344603F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6090040F25A10013F915 = {
-                       fileRef = F51732B903F1B65901120114;
+               A1AB1E5905DDC45F00526345 = {
+                       fileRef = F517344C03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6091040F25A20013F915 = {
-                       fileRef = F51732BA03F1B65901120114;
+               A1AB1E5A05DDC45F00526345 = {
+                       fileRef = F517345703F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6092040F25AC0013F915 = {
-                       fileRef = F51732C103F1B65901120114;
+               A1AB1E5B05DDC45F00526345 = {
+                       fileRef = F517345803F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6093040F25AD0013F915 = {
-                       fileRef = F51732C203F1B65901120114;
+               A1AB1E5C05DDC45F00526345 = {
+                       fileRef = F517346103F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6094040F25B50013F915 = {
-                       fileRef = F51732CB03F1B65901120114;
+               A1AB1E5D05DDC45F00526345 = {
+                       fileRef = F517345E03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6095040F25B70013F915 = {
-                       fileRef = F51732CC03F1B65901120114;
+               A1AB1E5E05DDC45F00526345 = {
+                       fileRef = F517345F03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6096040F25B80013F915 = {
-                       fileRef = F51732C803F1B65901120114;
+               A1AB1E5F05DDC45F00526345 = {
+                       fileRef = F517343003F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6097040F25B90013F915 = {
-                       fileRef = F51732CA03F1B65901120114;
+               A1AB1E6005DDC45F00526345 = {
+                       fileRef = F517348603F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6098040F25BE0013F915 = {
-                       fileRef = F51732D403F1B65901120114;
+               A1AB1E6105DDC45F00526345 = {
+                       fileRef = F517343303F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA6099040F25BE0013F915 = {
-                       fileRef = F51732D503F1B65901120114;
+               A1AB1E6205DDC45F00526345 = {
+                       fileRef = F517343503F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA609A040F25BF0013F915 = {
-                       fileRef = F51732D603F1B65901120114;
+               A1AB1E6305DDC45F00526345 = {
+                       fileRef = F517343B03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA609B040F25C70013F915 = {
-                       fileRef = F51732DD03F1B65901120114;
+               A1AB1E6405DDC45F00526345 = {
+                       fileRef = F517344703F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA609C040F25C70013F915 = {
-                       fileRef = F51732DE03F1B65901120114;
+               A1AB1E6505DDC45F00526345 = {
+                       fileRef = F517346703F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA609D040F25D40013F915 = {
-                       fileRef = F51732FC03F1B65901120114;
+               A1AB1E6605DDC45F00526345 = {
+                       fileRef = F517346B03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA609E040F25D50013F915 = {
-                       fileRef = F51732FD03F1B65901120114;
+               A1AB1E6705DDC45F00526345 = {
+                       fileRef = F517346D03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA609F040F25D70013F915 = {
-                       fileRef = F517330003F1B65901120114;
+               A1AB1E6805DDC45F00526345 = {
+                       fileRef = F517346F03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA60A0040F25D80013F915 = {
-                       fileRef = F517330103F1B65901120114;
+               A1AB1E6905DDC45F00526345 = {
+                       fileRef = F517347C03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA60A1040F25D90013F915 = {
-                       fileRef = F517330203F1B65901120114;
+               A1AB1E6A05DDC45F00526345 = {
+                       fileRef = F517344B03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA60A2040F25DB0013F915 = {
-                       fileRef = F517330303F1B65901120114;
+               A1AB1E6B05DDC45F00526345 = {
+                       fileRef = F517343E03F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA60A3040F25DC0013F915 = {
-                       fileRef = F517330403F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               A1AB1E6C05DDC45F00526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               A1CA60A4040F25DD0013F915 = {
-                       fileRef = F517330503F1B65901120114;
+               A1AB1E6D05DDC45F00526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
+               };
+               A1AB1E6F05DDC45F00526345 = {
+                       explicitFileType = archive.ar;
+                       includeInIndex = 0;
+                       isa = PBXFileReference;
+                       path = libKerberos4.a;
+                       refType = 3;
+                       sourceTree = BUILT_PRODUCTS_DIR;
+               };
+               A1AB1E8105DDC47700526345 = {
+                       buildPhases = (
+                               A1AB1E8505DDC47700526345,
+                               A1AB1EB905DDC47800526345,
+                               A1AB1FAE05DDC47800526345,
+                               A1AB1FAF05DDC47800526345,
+                       );
+                       buildRules = (
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               GCC_PRECOMPILE_PREFIX_HEADER = YES;
+                               GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h;
+                               HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(SRCROOT)/../Sources/include $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../../CredentialsCache/Headers $(SRCROOT)/../../CredentialsCache/Headers/Kerberos $(SRCROOT)/../../KerberosLogin/Headers $(SRCROOT)/../../KerberosLogin/Headers/Kerberos";
+                               LIBRARY_STYLE = STATIC;
+                               PRODUCT_NAME = Kerberos5;
+                               REZ_EXECUTABLE = YES;
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       dependencies = (
+                               A1AB1E8205DDC47700526345,
+                               A1AB1E8305DDC47700526345,
+                               A1AB1E8405DDC47700526345,
+                       );
+                       isa = PBXNativeTarget;
+                       name = Kerberos5;
+                       productInstallPath = /usr/local/lib;
+                       productName = Kerberos5;
+                       productReference = A1AB1FB105DDC47800526345;
+                       productType = "com.apple.product-type.library.static";
+               };
+               A1AB1E8205DDC47700526345 = {
+                       isa = PBXTargetDependency;
+                       target = F5CFD5E6022D8A9901120112;
+                       targetProxy = A181DA4805CEFC0400E4C246;
+               };
+               A1AB1E8305DDC47700526345 = {
+                       isa = PBXTargetDependency;
+                       target = F5CFD629022D922C01120112;
+                       targetProxy = A181DA4305CEFC0400E4C246;
+               };
+               A1AB1E8405DDC47700526345 = {
+                       isa = PBXTargetDependency;
+                       target = A1AB1DEC05DDC40100526345;
+                       targetProxy = A181DA4905CEFC0400E4C246;
+               };
+               A1AB1E8505DDC47700526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               A1AB1E8605DDC47700526345,
+                               A1AB1E8705DDC47700526345,
+                               A1AB1E8805DDC47700526345,
+                               A1AB1E8905DDC47700526345,
+                               A1AB1E8A05DDC47700526345,
+                               A1AB1E8B05DDC47700526345,
+                               A1AB1E8C05DDC47700526345,
+                               A1AB1E8D05DDC47700526345,
+                               A1AB1E8E05DDC47700526345,
+                               A1AB1E8F05DDC47700526345,
+                               A1AB1E9005DDC47700526345,
+                               A1AB1E9105DDC47700526345,
+                               A1AB1E9205DDC47700526345,
+                               A1AB1E9305DDC47700526345,
+                               A1AB1E9405DDC47700526345,
+                               A1AB1E9505DDC47700526345,
+                               A1AB1E9605DDC47700526345,
+                               A1AB1E9705DDC47700526345,
+                               A1AB1E9805DDC47700526345,
+                               A1AB1E9905DDC47700526345,
+                               A1AB1E9A05DDC47700526345,
+                               A1AB1E9B05DDC47700526345,
+                               A1AB1E9C05DDC47700526345,
+                               A1AB1E9D05DDC47700526345,
+                               A1AB1E9E05DDC47700526345,
+                               A1AB1E9F05DDC47700526345,
+                               A1AB1EA005DDC47700526345,
+                               A1AB1EA105DDC47700526345,
+                               A1AB1EA205DDC47700526345,
+                               A1AB1EA305DDC47700526345,
+                               A1AB1EA405DDC47700526345,
+                               A1AB1EA505DDC47700526345,
+                               A1AB1EA605DDC47700526345,
+                               A1AB1EA705DDC47700526345,
+                               A1AB1EA805DDC47700526345,
+                               A1AB1EA905DDC47700526345,
+                               A1AB1EAA05DDC47700526345,
+                               A1AB1EAB05DDC47700526345,
+                               A1AB1EAC05DDC47700526345,
+                               A1AB1EAD05DDC47700526345,
+                               A1AB1EAE05DDC47700526345,
+                               A1AB1EAF05DDC47800526345,
+                               A1AB1EB005DDC47800526345,
+                               A1AB1EB105DDC47800526345,
+                               A1AB1EB205DDC47800526345,
+                               A1AB1EB305DDC47800526345,
+                               A1AB1EB405DDC47800526345,
+                               A1AB1EB505DDC47800526345,
+                               A1AB1EB605DDC47800526345,
+                               A1AB1EB705DDC47800526345,
+                               A1AB1EB805DDC47800526345,
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
+               };
+               A1AB1E8605DDC47700526345 = {
+                       fileRef = F517355303F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA60A5040F25DE0013F915 = {
-                       fileRef = F517330703F1B65901120114;
+               A1AB1E8705DDC47700526345 = {
+                       fileRef = F517357403F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA60AF040F2A8A0013F915 = {
-                       fileRef = F517343E03F1B65A01120114;
+               A1AB1E8805DDC47700526345 = {
+                       fileRef = F517349503F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-               A1CA623604168DFE0013F915 = {
-                       fileEncoding = 4;
-                       isa = PBXFileReference;
-                       path = Kerberos5Prefix.h;
-                       refType = 4;
+               A1AB1E8905DDC47700526345 = {
+                       fileRef = F517349703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               A1CA623704168DFE0013F915 = {
-                       fileRef = A1CA623604168DFE0013F915;
+               A1AB1E8A05DDC47700526345 = {
+                       fileRef = F517349903F1B65A01120114;
                        isa = PBXBuildFile;
                        settings = {
                        };
                };
-//A10
-//A11
-//A12
-//A13
-//A14
-//F50
-//F51
-//F52
-//F53
-//F54
-               F5172F7B03F1B65801120114 = {
-                       children = (
-                               F5E59C0D03FD95A101120114,
-                               F517307F03F1B65801120114,
-                               F5E59C0E03FD95A101120114,
-                               F5E59C0F03FD95CF01120114,
-                               F51730DE03F1B65801120114,
-                               A12536B3040BEC05003D8244,
-                               F517320A03F1B65901120114,
-                               F517322103F1B65901120114,
-                               A198BBE10406D04A00120114,
-                               F51736C803F1B65B01120114,
-                       );
-                       isa = PBXGroup;
-                       name = Sources;
-                       path = ../Sources;
-                       refType = 2;
+               A1AB1E8B05DDC47700526345 = {
+                       fileRef = F517349F03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517307F03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1E8C05DDC47700526345 = {
+                       fileRef = F51734A303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730DE03F1B65801120114 = {
-                       children = (
-                               F51730E203F1B65801120114,
-                               F51730E303F1B65801120114,
-                               F51730E503F1B65801120114,
-                               F51730E603F1B65801120114,
-                               F51730E703F1B65801120114,
-                               F51730E803F1B65801120114,
-                               F51730E903F1B65801120114,
-                               F51730FB03F1B65801120114,
-                               F517310E03F1B65801120114,
-                               F517310F03F1B65801120114,
-                               F517311003F1B65801120114,
-                               F517311103F1B65801120114,
-                               F517311203F1B65801120114,
-                               F517311303F1B65901120114,
-                               F517311503F1B65901120114,
-                               F517311603F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = include;
-                       refType = 4;
+               A1AB1E8D05DDC47700526345 = {
+                       fileRef = F51734A903F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730E203F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1E8E05DDC47700526345 = {
+                       fileRef = F51734A103F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730E303F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = cm.h;
-                       refType = 4;
+               A1AB1E8F05DDC47700526345 = {
+                       fileRef = F517349B03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730E503F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "fake-addrinfo.h";
-                       refType = 4;
+               A1AB1E9005DDC47700526345 = {
+                       fileRef = F517349D03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730E603F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = foreachaddr.c;
-                       refType = 4;
+               A1AB1E9105DDC47700526345 = {
+                       fileRef = F51734A403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730E703F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "k5-int.h";
-                       refType = 4;
+               A1AB1E9205DDC47700526345 = {
+                       fileRef = F51734C003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730E803F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "k5-util.h";
-                       refType = 4;
+               A1AB1E9305DDC47700526345 = {
+                       fileRef = F51734C403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730E903F1B65801120114 = {
-                       children = (
-                               F51730EA03F1B65801120114,
-                               F51730EB03F1B65801120114,
-                               F51730EC03F1B65801120114,
-                               F51730ED03F1B65801120114,
-                               F51730EE03F1B65801120114,
-                               F51730EF03F1B65801120114,
-                               F51730F003F1B65801120114,
-                               F51730F103F1B65801120114,
-                               F51730F203F1B65801120114,
-                               F51730F303F1B65801120114,
-                               F51730F403F1B65801120114,
-                               F51730F503F1B65801120114,
-                               F51730F603F1B65801120114,
-                               F51730F703F1B65801120114,
-                               F51730F803F1B65801120114,
-                               F51730F903F1B65801120114,
-                               F51730FA03F1B65801120114,
-                       );
-                       isa = PBXGroup;
-                       path = kerberosIV;
-                       refType = 4;
+               A1AB1E9405DDC47700526345 = {
+                       fileRef = F51734B503F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730EA03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .cvsignore;
-                       refType = 4;
+               A1AB1E9505DDC47700526345 = {
+                       fileRef = F51734B703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730EB03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .Sanitize;
-                       refType = 4;
+               A1AB1E9605DDC47700526345 = {
+                       fileRef = F51730E703F1B65801120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730EC03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = addr_comp.h;
-                       refType = 4;
+               A1AB1E9705DDC47700526345 = {
+                       fileRef = F51734F103F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730ED03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = admin_server.h;
-                       refType = 4;
+               A1AB1E9805DDC47700526345 = {
+                       fileRef = F51734F803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730EE03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1E9905DDC47700526345 = {
+                       fileRef = F517351A03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730EF03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = des.h;
-                       refType = 4;
+               A1AB1E9A05DDC47700526345 = {
+                       fileRef = F51735A103F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730F003F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kadm.h;
-                       refType = 4;
+               A1AB1E9B05DDC47700526345 = {
+                       fileRef = F51735A403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730F103F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kdc.h;
-                       refType = 4;
+               A1AB1E9C05DDC47700526345 = {
+                       fileRef = F51735A603F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730F203F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = klog.h;
-                       refType = 4;
+               A1AB1E9D05DDC47700526345 = {
+                       fileRef = F5E2662D03F443E901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730F303F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kparse.h;
-                       refType = 4;
+               A1AB1E9E05DDC47700526345 = {
+                       fileRef = F5E2662F03F443E901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730F403F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb.h;
-                       refType = 4;
+               A1AB1E9F05DDC47700526345 = {
+                       fileRef = F517325603F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730F503F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb_db.h;
-                       refType = 4;
+               A1AB1EA005DDC47700526345 = {
+                       fileRef = F517326603F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730F603F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krbports.h;
-                       refType = 4;
+               A1AB1EA105DDC47700526345 = {
+                       fileRef = F517329903F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730F703F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = lsb_addr_cmp.h;
-                       refType = 4;
+               A1AB1EA205DDC47700526345 = {
+                       fileRef = F517324D03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730F803F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1EA305DDC47700526345 = {
+                       fileRef = F517324B03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730F903F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "mit-copyright.h";
-                       refType = 4;
+               A1AB1EA405DDC47700526345 = {
+                       fileRef = F517325E03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730FA03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = prot.h;
-                       refType = 4;
+               A1AB1EA505DDC47700526345 = {
+                       fileRef = F517327A03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730FB03F1B65801120114 = {
-                       children = (
-                               F51730FF03F1B65801120114,
-                               F517310003F1B65801120114,
-                               F517310103F1B65801120114,
-                               F517310203F1B65801120114,
-                               F517310303F1B65801120114,
-                               F517310403F1B65801120114,
-                               F517310503F1B65801120114,
-                               F517310603F1B65801120114,
-                               F517310703F1B65801120114,
-                               F517310803F1B65801120114,
-                               F517310903F1B65801120114,
-                               F517310A03F1B65801120114,
-                       );
-                       isa = PBXGroup;
-                       path = krb5;
-                       refType = 4;
+               A1AB1EA605DDC47700526345 = {
+                       fileRef = F517327003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51730FF03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = adm.h;
-                       refType = 4;
+               A1AB1EA705DDC47700526345 = {
+                       fileRef = F517328703F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310003F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = adm_defs.h;
-                       refType = 4;
+               A1AB1EA805DDC47700526345 = {
+                       fileRef = F517329203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310103F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = adm_proto.h;
-                       refType = 4;
+               A1AB1EA905DDC47700526345 = {
+                       fileRef = F517329F03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310203F1B65801120114 = {
-                       children = (
-                       );
-                       isa = PBXGroup;
-                       path = asn.1;
-                       refType = 4;
+               A1AB1EAA05DDC47700526345 = {
+                       fileRef = F51732AD03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310303F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1EAB05DDC47700526345 = {
+                       fileRef = F51732BA03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310403F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = copyright.h;
-                       refType = 4;
+               A1AB1EAC05DDC47700526345 = {
+                       fileRef = F51732C203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310503F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kdb.h;
-                       refType = 4;
+               A1AB1EAD05DDC47700526345 = {
+                       fileRef = F51732CA03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310603F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kdb_dbc.h;
-                       refType = 4;
+               A1AB1EAE05DDC47700526345 = {
+                       fileRef = F51732D403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310703F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kdb_dbm.h;
-                       refType = 4;
+               A1AB1EAF05DDC47800526345 = {
+                       fileRef = F51732DE03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310803F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kdb_kt.h;
-                       refType = 4;
+               A1AB1EB005DDC47800526345 = {
+                       fileRef = F51732FD03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310903F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1EB105DDC47800526345 = {
+                       fileRef = F517330103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310A03F1B65801120114 = {
-                       children = (
-                               F517310B03F1B65801120114,
-                               F517310C03F1B65801120114,
-                               F517310D03F1B65801120114,
-                       );
-                       isa = PBXGroup;
-                       path = stock;
-                       refType = 4;
+               A1AB1EB205DDC47800526345 = {
+                       fileRef = F517330203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310B03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .Sanitize;
-                       refType = 4;
+               A1AB1EB305DDC47800526345 = {
+                       fileRef = F517330303F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310C03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1EB405DDC47800526345 = {
+                       fileRef = F517330403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310D03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = osconf.h;
-                       refType = 4;
-               };
-               F517310E03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb5.hin;
-                       refType = 4;
+               A1AB1EB505DDC47800526345 = {
+                       fileRef = F517330503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517310F03F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb54proto.h;
-                       refType = 4;
+               A1AB1EB605DDC47800526345 = {
+                       fileRef = F517330703F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517311003F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1EB705DDC47800526345 = {
+                       fileRef = A1B21F180417D6BC00120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517311103F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "port-sockets.h";
-                       refType = 4;
+               A1AB1EB805DDC47800526345 = {
+                       fileRef = A181DA5405CF0BD800E4C246;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517311203F1B65801120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "socket-utils.h";
-                       refType = 4;
+               A1AB1EB905DDC47800526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               A1AB1EBA05DDC47800526345,
+                               A1AB1EBB05DDC47800526345,
+                               A1AB1EBC05DDC47800526345,
+                               A1AB1EBD05DDC47800526345,
+                               A1AB1EBE05DDC47800526345,
+                               A1AB1EBF05DDC47800526345,
+                               A1AB1EC005DDC47800526345,
+                               A1AB1EC105DDC47800526345,
+                               A1AB1EC205DDC47800526345,
+                               A1AB1EC305DDC47800526345,
+                               A1AB1EC405DDC47800526345,
+                               A1AB1EC505DDC47800526345,
+                               A1AB1EC605DDC47800526345,
+                               A1AB1EC705DDC47800526345,
+                               A1AB1EC805DDC47800526345,
+                               A1AB1EC905DDC47800526345,
+                               A1AB1ECA05DDC47800526345,
+                               A1AB1ECB05DDC47800526345,
+                               A1AB1ECC05DDC47800526345,
+                               A1AB1ECD05DDC47800526345,
+                               A1AB1ECE05DDC47800526345,
+                               A1AB1ECF05DDC47800526345,
+                               A1AB1ED005DDC47800526345,
+                               A1AB1ED105DDC47800526345,
+                               A1AB1ED205DDC47800526345,
+                               A1AB1ED305DDC47800526345,
+                               A1AB1ED405DDC47800526345,
+                               A1AB1ED505DDC47800526345,
+                               A1AB1ED605DDC47800526345,
+                               A1AB1ED705DDC47800526345,
+                               A1AB1ED805DDC47800526345,
+                               A1AB1ED905DDC47800526345,
+                               A1AB1EDA05DDC47800526345,
+                               A1AB1EDB05DDC47800526345,
+                               A1AB1EDC05DDC47800526345,
+                               A1AB1EDD05DDC47800526345,
+                               A1AB1EDE05DDC47800526345,
+                               A1AB1EDF05DDC47800526345,
+                               A1AB1EE005DDC47800526345,
+                               A1AB1EE105DDC47800526345,
+                               A1AB1EE205DDC47800526345,
+                               A1AB1EE305DDC47800526345,
+                               A1AB1EE405DDC47800526345,
+                               A1AB1EE505DDC47800526345,
+                               A1AB1EE605DDC47800526345,
+                               A1AB1EE705DDC47800526345,
+                               A1AB1EE805DDC47800526345,
+                               A1AB1EE905DDC47800526345,
+                               A1AB1EEA05DDC47800526345,
+                               A1AB1EEB05DDC47800526345,
+                               A1AB1EEC05DDC47800526345,
+                               A1AB1EED05DDC47800526345,
+                               A1AB1EEE05DDC47800526345,
+                               A1AB1EEF05DDC47800526345,
+                               A1AB1EF005DDC47800526345,
+                               A1AB1EF105DDC47800526345,
+                               A1AB1EF205DDC47800526345,
+                               A1AB1EF305DDC47800526345,
+                               A1AB1EF405DDC47800526345,
+                               A1AB1EF505DDC47800526345,
+                               A1AB1EF605DDC47800526345,
+                               A1AB1EF705DDC47800526345,
+                               A1AB1EF805DDC47800526345,
+                               A1AB1EF905DDC47800526345,
+                               A1AB1EFA05DDC47800526345,
+                               A1AB1EFB05DDC47800526345,
+                               A1AB1EFC05DDC47800526345,
+                               A1AB1EFD05DDC47800526345,
+                               A1AB1EFE05DDC47800526345,
+                               A1AB1EFF05DDC47800526345,
+                               A1AB1F0005DDC47800526345,
+                               A1AB1F0105DDC47800526345,
+                               A1AB1F0205DDC47800526345,
+                               A1AB1F0305DDC47800526345,
+                               A1AB1F0405DDC47800526345,
+                               A1AB1F0505DDC47800526345,
+                               A1AB1F0605DDC47800526345,
+                               A1AB1F0705DDC47800526345,
+                               A1AB1F0805DDC47800526345,
+                               A1AB1F0905DDC47800526345,
+                               A1AB1F0A05DDC47800526345,
+                               A1AB1F0B05DDC47800526345,
+                               A1AB1F0C05DDC47800526345,
+                               A1AB1F0D05DDC47800526345,
+                               A1AB1F0E05DDC47800526345,
+                               A1AB1F0F05DDC47800526345,
+                               A1AB1F1005DDC47800526345,
+                               A1AB1F1105DDC47800526345,
+                               A1AB1F1205DDC47800526345,
+                               A1AB1F1305DDC47800526345,
+                               A1AB1F1405DDC47800526345,
+                               A1AB1F1505DDC47800526345,
+                               A1AB1F1605DDC47800526345,
+                               A1AB1F1705DDC47800526345,
+                               A1AB1F1805DDC47800526345,
+                               A1AB1F1905DDC47800526345,
+                               A1AB1F1A05DDC47800526345,
+                               A1AB1F1B05DDC47800526345,
+                               A1AB1F1C05DDC47800526345,
+                               A1AB1F1D05DDC47800526345,
+                               A1AB1F1E05DDC47800526345,
+                               A1AB1F1F05DDC47800526345,
+                               A1AB1F2005DDC47800526345,
+                               A1AB1F2105DDC47800526345,
+                               A1AB1F2205DDC47800526345,
+                               A1AB1F2305DDC47800526345,
+                               A1AB1F2405DDC47800526345,
+                               A1AB1F2505DDC47800526345,
+                               A1AB1F2605DDC47800526345,
+                               A1AB1F2705DDC47800526345,
+                               A1AB1F2805DDC47800526345,
+                               A1AB1F2905DDC47800526345,
+                               A1AB1F2A05DDC47800526345,
+                               A1AB1F2B05DDC47800526345,
+                               A1AB1F2C05DDC47800526345,
+                               A1AB1F2D05DDC47800526345,
+                               A1AB1F2E05DDC47800526345,
+                               A1AB1F2F05DDC47800526345,
+                               A1AB1F3005DDC47800526345,
+                               A1AB1F3105DDC47800526345,
+                               A1AB1F3205DDC47800526345,
+                               A1AB1F3305DDC47800526345,
+                               A1AB1F3405DDC47800526345,
+                               A1AB1F3505DDC47800526345,
+                               A1AB1F3605DDC47800526345,
+                               A1AB1F3705DDC47800526345,
+                               A1AB1F3805DDC47800526345,
+                               A1AB1F3905DDC47800526345,
+                               A1AB1F3A05DDC47800526345,
+                               A1AB1F3B05DDC47800526345,
+                               A1AB1F3C05DDC47800526345,
+                               A1AB1F3D05DDC47800526345,
+                               A1AB1F3E05DDC47800526345,
+                               A1AB1F3F05DDC47800526345,
+                               A1AB1F4005DDC47800526345,
+                               A1AB1F4105DDC47800526345,
+                               A1AB1F4205DDC47800526345,
+                               A1AB1F4305DDC47800526345,
+                               A1AB1F4405DDC47800526345,
+                               A1AB1F4505DDC47800526345,
+                               A1AB1F4605DDC47800526345,
+                               A1AB1F4705DDC47800526345,
+                               A1AB1F4805DDC47800526345,
+                               A1AB1F4905DDC47800526345,
+                               A1AB1F4A05DDC47800526345,
+                               A1AB1F4B05DDC47800526345,
+                               A1AB1F4C05DDC47800526345,
+                               A1AB1F4D05DDC47800526345,
+                               A1AB1F4E05DDC47800526345,
+                               A1AB1F4F05DDC47800526345,
+                               A1AB1F5005DDC47800526345,
+                               A1AB1F5105DDC47800526345,
+                               A1AB1F5205DDC47800526345,
+                               A1AB1F5305DDC47800526345,
+                               A1AB1F5405DDC47800526345,
+                               A1AB1F5505DDC47800526345,
+                               A1AB1F5605DDC47800526345,
+                               A1AB1F5705DDC47800526345,
+                               A1AB1F5805DDC47800526345,
+                               A1AB1F5905DDC47800526345,
+                               A1AB1F5A05DDC47800526345,
+                               A1AB1F5B05DDC47800526345,
+                               A1AB1F5C05DDC47800526345,
+                               A1AB1F5D05DDC47800526345,
+                               A1AB1F5E05DDC47800526345,
+                               A1AB1F5F05DDC47800526345,
+                               A1AB1F6005DDC47800526345,
+                               A1AB1F6105DDC47800526345,
+                               A1AB1F6205DDC47800526345,
+                               A1AB1F6305DDC47800526345,
+                               A1AB1F6405DDC47800526345,
+                               A1AB1F6505DDC47800526345,
+                               A1AB1F6605DDC47800526345,
+                               A1AB1F6705DDC47800526345,
+                               A1AB1F6805DDC47800526345,
+                               A1AB1F6905DDC47800526345,
+                               A1AB1F6A05DDC47800526345,
+                               A1AB1F6B05DDC47800526345,
+                               A1AB1F6C05DDC47800526345,
+                               A1AB1F6D05DDC47800526345,
+                               A1AB1F6E05DDC47800526345,
+                               A1AB1F6F05DDC47800526345,
+                               A1AB1F7005DDC47800526345,
+                               A1AB1F7105DDC47800526345,
+                               A1AB1F7205DDC47800526345,
+                               A1AB1F7305DDC47800526345,
+                               A1AB1F7405DDC47800526345,
+                               A1AB1F7505DDC47800526345,
+                               A1AB1F7605DDC47800526345,
+                               A1AB1F7705DDC47800526345,
+                               A1AB1F7805DDC47800526345,
+                               A1AB1F7905DDC47800526345,
+                               A1AB1F7A05DDC47800526345,
+                               A1AB1F7B05DDC47800526345,
+                               A1AB1F7C05DDC47800526345,
+                               A1AB1F7D05DDC47800526345,
+                               A1AB1F7E05DDC47800526345,
+                               A1AB1F7F05DDC47800526345,
+                               A1AB1F8005DDC47800526345,
+                               A1AB1F8105DDC47800526345,
+                               A1AB1F8205DDC47800526345,
+                               A1AB1F8305DDC47800526345,
+                               A1AB1F8405DDC47800526345,
+                               A1AB1F8505DDC47800526345,
+                               A1AB1F8605DDC47800526345,
+                               A1AB1F8705DDC47800526345,
+                               A1AB1F8805DDC47800526345,
+                               A1AB1F8905DDC47800526345,
+                               A1AB1F8A05DDC47800526345,
+                               A1AB1F8B05DDC47800526345,
+                               A1AB1F8C05DDC47800526345,
+                               A1AB1F8D05DDC47800526345,
+                               A1AB1F8E05DDC47800526345,
+                               A1AB1F8F05DDC47800526345,
+                               A1AB1F9005DDC47800526345,
+                               A1AB1F9105DDC47800526345,
+                               A1AB1F9205DDC47800526345,
+                               A1AB1F9305DDC47800526345,
+                               A1AB1F9405DDC47800526345,
+                               A1AB1F9505DDC47800526345,
+                               A1AB1F9605DDC47800526345,
+                               A1AB1F9705DDC47800526345,
+                               A1AB1F9805DDC47800526345,
+                               A1AB1F9905DDC47800526345,
+                               A1AB1F9A05DDC47800526345,
+                               A1AB1F9B05DDC47800526345,
+                               A1AB1F9C05DDC47800526345,
+                               A1AB1F9D05DDC47800526345,
+                               A1AB1F9E05DDC47800526345,
+                               A1AB1F9F05DDC47800526345,
+                               A1AB1FA005DDC47800526345,
+                               A1AB1FA105DDC47800526345,
+                               A1AB1FA205DDC47800526345,
+                               A1AB1FA305DDC47800526345,
+                               A1AB1FA405DDC47800526345,
+                               A1AB1FA505DDC47800526345,
+                               A1AB1FA605DDC47800526345,
+                               A1AB1FA705DDC47800526345,
+                               A1AB1FA805DDC47800526345,
+                               A1AB1FA905DDC47800526345,
+                               A1AB1FAA05DDC47800526345,
+                               A1AB1FAB05DDC47800526345,
+                               A1AB1FAC05DDC47800526345,
+                               A1AB1FAD05DDC47800526345,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               F517311303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "spnego-asn1.h";
-                       refType = 4;
+               A1AB1EBA05DDC47800526345 = {
+                       fileRef = F517355203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517311503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = syslog.h;
-                       refType = 4;
+               A1AB1EBB05DDC47800526345 = {
+                       fileRef = F517355803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517311603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "win-mac.h";
-                       refType = 4;
+               A1AB1EBC05DDC47800526345 = {
+                       fileRef = F517355903F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517320A03F1B65901120114 = {
-                       children = (
-                               F517320D03F1B65901120114,
-                               F517320E03F1B65901120114,
-                               F517320F03F1B65901120114,
-                               F517321003F1B65901120114,
-                               F517321103F1B65901120114,
-                               F517321203F1B65901120114,
-                               F517321303F1B65901120114,
-                               F517321403F1B65901120114,
-                               F517321503F1B65901120114,
-                               F517321603F1B65901120114,
-                               F517321703F1B65901120114,
-                               F517321803F1B65901120114,
-                               F517321903F1B65901120114,
-                               F517321A03F1B65901120114,
-                               F517321B03F1B65901120114,
-                               F517321C03F1B65901120114,
-                               F517321D03F1B65901120114,
-                               F517321E03F1B65901120114,
-                               F517321F03F1B65901120114,
-                               F517322003F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = krb524;
-                       refType = 4;
+               A1AB1EBD05DDC47800526345 = {
+                       fileRef = F517355A03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517320D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1EBE05DDC47800526345 = {
+                       fileRef = F517355B03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517320E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = cnv_tkt_skey.c;
-                       refType = 4;
+               A1AB1EBF05DDC47800526345 = {
+                       fileRef = F517355D03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517320F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = configure.in;
-                       refType = 4;
+               A1AB1EC005DDC47800526345 = {
+                       fileRef = F517355E03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = conv_creds.c;
-                       refType = 4;
+               A1AB1EC105DDC47800526345 = {
+                       fileRef = F517355F03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = conv_princ.c;
-                       refType = 4;
+               A1AB1EC205DDC47800526345 = {
+                       fileRef = F517356003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = encode.c;
-                       refType = 4;
+               A1AB1EC305DDC47800526345 = {
+                       fileRef = F517356103F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = getcred.c;
-                       refType = 4;
+               A1AB1EC405DDC47800526345 = {
+                       fileRef = F517356203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = globals.c;
-                       refType = 4;
+               A1AB1EC505DDC47800526345 = {
+                       fileRef = F517356303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = k524init.c;
-                       refType = 4;
+               A1AB1EC605DDC47800526345 = {
+                       fileRef = F517356403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb524.def;
-                       refType = 4;
+               A1AB1EC705DDC47800526345 = {
+                       fileRef = F517356503F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb524.h;
-                       refType = 4;
+               A1AB1EC805DDC47800526345 = {
+                       fileRef = F517356603F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb524_err.et;
-                       refType = 4;
+               A1AB1EC905DDC47800526345 = {
+                       fileRef = F517356703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb524_prot;
-                       refType = 4;
+               A1AB1ECA05DDC47800526345 = {
+                       fileRef = F517356803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321A03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb524d.c;
-                       refType = 4;
+               A1AB1ECB05DDC47800526345 = {
+                       fileRef = F517356A03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = libinit.c;
-                       refType = 4;
+               A1AB1ECC05DDC47800526345 = {
+                       fileRef = F517356903F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1ECD05DDC47800526345 = {
+                       fileRef = F517356B03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = misc.c;
-                       refType = 4;
+               A1AB1ECE05DDC47800526345 = {
+                       fileRef = F517356C03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = README;
-                       refType = 4;
+               A1AB1ECF05DDC47800526345 = {
+                       fileRef = F517356D03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517321F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = sendmsg.c;
-                       refType = 4;
+               A1AB1ED005DDC47800526345 = {
+                       fileRef = F517356E03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = test.c;
-                       refType = 4;
+               A1AB1ED105DDC47800526345 = {
+                       fileRef = F517356F03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322103F1B65901120114 = {
-                       children = (
-                               F517322403F1B65901120114,
-                               F517322603F1B65901120114,
-                               F517330803F1B65901120114,
-                               F517332103F1B65901120114,
-                               F517332203F1B65901120114,
-                               F517332303F1B65901120114,
-                               F517332403F1B65901120114,
-                               F517332503F1B65901120114,
-                               F517332603F1B65901120114,
-                               F517342003F1B65A01120114,
-                               F517348E03F1B65A01120114,
-                               F51735B103F1B65A01120114,
-                               F517360C03F1B65B01120114,
-                       );
-                       isa = PBXGroup;
-                       path = lib;
-                       refType = 4;
+               A1AB1ED205DDC47800526345 = {
+                       fileRef = F517357103F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1ED305DDC47800526345 = {
+                       fileRef = F517357203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322603F1B65901120114 = {
-                       children = (
-                               F517322703F1B65901120114,
-                               F517322803F1B65901120114,
-                               F517322903F1B65901120114,
-                               F517324A03F1B65901120114,
-                               F517325103F1B65901120114,
-                               F517325203F1B65901120114,
-                               F517325303F1B65901120114,
-                               F517325403F1B65901120114,
-                               F517325503F1B65901120114,
-                               F517325603F1B65901120114,
-                               F517325703F1B65901120114,
-                               F517325803F1B65901120114,
-                               F517325903F1B65901120114,
-                               F517325A03F1B65901120114,
-                               F517326503F1B65901120114,
-                               F517326603F1B65901120114,
-                               F517326703F1B65901120114,
-                               F517326803F1B65901120114,
-                               F517326903F1B65901120114,
-                               F517328303F1B65901120114,
-                               F517328C03F1B65901120114,
-                               F517329403F1B65901120114,
-                               F517329503F1B65901120114,
-                               F517329603F1B65901120114,
-                               F517329703F1B65901120114,
-                               F517329803F1B65901120114,
-                               F517329903F1B65901120114,
-                               F517329A03F1B65901120114,
-                               F51732A203F1B65901120114,
-                               F51732A303F1B65901120114,
-                               F51732A403F1B65901120114,
-                               F51732A503F1B65901120114,
-                               F51732A603F1B65901120114,
-                               F51732B003F1B65901120114,
-                               F51732B103F1B65901120114,
-                               F51732B203F1B65901120114,
-                               F51732B303F1B65901120114,
-                               F51732BB03F1B65901120114,
-                               F51732C503F1B65901120114,
-                               F51732C603F1B65901120114,
-                               F51732CD03F1B65901120114,
-                               F51732CF03F1B65901120114,
-                               F51732D003F1B65901120114,
-                               F51732D103F1B65901120114,
-                               F51732D803F1B65901120114,
-                               F51732E103F1B65901120114,
-                               F51732E203F1B65901120114,
-                               F51732E303F1B65901120114,
-                               F51732E403F1B65901120114,
-                               F51732E503F1B65901120114,
-                               F51732E603F1B65901120114,
-                               F51732E703F1B65901120114,
-                               F51732E803F1B65901120114,
-                               F51732E903F1B65901120114,
-                               F51732EA03F1B65901120114,
-                               F51732EB03F1B65901120114,
-                               F51732EC03F1B65901120114,
-                               F51732ED03F1B65901120114,
-                               F51732EE03F1B65901120114,
-                               F51732EF03F1B65901120114,
-                               F51732F003F1B65901120114,
-                               F51732F103F1B65901120114,
-                               F51732F203F1B65901120114,
-                               F51732F303F1B65901120114,
-                               F51732F403F1B65901120114,
-                               F51732F503F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = crypto;
-                       refType = 4;
+               A1AB1ED405DDC47800526345 = {
+                       fileRef = F517357303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .cvsignore;
-                       refType = 4;
+               A1AB1ED505DDC47800526345 = {
+                       fileRef = F517357503F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .Sanitize;
-                       refType = 4;
+               A1AB1ED605DDC47800526345 = {
+                       fileRef = F517357603F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322903F1B65901120114 = {
-                       children = (
-                               F517322A03F1B65901120114,
-                               A1B21F170417D6BC00120114,
-                               A1B21F180417D6BC00120114,
-                               F517322B03F1B65901120114,
-                               F517322C03F1B65901120114,
-                               F517322D03F1B65901120114,
-                               F517322E03F1B65901120114,
-                               F517322F03F1B65901120114,
-                               F517323003F1B65901120114,
-                               F517323103F1B65901120114,
-                               F517323203F1B65901120114,
-                               F517323303F1B65901120114,
-                               F517323403F1B65901120114,
-                               F517323503F1B65901120114,
-                               F517323603F1B65901120114,
-                               F517323703F1B65901120114,
-                               F517323803F1B65901120114,
-                               F517323903F1B65901120114,
-                               F517323A03F1B65901120114,
-                               F517323B03F1B65901120114,
-                               F517324703F1B65901120114,
-                               F517324803F1B65901120114,
-                               F517324903F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = aes;
-                       refType = 4;
+               A1AB1ED705DDC47800526345 = {
+                       fileRef = F517357703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322A03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "aes-gen.c";
-                       refType = 4;
+               A1AB1ED805DDC47800526345 = {
+                       fileRef = F517357803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "aes-test.c";
-                       refType = 4;
+               A1AB1ED905DDC47800526345 = {
+                       fileRef = F517357903F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aes.h;
-                       refType = 4;
+               A1AB1EDA05DDC47800526345 = {
+                       fileRef = F517357A03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aes.txt;
-                       refType = 4;
+               A1AB1EDB05DDC47800526345 = {
+                       fileRef = F517357B03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aescpp.h;
-                       refType = 4;
+               A1AB1EDC05DDC47800526345 = {
+                       fileRef = F517357C03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517322F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aescrypp.c;
-                       refType = 4;
+               A1AB1EDD05DDC47800526345 = {
+                       fileRef = F517357E03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aescrypt.asm;
-                       refType = 4;
+               A1AB1EDE05DDC47800526345 = {
+                       fileRef = F517357F03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aescrypt.c;
-                       refType = 4;
+               A1AB1EDF05DDC47800526345 = {
+                       fileRef = F517358603F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aeskey.c;
-                       refType = 4;
+               A1AB1EE005DDC47800526345 = {
+                       fileRef = F517358703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aeskeypp.c;
-                       refType = 4;
+               A1AB1EE105DDC47800526345 = {
+                       fileRef = F517358803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aesopt.h;
-                       refType = 4;
+               A1AB1EE205DDC47800526345 = {
+                       fileRef = F517358903F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323503F1B65901120114 = {
-                       isa = PBXFileReference;
-                       path = aessrc.url;
-                       refType = 4;
+               A1AB1EE305DDC47800526345 = {
+                       fileRef = F517358A03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aestab.c;
-                       refType = 4;
+               A1AB1EE405DDC47800526345 = {
+                       fileRef = F517349403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1EE505DDC47800526345 = {
+                       fileRef = F517349603F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "expect-vk.txt";
-                       refType = 4;
+               A1AB1EE605DDC47800526345 = {
+                       fileRef = F517349803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "expect-vt.txt";
-                       refType = 4;
+               A1AB1EE705DDC47800526345 = {
+                       fileRef = F517349E03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323A03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1EE805DDC47800526345 = {
+                       fileRef = F51734A203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323B03F1B65901120114 = {
-                       children = (
-                               F517323C03F1B65901120114,
-                               F517323D03F1B65901120114,
-                               F517323E03F1B65901120114,
-                               F517323F03F1B65901120114,
-                               F517324003F1B65901120114,
-                               F517324103F1B65901120114,
-                               F517324203F1B65901120114,
-                               F517324303F1B65901120114,
-                               F517324403F1B65901120114,
-                               F517324503F1B65901120114,
-                               F517324603F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = test;
-                       refType = 4;
+               A1AB1EE905DDC47800526345 = {
+                       fileRef = F51734A703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = cbc_d_m.txt;
-                       refType = 4;
+               A1AB1EEA05DDC47800526345 = {
+                       fileRef = F51734A803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = cbc_e_m.txt;
-                       refType = 4;
+               A1AB1EEB05DDC47800526345 = {
+                       fileRef = F51734A003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ecb_d_m.txt;
-                       refType = 4;
+               A1AB1EEC05DDC47800526345 = {
+                       fileRef = F517349A03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517323F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ecb_e_m.txt;
-                       refType = 4;
+               A1AB1EED05DDC47800526345 = {
+                       fileRef = F517349C03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ecb_iv.readme;
-                       refType = 4;
+               A1AB1EEE05DDC47800526345 = {
+                       fileRef = F51734AE03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ecb_iv.txt;
-                       refType = 4;
+               A1AB1EEF05DDC47800526345 = {
+                       fileRef = F51734AF03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ecb_tbl.txt;
-                       refType = 4;
+               A1AB1EF005DDC47800526345 = {
+                       fileRef = F51734B003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ecb_vk.txt;
-                       refType = 4;
+               A1AB1EF105DDC47800526345 = {
+                       fileRef = F51734BA03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ecb_vt.txt;
-                       refType = 4;
+               A1AB1EF205DDC47800526345 = {
+                       fileRef = F51734BB03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324503F1B65901120114 = {
-                       isa = PBXFileReference;
-                       path = katmct.pdf;
-                       refType = 4;
+               A1AB1EF305DDC47800526345 = {
+                       fileRef = F51734BC03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Readme.txt;
-                       refType = 4;
+               A1AB1EF405DDC47800526345 = {
+                       fileRef = F51734BD03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = uitypes.h;
-                       refType = 4;
+               A1AB1EF505DDC47800526345 = {
+                       fileRef = F51734BE03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = vb.txt;
-                       refType = 4;
+               A1AB1EF605DDC47800526345 = {
+                       fileRef = F51734C503F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324903F1B65901120114 = {
-                       isa = PBXFileReference;
-                       path = vbaxam.doc;
-                       refType = 4;
+               A1AB1EF705DDC47800526345 = {
+                       fileRef = F51734B403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324A03F1B65901120114 = {
-                       children = (
-                               F517324B03F1B65901120114,
-                               F517324C03F1B65901120114,
-                               F517324D03F1B65901120114,
-                               F517324E03F1B65901120114,
-                               F517324F03F1B65901120114,
-                               F517325003F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = arcfour;
-                       refType = 4;
+               A1AB1EF805DDC47800526345 = {
+                       fileRef = F51734B603F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "arcfour-int.h";
-                       refType = 4;
+               A1AB1EF905DDC47800526345 = {
+                       fileRef = F51734D303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = arcfour.c;
-                       refType = 4;
+               A1AB1EFA05DDC47800526345 = {
+                       fileRef = F51734DE03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = arcfour.h;
-                       refType = 4;
+               A1AB1EFB05DDC47800526345 = {
+                       fileRef = F51734DF03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1EFC05DDC47800526345 = {
+                       fileRef = F51734E003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517324F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1EFD05DDC47800526345 = {
+                       fileRef = F51734E103F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = string_to_key.c;
-                       refType = 4;
+               A1AB1EFE05DDC47800526345 = {
+                       fileRef = F51734E203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = block_size.c;
-                       refType = 4;
+               A1AB1EFF05DDC47800526345 = {
+                       fileRef = F51734E303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F0005DDC47800526345 = {
+                       fileRef = F51734E403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = checksum_length.c;
-                       refType = 4;
+               A1AB1F0105DDC47800526345 = {
+                       fileRef = F51734E503F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = cksumtype_to_string.c;
-                       refType = 4;
+               A1AB1F0205DDC47800526345 = {
+                       fileRef = F51734E703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = cksumtypes.c;
-                       refType = 4;
+               A1AB1F0305DDC47800526345 = {
+                       fileRef = F51734EC03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = cksumtypes.h;
-                       refType = 4;
+               A1AB1F0405DDC47800526345 = {
+                       fileRef = F51734ED03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = coll_proof_cksum.c;
-                       refType = 4;
+               A1AB1F0505DDC47800526345 = {
+                       fileRef = F51734EE03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = combine_keys.c;
-                       refType = 4;
+               A1AB1F0605DDC47800526345 = {
+                       fileRef = F51734EF03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = configure.in;
-                       refType = 4;
+               A1AB1F0705DDC47800526345 = {
+                       fileRef = F51734F003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325A03F1B65901120114 = {
-                       children = (
-                               F517325B03F1B65901120114,
-                               F517325C03F1B65901120114,
-                               F517325D03F1B65901120114,
-                               F517325E03F1B65901120114,
-                               F517325F03F1B65901120114,
-                               F517326003F1B65901120114,
-                               F517326103F1B65901120114,
-                               F517326203F1B65901120114,
-                               F517326303F1B65901120114,
-                               F517326403F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = crc32;
-                       refType = 4;
+               A1AB1F0805DDC47800526345 = {
+                       fileRef = F51734F203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .cvsignore;
-                       refType = 4;
+               A1AB1F0905DDC47800526345 = {
+                       fileRef = F51734F303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .Sanitize;
-                       refType = 4;
+               A1AB1F0A05DDC47800526345 = {
+                       fileRef = F51734F603F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F0B05DDC47800526345 = {
+                       fileRef = F51734F703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "crc-32.h";
-                       refType = 4;
+               A1AB1F0C05DDC47800526345 = {
+                       fileRef = F51734F903F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517325F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = crc.pl;
-                       refType = 4;
+               A1AB1F0D05DDC47800526345 = {
+                       fileRef = F51734FA03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = CRC.pm;
-                       refType = 4;
+               A1AB1F0E05DDC47800526345 = {
+                       fileRef = F51734FB03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = crc32.c;
-                       refType = 4;
+               A1AB1F0F05DDC47800526345 = {
+                       fileRef = F51734FC03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F1005DDC47800526345 = {
+                       fileRef = F51734FD03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Poly.pm;
-                       refType = 4;
+               A1AB1F1105DDC47800526345 = {
+                       fileRef = F51734FE03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_crc.c;
-                       refType = 4;
+               A1AB1F1205DDC47800526345 = {
+                       fileRef = F51734FF03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = crypto_libinit.c;
-                       refType = 4;
+               A1AB1F1305DDC47800526345 = {
+                       fileRef = F517350003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = crypto_libinit.h;
-                       refType = 4;
+               A1AB1F1405DDC47800526345 = {
+                       fileRef = F517350103F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = decrypt.c;
-                       refType = 4;
+               A1AB1F1505DDC47800526345 = {
+                       fileRef = F517350203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = default_state.c;
-                       refType = 4;
+               A1AB1F1605DDC47800526345 = {
+                       fileRef = F517350303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326903F1B65901120114 = {
-                       children = (
-                               F517326A03F1B65901120114,
-                               F517326B03F1B65901120114,
-                               F517326C03F1B65901120114,
-                               F517326D03F1B65901120114,
-                               F517326E03F1B65901120114,
-                               F517326F03F1B65901120114,
-                               F517327003F1B65901120114,
-                               F517327103F1B65901120114,
-                               F517327203F1B65901120114,
-                               F517327503F1B65901120114,
-                               F517327603F1B65901120114,
-                               F517327703F1B65901120114,
-                               F517327803F1B65901120114,
-                               F517327903F1B65901120114,
-                               F517327A03F1B65901120114,
-                               F517327B03F1B65901120114,
-                               F517327C03F1B65901120114,
-                               F517327D03F1B65901120114,
-                               F517327E03F1B65901120114,
-                               F517327F03F1B65901120114,
-                               F517328003F1B65901120114,
-                               F517328103F1B65901120114,
-                               F517328203F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = des;
-                       refType = 4;
+               A1AB1F1705DDC47800526345 = {
+                       fileRef = F517350403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326A03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .cvsignore;
-                       refType = 4;
-               };
-               F517326B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .Sanitize;
-                       refType = 4;
+               A1AB1F1805DDC47800526345 = {
+                       fileRef = F517350503F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = afsstring2key.c;
-                       refType = 4;
+               A1AB1F1905DDC47800526345 = {
+                       fileRef = F517350603F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F1A05DDC47800526345 = {
+                       fileRef = F517350703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = d3_cbc.c;
-                       refType = 4;
+               A1AB1F1B05DDC47800526345 = {
+                       fileRef = F517350803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517326F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = d3_kysched.c;
-                       refType = 4;
+               A1AB1F1C05DDC47800526345 = {
+                       fileRef = F517350903F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = des_int.h;
-                       refType = 4;
+               A1AB1F1D05DDC47800526345 = {
+                       fileRef = F517350A03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = destest.c;
-                       refType = 4;
+               A1AB1F1E05DDC47800526345 = {
+                       fileRef = F517350C03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327203F1B65901120114 = {
-                       children = (
-                               F517327303F1B65901120114,
-                               F517327403F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = doc;
-                       refType = 4;
+               A1AB1F1F05DDC47800526345 = {
+                       fileRef = F517350B03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .Sanitize;
-                       refType = 4;
+               A1AB1F2005DDC47800526345 = {
+                       fileRef = F517350D03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327403F1B65901120114 = {
-                       isa = PBXFileReference;
-                       path = libdes.doc;
-                       refType = 4;
+               A1AB1F2105DDC47800526345 = {
+                       fileRef = F517350E03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = f_cbc.c;
-                       refType = 4;
+               A1AB1F2205DDC47800526345 = {
+                       fileRef = F517350F03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = f_cksum.c;
-                       refType = 4;
+               A1AB1F2305DDC47800526345 = {
+                       fileRef = F517351003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = f_parity.c;
-                       refType = 4;
+               A1AB1F2405DDC47800526345 = {
+                       fileRef = F517351103F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = f_sched.c;
-                       refType = 4;
+               A1AB1F2505DDC47800526345 = {
+                       fileRef = F517351203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = f_tables.c;
-                       refType = 4;
+               A1AB1F2605DDC47800526345 = {
+                       fileRef = F517351303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327A03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = f_tables.h;
-                       refType = 4;
+               A1AB1F2705DDC47800526345 = {
+                       fileRef = F517351403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ISSUES;
-                       refType = 4;
+               A1AB1F2805DDC47800526345 = {
+                       fileRef = F517351703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = key_sched.c;
-                       refType = 4;
+               A1AB1F2905DDC47800526345 = {
+                       fileRef = F517351803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = keytest.data;
-                       refType = 4;
+               A1AB1F2A05DDC47800526345 = {
+                       fileRef = F517351903F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F2B05DDC47800526345 = {
+                       fileRef = F517351B03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517327F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = string2key.c;
-                       refType = 4;
+               A1AB1F2C05DDC47800526345 = {
+                       fileRef = F517351C03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_afss2k.c;
-                       refType = 4;
+               A1AB1F2D05DDC47800526345 = {
+                       fileRef = F517351E03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_verify.c;
-                       refType = 4;
+               A1AB1F2E05DDC47800526345 = {
+                       fileRef = F517351F03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = weak_key.c;
-                       refType = 4;
+               A1AB1F2F05DDC47800526345 = {
+                       fileRef = F517352003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328303F1B65901120114 = {
-                       children = (
-                               F517328403F1B65901120114,
-                               F517328503F1B65901120114,
-                               F517328603F1B65901120114,
-                               F517328703F1B65901120114,
-                               F517328803F1B65901120114,
-                               F517328903F1B65901120114,
-                               F517328A03F1B65901120114,
-                               F517328B03F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = dk;
-                       refType = 4;
+               A1AB1F3005DDC47800526345 = {
+                       fileRef = F517352103F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F3105DDC47800526345 = {
+                       fileRef = F517352203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = checksum.c;
-                       refType = 4;
+               A1AB1F3205DDC47800526345 = {
+                       fileRef = F517352303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = derive.c;
-                       refType = 4;
-               };
-               F517328703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = dk.h;
-                       refType = 4;
+               A1AB1F3305DDC47800526345 = {
+                       fileRef = F517352403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = dk_decrypt.c;
-                       refType = 4;
+               A1AB1F3405DDC47800526345 = {
+                       fileRef = F517352503F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = dk_encrypt.c;
-                       refType = 4;
+               A1AB1F3505DDC47800526345 = {
+                       fileRef = F517352603F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328A03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F3605DDC47800526345 = {
+                       fileRef = F517352703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = stringtokey.c;
-                       refType = 4;
+               A1AB1F3705DDC47800526345 = {
+                       fileRef = F517352803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328C03F1B65901120114 = {
-                       children = (
-                               F517328D03F1B65901120114,
-                               F517328E03F1B65901120114,
-                               F517328F03F1B65901120114,
-                               F517329003F1B65901120114,
-                               F517329103F1B65901120114,
-                               F517329203F1B65901120114,
-                               F517329303F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = enc_provider;
-                       refType = 4;
+               A1AB1F3805DDC47800526345 = {
+                       fileRef = F517352903F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = aes.c;
-                       refType = 4;
+               A1AB1F3905DDC47800526345 = {
+                       fileRef = F517352A03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = arcfour.c;
-                       refType = 4;
+               A1AB1F3A05DDC47800526345 = {
+                       fileRef = F517352B03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517328F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F3B05DDC47800526345 = {
+                       fileRef = F517352C03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = des.c;
-                       refType = 4;
+               A1AB1F3C05DDC47800526345 = {
+                       fileRef = F517352D03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = des3.c;
-                       refType = 4;
+               A1AB1F3D05DDC47800526345 = {
+                       fileRef = F517352E03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = enc_provider.h;
-                       refType = 4;
+               A1AB1F3E05DDC47800526345 = {
+                       fileRef = F517352F03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F3F05DDC47800526345 = {
+                       fileRef = F517353003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = encrypt.c;
-                       refType = 4;
+               A1AB1F4005DDC47800526345 = {
+                       fileRef = F517353103F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = encrypt_length.c;
-                       refType = 4;
+               A1AB1F4105DDC47800526345 = {
+                       fileRef = F517353203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = enctype_compare.c;
-                       refType = 4;
+               A1AB1F4205DDC47800526345 = {
+                       fileRef = F517353303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = enctype_to_string.c;
-                       refType = 4;
+               A1AB1F4305DDC47800526345 = {
+                       fileRef = F517353403F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = etypes.c;
-                       refType = 4;
+               A1AB1F4405DDC47800526345 = {
+                       fileRef = F517353503F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = etypes.h;
-                       refType = 4;
+               A1AB1F4505DDC47800526345 = {
+                       fileRef = F517353603F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329A03F1B65901120114 = {
-                       children = (
-                               F517329B03F1B65901120114,
-                               F517329C03F1B65901120114,
-                               F517329D03F1B65901120114,
-                               F517329E03F1B65901120114,
-                               F517329F03F1B65901120114,
-                               F51732A003F1B65901120114,
-                               F51732A103F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = hash_provider;
-                       refType = 4;
+               A1AB1F4605DDC47800526345 = {
+                       fileRef = F517353703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F4705DDC47800526345 = {
+                       fileRef = F517353803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = hash_crc32.c;
-                       refType = 4;
+               A1AB1F4805DDC47800526345 = {
+                       fileRef = F517353903F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = hash_md4.c;
-                       refType = 4;
+               A1AB1F4905DDC47800526345 = {
+                       fileRef = F517353A03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = hash_md5.c;
-                       refType = 4;
+               A1AB1F4A05DDC47800526345 = {
+                       fileRef = F517353B03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517329F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = hash_provider.h;
-                       refType = 4;
+               A1AB1F4B05DDC47800526345 = {
+                       fileRef = F517353C03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732A003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = hash_sha1.c;
-                       refType = 4;
+               A1AB1F4C05DDC47800526345 = {
+                       fileRef = F517353D03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732A103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F4D05DDC47800526345 = {
+                       fileRef = F517353E03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732A203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = hmac.c;
-                       refType = 4;
+               A1AB1F4E05DDC47800526345 = {
+                       fileRef = F517353F03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732A303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ISSUES;
-                       refType = 4;
+               A1AB1F4F05DDC47800526345 = {
+                       fileRef = F517354003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732A403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = keyed_checksum_types.c;
-                       refType = 4;
+               A1AB1F5005DDC47800526345 = {
+                       fileRef = F517354A03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732A503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = keyed_cksum.c;
-                       refType = 4;
+               A1AB1F5105DDC47800526345 = {
+                       fileRef = F517354C03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732A603F1B65901120114 = {
-                       children = (
-                               F51732A703F1B65901120114,
-                               F51732A803F1B65901120114,
-                               F51732A903F1B65901120114,
-                               F51732AA03F1B65901120114,
-                               F51732AB03F1B65901120114,
-                               F51732AC03F1B65901120114,
-                               F51732AD03F1B65901120114,
-                               F51732AE03F1B65901120114,
-                               F51732AF03F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = keyhash_provider;
-                       refType = 4;
+               A1AB1F5205DDC47800526345 = {
+                       fileRef = F517354D03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732A703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .cvsignore;
-                       refType = 4;
+               A1AB1F5305DDC47800526345 = {
+                       fileRef = F517354E03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732A803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F5405DDC47800526345 = {
+                       fileRef = F517354F03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732A903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = descbc.c;
-                       refType = 4;
+               A1AB1F5505DDC47800526345 = {
+                       fileRef = F517355003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732AA03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = hmac_md5.c;
-                       refType = 4;
+               A1AB1F5605DDC47800526345 = {
+                       fileRef = F517359303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732AB03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = k5_md4des.c;
-                       refType = 4;
+               A1AB1F5705DDC47800526345 = {
+                       fileRef = F51735A003F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732AC03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = k5_md5des.c;
-                       refType = 4;
+               A1AB1F5805DDC47800526345 = {
+                       fileRef = F51735A203F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732AD03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = keyhash_provider.h;
-                       refType = 4;
+               A1AB1F5905DDC47800526345 = {
+                       fileRef = F51735A303F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732AE03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F5A05DDC47800526345 = {
+                       fileRef = F51735A503F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732AF03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_cksum.c;
-                       refType = 4;
+               A1AB1F5B05DDC47800526345 = {
+                       fileRef = F51735A703F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732B003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = make_checksum.c;
-                       refType = 4;
+               A1AB1F5C05DDC47800526345 = {
+                       fileRef = F51735A803F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732B103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = make_random_key.c;
-                       refType = 4;
+               A1AB1F5D05DDC47800526345 = {
+                       fileRef = F51735AB03F1B65A01120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732B203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F5E05DDC47800526345 = {
+                       fileRef = F517325103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732B303F1B65901120114 = {
-                       children = (
-                               F51732B403F1B65901120114,
-                               F51732B503F1B65901120114,
-                               F51732B603F1B65901120114,
-                               F51732B703F1B65901120114,
-                               F51732B803F1B65901120114,
-                               F51732B903F1B65901120114,
-                               F51732BA03F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = md4;
-                       refType = 4;
+               A1AB1F5F05DDC47800526345 = {
+                       fileRef = F517325303F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732B403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .cvsignore;
-                       refType = 4;
+               A1AB1F6005DDC47800526345 = {
+                       fileRef = F517325403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732B503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .Sanitize;
-                       refType = 4;
+               A1AB1F6105DDC47800526345 = {
+                       fileRef = F517325503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732B603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F6205DDC47800526345 = {
+                       fileRef = F517325703F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732B703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ISSUES;
-                       refType = 4;
+               A1AB1F6305DDC47800526345 = {
+                       fileRef = F517325803F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732B803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F6405DDC47800526345 = {
+                       fileRef = F517326503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732B903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = md4.c;
-                       refType = 4;
+               A1AB1F6505DDC47800526345 = {
+                       fileRef = F517326703F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732BA03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "rsa-md4.h";
-                       refType = 4;
+               A1AB1F6605DDC47800526345 = {
+                       fileRef = F517326803F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732BB03F1B65901120114 = {
-                       children = (
-                               F51732BC03F1B65901120114,
-                               F51732BD03F1B65901120114,
-                               F51732BE03F1B65901120114,
-                               F51732BF03F1B65901120114,
-                               F51732C003F1B65901120114,
-                               F51732C103F1B65901120114,
-                               F51732C203F1B65901120114,
-                               F51732C303F1B65901120114,
-                               F51732C403F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = md5;
-                       refType = 4;
+               A1AB1F6705DDC47800526345 = {
+                       fileRef = F517329403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732BC03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .cvsignore;
-                       refType = 4;
+               A1AB1F6805DDC47800526345 = {
+                       fileRef = F517329503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732BD03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .Sanitize;
-                       refType = 4;
+               A1AB1F6905DDC47800526345 = {
+                       fileRef = F517329603F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732BE03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F6A05DDC47800526345 = {
+                       fileRef = F517329703F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732BF03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ISSUES;
-                       refType = 4;
+               A1AB1F6B05DDC47800526345 = {
+                       fileRef = F517329803F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732C003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F6C05DDC47800526345 = {
+                       fileRef = F51732A203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732C103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = md5.c;
-                       refType = 4;
+               A1AB1F6D05DDC47800526345 = {
+                       fileRef = F51732A403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732C203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "rsa-md5.h";
-                       refType = 4;
+               A1AB1F6E05DDC47800526345 = {
+                       fileRef = F51732A503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732C303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_cksum.c;
-                       refType = 4;
+               A1AB1F6F05DDC47800526345 = {
+                       fileRef = F51732B003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732C403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_mddriver.c;
-                       refType = 4;
+               A1AB1F7005DDC47800526345 = {
+                       fileRef = F51732B103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732C503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = nfold.c;
-                       refType = 4;
+               A1AB1F7105DDC47800526345 = {
+                       fileRef = F51732C503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732C603F1B65901120114 = {
-                       children = (
-                               F51732C703F1B65901120114,
-                               F51732C803F1B65901120114,
-                               F51732C903F1B65901120114,
-                               F51732CA03F1B65901120114,
-                               F51732CB03F1B65901120114,
-                               F51732CC03F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = old;
-                       refType = 4;
+               A1AB1F7205DDC47800526345 = {
+                       fileRef = F51732CD03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732C703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F7305DDC47800526345 = {
+                       fileRef = F51732CF03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732C803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = des_stringtokey.c;
-                       refType = 4;
+               A1AB1F7405DDC47800526345 = {
+                       fileRef = F51732D003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732C903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F7505DDC47800526345 = {
+                       fileRef = F51732E103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732CA03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = old.h;
-                       refType = 4;
+               A1AB1F7605DDC47800526345 = {
+                       fileRef = F51732E203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732CB03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = old_decrypt.c;
-                       refType = 4;
+               A1AB1F7705DDC47800526345 = {
+                       fileRef = F51732E303F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732CC03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = old_encrypt.c;
-                       refType = 4;
+               A1AB1F7805DDC47800526345 = {
+                       fileRef = F51732E403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732CD03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = old_api_glue.c;
-                       refType = 4;
+               A1AB1F7905DDC47800526345 = {
+                       fileRef = F51732F103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732CF03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = pbkdf2.c;
-                       refType = 4;
+               A1AB1F7A05DDC47800526345 = {
+                       fileRef = F51732F203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732D003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = prng.c;
-                       refType = 4;
+               A1AB1F7B05DDC47800526345 = {
+                       fileRef = F51732F403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732D103F1B65901120114 = {
-                       children = (
-                               F51732D203F1B65901120114,
-                               F51732D303F1B65901120114,
-                               F51732D403F1B65901120114,
-                               F51732D503F1B65901120114,
-                               F51732D603F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = raw;
-                       refType = 4;
+               A1AB1F7C05DDC47800526345 = {
+                       fileRef = F517323103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732D203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F7D05DDC47800526345 = {
+                       fileRef = F517323203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732D303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F7E05DDC47800526345 = {
+                       fileRef = F517323603F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732D403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = raw.h;
-                       refType = 4;
+               A1AB1F7F05DDC47800526345 = {
+                       fileRef = F517324C03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732D503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = raw_decrypt.c;
-                       refType = 4;
+               A1AB1F8005DDC47800526345 = {
+                       fileRef = F517325003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732D603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = raw_encrypt.c;
-                       refType = 4;
-               };
-               F51732D803F1B65901120114 = {
-                       children = (
-                               F51732D903F1B65901120114,
-                               F51732DA03F1B65901120114,
-                               F51732DB03F1B65901120114,
-                               F51732DC03F1B65901120114,
-                               F51732DD03F1B65901120114,
-                               F51732DE03F1B65901120114,
-                               F51732DF03F1B65901120114,
-                               F51732E003F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = sha1;
-                       refType = 4;
+               A1AB1F8105DDC47800526345 = {
+                       fileRef = F517326103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732D903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = .cvsignore;
-                       refType = 4;
+               A1AB1F8205DDC47800526345 = {
+                       fileRef = F517326C03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732DA03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1F8305DDC47800526345 = {
+                       fileRef = F517326E03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732DB03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ISSUES;
-                       refType = 4;
+               A1AB1F8405DDC47800526345 = {
+                       fileRef = F517326F03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732DC03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1F8505DDC47800526345 = {
+                       fileRef = F517327503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732DD03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = shs.c;
-                       refType = 4;
+               A1AB1F8605DDC47800526345 = {
+                       fileRef = F517327603F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732DE03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = shs.h;
-                       refType = 4;
+               A1AB1F8705DDC47800526345 = {
+                       fileRef = F517327703F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732DF03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_shs.c;
-                       refType = 4;
+               A1AB1F8805DDC47800526345 = {
+                       fileRef = F517327803F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732E003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_shs3.c;
-                       refType = 4;
+               A1AB1F8905DDC47800526345 = {
+                       fileRef = F517327903F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732E103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = state.c;
-                       refType = 4;
+               A1AB1F8A05DDC47800526345 = {
+                       fileRef = F517327C03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732E203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = string_to_cksumtype.c;
-                       refType = 4;
+               A1AB1F8B05DDC47800526345 = {
+                       fileRef = F517327F03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732E303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = string_to_enctype.c;
-                       refType = 4;
+               A1AB1F8C05DDC47800526345 = {
+                       fileRef = F517328203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732E403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = string_to_key.c;
-                       refType = 4;
+               A1AB1F8D05DDC47800526345 = {
+                       fileRef = F517328503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732E503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_cts.c;
-                       refType = 4;
+               A1AB1F8E05DDC47800526345 = {
+                       fileRef = F517328603F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732E603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_encrypt.c;
-                       refType = 4;
+               A1AB1F8F05DDC47800526345 = {
+                       fileRef = F517328803F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732E703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_hmac.c;
-                       refType = 4;
+               A1AB1F9005DDC47800526345 = {
+                       fileRef = F517328903F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732E803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_nfold.c;
-                       refType = 4;
+               A1AB1F9105DDC47800526345 = {
+                       fileRef = F517328B03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732E903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_pkcs5.c;
-                       refType = 4;
+               A1AB1F9205DDC47800526345 = {
+                       fileRef = F517329003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732EA03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_prng.c;
-                       refType = 4;
+               A1AB1F9305DDC47800526345 = {
+                       fileRef = F517329103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732EB03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_prng.comments;
-                       refType = 4;
+               A1AB1F9405DDC47800526345 = {
+                       fileRef = F517328E03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732EC03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_prng.expected;
-                       refType = 4;
+               A1AB1F9505DDC47800526345 = {
+                       fileRef = F517328D03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732ED03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_prng.reseedtest;
-                       refType = 4;
+               A1AB1F9605DDC47800526345 = {
+                       fileRef = F517329C03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732EE03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "t_prng.reseedtest-comments";
-                       refType = 4;
+               A1AB1F9705DDC47800526345 = {
+                       fileRef = F517329D03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732EF03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "t_prng.reseedtest-expected";
-                       refType = 4;
+               A1AB1F9805DDC47800526345 = {
+                       fileRef = F517329E03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732F003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_prng.seed;
-                       refType = 4;
+               A1AB1F9905DDC47800526345 = {
+                       fileRef = F51732A003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732F103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = valid_cksumtype.c;
-                       refType = 4;
+               A1AB1F9A05DDC47800526345 = {
+                       fileRef = F51732A903F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732F203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = valid_enctype.c;
-                       refType = 4;
+               A1AB1F9B05DDC47800526345 = {
+                       fileRef = F51732AA03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732F303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = vectors.c;
-                       refType = 4;
+               A1AB1F9C05DDC47800526345 = {
+                       fileRef = F51732AB03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732F403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = verify_checksum.c;
-                       refType = 4;
+               A1AB1F9D05DDC47800526345 = {
+                       fileRef = F51732AC03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732F503F1B65901120114 = {
-                       children = (
-                               F51732F603F1B65901120114,
-                               F51732F703F1B65901120114,
-                               F51732F803F1B65901120114,
-                               F51732F903F1B65901120114,
-                               F51732FA03F1B65901120114,
-                               F51732FB03F1B65901120114,
-                               F51732FC03F1B65901120114,
-                               F51732FD03F1B65901120114,
-                               F51732FE03F1B65901120114,
-                               F51732FF03F1B65901120114,
-                               F517330003F1B65901120114,
-                               F517330103F1B65901120114,
-                               F517330203F1B65901120114,
-                               F517330303F1B65901120114,
-                               F517330403F1B65901120114,
-                               F517330503F1B65901120114,
-                               F517330603F1B65901120114,
-                               F517330703F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = yarrow;
-                       refType = 4;
+               A1AB1F9E05DDC47800526345 = {
+                       fileRef = F51732B903F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732F603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ASSUMPTIONS;
-                       refType = 4;
+               A1AB1F9F05DDC47800526345 = {
+                       fileRef = F51732C103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732F703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1FA005DDC47800526345 = {
+                       fileRef = F51732CB03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732F803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = LICENSE;
-                       refType = 4;
+               A1AB1FA105DDC47800526345 = {
+                       fileRef = F51732CC03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732F903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1FA205DDC47800526345 = {
+                       fileRef = F51732C803F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732FA03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = README;
-                       refType = 4;
+               A1AB1FA305DDC47800526345 = {
+                       fileRef = F51732D503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732FB03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = TODO;
-                       refType = 4;
+               A1AB1FA405DDC47800526345 = {
+                       fileRef = F51732D603F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732FC03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = yarrow.c;
-                       refType = 4;
+               A1AB1FA505DDC47800526345 = {
+                       fileRef = F51732DD03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732FD03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = yarrow.h;
-                       refType = 4;
+               A1AB1FA605DDC47800526345 = {
+                       fileRef = F51732FC03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732FE03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = yarrow.man;
-                       refType = 4;
+               A1AB1FA705DDC47800526345 = {
+                       fileRef = F517330003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F51732FF03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = yarrow.pod;
-                       refType = 4;
+               A1AB1FA805DDC47800526345 = {
+                       fileRef = A1B21F170417D6BC00120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517330003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ycipher.c;
-                       refType = 4;
+               A1AB1FA905DDC47800526345 = {
+                       fileRef = A16DA36604854EF700120112;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517330103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ycipher.h;
-                       refType = 4;
+               A1AB1FAA05DDC47800526345 = {
+                       fileRef = A16DA36704854EF700120112;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517330203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = yexcep.h;
-                       refType = 4;
+               A1AB1FAB05DDC47800526345 = {
+                       fileRef = A16DB01304868A7E00120112;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517330303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = yhash.h;
-                       refType = 4;
+               A1AB1FAC05DDC47800526345 = {
+                       fileRef = A125399205CF12A2003BD89B;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517330403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ylock.h;
-                       refType = 4;
+               A1AB1FAD05DDC47800526345 = {
+                       fileRef = A12539AD05CF12D5003BD89B;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517330503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ystate.h;
-                       refType = 4;
+               A1AB1FAE05DDC47800526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               F517330603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ytest.c;
-                       refType = 4;
+               A1AB1FAF05DDC47800526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               F517330703F1B65901120114 = {
-                       fileEncoding = 30;
+               A1AB1FB105DDC47800526345 = {
+                       explicitFileType = archive.ar;
+                       includeInIndex = 0;
                        isa = PBXFileReference;
-                       path = ytypes.h;
-                       refType = 4;
+                       path = libKerberos5.a;
+                       refType = 3;
+                       sourceTree = BUILT_PRODUCTS_DIR;
                };
-               F517330803F1B65901120114 = {
-                       children = (
-                               F517330B03F1B65901120114,
-                               F517330C03F1B65901120114,
-                               F517330D03F1B65901120114,
-                               F517330E03F1B65901120114,
-                               F517330F03F1B65901120114,
-                               F517331003F1B65901120114,
-                               F517331103F1B65901120114,
-                               F517331203F1B65901120114,
-                               F517331303F1B65901120114,
-                               F517331403F1B65901120114,
-                               F517331503F1B65901120114,
-                               F517331603F1B65901120114,
-                               F517331703F1B65901120114,
-                               F517331803F1B65901120114,
-                               F517331903F1B65901120114,
-                               F517331A03F1B65901120114,
-                               F517331B03F1B65901120114,
-                               F517331C03F1B65901120114,
-                               F517331D03F1B65901120114,
-                               F517331E03F1B65901120114,
-                               F517331F03F1B65901120114,
-                               F517332003F1B65901120114,
-                               A166BCC3040D36F8004AA618,
+               A1AB1FBF05DDC48A00526345 = {
+                       buildPhases = (
+                               A1AB1FC205DDC48A00526345,
+                               A1AB1FC805DDC48A00526345,
+                               A1AB200005DDC48A00526345,
+                               A1AB200105DDC48A00526345,
                        );
-                       isa = PBXGroup;
-                       path = des425;
-                       refType = 4;
-               };
-               F517330B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+                       buildRules = (
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               GCC_PRECOMPILE_PREFIX_HEADER = YES;
+                               GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h;
+                               HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos";
+                               LIBRARY_STYLE = STATIC;
+                               PRODUCT_NAME = GSS;
+                               REZ_EXECUTABLE = YES;
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       dependencies = (
+                               A1AB1FC005DDC48A00526345,
+                               A1AB1FC105DDC48A00526345,
+                       );
+                       isa = PBXNativeTarget;
+                       name = GSS;
+                       productInstallPath = /usr/local/lib;
+                       productName = GSS;
+                       productReference = A1AB200305DDC48A00526345;
+                       productType = "com.apple.product-type.library.static";
                };
-               F517330C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = cksum.c;
-                       refType = 4;
+               A1AB1FC005DDC48A00526345 = {
+                       isa = PBXTargetDependency;
+                       target = F5CFD5E6022D8A9901120112;
+                       targetProxy = A181DA4105CEFC0400E4C246;
                };
-               F517330D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = configure.in;
-                       refType = 4;
+               A1AB1FC105DDC48A00526345 = {
+                       isa = PBXTargetDependency;
+                       target = F5CFD629022D922C01120112;
+                       targetProxy = A181DA4005CEFC0400E4C246;
                };
-               F517330E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = des.c;
-                       refType = 4;
+               A1AB1FC205DDC48A00526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               A1AB1FC305DDC48A00526345,
+                               A1AB1FC405DDC48A00526345,
+                               A1AB1FC505DDC48A00526345,
+                               A1AB1FC605DDC48A00526345,
+                               A1AB1FC705DDC48A00526345,
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               F517330F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = enc_dec.c;
-                       refType = 4;
+               A1AB1FC305DDC48A00526345 = {
+                       fileRef = F517334303F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ISSUES;
-                       refType = 4;
+               A1AB1FC405DDC48A00526345 = {
+                       fileRef = F517333403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = key_parity.c;
-                       refType = 4;
+               A1AB1FC505DDC48A00526345 = {
+                       fileRef = F517335A03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = key_sched.c;
-                       refType = 4;
+               A1AB1FC605DDC48A00526345 = {
+                       fileRef = F5E2662D03F443E901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1FC705DDC48A00526345 = {
+                       fileRef = F5E2662F03F443E901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = new_rnd_key.c;
-                       refType = 4;
+               A1AB1FC805DDC48A00526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               A1AB1FC905DDC48A00526345,
+                               A1AB1FCA05DDC48A00526345,
+                               A1AB1FCB05DDC48A00526345,
+                               A1AB1FCC05DDC48A00526345,
+                               A1AB1FCD05DDC48A00526345,
+                               A1AB1FCE05DDC48A00526345,
+                               A1AB1FCF05DDC48A00526345,
+                               A1AB1FD005DDC48A00526345,
+                               A1AB1FD105DDC48A00526345,
+                               A1AB1FD205DDC48A00526345,
+                               A1AB1FD305DDC48A00526345,
+                               A1AB1FD405DDC48A00526345,
+                               A1AB1FD505DDC48A00526345,
+                               A1AB1FD605DDC48A00526345,
+                               A1AB1FD705DDC48A00526345,
+                               A1AB1FD805DDC48A00526345,
+                               A1AB1FD905DDC48A00526345,
+                               A1AB1FDA05DDC48A00526345,
+                               A1AB1FDB05DDC48A00526345,
+                               A1AB1FDC05DDC48A00526345,
+                               A1AB1FDD05DDC48A00526345,
+                               A1AB1FDE05DDC48A00526345,
+                               A1AB1FDF05DDC48A00526345,
+                               A1AB1FE005DDC48A00526345,
+                               A1AB1FE105DDC48A00526345,
+                               A1AB1FE205DDC48A00526345,
+                               A1AB1FE305DDC48A00526345,
+                               A1AB1FE405DDC48A00526345,
+                               A1AB1FE505DDC48A00526345,
+                               A1AB1FE605DDC48A00526345,
+                               A1AB1FE705DDC48A00526345,
+                               A1AB1FE805DDC48A00526345,
+                               A1AB1FE905DDC48A00526345,
+                               A1AB1FEA05DDC48A00526345,
+                               A1AB1FEB05DDC48A00526345,
+                               A1AB1FEC05DDC48A00526345,
+                               A1AB1FED05DDC48A00526345,
+                               A1AB1FEE05DDC48A00526345,
+                               A1AB1FEF05DDC48A00526345,
+                               A1AB1FF005DDC48A00526345,
+                               A1AB1FF105DDC48A00526345,
+                               A1AB1FF205DDC48A00526345,
+                               A1AB1FF305DDC48A00526345,
+                               A1AB1FF405DDC48A00526345,
+                               A1AB1FF505DDC48A00526345,
+                               A1AB1FF605DDC48A00526345,
+                               A1AB1FF705DDC48A00526345,
+                               A1AB1FF805DDC48A00526345,
+                               A1AB1FF905DDC48A00526345,
+                               A1AB1FFA05DDC48A00526345,
+                               A1AB1FFB05DDC48A00526345,
+                               A1AB1FFC05DDC48A00526345,
+                               A1AB1FFD05DDC48A00526345,
+                               A1AB1FFE05DDC48A00526345,
+                               A1AB1FFF05DDC48A00526345,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               F517331503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = pcbc_encrypt.c;
-                       refType = 4;
+               A1AB1FC905DDC48A00526345 = {
+                       fileRef = F517334203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = quad_cksum.c;
-                       refType = 4;
+               A1AB1FCA05DDC48A00526345 = {
+                       fileRef = F517332E03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = random_key.c;
-                       refType = 4;
+               A1AB1FCB05DDC48A00526345 = {
+                       fileRef = F517332F03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = read_passwd.c;
-                       refType = 4;
+               A1AB1FCC05DDC48A00526345 = {
+                       fileRef = F517333203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = str_to_key.c;
-                       refType = 4;
+               A1AB1FCD05DDC48A00526345 = {
+                       fileRef = F517333603F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331A03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = string2key.c;
-                       refType = 4;
+               A1AB1FCE05DDC48A00526345 = {
+                       fileRef = F517333703F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_pcbc.c;
-                       refType = 4;
+               A1AB1FCF05DDC48A00526345 = {
+                       fileRef = F517333803F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = t_quad.c;
-                       refType = 4;
+               A1AB1FD005DDC48A00526345 = {
+                       fileRef = F517333903F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = unix_time.c;
-                       refType = 4;
+               A1AB1FD105DDC48A00526345 = {
+                       fileRef = F517333C03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = util.c;
-                       refType = 4;
+               A1AB1FD205DDC48A00526345 = {
+                       fileRef = F517333D03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517331F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = verify.c;
-                       refType = 4;
+               A1AB1FD305DDC48A00526345 = {
+                       fileRef = F517333E03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = weak_key.c;
-                       refType = 4;
+               A1AB1FD405DDC48A00526345 = {
+                       fileRef = F517333F03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = exports.crypto;
-                       refType = 4;
+               A1AB1FD505DDC48A00526345 = {
+                       fileRef = F517334003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = exports.des425;
-                       refType = 4;
+               A1AB1FD605DDC48A00526345 = {
+                       fileRef = F517334803F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = exports.kdb5;
-                       refType = 4;
+               A1AB1FD705DDC48A00526345 = {
+                       fileRef = F517334903F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = exports.krb5;
-                       refType = 4;
+               A1AB1FD805DDC48A00526345 = {
+                       fileRef = F517334A03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = glue4.c;
-                       refType = 4;
+               A1AB1FD905DDC48A00526345 = {
+                       fileRef = F517334B03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332603F1B65901120114 = {
-                       children = (
-                               F517332803F1B65901120114,
-                               F517332A03F1B65901120114,
-                               F517334203F1B65901120114,
-                               F517334303F1B65901120114,
-                               F517334403F1B65901120114,
-                               F517337603F1B65901120114,
-                               F517337703F1B65A01120114,
-                               F517339D03F1B65A01120114,
-                       );
-                       isa = PBXGroup;
-                       path = gssapi;
-                       refType = 4;
+               A1AB1FDA05DDC48A00526345 = {
+                       fileRef = F517334D03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1FDB05DDC48A00526345 = {
+                       fileRef = F517334E03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332A03F1B65901120114 = {
-                       children = (
-                               F517332D03F1B65901120114,
-                               F517332E03F1B65901120114,
-                               F517332F03F1B65901120114,
-                               F517333003F1B65901120114,
-                               F517333103F1B65901120114,
-                               F517333203F1B65901120114,
-                               F517333303F1B65901120114,
-                               F517333403F1B65901120114,
-                               F517333503F1B65901120114,
-                               F517333603F1B65901120114,
-                               F517333703F1B65901120114,
-                               F517333803F1B65901120114,
-                               F517333903F1B65901120114,
-                               F517333A03F1B65901120114,
-                               F517333B03F1B65901120114,
-                               F517333C03F1B65901120114,
-                               F517333D03F1B65901120114,
-                               F517333E03F1B65901120114,
-                               F517333F03F1B65901120114,
-                               F517334003F1B65901120114,
-                               F517334103F1B65901120114,
-                       );
-                       isa = PBXGroup;
-                       path = generic;
-                       refType = 4;
+               A1AB1FDC05DDC48A00526345 = {
+                       fileRef = F517334F03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
+               A1AB1FDD05DDC48A00526345 = {
+                       fileRef = F517335003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = disp_com_err_status.c;
-                       refType = 4;
+               A1AB1FDE05DDC48A00526345 = {
+                       fileRef = F517335103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517332F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = disp_major_status.c;
-                       refType = 4;
+               A1AB1FDF05DDC48A00526345 = {
+                       fileRef = F517335203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = gssapi.hin;
-                       refType = 4;
+               A1AB1FE005DDC48A00526345 = {
+                       fileRef = F517335303F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = gssapi_err_generic.et;
-                       refType = 4;
+               A1AB1FE105DDC48A00526345 = {
+                       fileRef = F517335403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = gssapi_generic.c;
-                       refType = 4;
+               A1AB1FE205DDC48A00526345 = {
+                       fileRef = F517335503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = gssapi_generic.h;
-                       refType = 4;
+               A1AB1FE305DDC48A00526345 = {
+                       fileRef = F517335603F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = gssapiP_generic.h;
-                       refType = 4;
+               A1AB1FE405DDC48A00526345 = {
+                       fileRef = F517335803F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333503F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
+               A1AB1FE505DDC48A00526345 = {
+                       fileRef = F517335B03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = oid_ops.c;
-                       refType = 4;
+               A1AB1FE605DDC48A00526345 = {
+                       fileRef = F517335D03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = rel_buffer.c;
-                       refType = 4;
+               A1AB1FE705DDC48A00526345 = {
+                       fileRef = F517335C03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = rel_oid_set.c;
-                       refType = 4;
+               A1AB1FE805DDC48A00526345 = {
+                       fileRef = F517335E03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = util_buffer.c;
-                       refType = 4;
+               A1AB1FE905DDC48A00526345 = {
+                       fileRef = F517335F03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333A03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = util_canonhost.c;
-                       refType = 4;
+               A1AB1FEA05DDC48A00526345 = {
+                       fileRef = F517336003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333B03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = util_localhost.c;
-                       refType = 4;
+               A1AB1FEB05DDC48A00526345 = {
+                       fileRef = F517336103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333C03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = util_oid.c;
-                       refType = 4;
+               A1AB1FEC05DDC48A00526345 = {
+                       fileRef = F517336203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = util_ordering.c;
-                       refType = 4;
+               A1AB1FED05DDC48A00526345 = {
+                       fileRef = F517336303F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = util_set.c;
-                       refType = 4;
+               A1AB1FEE05DDC48A00526345 = {
+                       fileRef = F517336403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517333F03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = util_token.c;
-                       refType = 4;
+               A1AB1FEF05DDC48A00526345 = {
+                       fileRef = F517336603F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517334003F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = util_validate.c;
-                       refType = 4;
+               A1AB1FF005DDC48A00526345 = {
+                       fileRef = F517336703F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517334103F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = utl_nohash_validate.c;
-                       refType = 4;
+               A1AB1FF105DDC48A00526345 = {
+                       fileRef = F517336903F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517334203F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = gss_libinit.c;
-                       refType = 4;
+               A1AB1FF205DDC48A00526345 = {
+                       fileRef = F517336A03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517334303F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = gss_libinit.h;
-                       refType = 4;
+               A1AB1FF305DDC48A00526345 = {
+                       fileRef = F517336B03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
                };
-               F517334403F1B65901120114 = {
-                       children = (
-                               F517334703F1B65901120114,
-                               F517334803F1B65901120114,
-                               F517334903F1B65901120114,
-                               F517334A03F1B65901120114,
-                               F517334B03F1B65901120114,
-                               F517334C03F1B65901120114,
-                               F517334D03F1B65901120114,
-                               F517334E03F1B65901120114,
-                               F517334F03F1B65901120114,
-                               F517335003F1B65901120114,
-                               F517335103F1B65901120114,
-                               F517335203F1B65901120114,
-                               F517335303F1B65901120114,
-                               F517335403F1B65901120114,
-                               F517335503F1B65901120114,
-                               F517335603F1B65901120114,
-                               F517335703F1B65901120114,
-                               F517335803F1B65901120114,
-                               F517335903F1B65901120114,
-                               F517335A03F1B65901120114,
-                               F517335B03F1B65901120114,
-                               F517335C03F1B65901120114,
-                               F517335D03F1B65901120114,
-                               F517335E03F1B65901120114,
-                               F517335F03F1B65901120114,
-                               F517336003F1B65901120114,
-                               F517336103F1B65901120114,
-                               F517336203F1B65901120114,
-                               F517336303F1B65901120114,
-                               F517336403F1B65901120114,
-                               F517336503F1B65901120114,
-                               F517336603F1B65901120114,
-                               F517336703F1B65901120114,
-                               F517336803F1B65901120114,
-                               F517336903F1B65901120114,
-                               F517336A03F1B65901120114,
-                               F517336B03F1B65901120114,
-                               F517336C03F1B65901120114,
-                               F517336D03F1B65901120114,
-                               F517336E03F1B65901120114,
-                               F517336F03F1B65901120114,
-                               F517337003F1B65901120114,
-                               F517337103F1B65901120114,
-                               F517337203F1B65901120114,
-                               F517337303F1B65901120114,
-                               F517337403F1B65901120114,
-                               F517337503F1B65901120114,
+               A1AB1FF405DDC48A00526345 = {
+                       fileRef = F517336C03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FF505DDC48A00526345 = {
+                       fileRef = F517336D03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FF605DDC48A00526345 = {
+                       fileRef = F517336E03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FF705DDC48A00526345 = {
+                       fileRef = F517336F03F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FF805DDC48A00526345 = {
+                       fileRef = F517336803F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FF905DDC48A00526345 = {
+                       fileRef = F517337003F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FFA05DDC48A00526345 = {
+                       fileRef = F517337103F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FFB05DDC48A00526345 = {
+                       fileRef = F517337303F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FFC05DDC48A00526345 = {
+                       fileRef = F517337203F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FFD05DDC48A00526345 = {
+                       fileRef = F517337403F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FFE05DDC48A00526345 = {
+                       fileRef = F517337503F1B65901120114;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB1FFF05DDC48A00526345 = {
+                       fileRef = A125397605CF124D003BD89B;
+                       isa = PBXBuildFile;
+                       settings = {
+                       };
+               };
+               A1AB200005DDC48A00526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
                        );
-                       isa = PBXGroup;
-                       path = krb5;
-                       refType = 4;
+                       isa = PBXFrameworksBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
                };
-               F517334703F1B65901120114 = {
-                       fileEncoding = 30;
+               A1AB200105DDC48A00526345 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       runOnlyForDeploymentPostprocessing = 0;
+               };
+               A1AB200305DDC48A00526345 = {
+                       explicitFileType = archive.ar;
+                       includeInIndex = 0;
                        isa = PBXFileReference;
-                       path = 3des.txt;
-                       refType = 4;
+                       path = libGSS.a;
+                       refType = 3;
+                       sourceTree = BUILT_PRODUCTS_DIR;
                };
-               F517334803F1B65901120114 = {
+               A1B21F170417D6BC00120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = accept_sec_context.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = aes_s2k.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517334903F1B65901120114 = {
+               A1B21F180417D6BC00120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = acquire_cred.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = aes_s2k.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517334A03F1B65901120114 = {
+               A1BBFF1604226DBD00120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = add_cred.c;
+                       lastKnownFileType = text;
+                       path = configure.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517334B03F1B65901120114 = {
-                       fileEncoding = 30;
+               A1CA623604168DFE0013F915 = {
+                       fileEncoding = 4;
                        isa = PBXFileReference;
-                       path = canon_name.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = Kerberos5Prefix.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517334C03F1B65901120114 = {
+//A10
+//A11
+//A12
+//A13
+//A14
+//F50
+//F51
+//F52
+//F53
+//F54
+               F5172F7B03F1B65801120114 = {
+                       children = (
+                               F5E59C0D03FD95A101120114,
+                               F517307F03F1B65801120114,
+                               F5E59C0E03FD95A101120114,
+                               F5E59C0F03FD95CF01120114,
+                               F51730DE03F1B65801120114,
+                               A12536B3040BEC05003D8244,
+                               F517322103F1B65901120114,
+                               A198BBE10406D04A00120114,
+                               F51736C803F1B65B01120114,
+                       );
+                       isa = PBXGroup;
+                       name = Sources;
+                       path = ../Sources;
+                       refType = 2;
+                       sourceTree = SOURCE_ROOT;
+               };
+               F517307F03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517334D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = compare_name.c;
+               F51730DE03F1B65801120114 = {
+                       children = (
+                               F51730E203F1B65801120114,
+                               F51730E303F1B65801120114,
+                               A1BBFF1604226DBD00120114,
+                               F51730E503F1B65801120114,
+                               F51730E603F1B65801120114,
+                               F51730E703F1B65801120114,
+                               A181DA5405CF0BD800E4C246,
+                               F51730E803F1B65801120114,
+                               F51730E903F1B65801120114,
+                               F51730FB03F1B65801120114,
+                               F517310E03F1B65801120114,
+                               F517310F03F1B65801120114,
+                               F517311003F1B65801120114,
+                               F517311103F1B65801120114,
+                               F517311203F1B65801120114,
+                               F517311303F1B65901120114,
+                               F517311503F1B65901120114,
+                               F517311603F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = include;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517334E03F1B65901120114 = {
+               F51730E203F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = context_time.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517334F03F1B65901120114 = {
+               F51730E303F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = copy_ccache.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = cm.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335003F1B65901120114 = {
+               F51730E503F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = delete_sec_context.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "fake-addrinfo.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335103F1B65901120114 = {
+               F51730E603F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = disp_name.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = foreachaddr.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335203F1B65901120114 = {
+               F51730E703F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = disp_status.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "k5-int.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335303F1B65901120114 = {
+               F51730E803F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = duplicate_name.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "k5-util.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335403F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = export_name.c;
+               F51730E903F1B65801120114 = {
+                       children = (
+                               F51730EA03F1B65801120114,
+                               F51730EB03F1B65801120114,
+                               F51730EC03F1B65801120114,
+                               F51730ED03F1B65801120114,
+                               F51730EE03F1B65801120114,
+                               F51730EF03F1B65801120114,
+                               F51730F003F1B65801120114,
+                               F51730F103F1B65801120114,
+                               F51730F203F1B65801120114,
+                               F51730F303F1B65801120114,
+                               F51730F403F1B65801120114,
+                               F51730F503F1B65801120114,
+                               F51730F603F1B65801120114,
+                               F51730F703F1B65801120114,
+                               F51730F803F1B65801120114,
+                               F51730F903F1B65801120114,
+                               F51730FA03F1B65801120114,
+                       );
+                       isa = PBXGroup;
+                       path = kerberosIV;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335503F1B65901120114 = {
+               F51730EA03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = export_sec_context.c;
+                       lastKnownFileType = text;
+                       path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335603F1B65901120114 = {
+               F51730EB03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = get_tkt_flags.c;
+                       lastKnownFileType = text;
+                       path = .Sanitize;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335703F1B65901120114 = {
+               F51730EC03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssapi_err_krb5.et;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = addr_comp.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335803F1B65901120114 = {
+               F51730ED03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssapi_krb5.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = admin_server.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335903F1B65901120114 = {
+               F51730EE03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssapi_krb5.h;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335A03F1B65901120114 = {
+               F51730EF03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssapiP_krb5.h;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = des.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335B03F1B65901120114 = {
+               F51730F003F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = import_name.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = kadm.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335C03F1B65901120114 = {
+               F51730F103F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = import_sec_context.c;
-                       refType = 4;
-               };
-               F517335D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = indicate_mechs.c;
-                       refType = 4;
-               };
-               F517335E03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = init_sec_context.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = kdc.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517335F03F1B65901120114 = {
+               F51730F203F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = inq_context.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = klog.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336003F1B65901120114 = {
+               F51730F303F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = inq_cred.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = kparse.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336103F1B65901120114 = {
+               F51730F403F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = inq_names.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = krb.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336203F1B65901120114 = {
+               F51730F503F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = k5seal.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = krb_db.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336303F1B65901120114 = {
+               F51730F603F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = k5unseal.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = krbports.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336403F1B65901120114 = {
+               F51730F703F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb5_gss_glue.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = lsb_addr_cmp.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336503F1B65901120114 = {
+               F51730F803F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336603F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = process_context_token.c;
-                       refType = 4;
-               };
-               F517336703F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = rel_cred.c;
-                       refType = 4;
-               };
-               F517336803F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = rel_name.c;
-                       refType = 4;
-               };
-               F517336903F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = rel_oid.c;
-                       refType = 4;
-               };
-               F517336A03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = seal.c;
-                       refType = 4;
-               };
-               F517336B03F1B65901120114 = {
+               F51730F903F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_sctx.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "mit-copyright.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336C03F1B65901120114 = {
+               F51730FA03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = set_ccache.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = prot.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336D03F1B65901120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = sign.c;
+               F51730FB03F1B65801120114 = {
+                       children = (
+                               F51730FF03F1B65801120114,
+                               F517310003F1B65801120114,
+                               F517310103F1B65801120114,
+                               F517310303F1B65801120114,
+                               F517310403F1B65801120114,
+                               F517310503F1B65801120114,
+                               F517310603F1B65801120114,
+                               F517310803F1B65801120114,
+                               F517310903F1B65801120114,
+                               F517310A03F1B65801120114,
+                       );
+                       isa = PBXGroup;
+                       path = krb5;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336E03F1B65901120114 = {
+               F51730FF03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = unseal.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = adm.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517336F03F1B65901120114 = {
+               F517310003F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = util_cksum.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = adm_defs.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337003F1B65901120114 = {
+               F517310103F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = util_crypt.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = adm_proto.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337103F1B65901120114 = {
+               F517310303F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = util_seed.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337203F1B65901120114 = {
+               F517310403F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = util_seqnum.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = copyright.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337303F1B65901120114 = {
+               F517310503F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = val_cred.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = kdb.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337403F1B65901120114 = {
+               F517310603F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = verify.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = kdb_dbc.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337503F1B65901120114 = {
+               F517310803F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = wrap_size_limit.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = kdb_kt.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337603F1B65901120114 = {
+               F517310903F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337703F1B65A01120114 = {
+               F517310A03F1B65801120114 = {
                        children = (
-                               F517337803F1B65A01120114,
-                               F517337903F1B65A01120114,
-                               F517337A03F1B65A01120114,
-                               F517337B03F1B65A01120114,
-                               F517337C03F1B65A01120114,
-                               F517337D03F1B65A01120114,
-                               F517337E03F1B65A01120114,
-                               F517337F03F1B65A01120114,
-                               F517338003F1B65A01120114,
-                               F517338103F1B65A01120114,
-                               F517338203F1B65A01120114,
-                               F517338303F1B65A01120114,
-                               F517338403F1B65A01120114,
-                               F517338503F1B65A01120114,
-                               F517338603F1B65A01120114,
-                               F517338703F1B65A01120114,
-                               F517338803F1B65A01120114,
-                               F517338903F1B65A01120114,
-                               F517338A03F1B65A01120114,
-                               F517338B03F1B65A01120114,
-                               F517338C03F1B65A01120114,
-                               F517338D03F1B65A01120114,
-                               F517338E03F1B65A01120114,
-                               F517338F03F1B65A01120114,
-                               F517339003F1B65A01120114,
-                               F517339103F1B65A01120114,
-                               F517339203F1B65A01120114,
-                               F517339303F1B65A01120114,
-                               F517339403F1B65A01120114,
-                               F517339503F1B65A01120114,
-                               F517339603F1B65A01120114,
-                               F517339703F1B65A01120114,
-                               F517339803F1B65A01120114,
-                               F517339903F1B65A01120114,
-                               F517339A03F1B65A01120114,
-                               F517339B03F1B65A01120114,
-                               F517339C03F1B65A01120114,
+                               F517310B03F1B65801120114,
+                               F517310C03F1B65801120114,
+                               F517310D03F1B65801120114,
                        );
                        isa = PBXGroup;
-                       path = mechglue;
+                       path = stock;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337803F1B65A01120114 = {
+               F517310B03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = .Sanitize;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337903F1B65A01120114 = {
+               F517310C03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337A03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = g_accept_sec_context.c;
-                       refType = 4;
-               };
-               F517337B03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = g_acquire_cred.c;
-                       refType = 4;
-               };
-               F517337C03F1B65A01120114 = {
+               F517310D03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_compare_name.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = osconf.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337D03F1B65A01120114 = {
+               F517310E03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_context_time.c;
+                       lastKnownFileType = text;
+                       path = krb5.hin;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337E03F1B65A01120114 = {
+               F517310F03F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_delete_sec_context.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = krb54proto.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517337F03F1B65A01120114 = {
+               F517311003F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_dsp_name.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338003F1B65A01120114 = {
+               F517311103F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_dsp_status.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "port-sockets.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338103F1B65A01120114 = {
+               F517311203F1B65801120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_exp_sec_context.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "socket-utils.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338203F1B65A01120114 = {
+               F517311303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_glue.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "spnego-asn1.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338303F1B65A01120114 = {
+               F517311503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_imp_name.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = syslog.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338403F1B65A01120114 = {
+               F517311603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_imp_sec_context.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "win-mac.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338503F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = g_indicate_mechs.c;
+               F517322103F1B65901120114 = {
+                       children = (
+                               F517322403F1B65901120114,
+                               F517322603F1B65901120114,
+                               F517330803F1B65901120114,
+                               F517332103F1B65901120114,
+                               F517332203F1B65901120114,
+                               F517332303F1B65901120114,
+                               F517332403F1B65901120114,
+                               F517332503F1B65901120114,
+                               F517332603F1B65901120114,
+                               F517342003F1B65A01120114,
+                               F517348E03F1B65A01120114,
+                               F51735B103F1B65A01120114,
+                               F517360C03F1B65B01120114,
+                       );
+                       isa = PBXGroup;
+                       path = lib;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338603F1B65A01120114 = {
+               F517322403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_init_sec_context.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338703F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = g_initialize.c;
+               F517322603F1B65901120114 = {
+                       children = (
+                               F517322703F1B65901120114,
+                               F517322803F1B65901120114,
+                               F517322903F1B65901120114,
+                               F517324A03F1B65901120114,
+                               F517325103F1B65901120114,
+                               F517325203F1B65901120114,
+                               F517325303F1B65901120114,
+                               F517325403F1B65901120114,
+                               F517325503F1B65901120114,
+                               F517325603F1B65901120114,
+                               F517325703F1B65901120114,
+                               F517325803F1B65901120114,
+                               F517325903F1B65901120114,
+                               F517325A03F1B65901120114,
+                               F517326503F1B65901120114,
+                               F517326603F1B65901120114,
+                               F517326703F1B65901120114,
+                               F517326803F1B65901120114,
+                               F517326903F1B65901120114,
+                               F517328303F1B65901120114,
+                               F517328C03F1B65901120114,
+                               F517329403F1B65901120114,
+                               F517329503F1B65901120114,
+                               F517329603F1B65901120114,
+                               F517329703F1B65901120114,
+                               F517329803F1B65901120114,
+                               F517329903F1B65901120114,
+                               F517329A03F1B65901120114,
+                               F51732A203F1B65901120114,
+                               F51732A303F1B65901120114,
+                               F51732A403F1B65901120114,
+                               F51732A503F1B65901120114,
+                               F51732A603F1B65901120114,
+                               F51732B003F1B65901120114,
+                               F51732B103F1B65901120114,
+                               F51732B203F1B65901120114,
+                               A125399205CF12A2003BD89B,
+                               F51732B303F1B65901120114,
+                               F51732BB03F1B65901120114,
+                               F51732C503F1B65901120114,
+                               F51732C603F1B65901120114,
+                               F51732CD03F1B65901120114,
+                               F51732CF03F1B65901120114,
+                               F51732D003F1B65901120114,
+                               F51732D103F1B65901120114,
+                               F51732D803F1B65901120114,
+                               F51732E103F1B65901120114,
+                               F51732E203F1B65901120114,
+                               F51732E303F1B65901120114,
+                               F51732E403F1B65901120114,
+                               F51732E503F1B65901120114,
+                               F51732E603F1B65901120114,
+                               F51732E703F1B65901120114,
+                               F51732E803F1B65901120114,
+                               F51732E903F1B65901120114,
+                               F51732EA03F1B65901120114,
+                               F51732EB03F1B65901120114,
+                               F51732EC03F1B65901120114,
+                               F51732ED03F1B65901120114,
+                               F51732EE03F1B65901120114,
+                               F51732EF03F1B65901120114,
+                               F51732F003F1B65901120114,
+                               F51732F103F1B65901120114,
+                               F51732F203F1B65901120114,
+                               F51732F303F1B65901120114,
+                               F51732F403F1B65901120114,
+                               F51732F503F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = crypto;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338803F1B65A01120114 = {
+               F517322703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_inq_context.c;
+                       lastKnownFileType = text;
+                       path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338903F1B65A01120114 = {
+               F517322803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_inq_cred.c;
+                       lastKnownFileType = text;
+                       path = .Sanitize;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338A03F1B65A01120114 = {
+               F517322903F1B65901120114 = {
+                       children = (
+                               F517322A03F1B65901120114,
+                               A1B21F170417D6BC00120114,
+                               A1B21F180417D6BC00120114,
+                               F517322B03F1B65901120114,
+                               F517322C03F1B65901120114,
+                               F517322D03F1B65901120114,
+                               F517322E03F1B65901120114,
+                               F517322F03F1B65901120114,
+                               F517323003F1B65901120114,
+                               F517323103F1B65901120114,
+                               F517323203F1B65901120114,
+                               F517323303F1B65901120114,
+                               F517323403F1B65901120114,
+                               F517323503F1B65901120114,
+                               F517323603F1B65901120114,
+                               F517323703F1B65901120114,
+                               F517323803F1B65901120114,
+                               F517323903F1B65901120114,
+                               F517323A03F1B65901120114,
+                               F517323B03F1B65901120114,
+                               F517324703F1B65901120114,
+                               F517324803F1B65901120114,
+                               F517324903F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = aes;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517322A03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_inq_names.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = "aes-gen.c";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338B03F1B65A01120114 = {
+               F517322B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_mechname.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = "aes-test.c";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338C03F1B65A01120114 = {
+               F517322C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_oid_ops.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = aes.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338D03F1B65A01120114 = {
+               F517322D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_process_context.c;
+                       lastKnownFileType = text;
+                       path = aes.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338E03F1B65A01120114 = {
+               F517322E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_rel_buffer.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = aescpp.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517338F03F1B65A01120114 = {
+               F517322F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_rel_cred.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = aescrypp.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339003F1B65A01120114 = {
+               F517323003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_rel_name.c;
+                       lastKnownFileType = sourcecode.asm;
+                       path = aescrypt.asm;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339103F1B65A01120114 = {
+               F517323103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_rel_oid_set.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = aescrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339203F1B65A01120114 = {
+               F517323203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_seal.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = aeskey.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339303F1B65A01120114 = {
+               F517323303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_sign.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = aeskeypp.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339403F1B65A01120114 = {
+               F517323403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_unseal.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = aesopt.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339503F1B65A01120114 = {
+               F517323503F1B65901120114 = {
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = aessrc.url;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517323603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_verify.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = aestab.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339603F1B65A01120114 = {
+               F517323703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gen_oids.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339703F1B65A01120114 = {
+               F517323803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssd_pname_to_uid.c;
+                       lastKnownFileType = text;
+                       path = "expect-vk.txt";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339803F1B65A01120114 = {
+               F517323903F1B65901120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = "expect-vt.txt";
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517323A03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339903F1B65A01120114 = {
+               F517323B03F1B65901120114 = {
+                       children = (
+                               F517323C03F1B65901120114,
+                               F517323D03F1B65901120114,
+                               F517323E03F1B65901120114,
+                               F517323F03F1B65901120114,
+                               F517324003F1B65901120114,
+                               F517324103F1B65901120114,
+                               F517324203F1B65901120114,
+                               F517324303F1B65901120114,
+                               F517324403F1B65901120114,
+                               F517324503F1B65901120114,
+                               F517324603F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = test;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517323C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mech.conf;
+                       lastKnownFileType = text;
+                       path = cbc_d_m.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339A03F1B65A01120114 = {
+               F517323D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mechglue.h;
+                       lastKnownFileType = text;
+                       path = cbc_e_m.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339B03F1B65A01120114 = {
+               F517323E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mglueP.h;
+                       lastKnownFileType = text;
+                       path = ecb_d_m.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339C03F1B65A01120114 = {
+               F517323F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = oid_ops.c;
+                       lastKnownFileType = text;
+                       path = ecb_e_m.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517339D03F1B65A01120114 = {
+               F517324003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = README_SAMPLE_APP;
+                       lastKnownFileType = text;
+                       path = ecb_iv.readme;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342003F1B65A01120114 = {
-                       children = (
-                               F517342303F1B65A01120114,
-                               F517342403F1B65A01120114,
-                               F517342503F1B65A01120114,
-                               F517342603F1B65A01120114,
-                               F517342703F1B65A01120114,
-                               F517342803F1B65A01120114,
-                               F517342903F1B65A01120114,
-                               F517342A03F1B65A01120114,
-                               F517342B03F1B65A01120114,
-                               F517342C03F1B65A01120114,
-                               F517342D03F1B65A01120114,
-                               F517342E03F1B65A01120114,
-                               F517342F03F1B65A01120114,
-                               F517343003F1B65A01120114,
-                               F517343103F1B65A01120114,
-                               F517343203F1B65A01120114,
-                               F517343303F1B65A01120114,
-                               F517343403F1B65A01120114,
-                               F517343503F1B65A01120114,
-                               F517343603F1B65A01120114,
-                               F517343703F1B65A01120114,
-                               F517343803F1B65A01120114,
-                               F517343903F1B65A01120114,
-                               F517343A03F1B65A01120114,
-                               F517343B03F1B65A01120114,
-                               F517343C03F1B65A01120114,
-                               F517343D03F1B65A01120114,
-                               F517343E03F1B65A01120114,
-                               F517343F03F1B65A01120114,
-                               F517344003F1B65A01120114,
-                               F517344103F1B65A01120114,
-                               F517344203F1B65A01120114,
-                               F517344303F1B65A01120114,
-                               F517344403F1B65A01120114,
-                               F517344503F1B65A01120114,
-                               F517344603F1B65A01120114,
-                               F517344703F1B65A01120114,
-                               F517344803F1B65A01120114,
-                               F517344903F1B65A01120114,
-                               F517344A03F1B65A01120114,
-                               F517344B03F1B65A01120114,
-                               F517344C03F1B65A01120114,
-                               F517344D03F1B65A01120114,
-                               F517344E03F1B65A01120114,
-                               F517344F03F1B65A01120114,
-                               F517345003F1B65A01120114,
-                               F517345103F1B65A01120114,
-                               F517345203F1B65A01120114,
-                               F517345303F1B65A01120114,
-                               F517345403F1B65A01120114,
-                               F517345503F1B65A01120114,
-                               F517345603F1B65A01120114,
-                               F517345703F1B65A01120114,
-                               F517345803F1B65A01120114,
-                               F517345903F1B65A01120114,
-                               F517345A03F1B65A01120114,
-                               F517345B03F1B65A01120114,
-                               F517345C03F1B65A01120114,
-                               F517345D03F1B65A01120114,
-                               F517345E03F1B65A01120114,
-                               F517345F03F1B65A01120114,
-                               F517346003F1B65A01120114,
-                               F517346103F1B65A01120114,
-                               F517346203F1B65A01120114,
-                               F517346303F1B65A01120114,
-                               F517346403F1B65A01120114,
-                               F517346503F1B65A01120114,
-                               F517346603F1B65A01120114,
-                               F517346703F1B65A01120114,
-                               F517346803F1B65A01120114,
-                               F517346903F1B65A01120114,
-                               F517346A03F1B65A01120114,
-                               F517346B03F1B65A01120114,
-                               F517346C03F1B65A01120114,
-                               F517346D03F1B65A01120114,
-                               F517346E03F1B65A01120114,
-                               F517346F03F1B65A01120114,
-                               F517347003F1B65A01120114,
-                               F517347103F1B65A01120114,
-                               F517347203F1B65A01120114,
-                               F517347303F1B65A01120114,
-                               F517347403F1B65A01120114,
-                               F517347503F1B65A01120114,
-                               F517347603F1B65A01120114,
-                               F517347703F1B65A01120114,
-                               F517347803F1B65A01120114,
-                               F517347903F1B65A01120114,
-                               F517347A03F1B65A01120114,
-                               F517347B03F1B65A01120114,
-                               F517347C03F1B65A01120114,
-                               F517347D03F1B65A01120114,
-                               F517347E03F1B65A01120114,
-                               F517347F03F1B65A01120114,
-                               F517348003F1B65A01120114,
-                               F517348103F1B65A01120114,
-                               F517348203F1B65A01120114,
-                               F517348303F1B65A01120114,
-                               F517348403F1B65A01120114,
-                               F517348503F1B65A01120114,
-                               F517348603F1B65A01120114,
-                               F517348703F1B65A01120114,
-                               F517348803F1B65A01120114,
-                               F517348903F1B65A01120114,
-                               F517348A03F1B65A01120114,
-                               F517348B03F1B65A01120114,
-                       );
-                       isa = PBXGroup;
-                       path = krb4;
-                       refType = 4;
-               };
-               F517342303F1B65A01120114 = {
+               F517324103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ad_print.c;
+                       lastKnownFileType = text;
+                       path = ecb_iv.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342403F1B65A01120114 = {
+               F517324203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "CCache-glue.c";
+                       lastKnownFileType = text;
+                       path = ecb_tbl.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342503F1B65A01120114 = {
+               F517324303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = change_password.c;
+                       lastKnownFileType = text;
+                       path = ecb_vk.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342603F1B65A01120114 = {
+               F517324403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = text;
+                       path = ecb_vt.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342703F1B65A01120114 = {
-                       fileEncoding = 30;
+               F517324503F1B65901120114 = {
                        isa = PBXFileReference;
-                       path = configure.in;
+                       lastKnownFileType = image.pdf;
+                       path = katmct.pdf;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342803F1B65A01120114 = {
+               F517324603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = cr_auth_repl.c;
+                       lastKnownFileType = text;
+                       path = Readme.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342903F1B65A01120114 = {
+               F517324703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = cr_ciph.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = uitypes.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342A03F1B65A01120114 = {
+               F517324803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = cr_death_pkt.c;
+                       lastKnownFileType = text;
+                       path = vb.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342B03F1B65A01120114 = {
-                       fileEncoding = 30;
+               F517324903F1B65901120114 = {
                        isa = PBXFileReference;
-                       path = cr_err_repl.c;
+                       lastKnownFileType = file;
+                       path = vbaxam.doc;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342C03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = cr_tkt.c;
+               F517324A03F1B65901120114 = {
+                       children = (
+                               F517324B03F1B65901120114,
+                               F517324C03F1B65901120114,
+                               F517324D03F1B65901120114,
+                               F517324E03F1B65901120114,
+                               F517324F03F1B65901120114,
+                               F517325003F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = arcfour;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342D03F1B65A01120114 = {
+               F517324B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = debug.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "arcfour-int.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342E03F1B65A01120114 = {
+               F517324C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = decomp_tkt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = arcfour.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517342F03F1B65A01120114 = {
+               F517324D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = dest_tkt.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = arcfour.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343003F1B65A01120114 = {
+               F517324E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = err_txt.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343103F1B65A01120114 = {
+               F517324F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = fakeenv.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343203F1B65A01120114 = {
+               F517325003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = fgetst.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = string_to_key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343303F1B65A01120114 = {
+               F517325103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "FSp-glue.c";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = block_size.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343403F1B65A01120114 = {
+               F517325203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_ad_tkt.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343503F1B65A01120114 = {
+               F517325303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_cnffile.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = checksum_length.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343603F1B65A01120114 = {
+               F517325403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_cred.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cksumtype_to_string.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343703F1B65A01120114 = {
+               F517325503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_in_tkt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cksumtypes.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343803F1B65A01120114 = {
+               F517325603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_phost.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = cksumtypes.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343903F1B65A01120114 = {
+               F517325703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_pw_in_tkt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = coll_proof_cksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343A03F1B65A01120114 = {
+               F517325803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_pw_tkt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = combine_keys.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343B03F1B65A01120114 = {
+               F517325903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_svc_in_tkt.c;
+                       lastKnownFileType = text;
+                       path = configure.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343C03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = g_tf_fname.c;
+               F517325A03F1B65901120114 = {
+                       children = (
+                               F517325B03F1B65901120114,
+                               F517325C03F1B65901120114,
+                               F517325D03F1B65901120114,
+                               F517325E03F1B65901120114,
+                               F517325F03F1B65901120114,
+                               F517326003F1B65901120114,
+                               F517326103F1B65901120114,
+                               F517326203F1B65901120114,
+                               F517326303F1B65901120114,
+                               F517326403F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = crc32;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343D03F1B65A01120114 = {
+               F517325B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_tf_realm.c;
+                       lastKnownFileType = text;
+                       path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343E03F1B65A01120114 = {
+               F517325C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = g_tkt_svc.c;
+                       lastKnownFileType = text;
+                       path = .Sanitize;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517343F03F1B65A01120114 = {
+               F517325D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gethostname.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344003F1B65A01120114 = {
+               F517325E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = getst.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "crc-32.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344103F1B65A01120114 = {
+               F517325F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = in_tkt.c;
+                       lastKnownFileType = text.script.perl;
+                       path = crc.pl;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344203F1B65A01120114 = {
+               F517326003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kadm_err.et;
+                       lastKnownFileType = text.script.perl;
+                       path = CRC.pm;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344303F1B65A01120114 = {
+               F517326103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kadm_net.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = crc32.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344403F1B65A01120114 = {
+               F517326203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kadm_stream.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344503F1B65A01120114 = {
+               F517326303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = klog.c;
+                       lastKnownFileType = text.script.perl;
+                       path = Poly.pm;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344603F1B65A01120114 = {
+               F517326403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kname_parse.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_crc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344703F1B65A01120114 = {
+               F517326503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kntoln.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = crypto_libinit.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344803F1B65A01120114 = {
+               F517326603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kparse.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = crypto_libinit.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344903F1B65A01120114 = {
+               F517326703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb4int.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = decrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344A03F1B65A01120114 = {
+               F517326803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb_err.et;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = default_state.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344B03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kuserok.c;
+               F517326903F1B65901120114 = {
+                       children = (
+                               F517326A03F1B65901120114,
+                               F517326B03F1B65901120114,
+                               F517326C03F1B65901120114,
+                               F517326D03F1B65901120114,
+                               F517326E03F1B65901120114,
+                               F517326F03F1B65901120114,
+                               F517327003F1B65901120114,
+                               F517327103F1B65901120114,
+                               F517327203F1B65901120114,
+                               F517327503F1B65901120114,
+                               F517327603F1B65901120114,
+                               F517327703F1B65901120114,
+                               F517327803F1B65901120114,
+                               F517327903F1B65901120114,
+                               F517327A03F1B65901120114,
+                               F517327B03F1B65901120114,
+                               F517327C03F1B65901120114,
+                               F517327D03F1B65901120114,
+                               F517327E03F1B65901120114,
+                               F517327F03F1B65901120114,
+                               F517328003F1B65901120114,
+                               F517328103F1B65901120114,
+                               F517328203F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = des;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344C03F1B65A01120114 = {
+               F517326A03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = lifetime.c;
+                       lastKnownFileType = text;
+                       path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344D03F1B65A01120114 = {
+               F517326B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = log.c;
+                       lastKnownFileType = text;
+                       path = .Sanitize;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344E03F1B65A01120114 = {
+               F517326C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mac_glue.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = afsstring2key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517344F03F1B65A01120114 = {
+               F517326D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mac_store.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345003F1B65A01120114 = {
+               F517326E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mac_store.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = d3_cbc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345103F1B65A01120114 = {
+               F517326F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mac_stubs.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = d3_kysched.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345203F1B65A01120114 = {
+               F517327003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mac_time.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = des_int.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345303F1B65A01120114 = {
+               F517327103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = macsock.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = destest.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345403F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = Makefile.in;
+               F517327203F1B65901120114 = {
+                       children = (
+                               F517327303F1B65901120114,
+                               F517327403F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = doc;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345503F1B65A01120114 = {
+               F517327303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = memcache.c;
+                       lastKnownFileType = text;
+                       path = .Sanitize;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345603F1B65A01120114 = {
-                       fileEncoding = 30;
+               F517327403F1B65901120114 = {
                        isa = PBXFileReference;
-                       path = memcache.h;
+                       lastKnownFileType = text;
+                       path = libdes.doc;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345703F1B65A01120114 = {
+               F517327503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_auth.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = f_cbc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345803F1B65A01120114 = {
+               F517327603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_err.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = f_cksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345903F1B65A01120114 = {
+               F517327703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_preauth.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = f_parity.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345A03F1B65A01120114 = {
+               F517327803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_priv.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = f_sched.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345B03F1B65A01120114 = {
+               F517327903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_req.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = f_tables.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345C03F1B65A01120114 = {
+               F517327A03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_safe.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = f_tables.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345D03F1B65A01120114 = {
+               F517327B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = month_sname.c;
+                       lastKnownFileType = text;
+                       path = ISSUES;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345E03F1B65A01120114 = {
+               F517327C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = netread.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = key_sched.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517345F03F1B65A01120114 = {
+               F517327D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = netwrite.c;
+                       lastKnownFileType = text;
+                       path = keytest.data;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346003F1B65A01120114 = {
+               F517327E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Password.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346103F1B65A01120114 = {
+               F517327F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = password_to_key.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = string2key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346203F1B65A01120114 = {
+               F517328003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = pkt_cipher.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_afss2k.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346303F1B65A01120114 = {
+               F517328103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = pkt_clen.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_verify.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346403F1B65A01120114 = {
+               F517328203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prot_client.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = weak_key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346503F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = prot_common.c;
+               F517328303F1B65901120114 = {
+                       children = (
+                               F517328403F1B65901120114,
+                               F517328503F1B65901120114,
+                               F517328603F1B65901120114,
+                               F517328703F1B65901120114,
+                               F517328803F1B65901120114,
+                               F517328903F1B65901120114,
+                               F517328A03F1B65901120114,
+                               F517328B03F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = dk;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346603F1B65A01120114 = {
+               F517328403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prot_kdc.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346703F1B65A01120114 = {
+               F517328503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = put_svc_key.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = checksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346803F1B65A01120114 = {
+               F517328603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_err.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = derive.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346903F1B65A01120114 = {
+               F517328703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_preauth.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = dk.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346A03F1B65A01120114 = {
+               F517328803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_priv.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = dk_decrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346B03F1B65A01120114 = {
+               F517328903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_req.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = dk_encrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346C03F1B65A01120114 = {
+               F517328A03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_safe.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346D03F1B65A01120114 = {
+               F517328B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_svc_key.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = stringtokey.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346E03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "RealmsConfig-glue.c";
+               F517328C03F1B65901120114 = {
+                       children = (
+                               F517328D03F1B65901120114,
+                               F517328E03F1B65901120114,
+                               F517328F03F1B65901120114,
+                               F517329003F1B65901120114,
+                               F517329103F1B65901120114,
+                               F517329203F1B65901120114,
+                               F517329303F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = enc_provider;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517346F03F1B65A01120114 = {
+               F517328D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = recvauth.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = aes.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347003F1B65A01120114 = {
+               F517328E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "ren-cyg.sh";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = arcfour.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347103F1B65A01120114 = {
+               F517328F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "ren-pc.bat";
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347203F1B65A01120114 = {
+               F517329003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "ren-pc.sh";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = des.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347303F1B65A01120114 = {
+               F517329103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "ren-pl10.sh";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = des3.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347403F1B65A01120114 = {
+               F517329203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ren.msg;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = enc_provider.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347503F1B65A01120114 = {
+               F517329303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ren2dos.sh;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347603F1B65A01120114 = {
+               F517329403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ren2long.sh;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = encrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347703F1B65A01120114 = {
+               F517329503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = save_creds.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = encrypt_length.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347803F1B65A01120114 = {
+               F517329603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "sed-cyg.sh";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = enctype_compare.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347903F1B65A01120114 = {
+               F517329703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "sed-pc.sh";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = enctype_to_string.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347A03F1B65A01120114 = {
+               F517329803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "sed-pl10.sh";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = etypes.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347B03F1B65A01120114 = {
+               F517329903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = send_to_kdc.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = etypes.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347C03F1B65A01120114 = {
+               F517329A03F1B65901120114 = {
+                       children = (
+                               F517329B03F1B65901120114,
+                               F517329C03F1B65901120114,
+                               F517329D03F1B65901120114,
+                               F517329E03F1B65901120114,
+                               F517329F03F1B65901120114,
+                               F51732A003F1B65901120114,
+                               F51732A103F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = hash_provider;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517329B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = sendauth.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347D03F1B65A01120114 = {
+               F517329C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = setenv.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = hash_crc32.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347E03F1B65A01120114 = {
+               F517329D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = stime.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = hash_md4.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517347F03F1B65A01120114 = {
+               F517329E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = strcasecmp.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = hash_md5.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348003F1B65A01120114 = {
+               F517329F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = strnlen.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = hash_provider.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348103F1B65A01120114 = {
+               F51732A003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = swab.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = hash_sha1.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348203F1B65A01120114 = {
+               F51732A103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = tf_shm.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348303F1B65A01120114 = {
+               F51732A203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = tf_util.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = hmac.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348403F1B65A01120114 = {
+               F51732A303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = tkt_string.c;
+                       lastKnownFileType = text;
+                       path = ISSUES;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348503F1B65A01120114 = {
+               F51732A403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = unix_glue.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = keyed_checksum_types.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348603F1B65A01120114 = {
+               F51732A503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = unix_time.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = keyed_cksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348703F1B65A01120114 = {
-                       isa = PBXFileReference;
-                       path = vmslink.com;
+               F51732A603F1B65901120114 = {
+                       children = (
+                               F51732A703F1B65901120114,
+                               F51732A803F1B65901120114,
+                               F51732A903F1B65901120114,
+                               F51732AA03F1B65901120114,
+                               F51732AB03F1B65901120114,
+                               F51732AC03F1B65901120114,
+                               F51732AD03F1B65901120114,
+                               F51732AE03F1B65901120114,
+                               F51732AF03F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = keyhash_provider;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348803F1B65A01120114 = {
+               F51732A703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = vmsswab.c;
+                       lastKnownFileType = text;
+                       path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348903F1B65A01120114 = {
+               F51732A803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = win_glue.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348A03F1B65A01120114 = {
+               F51732A903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = win_store.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = descbc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517348B03F1B65A01120114 = {
+               F51732AA03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = win_time.c;
-                       refType = 4;
-               };
-               F517348E03F1B65A01120114 = {
-                       children = (
-                               F517349003F1B65A01120114,
-                               F51734AB03F1B65A01120114,
-                               F51734CB03F1B65A01120114,
-                               F51734CC03F1B65A01120114,
-                               F51734CD03F1B65A01120114,
-                               F51734D903F1B65A01120114,
-                               F51734E903F1B65A01120114,
-                               F517355203F1B65A01120114,
-                               F517355303F1B65A01120114,
-                               F517355403F1B65A01120114,
-                               F517355503F1B65A01120114,
-                               F517358B03F1B65A01120114,
-                               F517359B03F1B65A01120114,
-                       );
-                       isa = PBXGroup;
-                       path = krb5;
-                       refType = 4;
-               };
-               F517349003F1B65A01120114 = {
-                       children = (
-                               F517349403F1B65A01120114,
-                               F517349503F1B65A01120114,
-                               F517349603F1B65A01120114,
-                               F517349703F1B65A01120114,
-                               F517349803F1B65A01120114,
-                               F517349903F1B65A01120114,
-                               F517349A03F1B65A01120114,
-                               F517349B03F1B65A01120114,
-                               F517349C03F1B65A01120114,
-                               F517349D03F1B65A01120114,
-                               F517349E03F1B65A01120114,
-                               F517349F03F1B65A01120114,
-                               F51734A003F1B65A01120114,
-                               F51734A103F1B65A01120114,
-                               F51734A203F1B65A01120114,
-                               F51734A303F1B65A01120114,
-                               F51734A403F1B65A01120114,
-                               F51734A503F1B65A01120114,
-                               F51734A603F1B65A01120114,
-                               F51734A703F1B65A01120114,
-                               F51734A803F1B65A01120114,
-                               F51734A903F1B65A01120114,
-                               F51734AA03F1B65A01120114,
-                       );
-                       isa = PBXGroup;
-                       path = asn.1;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = hmac_md5.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349403F1B65A01120114 = {
+               F51732AB03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_decode.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = k5_md4des.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349503F1B65A01120114 = {
+               F51732AC03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_decode.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = k5_md5des.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349603F1B65A01120114 = {
+               F51732AD03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_encode.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = keyhash_provider.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349703F1B65A01120114 = {
+               F51732AE03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_encode.h;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349803F1B65A01120114 = {
+               F51732AF03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_get.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_cksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349903F1B65A01120114 = {
+               F51732B003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_get.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = make_checksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349A03F1B65A01120114 = {
+               F51732B103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_k_decode.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = make_random_key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349B03F1B65A01120114 = {
+               F51732B203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_k_decode.h;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349C03F1B65A01120114 = {
+               F51732B303F1B65901120114 = {
+                       children = (
+                               F51732B403F1B65901120114,
+                               F51732B503F1B65901120114,
+                               F51732B603F1B65901120114,
+                               F51732B703F1B65901120114,
+                               F51732B803F1B65901120114,
+                               F51732B903F1B65901120114,
+                               F51732BA03F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = md4;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F51732B403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_k_encode.c;
+                       lastKnownFileType = text;
+                       path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349D03F1B65A01120114 = {
+               F51732B503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_k_encode.h;
+                       lastKnownFileType = text;
+                       path = .Sanitize;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349E03F1B65A01120114 = {
+               F51732B603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_make.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517349F03F1B65A01120114 = {
+               F51732B703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_make.h;
+                       lastKnownFileType = text;
+                       path = ISSUES;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734A003F1B65A01120114 = {
+               F51732B803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_misc.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734A103F1B65A01120114 = {
+               F51732B903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_misc.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = md4.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734A203F1B65A01120114 = {
+               F51732BA03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1buf.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "rsa-md4.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734A303F1B65A01120114 = {
+               F51732BB03F1B65901120114 = {
+                       children = (
+                               F51732BC03F1B65901120114,
+                               F51732BD03F1B65901120114,
+                               F51732BE03F1B65901120114,
+                               F51732BF03F1B65901120114,
+                               F51732C003F1B65901120114,
+                               F51732C103F1B65901120114,
+                               F51732C203F1B65901120114,
+                               F51732C303F1B65901120114,
+                               F51732C403F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = md5;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F51732BC03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1buf.h;
+                       lastKnownFileType = text;
+                       path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734A403F1B65A01120114 = {
+               F51732BD03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1glue.h;
+                       lastKnownFileType = text;
+                       path = .Sanitize;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734A503F1B65A01120114 = {
+               F51732BE03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734A603F1B65A01120114 = {
+               F51732BF03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "KRB5-asn.py";
+                       lastKnownFileType = text;
+                       path = ISSUES;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734A703F1B65A01120114 = {
+               F51732C003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb5_decode.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734A803F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = krb5_encode.c;
-                       refType = 4;
-               };
-               F51734A903F1B65A01120114 = {
+               F51732C103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krbasn1.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = md5.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734AA03F1B65A01120114 = {
+               F51732C203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
-                       refType = 4;
-               };
-               F51734AB03F1B65A01120114 = {
-                       children = (
-                               F51734AE03F1B65A01120114,
-                               F51734AF03F1B65A01120114,
-                               F51734B003F1B65A01120114,
-                               F51734B103F1B65A01120114,
-                               F51734BA03F1B65A01120114,
-                               F51734BB03F1B65A01120114,
-                               F51734BC03F1B65A01120114,
-                               F51734BD03F1B65A01120114,
-                               F51734BE03F1B65A01120114,
-                               F51734BF03F1B65A01120114,
-                               F51734C003F1B65A01120114,
-                               F51734C103F1B65A01120114,
-                               F51734C203F1B65A01120114,
-                               F51734C303F1B65A01120114,
-                               F51734C403F1B65A01120114,
-                               F51734C503F1B65A01120114,
-                               F51734C603F1B65A01120114,
-                               F51734C703F1B65A01120114,
-                               F51734C803F1B65A01120114,
-                               F51734C903F1B65A01120114,
-                               F51734CA03F1B65A01120114,
-                       );
-                       isa = PBXGroup;
-                       path = ccache;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "rsa-md5.h";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734AE03F1B65A01120114 = {
+               F51732C303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = cc_file.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_cksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734AF03F1B65A01120114 = {
+               F51732C403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = cc_memory.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_mddriver.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734B003F1B65A01120114 = {
+               F51732C503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = cc_retr.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = nfold.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734B103F1B65A01120114 = {
+               F51732C603F1B65901120114 = {
                        children = (
-                               F51734B203F1B65A01120114,
-                               F51734B303F1B65A01120114,
-                               F51734B403F1B65A01120114,
-                               F51734B503F1B65A01120114,
-                               F51734B603F1B65A01120114,
-                               F51734B703F1B65A01120114,
-                               F51734B803F1B65A01120114,
-                               F51734B903F1B65A01120114,
+                               F51732C703F1B65901120114,
+                               F51732C803F1B65901120114,
+                               F51732C903F1B65901120114,
+                               F51732CA03F1B65901120114,
+                               F51732CB03F1B65901120114,
+                               F51732CC03F1B65901120114,
                        );
                        isa = PBXGroup;
-                       path = ccapi;
+                       path = old;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734B203F1B65A01120114 = {
+               F51732C703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734B303F1B65A01120114 = {
+               F51732C803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = des_stringtokey.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734B403F1B65A01120114 = {
+               F51732C903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = stdcc.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734B503F1B65A01120114 = {
+               F51732CA03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = stdcc.h;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = old.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734B603F1B65A01120114 = {
+               F51732CB03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = stdcc_util.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = old_decrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734B703F1B65A01120114 = {
+               F51732CC03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = stdcc_util.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = old_encrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734B803F1B65A01120114 = {
+               F51732CD03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = winccld.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = old_api_glue.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734B903F1B65A01120114 = {
+               F51732CF03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = winccld.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = pbkdf2.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734BA03F1B65A01120114 = {
+               F51732D003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ccbase.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prng.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734BB03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = cccopy.c;
+               F51732D103F1B65901120114 = {
+                       children = (
+                               F51732D203F1B65901120114,
+                               F51732D303F1B65901120114,
+                               F51732D403F1B65901120114,
+                               F51732D503F1B65901120114,
+                               F51732D603F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = raw;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734BC03F1B65A01120114 = {
+               F51732D203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ccdefault.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734BD03F1B65A01120114 = {
+               F51732D303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ccdefops.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734BE03F1B65A01120114 = {
+               F51732D403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ccfns.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = raw.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734BF03F1B65A01120114 = {
+               F51732D503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = raw_decrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734C003F1B65A01120114 = {
+               F51732D603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = fcc.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = raw_encrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734C103F1B65A01120114 = {
+               F51732D803F1B65901120114 = {
                        children = (
+                               F51732D903F1B65901120114,
+                               F51732DA03F1B65901120114,
+                               F51732DB03F1B65901120114,
+                               F51732DC03F1B65901120114,
+                               F51732DD03F1B65901120114,
+                               F51732DE03F1B65901120114,
+                               F51732DF03F1B65901120114,
+                               F51732E003F1B65901120114,
                        );
                        isa = PBXGroup;
-                       path = file;
+                       path = sha1;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734C203F1B65A01120114 = {
+               F51732D903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = text;
+                       path = .cvsignore;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734C303F1B65A01120114 = {
-                       children = (
-                       );
-                       isa = PBXGroup;
-                       path = memory;
+               F51732DA03F1B65901120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734C403F1B65A01120114 = {
+               F51732DB03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = scc.h;
+                       lastKnownFileType = text;
+                       path = ISSUES;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734C503F1B65A01120114 = {
+               F51732DC03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_cc.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734C603F1B65A01120114 = {
-                       children = (
-                       );
-                       isa = PBXGroup;
-                       path = stdio;
+               F51732DD03F1B65901120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = shs.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734C703F1B65A01120114 = {
+               F51732DE03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_cc.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = shs.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734C803F1B65A01120114 = {
+               F51732DF03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_file.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_shs.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734C903F1B65A01120114 = {
+               F51732E003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_memory.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_shs3.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734CA03F1B65A01120114 = {
+               F51732E103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_stdio.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = state.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734CB03F1B65A01120114 = {
+               F51732E203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = string_to_cksumtype.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734CC03F1B65A01120114 = {
+               F51732E303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = configure.in;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = string_to_enctype.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734CD03F1B65A01120114 = {
-                       children = (
-                               F51734D103F1B65A01120114,
-                               F51734D203F1B65A01120114,
-                               F51734D303F1B65A01120114,
-                               F51734D403F1B65A01120114,
-                               F51734D503F1B65A01120114,
-                               F51734D603F1B65A01120114,
-                               F51734D703F1B65A01120114,
-                       );
-                       isa = PBXGroup;
-                       path = error_tables;
+               F51732E403F1B65901120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = string_to_key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734D103F1B65A01120114 = {
+               F51732E503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_err.et;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_cts.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734D203F1B65A01120114 = {
+               F51732E603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_encrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734D303F1B65A01120114 = {
+               F51732E703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = init_ets.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_hmac.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734D403F1B65A01120114 = {
+               F51732E803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kdb5_err.et;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_nfold.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734D503F1B65A01120114 = {
+               F51732E903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb5_err.et;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_pkcs5.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734D603F1B65A01120114 = {
+               F51732EA03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kv5m_err.et;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_prng.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734D703F1B65A01120114 = {
+               F51732EB03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = text;
+                       path = t_prng.comments;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734D903F1B65A01120114 = {
-                       children = (
-                               F51734DB03F1B65A01120114,
-                               F51734DE03F1B65A01120114,
-                               F51734DF03F1B65A01120114,
-                               F51734E003F1B65A01120114,
-                               F51734E103F1B65A01120114,
-                               F51734E203F1B65A01120114,
-                               F51734E303F1B65A01120114,
-                               F51734E403F1B65A01120114,
-                               F51734E503F1B65A01120114,
-                               F51734E603F1B65A01120114,
-                               F51734E703F1B65A01120114,
-                       );
-                       isa = PBXGroup;
-                       path = keytab;
-                       refType = 4;
-               };
-               F51734DB03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = ChangeLog;
-                       refType = 4;
-               };
-               F51734DE03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kt_file.c;
-                       refType = 4;
-               };
-               F51734DF03F1B65A01120114 = {
+               F51732EC03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kt_srvtab.c;
+                       lastKnownFileType = text;
+                       path = t_prng.expected;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734E003F1B65A01120114 = {
+               F51732ED03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ktadd.c;
+                       lastKnownFileType = text;
+                       path = t_prng.reseedtest;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734E103F1B65A01120114 = {
+               F51732EE03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ktbase.c;
+                       lastKnownFileType = text;
+                       path = "t_prng.reseedtest-comments";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734E203F1B65A01120114 = {
+               F51732EF03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ktdefault.c;
+                       lastKnownFileType = text;
+                       path = "t_prng.reseedtest-expected";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734E303F1B65A01120114 = {
+               F51732F003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ktfns.c;
+                       lastKnownFileType = text;
+                       path = t_prng.seed;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734E403F1B65A01120114 = {
+               F51732F103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ktfr_entry.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = valid_cksumtype.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734E503F1B65A01120114 = {
+               F51732F203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ktremove.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = valid_enctype.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734E603F1B65A01120114 = {
+               F51732F303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = vectors.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734E703F1B65A01120114 = {
+               F51732F403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = read_servi.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = verify_checksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734E903F1B65A01120114 = {
+               F51732F503F1B65901120114 = {
                        children = (
-                               F51734EC03F1B65A01120114,
-                               F51734ED03F1B65A01120114,
-                               F51734EE03F1B65A01120114,
-                               F51734EF03F1B65A01120114,
-                               F51734F003F1B65A01120114,
-                               F51734F103F1B65A01120114,
-                               F51734F203F1B65A01120114,
-                               F51734F303F1B65A01120114,
-                               F51734F403F1B65A01120114,
-                               F51734F503F1B65A01120114,
-                               F51734F603F1B65A01120114,
-                               F51734F703F1B65A01120114,
-                               F51734F803F1B65A01120114,
-                               F51734F903F1B65A01120114,
-                               F51734FA03F1B65A01120114,
-                               F51734FB03F1B65A01120114,
-                               F51734FC03F1B65A01120114,
-                               F51734FD03F1B65A01120114,
-                               F51734FE03F1B65A01120114,
-                               F51734FF03F1B65A01120114,
-                               F517350003F1B65A01120114,
-                               F517350103F1B65A01120114,
-                               F517350203F1B65A01120114,
-                               F517350303F1B65A01120114,
-                               F517350403F1B65A01120114,
-                               F517350503F1B65A01120114,
-                               F517350603F1B65A01120114,
-                               F517350703F1B65A01120114,
-                               F517350803F1B65A01120114,
-                               F517350903F1B65A01120114,
-                               F517350A03F1B65A01120114,
-                               F517350B03F1B65A01120114,
-                               F517350C03F1B65A01120114,
-                               F517350D03F1B65A01120114,
-                               F517350E03F1B65A01120114,
-                               F517350F03F1B65A01120114,
-                               F517351003F1B65A01120114,
-                               F517351103F1B65A01120114,
-                               F517351203F1B65A01120114,
-                               F517351303F1B65A01120114,
-                               F517351403F1B65A01120114,
-                               F517351503F1B65A01120114,
-                               F517351603F1B65A01120114,
-                               F517351703F1B65A01120114,
-                               F517351803F1B65A01120114,
-                               F517351903F1B65A01120114,
-                               F517351A03F1B65A01120114,
-                               F517351B03F1B65A01120114,
-                               F517351C03F1B65A01120114,
-                               F517351D03F1B65A01120114,
-                               F517351E03F1B65A01120114,
-                               F517351F03F1B65A01120114,
-                               F517352003F1B65A01120114,
-                               F517352103F1B65A01120114,
-                               F517352203F1B65A01120114,
-                               F517352303F1B65A01120114,
-                               F517352403F1B65A01120114,
-                               F517352503F1B65A01120114,
-                               F517352603F1B65A01120114,
-                               F517352703F1B65A01120114,
-                               F517352803F1B65A01120114,
-                               F517352903F1B65A01120114,
-                               F517352A03F1B65A01120114,
-                               F517352B03F1B65A01120114,
-                               F517352C03F1B65A01120114,
-                               F517352D03F1B65A01120114,
-                               F517352E03F1B65A01120114,
-                               F517352F03F1B65A01120114,
-                               F517353003F1B65A01120114,
-                               F517353103F1B65A01120114,
-                               F517353203F1B65A01120114,
-                               F517353303F1B65A01120114,
-                               F517353403F1B65A01120114,
-                               F517353503F1B65A01120114,
-                               F517353603F1B65A01120114,
-                               F517353703F1B65A01120114,
-                               F517353803F1B65A01120114,
-                               F517353903F1B65A01120114,
-                               F517353A03F1B65A01120114,
-                               F517353B03F1B65A01120114,
-                               F517353C03F1B65A01120114,
-                               F517353D03F1B65A01120114,
-                               F517353E03F1B65A01120114,
-                               F517353F03F1B65A01120114,
-                               F517354003F1B65A01120114,
-                               F517354103F1B65A01120114,
-                               F517354203F1B65A01120114,
-                               F517354303F1B65A01120114,
-                               F517354403F1B65A01120114,
-                               F517354503F1B65A01120114,
-                               F517354603F1B65A01120114,
-                               F517354703F1B65A01120114,
-                               F517354803F1B65A01120114,
-                               F517354903F1B65A01120114,
-                               F517354A03F1B65A01120114,
-                               F517354B03F1B65A01120114,
-                               F517354C03F1B65A01120114,
-                               F517354D03F1B65A01120114,
-                               F517354E03F1B65A01120114,
-                               F517354F03F1B65A01120114,
-                               F517355003F1B65A01120114,
-                               F517355103F1B65A01120114,
+                               F51732F603F1B65901120114,
+                               F51732F703F1B65901120114,
+                               F51732F803F1B65901120114,
+                               F51732F903F1B65901120114,
+                               F51732FA03F1B65901120114,
+                               F51732FB03F1B65901120114,
+                               F51732FC03F1B65901120114,
+                               F51732FD03F1B65901120114,
+                               F51732FE03F1B65901120114,
+                               F51732FF03F1B65901120114,
+                               F517330003F1B65901120114,
+                               F517330103F1B65901120114,
+                               F517330203F1B65901120114,
+                               F517330303F1B65901120114,
+                               F517330403F1B65901120114,
+                               F517330503F1B65901120114,
+                               F517330603F1B65901120114,
+                               F517330703F1B65901120114,
                        );
                        isa = PBXGroup;
-                       path = krb;
+                       path = yarrow;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734EC03F1B65A01120114 = {
+               F51732F603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = addr_comp.c;
+                       lastKnownFileType = text;
+                       path = ASSUMPTIONS;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734ED03F1B65A01120114 = {
+               F51732F703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = addr_order.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734EE03F1B65A01120114 = {
+               F51732F803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = addr_srch.c;
+                       lastKnownFileType = text;
+                       path = LICENSE;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734EF03F1B65A01120114 = {
+               F51732F903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = appdefault.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734F003F1B65A01120114 = {
+               F51732FA03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = auth_con.c;
+                       lastKnownFileType = text;
+                       path = README;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734F103F1B65A01120114 = {
+               F51732FB03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = auth_con.h;
+                       lastKnownFileType = text;
+                       path = TODO;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734F203F1B65A01120114 = {
+               F51732FC03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = bld_pr_ext.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = yarrow.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734F303F1B65A01120114 = {
+               F51732FD03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = bld_princ.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = yarrow.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734F403F1B65A01120114 = {
+               F51732FE03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = brand.c;
+                       lastKnownFileType = text;
+                       path = yarrow.man;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734F503F1B65A01120114 = {
+               F51732FF03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = text;
+                       path = yarrow.pod;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734F603F1B65A01120114 = {
+               F517330003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = chk_trans.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ycipher.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734F703F1B65A01120114 = {
+               F517330103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = chpw.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = ycipher.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734F803F1B65A01120114 = {
+               F517330203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = cleanup.h;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = yexcep.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734F903F1B65A01120114 = {
+               F517330303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = conv_princ.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = yhash.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734FA03F1B65A01120114 = {
+               F517330403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = copy_addrs.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = ylock.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734FB03F1B65A01120114 = {
+               F517330503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = copy_athctr.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = ystate.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734FC03F1B65A01120114 = {
+               F517330603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = copy_auth.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ytest.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734FD03F1B65A01120114 = {
+               F517330703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = copy_cksum.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = ytypes.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734FE03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = copy_creds.c;
+               F517330803F1B65901120114 = {
+                       children = (
+                               F517330B03F1B65901120114,
+                               F517330C03F1B65901120114,
+                               F517330D03F1B65901120114,
+                               F517330E03F1B65901120114,
+                               F517330F03F1B65901120114,
+                               F517331003F1B65901120114,
+                               F517331103F1B65901120114,
+                               F517331203F1B65901120114,
+                               F517331303F1B65901120114,
+                               F517331403F1B65901120114,
+                               F517331503F1B65901120114,
+                               F517331603F1B65901120114,
+                               F517331703F1B65901120114,
+                               F517331803F1B65901120114,
+                               F517331903F1B65901120114,
+                               F517331A03F1B65901120114,
+                               F517331B03F1B65901120114,
+                               F517331C03F1B65901120114,
+                               F517331D03F1B65901120114,
+                               F517331E03F1B65901120114,
+                               F517331F03F1B65901120114,
+                               F517332003F1B65901120114,
+                               A166BCC3040D36F8004AA618,
+                       );
+                       isa = PBXGroup;
+                       path = des425;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51734FF03F1B65A01120114 = {
+               F517330B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = copy_data.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350003F1B65A01120114 = {
+               F517330C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = copy_key.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350103F1B65A01120114 = {
+               F517330D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = copy_princ.c;
+                       lastKnownFileType = text;
+                       path = configure.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350203F1B65A01120114 = {
+               F517330E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = copy_tick.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = des.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350303F1B65A01120114 = {
+               F517330F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = cp_key_cnt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = enc_dec.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350403F1B65A01120114 = {
+               F517331003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = decode_kdc.c;
+                       lastKnownFileType = text;
+                       path = ISSUES;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350503F1B65A01120114 = {
+               F517331103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = decrypt_tk.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = key_parity.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350603F1B65A01120114 = {
+               F517331203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = deltat.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = key_sched.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350703F1B65A01120114 = {
+               F517331303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = enc_helper.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350803F1B65A01120114 = {
+               F517331403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = encode_kdc.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = new_rnd_key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350903F1B65A01120114 = {
+               F517331503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = encrypt_tk.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = pcbc_encrypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350A03F1B65A01120114 = {
+               F517331603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = free_rtree.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = quad_cksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350B03F1B65A01120114 = {
+               F517331703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = fwd_tgt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = random_key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350C03F1B65A01120114 = {
+               F517331803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gc_frm_kdc.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = read_passwd.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350D03F1B65A01120114 = {
+               F517331903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gc_via_tkt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = str_to_key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350E03F1B65A01120114 = {
+               F517331A03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gen_seqnum.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = string2key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517350F03F1B65A01120114 = {
+               F517331B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gen_subkey.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_pcbc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351003F1B65A01120114 = {
+               F517331C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = get_creds.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_quad.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351103F1B65A01120114 = {
+               F517331D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = get_in_tkt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = unix_time.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351203F1B65A01120114 = {
+               F517331E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gic_keytab.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351303F1B65A01120114 = {
+               F517331F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gic_opt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = verify.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351403F1B65A01120114 = {
+               F517332003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gic_pwd.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = weak_key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351503F1B65A01120114 = {
+               F517332103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = in_tkt_ktb.c;
+                       lastKnownFileType = text;
+                       path = exports.crypto;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351603F1B65A01120114 = {
+               F517332203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = in_tkt_pwd.c;
+                       lastKnownFileType = text;
+                       path = exports.des425;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351703F1B65A01120114 = {
+               F517332303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = in_tkt_sky.c;
+                       lastKnownFileType = text;
+                       path = exports.kdb5;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351803F1B65A01120114 = {
+               F517332403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = init_ctx.c;
+                       lastKnownFileType = text;
+                       path = exports.krb5;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351903F1B65A01120114 = {
+               F517332503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = init_keyblock.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = glue4.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351A03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = "int-proto.h";
+               F517332603F1B65901120114 = {
+                       children = (
+                               F517332803F1B65901120114,
+                               F517332A03F1B65901120114,
+                               F517334203F1B65901120114,
+                               F517334303F1B65901120114,
+                               F517334403F1B65901120114,
+                               F517337603F1B65901120114,
+                               F517337703F1B65A01120114,
+                               F517339D03F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = gssapi;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351B03F1B65A01120114 = {
+               F517332803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kdc_rep_dc.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351C03F1B65A01120114 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       path = kfree.c;
+               F517332A03F1B65901120114 = {
+                       children = (
+                               F517332D03F1B65901120114,
+                               F517332E03F1B65901120114,
+                               F517332F03F1B65901120114,
+                               F517333003F1B65901120114,
+                               F517333103F1B65901120114,
+                               F517333203F1B65901120114,
+                               F517333303F1B65901120114,
+                               F517333403F1B65901120114,
+                               F517333503F1B65901120114,
+                               F517333603F1B65901120114,
+                               F517333703F1B65901120114,
+                               F517333803F1B65901120114,
+                               F517333903F1B65901120114,
+                               F517333A03F1B65901120114,
+                               F517333B03F1B65901120114,
+                               F517333C03F1B65901120114,
+                               F517333D03F1B65901120114,
+                               F517333E03F1B65901120114,
+                               F517333F03F1B65901120114,
+                               F517334003F1B65901120114,
+                               F517334103F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = generic;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351D03F1B65A01120114 = {
+               F517332D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351E03F1B65A01120114 = {
+               F517332E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_cred.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = disp_com_err_status.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517351F03F1B65A01120114 = {
+               F517332F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_error.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = disp_major_status.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352003F1B65A01120114 = {
+               F517333003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_priv.c;
+                       lastKnownFileType = text;
+                       path = gssapi.hin;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352103F1B65A01120114 = {
+               F517333103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_rep.c;
+                       lastKnownFileType = text;
+                       path = gssapi_err_generic.et;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352203F1B65A01120114 = {
+               F517333203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_req.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gssapi_generic.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352303F1B65A01120114 = {
+               F517333303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_req_ext.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = gssapi_generic.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352403F1B65A01120114 = {
+               F517333403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_safe.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = gssapiP_generic.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352503F1B65A01120114 = {
+               F517333503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = parse.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352603F1B65A01120114 = {
+               F517333603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = pr_to_salt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = oid_ops.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352703F1B65A01120114 = {
+               F517333703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = preauth.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rel_buffer.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352803F1B65A01120114 = {
+               F517333803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = preauth2.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rel_oid_set.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352903F1B65A01120114 = {
+               F517333903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = princ_comp.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_buffer.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352A03F1B65A01120114 = {
+               F517333A03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_cred.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_canonhost.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352B03F1B65A01120114 = {
+               F517333B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_error.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_localhost.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352C03F1B65A01120114 = {
+               F517333C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_priv.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_oid.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352D03F1B65A01120114 = {
+               F517333D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_rep.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_ordering.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352E03F1B65A01120114 = {
+               F517333E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_req.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_set.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517352F03F1B65A01120114 = {
+               F517333F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_req_dec.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_token.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353003F1B65A01120114 = {
+               F517334003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rd_safe.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_validate.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353103F1B65A01120114 = {
+               F517334103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = recvauth.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = utl_nohash_validate.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353203F1B65A01120114 = {
+               F517334203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = send_tgs.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gss_libinit.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353303F1B65A01120114 = {
+               F517334303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = sendauth.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = gss_libinit.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353403F1B65A01120114 = {
+               F517334403F1B65901120114 = {
+                       children = (
+                               F517334703F1B65901120114,
+                               F517334803F1B65901120114,
+                               F517334903F1B65901120114,
+                               F517334A03F1B65901120114,
+                               F517334B03F1B65901120114,
+                               F517334C03F1B65901120114,
+                               F517334D03F1B65901120114,
+                               F517334E03F1B65901120114,
+                               F517334F03F1B65901120114,
+                               F517335003F1B65901120114,
+                               F517335103F1B65901120114,
+                               F517335203F1B65901120114,
+                               F517335303F1B65901120114,
+                               F517335403F1B65901120114,
+                               F517335503F1B65901120114,
+                               F517335603F1B65901120114,
+                               F517335703F1B65901120114,
+                               F517335803F1B65901120114,
+                               F517335903F1B65901120114,
+                               F517335A03F1B65901120114,
+                               F517335B03F1B65901120114,
+                               F517335C03F1B65901120114,
+                               F517335D03F1B65901120114,
+                               F517335E03F1B65901120114,
+                               F517335F03F1B65901120114,
+                               F517336003F1B65901120114,
+                               F517336103F1B65901120114,
+                               F517336203F1B65901120114,
+                               A125397605CF124D003BD89B,
+                               F517336303F1B65901120114,
+                               F517336403F1B65901120114,
+                               F517336503F1B65901120114,
+                               F517336603F1B65901120114,
+                               F517336703F1B65901120114,
+                               F517336803F1B65901120114,
+                               F517336903F1B65901120114,
+                               F517336A03F1B65901120114,
+                               F517336B03F1B65901120114,
+                               F517336C03F1B65901120114,
+                               F517336D03F1B65901120114,
+                               F517336E03F1B65901120114,
+                               F517336F03F1B65901120114,
+                               F517337003F1B65901120114,
+                               F517337103F1B65901120114,
+                               F517337203F1B65901120114,
+                               F517337303F1B65901120114,
+                               F517337403F1B65901120114,
+                               F517337503F1B65901120114,
+                       );
+                       isa = PBXGroup;
+                       path = krb5;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517334703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_actx.c;
+                       lastKnownFileType = text;
+                       path = 3des.txt;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353503F1B65A01120114 = {
+               F517334803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_adata.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = accept_sec_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353603F1B65A01120114 = {
+               F517334903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_addr.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = acquire_cred.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353703F1B65A01120114 = {
+               F517334A03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_auth.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = add_cred.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353803F1B65A01120114 = {
+               F517334B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_cksum.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = canon_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353903F1B65A01120114 = {
+               F517334C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_ctx.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353A03F1B65A01120114 = {
+               F517334D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_eblk.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = compare_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353B03F1B65A01120114 = {
+               F517334E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_key.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = context_time.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353C03F1B65A01120114 = {
+               F517334F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_princ.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = copy_ccache.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353D03F1B65A01120114 = {
+               F517335003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = serialize.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = delete_sec_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353E03F1B65A01120114 = {
+               F517335103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = set_realm.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = disp_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517353F03F1B65A01120114 = {
+               F517335203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = srv_rcache.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = disp_status.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354003F1B65A01120114 = {
+               F517335303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = str_conv.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = duplicate_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354103F1B65A01120114 = {
+               F517335403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = strftime.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = export_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354203F1B65A01120114 = {
+               F517335503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = strptime.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = export_sec_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354303F1B65A01120114 = {
+               F517335603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_deltat.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = get_tkt_flags.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354403F1B65A01120114 = {
+               F517335703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_expand.c;
+                       lastKnownFileType = text;
+                       path = gssapi_err_krb5.et;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354503F1B65A01120114 = {
+               F517335803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_kerb.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gssapi_krb5.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354603F1B65A01120114 = {
+               F517335903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_krb5.conf;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = gssapi_krb5.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354703F1B65A01120114 = {
+               F517335A03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_ref_kerb.out;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = gssapiP_krb5.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354803F1B65A01120114 = {
+               F517335B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_ser.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = import_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354903F1B65A01120114 = {
+               F517335C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_walk_rtree.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = import_sec_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354A03F1B65A01120114 = {
+               F517335D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = tgtname.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = indicate_mechs.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354B03F1B65A01120114 = {
+               F517335E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "transit-tests";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = init_sec_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354C03F1B65A01120114 = {
+               F517335F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = unparse.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = inq_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354D03F1B65A01120114 = {
+               F517336003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = valid_times.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = inq_cred.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354E03F1B65A01120114 = {
+               F517336103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = vfy_increds.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = inq_names.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517354F03F1B65A01120114 = {
+               F517336203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = vic_opt.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = k5seal.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355003F1B65A01120114 = {
+               F517336303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = walk_rtree.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = k5unseal.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355103F1B65A01120114 = {
+               F517336403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "x-deltat.y";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = krb5_gss_glue.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355203F1B65A01120114 = {
+               F517336503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb5_libinit.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355303F1B65A01120114 = {
+               F517336603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb5_libinit.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = process_context_token.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355403F1B65A01120114 = {
+               F517336703F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rel_cred.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355503F1B65A01120114 = {
-                       children = (
-                               F517355803F1B65A01120114,
-                               F517355903F1B65A01120114,
-                               F517355A03F1B65A01120114,
-                               F517355B03F1B65A01120114,
-                               F517355C03F1B65A01120114,
-                               F517355D03F1B65A01120114,
-                               F517355E03F1B65A01120114,
-                               F517355F03F1B65A01120114,
-                               F517356003F1B65A01120114,
-                               F517356103F1B65A01120114,
-                               F517356203F1B65A01120114,
-                               F517356303F1B65A01120114,
-                               F517356403F1B65A01120114,
-                               F517356503F1B65A01120114,
-                               F517356603F1B65A01120114,
-                               F517356703F1B65A01120114,
-                               F517356803F1B65A01120114,
-                               F517356903F1B65A01120114,
-                               F517356A03F1B65A01120114,
-                               F517356B03F1B65A01120114,
-                               F517356C03F1B65A01120114,
-                               F517356D03F1B65A01120114,
-                               F517356E03F1B65A01120114,
-                               F517356F03F1B65A01120114,
-                               F517357003F1B65A01120114,
-                               F517357103F1B65A01120114,
-                               F517357203F1B65A01120114,
-                               F517357303F1B65A01120114,
-                               F517357403F1B65A01120114,
-                               F517357503F1B65A01120114,
-                               F517357603F1B65A01120114,
-                               F517357703F1B65A01120114,
-                               F517357803F1B65A01120114,
-                               F517357903F1B65A01120114,
-                               F517357A03F1B65A01120114,
-                               F517357B03F1B65A01120114,
-                               F517357C03F1B65A01120114,
-                               F517357D03F1B65A01120114,
-                               F517357E03F1B65A01120114,
-                               F517357F03F1B65A01120114,
-                               F517358003F1B65A01120114,
-                               F517358103F1B65A01120114,
-                               F517358203F1B65A01120114,
-                               F517358303F1B65A01120114,
-                               F517358403F1B65A01120114,
-                               F517358503F1B65A01120114,
-                               F517358603F1B65A01120114,
-                               F517358703F1B65A01120114,
-                               F517358803F1B65A01120114,
-                               F517358903F1B65A01120114,
-                               F517358A03F1B65A01120114,
-                       );
-                       isa = PBXGroup;
-                       path = os;
-                       refType = 4;
-               };
-               F517355803F1B65A01120114 = {
+               F517336803F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = accessor.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rel_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355903F1B65A01120114 = {
+               F517336903F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = an_to_ln.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rel_oid.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355A03F1B65A01120114 = {
+               F517336A03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = c_ustime.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = seal.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355B03F1B65A01120114 = {
+               F517336B03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ccdefname.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_sctx.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355C03F1B65A01120114 = {
+               F517336C03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = set_ccache.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355D03F1B65A01120114 = {
+               F517336D03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = changepw.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = sign.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355E03F1B65A01120114 = {
+               F517336E03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = def_realm.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = unseal.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517355F03F1B65A01120114 = {
+               F517336F03F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = free_hstrl.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_cksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356003F1B65A01120114 = {
+               F517337003F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = free_krbhs.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_crypt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356103F1B65A01120114 = {
+               F517337103F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = full_ipadr.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_seed.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356203F1B65A01120114 = {
+               F517337203F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gen_port.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = util_seqnum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356303F1B65A01120114 = {
+               F517337303F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gen_rname.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = val_cred.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356403F1B65A01120114 = {
+               F517337403F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = genaddrs.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = verify.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356503F1B65A01120114 = {
+               F517337503F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = get_krbhst.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = wrap_size_limit.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356603F1B65A01120114 = {
+               F517337603F1B65901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gmt_mktime.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356703F1B65A01120114 = {
+               F517337703F1B65A01120114 = {
+                       children = (
+                               F517337803F1B65A01120114,
+                               F517337903F1B65A01120114,
+                               F517337A03F1B65A01120114,
+                               F517337B03F1B65A01120114,
+                               F517337C03F1B65A01120114,
+                               F517337D03F1B65A01120114,
+                               F517337E03F1B65A01120114,
+                               F517337F03F1B65A01120114,
+                               F517338003F1B65A01120114,
+                               F517338103F1B65A01120114,
+                               F517338203F1B65A01120114,
+                               F517338303F1B65A01120114,
+                               F517338403F1B65A01120114,
+                               F517338503F1B65A01120114,
+                               F517338603F1B65A01120114,
+                               F517338703F1B65A01120114,
+                               F517338803F1B65A01120114,
+                               F517338903F1B65A01120114,
+                               F517338A03F1B65A01120114,
+                               F517338B03F1B65A01120114,
+                               F517338C03F1B65A01120114,
+                               F517338D03F1B65A01120114,
+                               F517338E03F1B65A01120114,
+                               F517338F03F1B65A01120114,
+                               F517339003F1B65A01120114,
+                               F517339103F1B65A01120114,
+                               F517339203F1B65A01120114,
+                               F517339303F1B65A01120114,
+                               F517339403F1B65A01120114,
+                               F517339503F1B65A01120114,
+                               F517339603F1B65A01120114,
+                               F517339703F1B65A01120114,
+                               F517339803F1B65A01120114,
+                               F517339903F1B65A01120114,
+                               F517339A03F1B65A01120114,
+                               F517339B03F1B65A01120114,
+                               F517339C03F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = mechglue;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517337803F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = hostaddr.c;
+                       lastKnownFileType = text;
+                       path = .Sanitize;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356803F1B65A01120114 = {
+               F517337903F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = hst_realm.c;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356903F1B65A01120114 = {
+               F517337A03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = init_os_ctx.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_accept_sec_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356A03F1B65A01120114 = {
+               F517337B03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krbfileio.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_acquire_cred.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356B03F1B65A01120114 = {
+               F517337C03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ktdefname.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_compare_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356C03F1B65A01120114 = {
+               F517337D03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kuserok.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_context_time.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356D03F1B65A01120114 = {
+               F517337E03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = localaddr.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_delete_sec_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356E03F1B65A01120114 = {
+               F517337F03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = locate_kdc.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_dsp_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517356F03F1B65A01120114 = {
+               F517338003F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = lock_file.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_dsp_status.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357003F1B65A01120114 = {
+               F517338103F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_exp_sec_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357103F1B65A01120114 = {
+               F517338203F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = mk_faddr.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_glue.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357203F1B65A01120114 = {
+               F517338303F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = net_read.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_imp_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357303F1B65A01120114 = {
+               F517338403F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = net_write.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_imp_sec_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357403F1B65A01120114 = {
+               F517338503F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "os-proto.h";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_indicate_mechs.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357503F1B65A01120114 = {
+               F517338603F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = osconfig.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_init_sec_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357603F1B65A01120114 = {
+               F517338703F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = port2ip.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_initialize.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357703F1B65A01120114 = {
+               F517338803F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prompter.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_inq_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357803F1B65A01120114 = {
+               F517338903F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = promptusr.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_inq_cred.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357903F1B65A01120114 = {
+               F517338A03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = read_msg.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_inq_names.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357A03F1B65A01120114 = {
+               F517338B03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = read_pwd.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_mechname.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357B03F1B65A01120114 = {
+               F517338C03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = realm_dom.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_oid_ops.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357C03F1B65A01120114 = {
+               F517338D03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = realm_iter.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_process_context.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357D03F1B65A01120114 = {
+               F517338E03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ref_std_conf.out;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_rel_buffer.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357E03F1B65A01120114 = {
+               F517338F03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = sendto_kdc.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_rel_cred.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517357F03F1B65A01120114 = {
+               F517339003F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = sn2princ.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_rel_name.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358003F1B65A01120114 = {
+               F517339103F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_an_to_ln.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_rel_oid_set.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358103F1B65A01120114 = {
+               F517339203F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_gifconf.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_seal.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358203F1B65A01120114 = {
+               F517339303F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_locate_kdc.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_sign.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358303F1B65A01120114 = {
+               F517339403F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_realm_iter.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_unseal.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358403F1B65A01120114 = {
+               F517339503F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_std_conf.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_verify.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358503F1B65A01120114 = {
+               F517339603F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = td_krb5.conf;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gen_oids.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358603F1B65A01120114 = {
+               F517339703F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = timeofday.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gssd_pname_to_uid.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358703F1B65A01120114 = {
+               F517339803F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = toffset.c;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358803F1B65A01120114 = {
+               F517339903F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = unlck_file.c;
+                       lastKnownFileType = text;
+                       path = mech.conf;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358903F1B65A01120114 = {
+               F517339A03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ustime.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = mechglue.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358A03F1B65A01120114 = {
+               F517339B03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = write_msg.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = mglueP.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358B03F1B65A01120114 = {
+               F517339C03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = oid_ops.c;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517339D03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = README_SAMPLE_APP;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517342003F1B65A01120114 = {
                        children = (
-                               F517358D03F1B65A01120114,
-                               F517358E03F1B65A01120114,
-                               F517358F03F1B65A01120114,
-                               F517359003F1B65A01120114,
-                               F517359103F1B65A01120114,
-                               F517359203F1B65A01120114,
-                               F517359303F1B65A01120114,
-                               F517359403F1B65A01120114,
-                               F517359503F1B65A01120114,
-                               F517359603F1B65A01120114,
-                               F517359703F1B65A01120114,
-                               F517359803F1B65A01120114,
-                               F517359903F1B65A01120114,
-                               F517359A03F1B65A01120114,
+                               F517342303F1B65A01120114,
+                               F517342403F1B65A01120114,
+                               F517342503F1B65A01120114,
+                               F517342603F1B65A01120114,
+                               F517342703F1B65A01120114,
+                               F517342803F1B65A01120114,
+                               F517342903F1B65A01120114,
+                               F517342A03F1B65A01120114,
+                               F517342B03F1B65A01120114,
+                               F517342C03F1B65A01120114,
+                               F517342D03F1B65A01120114,
+                               F517342E03F1B65A01120114,
+                               F517342F03F1B65A01120114,
+                               F517343003F1B65A01120114,
+                               F517343103F1B65A01120114,
+                               F517343203F1B65A01120114,
+                               F517343303F1B65A01120114,
+                               F517343403F1B65A01120114,
+                               F517343503F1B65A01120114,
+                               F517343603F1B65A01120114,
+                               F517343703F1B65A01120114,
+                               F517343803F1B65A01120114,
+                               F517343903F1B65A01120114,
+                               F517343A03F1B65A01120114,
+                               F517343B03F1B65A01120114,
+                               F517343C03F1B65A01120114,
+                               F517343D03F1B65A01120114,
+                               F517343E03F1B65A01120114,
+                               F517343F03F1B65A01120114,
+                               F517344003F1B65A01120114,
+                               F517344103F1B65A01120114,
+                               F517344203F1B65A01120114,
+                               F517344303F1B65A01120114,
+                               F517344403F1B65A01120114,
+                               F517344503F1B65A01120114,
+                               F517344603F1B65A01120114,
+                               F517344703F1B65A01120114,
+                               F517344803F1B65A01120114,
+                               F517344903F1B65A01120114,
+                               F517344A03F1B65A01120114,
+                               F517344B03F1B65A01120114,
+                               F517344C03F1B65A01120114,
+                               F517344D03F1B65A01120114,
+                               F517344E03F1B65A01120114,
+                               F517344F03F1B65A01120114,
+                               F517345003F1B65A01120114,
+                               F517345103F1B65A01120114,
+                               F517345203F1B65A01120114,
+                               F517345303F1B65A01120114,
+                               F517345403F1B65A01120114,
+                               F517345503F1B65A01120114,
+                               F517345603F1B65A01120114,
+                               F517345703F1B65A01120114,
+                               F517345803F1B65A01120114,
+                               F517345903F1B65A01120114,
+                               F517345A03F1B65A01120114,
+                               F517345B03F1B65A01120114,
+                               F517345C03F1B65A01120114,
+                               F517345D03F1B65A01120114,
+                               F517345E03F1B65A01120114,
+                               F517345F03F1B65A01120114,
+                               F517346003F1B65A01120114,
+                               F517346103F1B65A01120114,
+                               F517346203F1B65A01120114,
+                               F517346303F1B65A01120114,
+                               F517346403F1B65A01120114,
+                               F517346503F1B65A01120114,
+                               F517346603F1B65A01120114,
+                               F517346703F1B65A01120114,
+                               F517346803F1B65A01120114,
+                               F517346903F1B65A01120114,
+                               F517346A03F1B65A01120114,
+                               F517346B03F1B65A01120114,
+                               F517346C03F1B65A01120114,
+                               F517346D03F1B65A01120114,
+                               F517346E03F1B65A01120114,
+                               F517346F03F1B65A01120114,
+                               F517347003F1B65A01120114,
+                               F517347103F1B65A01120114,
+                               F517347203F1B65A01120114,
+                               F517347303F1B65A01120114,
+                               F517347403F1B65A01120114,
+                               F517347503F1B65A01120114,
+                               F517347603F1B65A01120114,
+                               F517347703F1B65A01120114,
+                               F517347803F1B65A01120114,
+                               F517347903F1B65A01120114,
+                               F517347A03F1B65A01120114,
+                               F517347B03F1B65A01120114,
+                               F517347C03F1B65A01120114,
+                               F517347D03F1B65A01120114,
+                               F517347E03F1B65A01120114,
+                               F517347F03F1B65A01120114,
+                               F517348003F1B65A01120114,
+                               F517348103F1B65A01120114,
+                               F517348203F1B65A01120114,
+                               F517348303F1B65A01120114,
+                               F517348403F1B65A01120114,
+                               F517348503F1B65A01120114,
+                               F517348603F1B65A01120114,
+                               F517348703F1B65A01120114,
+                               F517348803F1B65A01120114,
+                               F517348903F1B65A01120114,
+                               F517348A03F1B65A01120114,
+                               F517348B03F1B65A01120114,
                        );
                        isa = PBXGroup;
-                       path = posix;
+                       path = krb4;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358D03F1B65A01120114 = {
+               F517342303F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ad_print.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358E03F1B65A01120114 = {
+               F517342403F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = daemon.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = "CCache-glue.c";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517358F03F1B65A01120114 = {
+               F517342503F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = getuid.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = change_password.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359003F1B65A01120114 = {
+               F517342603F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359103F1B65A01120114 = {
+               F517342703F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = memmove.c;
+                       lastKnownFileType = text;
+                       path = configure.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359203F1B65A01120114 = {
+               F517342803F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "pos-obsolete.h";
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cr_auth_repl.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359303F1B65A01120114 = {
+               F517342903F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = setenv.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cr_ciph.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359403F1B65A01120114 = {
+               F517342A03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = sscanf.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cr_death_pkt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359503F1B65A01120114 = {
+               F517342B03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = strcasecmp.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cr_err_repl.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359603F1B65A01120114 = {
+               F517342C03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = strdup.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cr_tkt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359703F1B65A01120114 = {
+               F517342D03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = strerror.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = debug.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359803F1B65A01120114 = {
+               F517342E03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = syslog.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = decomp_tkt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359903F1B65A01120114 = {
+               F517342F03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = vfprintf.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = dest_tkt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359A03F1B65A01120114 = {
+               F517343003F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = vsprintf.c;
-                       refType = 4;
-               };
-               F517359B03F1B65A01120114 = {
-                       children = (
-                               F517359E03F1B65A01120114,
-                               F517359F03F1B65A01120114,
-                               F51735A003F1B65A01120114,
-                               F51735A103F1B65A01120114,
-                               F51735A203F1B65A01120114,
-                               F51735A303F1B65A01120114,
-                               F51735A403F1B65A01120114,
-                               F51735A503F1B65A01120114,
-                               F51735A603F1B65A01120114,
-                               F51735A703F1B65A01120114,
-                               F51735A803F1B65A01120114,
-                               F51735A903F1B65A01120114,
-                               F51735AA03F1B65A01120114,
-                               F51735AB03F1B65A01120114,
-                       );
-                       isa = PBXGroup;
-                       path = rcache;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = err_txt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359E03F1B65A01120114 = {
+               F517343103F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = fakeenv.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517359F03F1B65A01120114 = {
+               F517343203F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = fgetst.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735A003F1B65A01120114 = {
+               F517343303F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rc_base.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = "FSp-glue.c";
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735A103F1B65A01120114 = {
+               F517343403F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rc_base.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_ad_tkt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735A203F1B65A01120114 = {
+               F517343503F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rc_conv.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_cnffile.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735A303F1B65A01120114 = {
+               F517343603F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rc_dfl.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_cred.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735A403F1B65A01120114 = {
+               F517343703F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rc_dfl.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_in_tkt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735A503F1B65A01120114 = {
+               F517343803F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rc_io.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_phost.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735A603F1B65A01120114 = {
+               F517343903F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rc_io.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_pw_in_tkt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735A703F1B65A01120114 = {
+               F517343A03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rcdef.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_pw_tkt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735A803F1B65A01120114 = {
+               F517343B03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = rcfns.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_svc_in_tkt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735A903F1B65A01120114 = {
+               F517343C03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = README;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_tf_fname.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735AA03F1B65A01120114 = {
+               F517343D03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = RELEASE;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_tf_realm.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735AB03F1B65A01120114 = {
+               F517343E03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ser_rc.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = g_tkt_svc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51735B103F1B65A01120114 = {
+               F517343F03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gethostname.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517360C03F1B65B01120114 = {
+               F517344003F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = win_glue.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = getst.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51736C803F1B65B01120114 = {
-                       children = (
-                               F51736DD03F1B65B01120114,
-                               F51737AF03F1B65B01120114,
-                               F5E59BD603FD832C01120114,
-                       );
-                       isa = PBXGroup;
-                       path = util;
+               F517344103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = in_tkt.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51736DD03F1B65B01120114 = {
+               F517344203F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = text;
+                       path = kadm_err.et;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737AF03F1B65B01120114 = {
-                       children = (
-                               F51737B203F1B65B01120114,
-                               F51737B303F1B65B01120114,
-                               F51737B403F1B65B01120114,
-                               F51737B603F1B65B01120114,
-                               F51737B703F1B65B01120114,
-                               F51737B803F1B65B01120114,
-                               F51737B903F1B65B01120114,
-                               F51737BA03F1B65B01120114,
-                               F51737BB03F1B65B01120114,
-                               F51737BC03F1B65B01120114,
-                               F51737BD03F1B65B01120114,
-                               A198BC2A0406DA8F00120114,
-                               F51737BE03F1B65B01120114,
-                               F51737BF03F1B65B01120114,
-                               F51737C003F1B65B01120114,
-                               F51737C103F1B65B01120114,
-                               F51737C203F1B65B01120114,
-                               F51737C303F1B65B01120114,
-                               F51737C403F1B65B01120114,
-                               F51737C503F1B65B01120114,
-                               F51737C603F1B65B01120114,
-                               F51737C703F1B65B01120114,
-                               F51737C803F1B65B01120114,
-                               F51737C903F1B65B01120114,
-                       );
-                       isa = PBXGroup;
-                       path = profile;
+               F517344303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kadm_net.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737B203F1B65B01120114 = {
+               F517344403F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = argv_parse.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kadm_stream.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737B303F1B65B01120114 = {
+               F517344503F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = argv_parse.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = klog.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737B403F1B65B01120114 = {
+               F517344603F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kname_parse.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737B603F1B65B01120114 = {
+               F517344703F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = dosshell.ini;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kntoln.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737B703F1B65B01120114 = {
+               F517344803F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb5.conf;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kparse.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737B803F1B65B01120114 = {
+               F517344903F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = krb4int.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737B903F1B65B01120114 = {
+               F517344A03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_err.et;
+                       lastKnownFileType = text;
+                       path = krb_err.et;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737BA03F1B65B01120114 = {
+               F517344B03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_file.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kuserok.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737BB03F1B65B01120114 = {
+               F517344C03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_get.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = lifetime.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737BC03F1B65B01120114 = {
+               F517344D03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_init.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = log.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737BD03F1B65B01120114 = {
+               F517344E03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_int.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mac_glue.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737BE03F1B65B01120114 = {
+               F517344F03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_parse.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mac_store.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737BF03F1B65B01120114 = {
+               F517345003F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_set.c;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = mac_store.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737C003F1B65B01120114 = {
+               F517345103F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_tree.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mac_stubs.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737C103F1B65B01120114 = {
+               F517345203F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = profile.5;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mac_time.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737C203F1B65B01120114 = {
+               F517345303F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = profile.exp;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = macsock.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737C303F1B65B01120114 = {
+               F517345403F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = profile.hin;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737C403F1B65B01120114 = {
+               F517345503F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = profile.pbexp;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = memcache.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737C503F1B65B01120114 = {
+               F517345603F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prtest.in;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = memcache.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737C603F1B65B01120114 = {
+               F517345703F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prtest.script;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_auth.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737C703F1B65B01120114 = {
+               F517345803F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = test.ini;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_err.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737C803F1B65B01120114 = {
+               F517345903F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = test_parse.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_preauth.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F51737C903F1B65B01120114 = {
+               F517345A03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = test_profile.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_priv.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F517388E03F1B8BD01120114 = {
-                       fileRef = F517355203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517388F03F1B8BE01120114 = {
-                       fileRef = F517355303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517345B03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_req.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389003F1B90D01120114 = {
-                       fileRef = F517355803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517345C03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_safe.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389103F1B90E01120114 = {
-                       fileRef = F517355903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517345D03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = month_sname.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389203F1B90E01120114 = {
-                       fileRef = F517355A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517345E03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = netread.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389303F1B90E01120114 = {
-                       fileRef = F517355B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517345F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = netwrite.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389403F1B91001120114 = {
-                       fileRef = F517355D03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = Password.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389503F1B91001120114 = {
-                       fileRef = F517355E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = password_to_key.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389603F1B91101120114 = {
-                       fileRef = F517355F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = pkt_cipher.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389703F1B91101120114 = {
-                       fileRef = F517356003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = pkt_clen.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389803F1B91201120114 = {
-                       fileRef = F517356103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prot_client.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389903F1B91201120114 = {
-                       fileRef = F517356203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517389A03F1B91201120114 = {
-                       fileRef = F517356303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prot_common.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389B03F1B91301120114 = {
-                       fileRef = F517356403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prot_kdc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389C03F1B91401120114 = {
-                       fileRef = F517356503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = put_svc_key.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389D03F1B91401120114 = {
-                       fileRef = F517356603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_err.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389E03F1B91501120114 = {
-                       fileRef = F517356703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_preauth.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517389F03F1B91501120114 = {
-                       fileRef = F517356803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_priv.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738A003F1B91601120114 = {
-                       fileRef = F517356A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346B03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_req.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738A103F1B91601120114 = {
-                       fileRef = F517356903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346C03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_safe.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738A203F1B91701120114 = {
-                       fileRef = F517356B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346D03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_svc_key.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738A303F1B94D01120114 = {
-                       fileRef = F517356C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346E03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = "RealmsConfig-glue.c";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738A403F1B95101120114 = {
-                       fileRef = F517356D03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517346F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = recvauth.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738A503F1B95A01120114 = {
-                       fileRef = F517356E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
+                       path = "ren-cyg.sh";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738A603F1B95B01120114 = {
-                       fileRef = F517356F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = "ren-pc.bat";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738A703F1B95E01120114 = {
-                       fileRef = F517357103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
+                       path = "ren-pc.sh";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738A803F1B96101120114 = {
-                       fileRef = F517357203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
+                       path = "ren-pl10.sh";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738A903F1B96101120114 = {
-                       fileRef = F517357303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ren.msg;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738AA03F1B96401120114 = {
-                       fileRef = F517357403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
+                       path = ren2dos.sh;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738AB03F1B96501120114 = {
-                       fileRef = F517357503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
+                       path = ren2long.sh;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738AC03F1B96801120114 = {
-                       fileRef = F517357603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = save_creds.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738AD03F1B96901120114 = {
-                       fileRef = F517357703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
+                       path = "sed-cyg.sh";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738AE03F1B96A01120114 = {
-                       fileRef = F517357803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
+                       path = "sed-pc.sh";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738AF03F1B96C01120114 = {
-                       fileRef = F517357903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
+                       path = "sed-pl10.sh";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738B003F1B96D01120114 = {
-                       fileRef = F517357A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347B03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = send_to_kdc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738B103F1B96F01120114 = {
-                       fileRef = F517357B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347C03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = sendauth.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738B203F1B97001120114 = {
-                       fileRef = F517357C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347D03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = setenv.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738B303F1B97301120114 = {
-                       fileRef = F517357E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347E03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = stime.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738B403F1B97501120114 = {
-                       fileRef = F517357F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517347F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = strcasecmp.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738B803F1B99A01120114 = {
-                       fileRef = F517358603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = strnlen.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738B903F1B99B01120114 = {
-                       fileRef = F517358703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = swab.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738BA03F1B99D01120114 = {
-                       fileRef = F517358803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = tf_shm.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738BB03F1B99E01120114 = {
-                       fileRef = F517358903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = tf_util.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738BC03F1B99E01120114 = {
-                       fileRef = F517358A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = tkt_string.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738BD03F1B9AF01120114 = {
-                       fileRef = F517349403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = unix_glue.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738BE03F1B9B001120114 = {
-                       fileRef = F517349503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = unix_time.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738BF03F1B9B001120114 = {
-                       fileRef = F517349603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348703F1B65A01120114 = {
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = vmslink.com;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738C003F1B9B301120114 = {
-                       fileRef = F517349703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = vmsswab.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738C103F1B9B501120114 = {
-                       fileRef = F517349803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = win_glue.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738C203F1B9B501120114 = {
-                       fileRef = F517349903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = win_store.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738C303F1B9B901120114 = {
-                       fileRef = F517349E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348B03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = win_time.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738C403F1B9B901120114 = {
-                       fileRef = F517349F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517348E03F1B65A01120114 = {
+                       children = (
+                               F517349003F1B65A01120114,
+                               F51734AB03F1B65A01120114,
+                               F51734CB03F1B65A01120114,
+                               F51734CC03F1B65A01120114,
+                               F51734CD03F1B65A01120114,
+                               F51734D903F1B65A01120114,
+                               F51734E903F1B65A01120114,
+                               F517355203F1B65A01120114,
+                               F517355303F1B65A01120114,
+                               F517355403F1B65A01120114,
+                               F517355503F1B65A01120114,
+                               F517358B03F1B65A01120114,
+                               F517359B03F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = krb5;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738C503F1B9BF01120114 = {
-                       fileRef = F51734A203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349003F1B65A01120114 = {
+                       children = (
+                               F517349403F1B65A01120114,
+                               F517349503F1B65A01120114,
+                               F517349603F1B65A01120114,
+                               F517349703F1B65A01120114,
+                               F517349803F1B65A01120114,
+                               F517349903F1B65A01120114,
+                               F517349A03F1B65A01120114,
+                               F517349B03F1B65A01120114,
+                               F517349C03F1B65A01120114,
+                               F517349D03F1B65A01120114,
+                               F517349E03F1B65A01120114,
+                               F517349F03F1B65A01120114,
+                               F51734A003F1B65A01120114,
+                               F51734A103F1B65A01120114,
+                               F51734A203F1B65A01120114,
+                               F51734A303F1B65A01120114,
+                               F51734A403F1B65A01120114,
+                               F51734A503F1B65A01120114,
+                               F51734A603F1B65A01120114,
+                               F51734A703F1B65A01120114,
+                               F51734A803F1B65A01120114,
+                               F51734A903F1B65A01120114,
+                               F51734AA03F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = asn.1;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738C603F1B9BF01120114 = {
-                       fileRef = F51734A303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = asn1_decode.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738C703F1B9CA01120114 = {
-                       fileRef = F51734A703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = asn1_decode.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738C803F1B9CA01120114 = {
-                       fileRef = F51734A803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = asn1_encode.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738C903F1B9CE01120114 = {
-                       fileRef = F51734A903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = asn1_encode.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738CA03F1B9D001120114 = {
-                       fileRef = F51734A003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = asn1_get.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738CB03F1B9D001120114 = {
-                       fileRef = F51734A103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = asn1_get.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738CC03F1B9DA01120114 = {
-                       fileRef = F517349A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = asn1_k_decode.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738CD03F1B9DB01120114 = {
-                       fileRef = F517349B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349B03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = asn1_k_decode.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738CE03F1B9DB01120114 = {
-                       fileRef = F517349C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349C03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = asn1_k_encode.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738CF03F1B9DC01120114 = {
-                       fileRef = F517349D03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349D03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = asn1_k_encode.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738D003F1B9F101120114 = {
-                       fileRef = F51734A403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349E03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = asn1_make.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738D103F1BA0701120114 = {
-                       fileRef = F51734AE03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517349F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = asn1_make.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738D203F1BA0901120114 = {
-                       fileRef = F51734AF03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734A003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = asn1_misc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738D303F1BA0A01120114 = {
-                       fileRef = F51734B003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734A103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = asn1_misc.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738D403F1BA0F01120114 = {
-                       fileRef = F51734BA03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734A203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = asn1buf.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738D503F1BA0F01120114 = {
-                       fileRef = F51734BB03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734A303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = asn1buf.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738D603F1BA1001120114 = {
-                       fileRef = F51734BC03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734A403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = asn1glue.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738D703F1BA1001120114 = {
-                       fileRef = F51734BD03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734A503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738D803F1BA1101120114 = {
-                       fileRef = F51734BE03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734A603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.python;
+                       path = "KRB5-asn.py";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738D903F1BA1201120114 = {
-                       fileRef = F51734C003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734A703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = krb5_decode.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738DA03F1BA1701120114 = {
-                       fileRef = F51734C503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734A803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = krb5_encode.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738DB03F1BA1801120114 = {
-                       fileRef = F51734C403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734A903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = krbasn1.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738DC03F1BA2601120114 = {
-                       fileRef = F51734B403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734AA03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738DD03F1BA2601120114 = {
-                       fileRef = F51734B603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734AB03F1B65A01120114 = {
+                       children = (
+                               F51734AE03F1B65A01120114,
+                               F51734AF03F1B65A01120114,
+                               F51734B003F1B65A01120114,
+                               F51734B103F1B65A01120114,
+                               F51734BA03F1B65A01120114,
+                               F51734BB03F1B65A01120114,
+                               F51734BC03F1B65A01120114,
+                               F51734BD03F1B65A01120114,
+                               F51734BE03F1B65A01120114,
+                               F51734BF03F1B65A01120114,
+                               F51734C003F1B65A01120114,
+                               F51734C103F1B65A01120114,
+                               F51734C203F1B65A01120114,
+                               F51734C303F1B65A01120114,
+                               F51734C403F1B65A01120114,
+                               F51734C503F1B65A01120114,
+                               F51734C603F1B65A01120114,
+                               F51734C703F1B65A01120114,
+                               F51734C803F1B65A01120114,
+                               F51734C903F1B65A01120114,
+                               F51734CA03F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = ccache;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738DE03F1BA2701120114 = {
-                       fileRef = F51734B503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734AE03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cc_file.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738DF03F1BA2701120114 = {
-                       fileRef = F51734B703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734AF03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cc_memory.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738E203F1BA6901120114 = {
-                       fileRef = F51734D303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734B003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cc_retr.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738E303F1BA7501120114 = {
-                       fileRef = F51730E703F1B65801120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734B103F1B65A01120114 = {
+                       children = (
+                               F51734B203F1B65A01120114,
+                               F51734B303F1B65A01120114,
+                               F51734B403F1B65A01120114,
+                               F51734B503F1B65A01120114,
+                               F51734B603F1B65A01120114,
+                               F51734B703F1B65A01120114,
+                               F51734B803F1B65A01120114,
+                               F51734B903F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = ccapi;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738E403F1BA7F01120114 = {
-                       fileRef = F517310D03F1B65801120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734B203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738E503F1BAF701120114 = {
-                       fileRef = F51734DE03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734B303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738E603F1BAF801120114 = {
-                       fileRef = F51734DF03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734B403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = stdcc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738E703F1BAF901120114 = {
-                       fileRef = F51734E003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734B503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = stdcc.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738E803F1BAF901120114 = {
-                       fileRef = F51734E103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734B603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = stdcc_util.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738E903F1BAFA01120114 = {
-                       fileRef = F51734E203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734B703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = stdcc_util.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738EA03F1BAFA01120114 = {
-                       fileRef = F51734E303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734B803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = winccld.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738EB03F1BAFB01120114 = {
-                       fileRef = F51734E403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734B903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = winccld.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738EC03F1BAFB01120114 = {
-                       fileRef = F51734E503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F51738ED03F1BAFE01120114 = {
-                       fileRef = F51734E703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734BA03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ccbase.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738EE03F1BB1401120114 = {
-                       fileRef = F51734EC03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734BB03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cccopy.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738EF03F1BB1401120114 = {
-                       fileRef = F51734ED03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734BC03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ccdefault.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738F003F1BB1501120114 = {
-                       fileRef = F51734EE03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734BD03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ccdefops.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738F103F1BB1501120114 = {
-                       fileRef = F51734EF03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734BE03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ccfns.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738F203F1BB1601120114 = {
-                       fileRef = F51734F003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734BF03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738F303F1BB1701120114 = {
-                       fileRef = F51734F103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734C003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = fcc.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738F403F1BB1701120114 = {
-                       fileRef = F51734F203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734C103F1B65A01120114 = {
+                       children = (
+                       );
+                       isa = PBXGroup;
+                       path = file;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738F503F1BB1801120114 = {
-                       fileRef = F51734F303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734C203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738F703F1BB1A01120114 = {
-                       fileRef = F51734F603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734C303F1B65A01120114 = {
+                       children = (
+                       );
+                       isa = PBXGroup;
+                       path = memory;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738F803F1BB1A01120114 = {
-                       fileRef = F51734F703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734C403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = scc.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738F903F1BB1A01120114 = {
-                       fileRef = F51734F803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734C503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_cc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738FA03F1BB1B01120114 = {
-                       fileRef = F51734F903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734C603F1B65A01120114 = {
+                       children = (
+                       );
+                       isa = PBXGroup;
+                       path = stdio;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738FB03F1BB1B01120114 = {
-                       fileRef = F51734FA03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734C703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_cc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738FC03F1BB1C01120114 = {
-                       fileRef = F51734FB03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734C803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_file.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738FD03F1BB1E01120114 = {
-                       fileRef = F51734FC03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734C903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_memory.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738FE03F1BB1E01120114 = {
-                       fileRef = F51734FD03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734CA03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_stdio.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F51738FF03F1BB1F01120114 = {
-                       fileRef = F51734FE03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734CB03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517390003F1BB1F01120114 = {
-                       fileRef = F51734FF03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734CC03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = configure.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517390103F1BB2001120114 = {
-                       fileRef = F517350003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734CD03F1B65A01120114 = {
+                       children = (
+                               F51734D103F1B65A01120114,
+                               F51734D203F1B65A01120114,
+                               F51734D303F1B65A01120114,
+                               F51734D403F1B65A01120114,
+                               A16DA36A0485503F00120112,
+                               F51734D503F1B65A01120114,
+                               F51734D603F1B65A01120114,
+                               F51734D703F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = error_tables;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517390203F1BB2001120114 = {
-                       fileRef = F517350103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734D103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = asn1_err.et;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517390303F1BB2001120114 = {
-                       fileRef = F517350203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734D203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517390403F1BB2101120114 = {
-                       fileRef = F517350303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734D303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = init_ets.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517390503F1BB2101120114 = {
-                       fileRef = F517350403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734D403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = kdb5_err.et;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517390603F1BB2201120114 = {
-                       fileRef = F517350503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734D503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = krb5_err.et;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517390703F1BB2201120114 = {
-                       fileRef = F517350603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734D603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = kv5m_err.et;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517390803F1BB2301120114 = {
-                       fileRef = F517350703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734D703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517390903F1BB2301120114 = {
-                       fileRef = F517350803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517390A03F1BB2401120114 = {
-                       fileRef = F517350903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517390B03F1BB2401120114 = {
-                       fileRef = F517350A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517390C03F1BB2501120114 = {
-                       fileRef = F517350C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517390D03F1BB2501120114 = {
-                       fileRef = F517350B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517390E03F1BB2501120114 = {
-                       fileRef = F517350D03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517390F03F1BB2601120114 = {
-                       fileRef = F517350E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391003F1BB2601120114 = {
-                       fileRef = F517350F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391103F1BB2701120114 = {
-                       fileRef = F517351003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391203F1BB2801120114 = {
-                       fileRef = F517351103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391303F1BB2801120114 = {
-                       fileRef = F517351203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391403F1BB2801120114 = {
-                       fileRef = F517351303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391503F1BB2901120114 = {
-                       fileRef = F517351403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391603F1BB2901120114 = {
-                       fileRef = F517351503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391703F1BB2A01120114 = {
-                       fileRef = F517351603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391803F1BB2B01120114 = {
-                       fileRef = F517351703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391903F1BB2B01120114 = {
-                       fileRef = F517351803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391A03F1BB2C01120114 = {
-                       fileRef = F517351903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391B03F1BB2D01120114 = {
-                       fileRef = F517351A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391C03F1BB2D01120114 = {
-                       fileRef = F517351B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391D03F1BB2D01120114 = {
-                       fileRef = F517351C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391E03F1BB8A01120114 = {
-                       fileRef = F517351E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517391F03F1BB8A01120114 = {
-                       fileRef = F517351F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392003F1BB8A01120114 = {
-                       fileRef = F517352003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392103F1BB8A01120114 = {
-                       fileRef = F517352103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392203F1BB8B01120114 = {
-                       fileRef = F517352203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392303F1BB8C01120114 = {
-                       fileRef = F517352303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392403F1BB8C01120114 = {
-                       fileRef = F517352403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392503F1BB8E01120114 = {
-                       fileRef = F517352503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392603F1BB8F01120114 = {
-                       fileRef = F517352603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392703F1BB9101120114 = {
-                       fileRef = F517352703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392803F1BB9101120114 = {
-                       fileRef = F517352803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392903F1BB9301120114 = {
-                       fileRef = F517352903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392A03F1BB9A01120114 = {
-                       fileRef = F517352A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392B03F1BB9A01120114 = {
-                       fileRef = F517352B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392C03F1BB9B01120114 = {
-                       fileRef = F517352C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392D03F1BB9C01120114 = {
-                       fileRef = F517352D03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392E03F1BB9C01120114 = {
-                       fileRef = F517352E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517392F03F1BB9D01120114 = {
-                       fileRef = F517352F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393003F1BB9E01120114 = {
-                       fileRef = F517353003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393103F1BBA001120114 = {
-                       fileRef = F517353103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393203F1BBA201120114 = {
-                       fileRef = F517353203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393303F1BBA301120114 = {
-                       fileRef = F517353303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393403F1BBA501120114 = {
-                       fileRef = F517353403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393503F1BBA501120114 = {
-                       fileRef = F517353503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393603F1BBA601120114 = {
-                       fileRef = F517353603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393703F1BBA701120114 = {
-                       fileRef = F517353703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393803F1BBA701120114 = {
-                       fileRef = F517353803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393903F1BBA801120114 = {
-                       fileRef = F517353903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393A03F1BBA801120114 = {
-                       fileRef = F517353A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393B03F1BBA901120114 = {
-                       fileRef = F517353B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393C03F1BBA901120114 = {
-                       fileRef = F517353C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393D03F1BBAA01120114 = {
-                       fileRef = F517353D03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393E03F1BBAA01120114 = {
-                       fileRef = F517353E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517393F03F1BBAB01120114 = {
-                       fileRef = F517353F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394003F1BBAD01120114 = {
-                       fileRef = F517354003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394303F1BBB801120114 = {
-                       fileRef = F517354A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394403F1BBB901120114 = {
-                       fileRef = F517354C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394503F1BBBA01120114 = {
-                       fileRef = F517354D03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394603F1BBBB01120114 = {
-                       fileRef = F517354E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394703F1BBBC01120114 = {
-                       fileRef = F517354F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394803F1BBBC01120114 = {
-                       fileRef = F517355003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394903F1BC0F01120114 = {
-                       fileRef = F517359303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394A03F1BC4801120114 = {
-                       fileRef = F51735A003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394B03F1BC4901120114 = {
-                       fileRef = F51735A103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394C03F1BC4A01120114 = {
-                       fileRef = F51735A203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394D03F1BC4C01120114 = {
-                       fileRef = F51735A303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F517394E03F1BC4C01120114 = {
-                       fileRef = F51735A403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734D903F1B65A01120114 = {
+                       children = (
+                               F51734DB03F1B65A01120114,
+                               F51734DE03F1B65A01120114,
+                               F51734DF03F1B65A01120114,
+                               F51734E003F1B65A01120114,
+                               F51734E103F1B65A01120114,
+                               F51734E203F1B65A01120114,
+                               F51734E303F1B65A01120114,
+                               F51734E403F1B65A01120114,
+                               F51734E503F1B65A01120114,
+                               F51734E603F1B65A01120114,
+                               F51734E703F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = keytab;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517394F03F1BC4D01120114 = {
-                       fileRef = F51735A503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734DB03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395003F1BC4D01120114 = {
-                       fileRef = F51735A603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734DE03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kt_file.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395103F1BC4E01120114 = {
-                       fileRef = F51735A703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734DF03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kt_srvtab.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395203F1BC4E01120114 = {
-                       fileRef = F51735A803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734E003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ktadd.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395303F1BC5101120114 = {
-                       fileRef = F51735AB03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734E103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ktbase.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395403F1BC9601120114 = {
-                       fileRef = F517334203F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734E203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ktdefault.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395503F1BC9701120114 = {
-                       fileRef = F517334303F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734E303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ktfns.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395603F1BCA801120114 = {
-                       fileRef = F517332E03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734E403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ktfr_entry.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395703F1BCA801120114 = {
-                       fileRef = F517332F03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734E503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ktremove.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395803F1BCAA01120114 = {
-                       fileRef = F517333203F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734E603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395A03F1BCAB01120114 = {
-                       fileRef = F517333403F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734E703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = read_servi.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395B03F1BCAD01120114 = {
-                       fileRef = F517333603F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734E903F1B65A01120114 = {
+                       children = (
+                               F51734EC03F1B65A01120114,
+                               F51734ED03F1B65A01120114,
+                               F51734EE03F1B65A01120114,
+                               F51734EF03F1B65A01120114,
+                               F51734F003F1B65A01120114,
+                               F51734F103F1B65A01120114,
+                               F51734F203F1B65A01120114,
+                               F51734F303F1B65A01120114,
+                               F51734F403F1B65A01120114,
+                               F51734F503F1B65A01120114,
+                               F51734F603F1B65A01120114,
+                               F51734F703F1B65A01120114,
+                               F51734F803F1B65A01120114,
+                               A16DA36604854EF700120112,
+                               F51734F903F1B65A01120114,
+                               F51734FA03F1B65A01120114,
+                               F51734FB03F1B65A01120114,
+                               F51734FC03F1B65A01120114,
+                               F51734FD03F1B65A01120114,
+                               F51734FE03F1B65A01120114,
+                               F51734FF03F1B65A01120114,
+                               F517350003F1B65A01120114,
+                               F517350103F1B65A01120114,
+                               F517350203F1B65A01120114,
+                               F517350303F1B65A01120114,
+                               F517350403F1B65A01120114,
+                               F517350503F1B65A01120114,
+                               F517350603F1B65A01120114,
+                               F517350703F1B65A01120114,
+                               F517350803F1B65A01120114,
+                               F517350903F1B65A01120114,
+                               F517350A03F1B65A01120114,
+                               F517350B03F1B65A01120114,
+                               F517350C03F1B65A01120114,
+                               F517350D03F1B65A01120114,
+                               F517350E03F1B65A01120114,
+                               F517350F03F1B65A01120114,
+                               F517351003F1B65A01120114,
+                               F517351103F1B65A01120114,
+                               F517351203F1B65A01120114,
+                               F517351303F1B65A01120114,
+                               F517351403F1B65A01120114,
+                               F517351703F1B65A01120114,
+                               F517351803F1B65A01120114,
+                               F517351903F1B65A01120114,
+                               F517351A03F1B65A01120114,
+                               F517351B03F1B65A01120114,
+                               F517351C03F1B65A01120114,
+                               F517351D03F1B65A01120114,
+                               F517351E03F1B65A01120114,
+                               F517351F03F1B65A01120114,
+                               F517352003F1B65A01120114,
+                               F517352103F1B65A01120114,
+                               F517352203F1B65A01120114,
+                               F517352303F1B65A01120114,
+                               F517352403F1B65A01120114,
+                               F517352503F1B65A01120114,
+                               F517352603F1B65A01120114,
+                               F517352703F1B65A01120114,
+                               F517352803F1B65A01120114,
+                               F517352903F1B65A01120114,
+                               F517352A03F1B65A01120114,
+                               F517352B03F1B65A01120114,
+                               F517352C03F1B65A01120114,
+                               F517352D03F1B65A01120114,
+                               F517352E03F1B65A01120114,
+                               F517352F03F1B65A01120114,
+                               F517353003F1B65A01120114,
+                               F517353103F1B65A01120114,
+                               F517353203F1B65A01120114,
+                               F517353303F1B65A01120114,
+                               F517353403F1B65A01120114,
+                               F517353503F1B65A01120114,
+                               F517353603F1B65A01120114,
+                               F517353703F1B65A01120114,
+                               F517353803F1B65A01120114,
+                               F517353903F1B65A01120114,
+                               F517353A03F1B65A01120114,
+                               F517353B03F1B65A01120114,
+                               F517353C03F1B65A01120114,
+                               F517353D03F1B65A01120114,
+                               F517353E03F1B65A01120114,
+                               F517353F03F1B65A01120114,
+                               F517354003F1B65A01120114,
+                               F517354103F1B65A01120114,
+                               F517354203F1B65A01120114,
+                               F517354303F1B65A01120114,
+                               F517354403F1B65A01120114,
+                               F517354503F1B65A01120114,
+                               F517354603F1B65A01120114,
+                               F517354703F1B65A01120114,
+                               F517354803F1B65A01120114,
+                               F517354903F1B65A01120114,
+                               F517354A03F1B65A01120114,
+                               F517354B03F1B65A01120114,
+                               F517354C03F1B65A01120114,
+                               A16DA36704854EF700120112,
+                               F517354D03F1B65A01120114,
+                               F517354E03F1B65A01120114,
+                               F517354F03F1B65A01120114,
+                               F517355003F1B65A01120114,
+                               F517355103F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = krb;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395C03F1BCAD01120114 = {
-                       fileRef = F517333703F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734EC03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = addr_comp.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395D03F1BCAE01120114 = {
-                       fileRef = F517333803F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734ED03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = addr_order.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517395E03F1BCAE01120114 = {
-                       fileRef = F517333903F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734EE03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = addr_srch.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396103F1BCB001120114 = {
-                       fileRef = F517333C03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734EF03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = appdefault.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396203F1BCB201120114 = {
-                       fileRef = F517333D03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734F003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = auth_con.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396303F1BCB201120114 = {
-                       fileRef = F517333E03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734F103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = auth_con.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396403F1BCB201120114 = {
-                       fileRef = F517333F03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734F203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = bld_pr_ext.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396503F1BCB301120114 = {
-                       fileRef = F517334003F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734F303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = bld_princ.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396703F1BCC401120114 = {
-                       fileRef = F517334803F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734F403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = brand.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396803F1BCC401120114 = {
-                       fileRef = F517334903F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734F503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396903F1BCC501120114 = {
-                       fileRef = F517334A03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734F603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = chk_trans.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396A03F1BCC601120114 = {
-                       fileRef = F517334B03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734F703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = chpw.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396B03F1BCC801120114 = {
-                       fileRef = F517334D03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734F803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = cleanup.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396C03F1BCC801120114 = {
-                       fileRef = F517334E03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734F903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = conv_princ.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396D03F1BCC901120114 = {
-                       fileRef = F517334F03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734FA03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = copy_addrs.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396E03F1BCC901120114 = {
-                       fileRef = F517335003F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734FB03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = copy_athctr.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517396F03F1BCC901120114 = {
-                       fileRef = F517335103F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734FC03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = copy_auth.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397003F1BCCA01120114 = {
-                       fileRef = F517335203F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734FD03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = copy_cksum.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397103F1BCCA01120114 = {
-                       fileRef = F517335303F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734FE03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = copy_creds.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397203F1BCCB01120114 = {
-                       fileRef = F517335403F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51734FF03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = copy_data.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397303F1BCCB01120114 = {
-                       fileRef = F517335503F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = copy_key.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397403F1BCCB01120114 = {
-                       fileRef = F517335603F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = copy_princ.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397503F1BCCE01120114 = {
-                       fileRef = F517335803F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = copy_tick.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397703F1BCCF01120114 = {
-                       fileRef = F517335A03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = cp_key_cnt.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397803F1BCCF01120114 = {
-                       fileRef = F517335B03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = decode_kdc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397903F1BCD101120114 = {
-                       fileRef = F517335D03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = decrypt_tk.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397A03F1BCD201120114 = {
-                       fileRef = F517335C03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = deltat.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397B03F1BCD301120114 = {
-                       fileRef = F517335E03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = enc_helper.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397C03F1BCD301120114 = {
-                       fileRef = F517335F03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = encode_kdc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397D03F1BCD401120114 = {
-                       fileRef = F517336003F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = encrypt_tk.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397E03F1BCD401120114 = {
-                       fileRef = F517336103F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = free_rtree.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517397F03F1BCD501120114 = {
-                       fileRef = F517336203F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350B03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = fwd_tgt.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398003F1BCD501120114 = {
-                       fileRef = F517336303F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350C03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gc_frm_kdc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398103F1BCD601120114 = {
-                       fileRef = F517336403F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350D03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gc_via_tkt.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398203F1BCD701120114 = {
-                       fileRef = F517336603F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517350E03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gen_seqnum.c;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517350F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gen_subkey.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398303F1BCD801120114 = {
-                       fileRef = F517336703F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = get_creds.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398503F1BCDB01120114 = {
-                       fileRef = F517336903F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = get_in_tkt.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398603F1BCDC01120114 = {
-                       fileRef = F517336A03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gic_keytab.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398703F1BCDC01120114 = {
-                       fileRef = F517336B03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gic_opt.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398803F1BCDD01120114 = {
-                       fileRef = F517336C03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gic_pwd.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398903F1BCE101120114 = {
-                       fileRef = F517336D03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = in_tkt_sky.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398A03F1BCE201120114 = {
-                       fileRef = F517336E03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = init_ctx.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398B03F1BCE201120114 = {
-                       fileRef = F517336F03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = init_keyblock.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398C03F1BCE401120114 = {
-                       fileRef = F517336803F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "int-proto.h";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398D03F1BCE501120114 = {
-                       fileRef = F517337003F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351B03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kdc_rep_dc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398E03F1BCE501120114 = {
-                       fileRef = F517337103F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351C03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kfree.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517398F03F1BCE601120114 = {
-                       fileRef = F517337303F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351D03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517399003F1BCE701120114 = {
-                       fileRef = F517337203F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351E03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_cred.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517399103F1BCE801120114 = {
-                       fileRef = F517337403F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517351F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_error.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517399203F1BCE801120114 = {
-                       fileRef = F517337503F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517352003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_priv.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517399403F1BD1201120114 = {
-                       fileRef = F51737BA03F1B65B01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517352103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_rep.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517399503F1BD1201120114 = {
-                       fileRef = F51737BB03F1B65B01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517352203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_req.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517399603F1BD1301120114 = {
-                       fileRef = F51737BC03F1B65B01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517352303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_req_ext.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517399703F1BD1301120114 = {
-                       fileRef = F51737BD03F1B65B01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517352403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_safe.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517399803F1BD1401120114 = {
-                       fileRef = F51737BE03F1B65B01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517352503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = parse.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517399903F1BD1601120114 = {
-                       fileRef = F51737BF03F1B65B01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517352603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = pr_to_salt.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F517399A03F1BD1701120114 = {
-                       fileRef = F51737C003F1B65B01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517352703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = preauth.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F58183510253A2F201120112 = {
-                       fileRef = F5C2DF200240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517352803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = preauth2.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F58183520253A2F301120112 = {
-                       fileRef = F5C2DF210240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517352903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = princ_comp.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF100240F9F601650119 = {
-                       children = (
-                               F5C2DF140240F9F601650119,
-                               F5C2DF150240F9F601650119,
-                               F5C2DF160240F9F601650119,
-                               F5C2DF170240F9F601650119,
-                               F5C2DF180240F9F601650119,
-                               F5C2DF190240F9F601650119,
-                               F5C2DF1A0240F9F601650119,
-                               F5C2DF1B0240F9F601650119,
-                               F5C2DF1C0240F9F601650119,
-                               F5E2671F03F8200601120114,
-                               F5E2672003F8200601120114,
-                               F5E2672103F8200601120114,
-                               F5E2672203F8200601120114,
-                               F5E2672303F8200601120114,
-                               F5E2672403F8200601120114,
-                               F5C2DF1D0240F9F601650119,
-                               F5C2DF1E0240F9F601650119,
-                               F5C2DF1F0240F9F601650119,
-                               F5C2DF200240F9F601650119,
-                               F5C2DF210240F9F601650119,
-                               F5C2DF220240F9F601650119,
-                               F5C2DF230240F9F601650119,
-                               F5C2DF240240F9F601650119,
-                               F5C2DF250240F9F601650119,
-                               F5C2DF260240F9F601650119,
-                               F5C2DF270240F9F601650119,
-                               F5C2DF280240F9F601650119,
-                               F5C2DF290240F9F601650119,
-                               F5C2DF2A0240F9F601650119,
-                               F5C2DF2B0240F9F601650119,
-                       );
-                       isa = PBXGroup;
-                       path = ErrorTables;
+               F517352A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_cred.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF140240F9F601650119 = {
+               F517352B03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_err.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_error.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF150240F9F601650119 = {
+               F517352C03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_err.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_priv.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF160240F9F601650119 = {
+               F517352D03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = asn1_err.strings;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_rep.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF170240F9F601650119 = {
+               F517352E03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssapi_err_generic.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_req.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF180240F9F601650119 = {
+               F517352F03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssapi_err_generic.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_req_dec.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF190240F9F601650119 = {
+               F517353003F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssapi_err_generic.strings;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rd_safe.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF1A0240F9F601650119 = {
+               F517353103F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssapi_err_krb5.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = recvauth.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF1B0240F9F601650119 = {
+               F517353203F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssapi_err_krb5.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = send_tgs.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF1C0240F9F601650119 = {
+               F517353303F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = gssapi_err_krb5.strings;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = sendauth.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF1D0240F9F601650119 = {
+               F517353403F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kdb5_err.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_actx.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF1E0240F9F601650119 = {
+               F517353503F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kdb5_err.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_adata.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF1F0240F9F601650119 = {
+               F517353603F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kdb5_err.strings;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_addr.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF200240F9F601650119 = {
+               F517353703F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb524_err.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_auth.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF210240F9F601650119 = {
+               F517353803F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb524_err.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_cksum.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF220240F9F601650119 = {
+               F517353903F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb524_err.strings;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_ctx.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF230240F9F601650119 = {
+               F517353A03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb5_err.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_eblk.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF240240F9F601650119 = {
+               F517353B03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb5_err.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_key.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF250240F9F601650119 = {
+               F517353C03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb5_err.strings;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_princ.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF260240F9F601650119 = {
+               F517353D03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kv5m_err.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = serialize.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF270240F9F601650119 = {
+               F517353E03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kv5m_err.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = set_realm.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF280240F9F601650119 = {
+               F517353F03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kv5m_err.strings;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = srv_rcache.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF290240F9F601650119 = {
+               F517354003F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_err.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = str_conv.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF2A0240F9F601650119 = {
+               F517354103F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_err.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = strftime.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF2B0240F9F601650119 = {
+               F517354203F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = prof_err.strings;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = strptime.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C2DF2E0240F9F601650119 = {
-                       fileRef = F5C2DF140240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF2F0240F9F601650119 = {
-                       fileRef = F5C2DF150240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF340240F9F601650119 = {
-                       fileRef = F5C2DF1D0240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF350240F9F601650119 = {
-                       fileRef = F5C2DF1E0240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF380240F9F601650119 = {
-                       fileRef = F5C2DF230240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF390240F9F601650119 = {
-                       fileRef = F5C2DF240240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF3A0240F9F601650119 = {
-                       fileRef = F5C2DF260240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF3B0240F9F601650119 = {
-                       fileRef = F5C2DF270240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF3E0240F9FC01650119 = {
-                       fileRef = F5C2DF290240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF3F0240F9FD01650119 = {
-                       fileRef = F5C2DF2A0240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF420240FA1301650119 = {
-                       fileRef = F5C2DF1B0240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF430240FA1401650119 = {
-                       fileRef = F5C2DF1A0240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF440240FA1501650119 = {
-                       fileRef = F5C2DF180240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C2DF450240FA1601650119 = {
-                       fileRef = F5C2DF170240F9F601650119;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5C44E900231BD6801120112 = {
-                       isa = PBXLibraryReference;
-                       path = libGSS.a;
-                       refType = 3;
-               };
-               F5C44E910231BD6801120112 = {
-                       buildPhases = (
-                               F5C44E920231BD6801120112,
-                               F5C44E9C0231BD6801120112,
-                               F5C44EDD0231BD6801120112,
-                               F5C44EDE0231BD6801120112,
-                       );
-                       buildSettings = {
-                               DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 1;
-                               HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include\" \"$(SRCROOT)/../../KerberosErrors/Headers\" \"$(SRCROOT)/../../KerberosErrors/Headers/Kerberos\"";
-                               LIBRARY_STYLE = STATIC;
-                               PRECOMPILE_PREFIX_HEADER = YES;
-                               PREFIX_HEADER = "$(SRCROOT)/../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h";
-                               PRODUCT_NAME = libGSS.a;
-                               REZ_EXECUTABLE = YES;
-                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
-                       };
-                       dependencies = (
-                               F5C44EE90231CEA101120112,
-                               F5C44EE80231CEA101120112,
-                       );
-                       isa = PBXLibraryTarget;
-                       name = GSS;
-                       productInstallPath = /usr/local/lib;
-                       productName = GSS;
-                       productReference = F5C44E900231BD6801120112;
-               };
-               F5C44E920231BD6801120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                               F5C2DF420240FA1301650119,
-                               F5C2DF440240FA1501650119,
-                               F517395503F1BC9701120114,
-                               F517395A03F1BCAB01120114,
-                               F517397703F1BCCF01120114,
-                               F5E266FA03F4443D01120114,
-                               F5E266FB03F4443D01120114,
-                       );
-                       isa = PBXHeadersBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
-               };
-               F5C44E9C0231BD6801120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                               F5C2DF430240FA1401650119,
-                               F5C2DF450240FA1601650119,
-                               F517395403F1BC9601120114,
-                               F517395603F1BCA801120114,
-                               F517395703F1BCA801120114,
-                               F517395803F1BCAA01120114,
-                               F517395B03F1BCAD01120114,
-                               F517395C03F1BCAD01120114,
-                               F517395D03F1BCAE01120114,
-                               F517395E03F1BCAE01120114,
-                               F517396103F1BCB001120114,
-                               F517396203F1BCB201120114,
-                               F517396303F1BCB201120114,
-                               F517396403F1BCB201120114,
-                               F517396503F1BCB301120114,
-                               F517396703F1BCC401120114,
-                               F517396803F1BCC401120114,
-                               F517396903F1BCC501120114,
-                               F517396A03F1BCC601120114,
-                               F517396B03F1BCC801120114,
-                               F517396C03F1BCC801120114,
-                               F517396D03F1BCC901120114,
-                               F517396E03F1BCC901120114,
-                               F517396F03F1BCC901120114,
-                               F517397003F1BCCA01120114,
-                               F517397103F1BCCA01120114,
-                               F517397203F1BCCB01120114,
-                               F517397303F1BCCB01120114,
-                               F517397403F1BCCB01120114,
-                               F517397503F1BCCE01120114,
-                               F517397803F1BCCF01120114,
-                               F517397903F1BCD101120114,
-                               F517397A03F1BCD201120114,
-                               F517397B03F1BCD301120114,
-                               F517397C03F1BCD301120114,
-                               F517397D03F1BCD401120114,
-                               F517397E03F1BCD401120114,
-                               F517397F03F1BCD501120114,
-                               F517398003F1BCD501120114,
-                               F517398103F1BCD601120114,
-                               F517398203F1BCD701120114,
-                               F517398303F1BCD801120114,
-                               F517398503F1BCDB01120114,
-                               F517398603F1BCDC01120114,
-                               F517398703F1BCDC01120114,
-                               F517398803F1BCDD01120114,
-                               F517398903F1BCE101120114,
-                               F517398A03F1BCE201120114,
-                               F517398B03F1BCE201120114,
-                               F517398C03F1BCE401120114,
-                               F517398D03F1BCE501120114,
-                               F517398E03F1BCE501120114,
-                               F517398F03F1BCE601120114,
-                               F517399003F1BCE701120114,
-                               F517399103F1BCE801120114,
-                               F517399203F1BCE801120114,
-                       );
-                       isa = PBXSourcesBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517354303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_deltat.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C44EDD0231BD6801120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       isa = PBXFrameworksBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517354403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_expand.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C44EDE0231BD6801120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       isa = PBXRezBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517354503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_kerb.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C44EE80231CEA101120112 = {
-                       isa = PBXTargetDependency;
-                       target = F5CFD629022D922C01120112;
+               F517354603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = t_krb5.conf;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5C44EE90231CEA101120112 = {
-                       isa = PBXTargetDependency;
-                       target = F5CFD5E6022D8A9901120112;
+               F517354703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = t_ref_kerb.out;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD36E022D854401120112 = {
-                       buildStyles = (
-                               F5CFD370022D854401120112,
-                               F5CFD371022D854401120112,
-                       );
-                       hasScannedForEncodings = 1;
-                       isa = PBXProject;
-                       mainGroup = F5CFD36F022D854401120112;
-                       productRefGroup = F5CFD5CB022D86AD01120112;
-                       projectDirPath = "";
-                       targets = (
-                               F5E59BD503FD803201120114,
-                               F5CFD5E6022D8A9901120112,
-                               F5CFD629022D922C01120112,
-                               F5E2686C03F8336601120114,
-                               F5CFD5CD022D86AD01120112,
-                               F5E2688403F83E7D01120114,
-                               F5CFD639022DD45401120112,
-                               F5C44E910231BD6801120112,
-                       );
+               F517354803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_ser.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD36F022D854401120112 = {
-                       children = (
-                               A1253783040BF7E6003D8244,
-                               A125378D040BFA0E003D8244,
-                               A1253784040BF80F003D8244,
-                               F5CFD5ED022D8B6001120112,
-                               F5CFD5EC022D8B6001120112,
-                               F5CFD5EE022D8B6001120112,
-                               F5172F7B03F1B65801120114,
-                               F5CFD5E4022D891701120112,
-                               F5CFD5CB022D86AD01120112,
-                       );
-                       isa = PBXGroup;
+               F517354903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_walk_rtree.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD370022D854401120112 = {
-                       buildRules = (
-                       );
-                       buildSettings = {
-                               COPY_PHASE_STRIP = NO;
-                       };
-                       isa = PBXBuildStyle;
-                       name = Development;
+               F517354A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = tgtname.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD371022D854401120112 = {
-                       buildRules = (
-                       );
-                       buildSettings = {
-                               COPY_PHASE_STRIP = YES;
-                       };
-                       isa = PBXBuildStyle;
-                       name = Deployment;
+               F517354B03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
+                       path = "transit-tests";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5CB022D86AD01120112 = {
-                       children = (
-                               F5CFD5CC022D86AD01120112,
-                               F5CFD638022DD45401120112,
-                               F5C44E900231BD6801120112,
-                               F5E2686D03F8336601120114,
-                               F5E2688503F83E7D01120114,
-                       );
-                       isa = PBXGroup;
-                       name = Products;
+               F517354C03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = unparse.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5CC022D86AD01120112 = {
-                       isa = PBXLibraryReference;
-                       path = libKerberosProfile.a;
-                       refType = 3;
+               F517354D03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = valid_times.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5CD022D86AD01120112 = {
-                       buildPhases = (
-                               F5CFD5CE022D86AD01120112,
-                               F5CFD5CF022D86AD01120112,
-                               F5CFD5D0022D86AD01120112,
-                               F5CFD5D1022D86AD01120112,
-                       );
-                       buildSettings = {
-                               DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 1;
-                               HEADER_SEARCH_PATHS = "\"$(SRCROOT)/../../Common/Headers\" \"$(SRCROOT)/../../KerberosErrors/Headers/Kerberos\" \"$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include\"";
-                               LIBRARY_STYLE = STATIC;
-                               PRECOMPILE_PREFIX_HEADER = YES;
-                               PREFIX_HEADER = "$(SRCROOT)/../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h";
-                               PRODUCT_NAME = libKerberosProfile.a;
-                               REZ_EXECUTABLE = YES;
-                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
-                       };
-                       dependencies = (
-                               F5CFD5E7022D8A9901120112,
-                               F5CFD62B022D922C01120112,
-                       );
-                       isa = PBXLibraryTarget;
-                       name = KerberosProfile;
-                       productInstallPath = /usr/local/lib;
-                       productName = KerberosProfile;
-                       productReference = F5CFD5CC022D86AD01120112;
+               F517354E03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = vfy_increds.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5CE022D86AD01120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                               F5C2DF3F0240F9FD01650119,
-                               F517399703F1BD1301120114,
-                               F5E266F803F4443301120114,
-                               F5E266F903F4443301120114,
-                       );
-                       isa = PBXHeadersBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517354F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = vic_opt.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5CF022D86AD01120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                               F5C2DF3E0240F9FC01650119,
-                               F517399403F1BD1201120114,
-                               F517399503F1BD1201120114,
-                               F517399603F1BD1301120114,
-                               F517399803F1BD1401120114,
-                               F517399903F1BD1601120114,
-                               F517399A03F1BD1701120114,
-                               A198BC2B0406DA8F00120114,
-                       );
-                       isa = PBXSourcesBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517355003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = walk_rtree.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5D0022D86AD01120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       isa = PBXFrameworksBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517355103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.yacc;
+                       path = "x-deltat.y";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5D1022D86AD01120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       isa = PBXRezBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517355203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = krb5_libinit.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5E4022D891701120112 = {
+               F517355303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = krb5_libinit.h;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517355403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F517355503F1B65A01120114 = {
                        children = (
-                               F5E59BD403FD7D5301120114,
-                               F5CFD5E5022D891701120112,
-                               F5CFD60D022D8BD601120112,
+                               F517355803F1B65A01120114,
+                               F517355903F1B65A01120114,
+                               F517355A03F1B65A01120114,
+                               F517355B03F1B65A01120114,
+                               F517355C03F1B65A01120114,
+                               F517355D03F1B65A01120114,
+                               F517355E03F1B65A01120114,
+                               A12539AD05CF12D5003BD89B,
+                               F517355F03F1B65A01120114,
+                               F517356003F1B65A01120114,
+                               F517356103F1B65A01120114,
+                               F517356203F1B65A01120114,
+                               F517356303F1B65A01120114,
+                               F517356403F1B65A01120114,
+                               F517356503F1B65A01120114,
+                               F517356603F1B65A01120114,
+                               F517356703F1B65A01120114,
+                               F517356803F1B65A01120114,
+                               F517356903F1B65A01120114,
+                               F517356A03F1B65A01120114,
+                               F517356B03F1B65A01120114,
+                               F517356C03F1B65A01120114,
+                               F517356D03F1B65A01120114,
+                               F517356E03F1B65A01120114,
+                               F517356F03F1B65A01120114,
+                               F517357003F1B65A01120114,
+                               F517357103F1B65A01120114,
+                               F517357203F1B65A01120114,
+                               F517357303F1B65A01120114,
+                               F517357403F1B65A01120114,
+                               F517357503F1B65A01120114,
+                               F517357603F1B65A01120114,
+                               F517357703F1B65A01120114,
+                               F517357803F1B65A01120114,
+                               F517357903F1B65A01120114,
+                               F517357A03F1B65A01120114,
+                               F517357B03F1B65A01120114,
+                               F517357C03F1B65A01120114,
+                               F517357D03F1B65A01120114,
+                               F517357E03F1B65A01120114,
+                               A16DB01304868A7E00120112,
+                               F517357F03F1B65A01120114,
+                               F517358003F1B65A01120114,
+                               F517358103F1B65A01120114,
+                               F517358203F1B65A01120114,
+                               F517358303F1B65A01120114,
+                               F517358403F1B65A01120114,
+                               F517358503F1B65A01120114,
+                               F517358603F1B65A01120114,
+                               F517358703F1B65A01120114,
+                               F517358803F1B65A01120114,
+                               F517358903F1B65A01120114,
+                               F517358A03F1B65A01120114,
                        );
                        isa = PBXGroup;
-                       name = Scripts;
-                       path = ../Scripts;
-                       refType = 2;
+                       path = os;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5E5022D891701120112 = {
+               F517355803F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Kerberos5Errors.jam;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = accessor.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5E6022D8A9901120112 = {
-                       buildArgumentsString = "-d3 \"-sJAMFILE=$(SRCROOT)/../Scripts/Kerberos5Errors.jam\" $(ACTION)";
-                       buildPhases = (
-                       );
-                       buildSettings = {
-                               PRODUCT_NAME = "Error Table Generation";
-                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
-                       };
-                       buildToolPath = /Developer/Private/jam;
-                       dependencies = (
-                       );
-                       isa = PBXLegacyTarget;
-                       name = "Error Table Generation";
-                       passBuildSettingsInEnvironment = 1;
-                       productName = "Error Table Generation";
-                       settingsToExpand = 6;
-                       settingsToPassInEnvironment = 287;
-                       settingsToPassOnCommandLine = 280;
-               };
-               F5CFD5E7022D8A9901120112 = {
-                       isa = PBXTargetDependency;
-                       target = F5CFD5E6022D8A9901120112;
+               F517355903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = an_to_ln.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5EC022D8B6001120112 = {
+               F517355A03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = GSS.pbexp;
-                       refType = 2;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = c_ustime.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5ED022D8B6001120112 = {
+               F517355B03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Kerberos5.pbexp;
-                       refType = 2;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ccdefname.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD5EE022D8B6001120112 = {
-                       children = (
-                               F5E265DF03F443E901120114,
-                               F5E266F503F443EA01120114,
-                               F5C2DF100240F9F601650119,
-                               A12537EA040C0795003D8244,
-                               A12537EF040C0795003D8244,
-                       );
-                       isa = PBXGroup;
-                       path = Kerberos5.intermediates;
-                       refType = 3;
+               F517355C03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD60D022D8BD601120112 = {
+               F517355D03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       lineEnding = 0;
-                       path = Kerberos5Headers.jam;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = changepw.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD629022D922C01120112 = {
-                       buildArgumentsString = "-d3 \"-sJAMFILE=$(SRCROOT)/../Scripts/Kerberos5Headers.jam\" $(ACTION)";
-                       buildPhases = (
-                       );
-                       buildSettings = {
-                               PRODUCT_NAME = "Header Generation";
-                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
-                       };
-                       buildToolPath = /Developer/Private/jam;
-                       dependencies = (
-                               F5CFD62A022D922C01120112,
-                               A1253780040BF748003D8244,
-                       );
-                       isa = PBXLegacyTarget;
-                       name = "Header Generation";
-                       passBuildSettingsInEnvironment = 1;
-                       productName = "Header Generation";
-                       settingsToExpand = 6;
-                       settingsToPassInEnvironment = 287;
-                       settingsToPassOnCommandLine = 280;
+               F517355E03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = def_realm.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD62A022D922C01120112 = {
-                       isa = PBXTargetDependency;
-                       target = F5CFD5E6022D8A9901120112;
+               F517355F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = free_hstrl.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD62B022D922C01120112 = {
-                       isa = PBXTargetDependency;
-                       target = F5CFD629022D922C01120112;
+               F517356003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = free_krbhs.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD638022DD45401120112 = {
-                       isa = PBXLibraryReference;
-                       path = libKerberos5.a;
-                       refType = 3;
+               F517356103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = full_ipadr.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD639022DD45401120112 = {
-                       buildPhases = (
-                               F5CFD63A022DD45401120112,
-                               F5CFD63B022DD45401120112,
-                               F5CFD63C022DD45401120112,
-                               F5CFD63D022DD45401120112,
-                       );
-                       buildSettings = {
-                               DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 1;
-                               HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates\" \"$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include\" \"$(SRCROOT)/../Sources/include\" \"$(SRCROOT)/../../KerberosErrors/Headers\" \"$(SRCROOT)/../../KerberosErrors/Headers/Kerberos\" \"$(SRCROOT)/../../CredentialsCache/Headers\" \"$(SRCROOT)/../../CredentialsCache/Headers/Kerberos\" \"$(SRCROOT)/../../KerberosLogin/Headers\" \"$(SRCROOT)/../../KerberosLogin/Headers/Kerberos\"";
-                               LIBRARY_STYLE = STATIC;
-                               PRECOMPILE_PREFIX_HEADER = YES;
-                               PREFIX_HEADER = "$(SRCROOT)/../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h";
-                               PRODUCT_NAME = libKerberos5.a;
-                               REZ_EXECUTABLE = YES;
-                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
-                       };
-                       dependencies = (
-                               F5CFD7D8022DE82501120112,
-                               F5CFD7D9022DE82501120112,
-                               F5E2688903F8405301120114,
-                       );
-                       isa = PBXLibraryTarget;
-                       name = Kerberos5;
-                       productInstallPath = /usr/local/lib;
-                       productName = Kerberos5;
-                       productReference = F5CFD638022DD45401120112;
+               F517356203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gen_port.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD63A022DD45401120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                               F5C2DF2F0240F9F601650119,
-                               F5C2DF350240F9F601650119,
-                               F5C2DF390240F9F601650119,
-                               F5C2DF3B0240F9F601650119,
-                               F58183520253A2F301120112,
-                               F517388F03F1B8BE01120114,
-                               F51738AA03F1B96401120114,
-                               F51738BE03F1B9B001120114,
-                               F51738C003F1B9B301120114,
-                               F51738C203F1B9B501120114,
-                               F51738C403F1B9B901120114,
-                               F51738C603F1B9BF01120114,
-                               F51738C903F1B9CE01120114,
-                               F51738CB03F1B9D001120114,
-                               F51738CD03F1B9DB01120114,
-                               F51738CF03F1B9DC01120114,
-                               F51738D003F1B9F101120114,
-                               F51738D903F1BA1201120114,
-                               F51738DB03F1BA1801120114,
-                               F51738DE03F1BA2701120114,
-                               F51738DF03F1BA2701120114,
-                               F51738E303F1BA7501120114,
-                               F51738E403F1BA7F01120114,
-                               F51738F303F1BB1701120114,
-                               F51738F903F1BB1A01120114,
-                               F517391B03F1BB2D01120114,
-                               F517394B03F1BC4901120114,
-                               F517394E03F1BC4C01120114,
-                               F517395003F1BC4D01120114,
-                               F5E266F603F4442A01120114,
-                               F5E266F703F4442B01120114,
-                               A1CA6046040F248A0013F915,
-                               A1CA604A040F24900013F915,
-                               A1CA6053040F24A30013F915,
-                               A1CA6068040F252B0013F915,
-                               A1CA6069040F252C0013F915,
-                               A1CA606D040F25380013F915,
-                               A1CA6076040F254F0013F915,
-                               A1CA607A040F25570013F915,
-                               A1CA607F040F25680013F915,
-                               A1CA6083040F25740013F915,
-                               A1CA608A040F25860013F915,
-                               A1CA608F040F25980013F915,
-                               A1CA6091040F25A20013F915,
-                               A1CA6093040F25AD0013F915,
-                               A1CA6097040F25B90013F915,
-                               A1CA6098040F25BE0013F915,
-                               A1CA609C040F25C70013F915,
-                               A1CA609E040F25D50013F915,
-                               A1CA60A0040F25D80013F915,
-                               A1CA60A1040F25D90013F915,
-                               A1CA60A2040F25DB0013F915,
-                               A1CA60A3040F25DC0013F915,
-                               A1CA60A4040F25DD0013F915,
-                               A1CA60A5040F25DE0013F915,
-                               A1B21F1A0417D6BC00120114,
-                       );
-                       isa = PBXHeadersBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517356303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gen_rname.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD63B022DD45401120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                               F5C2DF2E0240F9F601650119,
-                               F5C2DF340240F9F601650119,
-                               F5C2DF380240F9F601650119,
-                               F5C2DF3A0240F9F601650119,
-                               F58183510253A2F201120112,
-                               F517388E03F1B8BD01120114,
-                               F517389003F1B90D01120114,
-                               F517389103F1B90E01120114,
-                               F517389203F1B90E01120114,
-                               F517389303F1B90E01120114,
-                               F517389403F1B91001120114,
-                               F517389503F1B91001120114,
-                               F517389603F1B91101120114,
-                               F517389703F1B91101120114,
-                               F517389803F1B91201120114,
-                               F517389903F1B91201120114,
-                               F517389A03F1B91201120114,
-                               F517389B03F1B91301120114,
-                               F517389C03F1B91401120114,
-                               F517389D03F1B91401120114,
-                               F517389E03F1B91501120114,
-                               F517389F03F1B91501120114,
-                               F51738A003F1B91601120114,
-                               F51738A103F1B91601120114,
-                               F51738A203F1B91701120114,
-                               F51738A303F1B94D01120114,
-                               F51738A403F1B95101120114,
-                               F51738A503F1B95A01120114,
-                               F51738A603F1B95B01120114,
-                               F51738A703F1B95E01120114,
-                               F51738A803F1B96101120114,
-                               F51738A903F1B96101120114,
-                               F51738AB03F1B96501120114,
-                               F51738AC03F1B96801120114,
-                               F51738AD03F1B96901120114,
-                               F51738AE03F1B96A01120114,
-                               F51738AF03F1B96C01120114,
-                               F51738B003F1B96D01120114,
-                               F51738B103F1B96F01120114,
-                               F51738B203F1B97001120114,
-                               F51738B303F1B97301120114,
-                               F51738B403F1B97501120114,
-                               F51738B803F1B99A01120114,
-                               F51738B903F1B99B01120114,
-                               F51738BA03F1B99D01120114,
-                               F51738BB03F1B99E01120114,
-                               F51738BC03F1B99E01120114,
-                               F51738BD03F1B9AF01120114,
-                               F51738BF03F1B9B001120114,
-                               F51738C103F1B9B501120114,
-                               F51738C303F1B9B901120114,
-                               F51738C503F1B9BF01120114,
-                               F51738C703F1B9CA01120114,
-                               F51738C803F1B9CA01120114,
-                               F51738CA03F1B9D001120114,
-                               F51738CC03F1B9DA01120114,
-                               F51738CE03F1B9DB01120114,
-                               F51738D103F1BA0701120114,
-                               F51738D203F1BA0901120114,
-                               F51738D303F1BA0A01120114,
-                               F51738D403F1BA0F01120114,
-                               F51738D503F1BA0F01120114,
-                               F51738D603F1BA1001120114,
-                               F51738D703F1BA1001120114,
-                               F51738D803F1BA1101120114,
-                               F51738DA03F1BA1701120114,
-                               F51738DC03F1BA2601120114,
-                               F51738DD03F1BA2601120114,
-                               F51738E203F1BA6901120114,
-                               F51738E503F1BAF701120114,
-                               F51738E603F1BAF801120114,
-                               F51738E703F1BAF901120114,
-                               F51738E803F1BAF901120114,
-                               F51738E903F1BAFA01120114,
-                               F51738EA03F1BAFA01120114,
-                               F51738EB03F1BAFB01120114,
-                               F51738EC03F1BAFB01120114,
-                               F51738ED03F1BAFE01120114,
-                               F51738EE03F1BB1401120114,
-                               F51738EF03F1BB1401120114,
-                               F51738F003F1BB1501120114,
-                               F51738F103F1BB1501120114,
-                               F51738F203F1BB1601120114,
-                               F51738F403F1BB1701120114,
-                               F51738F503F1BB1801120114,
-                               F51738F703F1BB1A01120114,
-                               F51738F803F1BB1A01120114,
-                               F51738FA03F1BB1B01120114,
-                               F51738FB03F1BB1B01120114,
-                               F51738FC03F1BB1C01120114,
-                               F51738FD03F1BB1E01120114,
-                               F51738FE03F1BB1E01120114,
-                               F51738FF03F1BB1F01120114,
-                               F517390003F1BB1F01120114,
-                               F517390103F1BB2001120114,
-                               F517390203F1BB2001120114,
-                               F517390303F1BB2001120114,
-                               F517390403F1BB2101120114,
-                               F517390503F1BB2101120114,
-                               F517390603F1BB2201120114,
-                               F517390703F1BB2201120114,
-                               F517390803F1BB2301120114,
-                               F517390903F1BB2301120114,
-                               F517390A03F1BB2401120114,
-                               F517390B03F1BB2401120114,
-                               F517390C03F1BB2501120114,
-                               F517390D03F1BB2501120114,
-                               F517390E03F1BB2501120114,
-                               F517390F03F1BB2601120114,
-                               F517391003F1BB2601120114,
-                               F517391103F1BB2701120114,
-                               F517391203F1BB2801120114,
-                               F517391303F1BB2801120114,
-                               F517391403F1BB2801120114,
-                               F517391503F1BB2901120114,
-                               F517391603F1BB2901120114,
-                               F517391703F1BB2A01120114,
-                               F517391803F1BB2B01120114,
-                               F517391903F1BB2B01120114,
-                               F517391A03F1BB2C01120114,
-                               F517391C03F1BB2D01120114,
-                               F517391D03F1BB2D01120114,
-                               F517391E03F1BB8A01120114,
-                               F517391F03F1BB8A01120114,
-                               F517392003F1BB8A01120114,
-                               F517392103F1BB8A01120114,
-                               F517392203F1BB8B01120114,
-                               F517392303F1BB8C01120114,
-                               F517392403F1BB8C01120114,
-                               F517392503F1BB8E01120114,
-                               F517392603F1BB8F01120114,
-                               F517392703F1BB9101120114,
-                               F517392803F1BB9101120114,
-                               F517392903F1BB9301120114,
-                               F517392A03F1BB9A01120114,
-                               F517392B03F1BB9A01120114,
-                               F517392C03F1BB9B01120114,
-                               F517392D03F1BB9C01120114,
-                               F517392E03F1BB9C01120114,
-                               F517392F03F1BB9D01120114,
-                               F517393003F1BB9E01120114,
-                               F517393103F1BBA001120114,
-                               F517393203F1BBA201120114,
-                               F517393303F1BBA301120114,
-                               F517393403F1BBA501120114,
-                               F517393503F1BBA501120114,
-                               F517393603F1BBA601120114,
-                               F517393703F1BBA701120114,
-                               F517393803F1BBA701120114,
-                               F517393903F1BBA801120114,
-                               F517393A03F1BBA801120114,
-                               F517393B03F1BBA901120114,
-                               F517393C03F1BBA901120114,
-                               F517393D03F1BBAA01120114,
-                               F517393E03F1BBAA01120114,
-                               F517393F03F1BBAB01120114,
-                               F517394003F1BBAD01120114,
-                               F517394303F1BBB801120114,
-                               F517394403F1BBB901120114,
-                               F517394503F1BBBA01120114,
-                               F517394603F1BBBB01120114,
-                               F517394703F1BBBC01120114,
-                               F517394803F1BBBC01120114,
-                               F517394903F1BC0F01120114,
-                               F517394A03F1BC4801120114,
-                               F517394C03F1BC4A01120114,
-                               F517394D03F1BC4C01120114,
-                               F517394F03F1BC4D01120114,
-                               F517395103F1BC4E01120114,
-                               F517395203F1BC4E01120114,
-                               F517395303F1BC5101120114,
-                               F5E2670B03F4730501120114,
-                               F5E2670C03F4730701120114,
-                               F5E2670D03F4730901120114,
-                               F5E2670E03F4730B01120114,
-                               F5E2670F03F4731401120114,
-                               F5E2671003F4731B01120114,
-                               F5E2671103F4732801120114,
-                               F5E2671203F4732A01120114,
-                               A1CA6042040F24850013F915,
-                               A1CA6043040F24870013F915,
-                               A1CA6044040F24880013F915,
-                               A1CA6045040F24890013F915,
-                               A1CA6047040F248D0013F915,
-                               A1CA6048040F248E0013F915,
-                               A1CA6049040F248F0013F915,
-                               A1CA604B040F24910013F915,
-                               A1CA604D040F24950013F915,
-                               A1CA604E040F249D0013F915,
-                               A1CA604F040F249E0013F915,
-                               A1CA6050040F249F0013F915,
-                               A1CA6051040F24A10013F915,
-                               A1CA6052040F24A20013F915,
-                               A1CA6054040F24A90013F915,
-                               A1CA6055040F24AB0013F915,
-                               A1CA6056040F24AC0013F915,
-                               A1CA6057040F24AE0013F915,
-                               A1CA6058040F24AF0013F915,
-                               A1CA6059040F24B20013F915,
-                               A1CA605A040F24B90013F915,
-                               A1CA605B040F24C30013F915,
-                               A1CA605C040F24C40013F915,
-                               A1CA605D040F24C70013F915,
-                               A1CA605E040F24C70013F915,
-                               A1CA605F040F24C80013F915,
-                               A1CA6060040F24C90013F915,
-                               A1CA6061040F24D20013F915,
-                               A1CA6062040F24D20013F915,
-                               A1CA6064040F24D40013F915,
-                               A1CA6065040F250F0013F915,
-                               A1CA6066040F25110013F915,
-                               A1CA6067040F25140013F915,
-                               A1CA606A040F252E0013F915,
-                               A1CA606B040F252F0013F915,
-                               A1CA606C040F25370013F915,
-                               A1CA606E040F25420013F915,
-                               A1CA606F040F25440013F915,
-                               A1CA6070040F25460013F915,
-                               A1CA6071040F25470013F915,
-                               A1CA6072040F254B0013F915,
-                               A1CA6073040F254C0013F915,
-                               A1CA6074040F254C0013F915,
-                               A1CA6075040F254F0013F915,
-                               A1CA6077040F25510013F915,
-                               A1CA6078040F25530013F915,
-                               A1CA6079040F25550013F915,
-                               A1CA607B040F25620013F915,
-                               A1CA607C040F25630013F915,
-                               A1CA607D040F25650013F915,
-                               A1CA607E040F25660013F915,
-                               A1CA6080040F256B0013F915,
-                               A1CA6081040F25720013F915,
-                               A1CA6082040F25730013F915,
-                               A1CA6084040F25760013F915,
-                               A1CA6085040F25780013F915,
-                               A1CA6086040F25810013F915,
-                               A1CA6087040F25820013F915,
-                               A1CA6088040F25840013F915,
-                               A1CA6089040F25860013F915,
-                               A1CA608B040F258D0013F915,
-                               A1CA608C040F25910013F915,
-                               A1CA608D040F25940013F915,
-                               A1CA608E040F25950013F915,
-                               A1CA6090040F25A10013F915,
-                               A1CA6092040F25AC0013F915,
-                               A1CA6094040F25B50013F915,
-                               A1CA6095040F25B70013F915,
-                               A1CA6096040F25B80013F915,
-                               A1CA6099040F25BE0013F915,
-                               A1CA609A040F25BF0013F915,
-                               A1CA609B040F25C70013F915,
-                               A1CA609D040F25D40013F915,
-                               A1CA609F040F25D70013F915,
-                               A1B21F190417D6BC00120114,
-                       );
-                       isa = PBXSourcesBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517356403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = genaddrs.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD63C022DD45401120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       isa = PBXFrameworksBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517356503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = get_krbhst.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD63D022DD45401120112 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       isa = PBXRezBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517356603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = gmt_mktime.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD7D8022DE82501120112 = {
-                       isa = PBXTargetDependency;
-                       target = F5CFD5E6022D8A9901120112;
+               F517356703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = hostaddr.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5CFD7D9022DE82501120112 = {
-                       isa = PBXTargetDependency;
-                       target = F5CFD629022D922C01120112;
+               F517356803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = hst_realm.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E265DF03F443E901120114 = {
-                       children = (
-                               F5E2662703F443E901120114,
-                       );
-                       isa = PBXGroup;
-                       path = build;
+               F517356903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = init_os_ctx.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2662703F443E901120114 = {
-                       children = (
-                               F5E2662C03F443E901120114,
-                       );
-                       isa = PBXGroup;
-                       path = include;
+               F517356A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = krbfileio.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2662C03F443E901120114 = {
-                       children = (
-                               F5E2662D03F443E901120114,
-                               F5E2662F03F443E901120114,
-                       );
-                       isa = PBXGroup;
-                       path = krb5;
+               F517356B03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ktdefname.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2662D03F443E901120114 = {
+               F517356C03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = autoconf.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = kuserok.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2662F03F443E901120114 = {
+               F517356D03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = osconf.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = localaddr.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E266F503F443EA01120114 = {
+               F517356E03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = configure.stamp;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = locate_kdc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E266F603F4442A01120114 = {
-                       fileRef = F5E2662D03F443E901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517356F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = lock_file.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E266F703F4442B01120114 = {
-                       fileRef = F5E2662F03F443E901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E266F803F4443301120114 = {
-                       fileRef = F5E2662D03F443E901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = mk_faddr.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E266F903F4443301120114 = {
-                       fileRef = F5E2662F03F443E901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = net_read.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E266FA03F4443D01120114 = {
-                       fileRef = F5E2662D03F443E901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = net_write.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E266FB03F4443D01120114 = {
-                       fileRef = F5E2662F03F443E901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "os-proto.h";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2670B03F4730501120114 = {
-                       fileRef = F517321003F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = osconfig.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2670C03F4730701120114 = {
-                       fileRef = F517321103F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = port2ip.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2670D03F4730901120114 = {
-                       fileRef = F517320E03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prompter.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2670E03F4730B01120114 = {
-                       fileRef = F517321203F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = promptusr.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2670F03F4731401120114 = {
-                       fileRef = F517321403F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = read_msg.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2671003F4731B01120114 = {
-                       fileRef = F517321B03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = read_pwd.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2671103F4732801120114 = {
-                       fileRef = F517321F03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357B03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = realm_dom.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2671203F4732A01120114 = {
-                       fileRef = F517321D03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517357C03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = realm_iter.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2671F03F8200601120114 = {
+               F517357D03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kadm_err.c;
+                       lastKnownFileType = text;
+                       path = ref_std_conf.out;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2672003F8200601120114 = {
+               F517357E03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kadm_err.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = sendto_kdc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2672103F8200601120114 = {
+               F517357F03F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = kadm_err.strings;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = sn2princ.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2672203F8200601120114 = {
+               F517358003F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb_err.c;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_an_to_ln.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2672303F8200601120114 = {
+               F517358103F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb_err.h;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_gifconf.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2672403F8200601120114 = {
+               F517358203F1B65A01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = krb_err.strings;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_locate_kdc.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2686803F8336601120114 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                               A1CA623704168DFE0013F915,
-                       );
-                       isa = PBXHeadersBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
-               };
-               F5E2686903F8336601120114 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                               F5E2686E03F833E001120114,
-                               F5E2687003F833E101120114,
-                               F5E2687103F833E901120114,
-                               F5E2687203F833EB01120114,
-                               F5E2687303F833EB01120114,
-                               F5E2687403F833ED01120114,
-                               F5E2687503F833EF01120114,
-                               F5E2687603F833F001120114,
-                               F5E2687703F833F201120114,
-                               F5E2687803F833F301120114,
-                               F5E2687903F833F501120114,
-                               F5E2687A03F833F701120114,
-                               F5E2687B03F833FB01120114,
-                               A166BCC4040D36F8004AA618,
-                       );
-                       isa = PBXSourcesBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
-               };
-               F5E2686A03F8336601120114 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       isa = PBXFrameworksBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
-               };
-               F5E2686B03F8336601120114 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       isa = PBXRezBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
-               };
-               F5E2686C03F8336601120114 = {
-                       buildPhases = (
-                               F5E2686803F8336601120114,
-                               F5E2686903F8336601120114,
-                               F5E2686A03F8336601120114,
-                               F5E2686B03F8336601120114,
-                       );
-                       buildSettings = {
-                               DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 1;
-                               HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include\"";
-                               LIBRARY_STYLE = STATIC;
-                               PRECOMPILE_PREFIX_HEADER = YES;
-                               PREFIX_HEADER = "$(SRCROOT)/../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h";
-                               PRODUCT_NAME = libKerberosDES.a;
-                               REZ_EXECUTABLE = YES;
-                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
-                       };
-                       dependencies = (
-                               A1253782040BF7B4003D8244,
-                       );
-                       isa = PBXLibraryTarget;
-                       name = KerberosDES;
-                       productInstallPath = /usr/local/lib;
-                       productName = KerberosDES;
-                       productReference = F5E2686D03F8336601120114;
-               };
-               F5E2686D03F8336601120114 = {
-                       isa = PBXLibraryReference;
-                       path = libKerberosDES.a;
-                       refType = 3;
-               };
-               F5E2686E03F833E001120114 = {
-                       fileRef = F517332003F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5E2687003F833E101120114 = {
-                       fileRef = F517331E03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5E2687103F833E901120114 = {
-                       fileRef = F517330C03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
-               F5E2687203F833EB01120114 = {
-                       fileRef = F517330E03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517358303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_realm_iter.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2687303F833EB01120114 = {
-                       fileRef = F517330F03F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517358403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = t_std_conf.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2687403F833ED01120114 = {
-                       fileRef = F517331103F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517358503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = td_krb5.conf;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2687503F833EF01120114 = {
-                       fileRef = F517331203F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517358603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = timeofday.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2687603F833F001120114 = {
-                       fileRef = F517331403F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517358703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = toffset.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2687703F833F201120114 = {
-                       fileRef = F517331503F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517358803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = unlck_file.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2687803F833F301120114 = {
-                       fileRef = F517331603F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517358903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ustime.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2687903F833F501120114 = {
-                       fileRef = F517331703F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517358A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = write_msg.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2687A03F833F701120114 = {
-                       fileRef = F517331803F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517358B03F1B65A01120114 = {
+                       children = (
+                               F517358D03F1B65A01120114,
+                               F517358E03F1B65A01120114,
+                               F517358F03F1B65A01120114,
+                               F517359003F1B65A01120114,
+                               F517359103F1B65A01120114,
+                               F517359203F1B65A01120114,
+                               F517359303F1B65A01120114,
+                               F517359403F1B65A01120114,
+                               F517359503F1B65A01120114,
+                               F517359603F1B65A01120114,
+                               F517359703F1B65A01120114,
+                               F517359803F1B65A01120114,
+                               F517359903F1B65A01120114,
+                               F517359A03F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = posix;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2687B03F833FB01120114 = {
-                       fileRef = F517331903F1B65901120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517358D03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2688003F83E7D01120114 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                               F5E2689C03F8423F01120114,
-                       );
-                       isa = PBXHeadersBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517358E03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = daemon.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2688103F83E7D01120114 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                               F5E2689B03F8423E01120114,
-                               F5E268A503F8428101120114,
-                               F5E268A603F8428301120114,
-                               F5E268A703F8428401120114,
-                               F5E268A803F8428601120114,
-                               F5E268A903F8428C01120114,
-                               F5E268AA03F8429101120114,
-                               F5E268AB03F8429301120114,
-                               F5E268AC03F8429401120114,
-                               F5E268AD03F8429501120114,
-                               F5E268AE03F8429A01120114,
-                               F5E268AF03F842A001120114,
-                               F5E268B003F842A101120114,
-                               F5E268B103F842A701120114,
-                               F5E268B203F842B001120114,
-                               F5E268B303F842B201120114,
-                               F5E268B403F842B401120114,
-                               F5E268B503F842C401120114,
-                               F5E268B603F842C601120114,
-                               F5E268BC03F8510401120114,
-                               F5E268BD03F8533701120114,
-                               F5E268BE03F8533801120114,
-                               F5E268BF03F8533B01120114,
-                               F5E268C003F8534001120114,
-                               F5E268C103F8534201120114,
-                               F5E268C203F8534401120114,
-                               F5E268C403F8534A01120114,
-                               F5E268C503F8534B01120114,
-                               F5E268C603F8534E01120114,
-                               F5E268C703F8534F01120114,
-                               F5E268C803F8535101120114,
-                               F5E268CA03F8535801120114,
-                               F5E268CB03F8535901120114,
-                               F5E268CC03F8535B01120114,
-                               F5E268CD03F8535D01120114,
-                               F5E268CE03F8535E01120114,
-                               F5E268CF03F8536101120114,
-                               F5E268D003F8536301120114,
-                               F5E268D103F8536601120114,
-                               F5E268D203F854CF01120114,
-                               F5E268D303F854DD01120114,
-                               F5E268D403F854DD01120114,
-                               F5E5979303F9AE8C01120114,
-                               F5E5979403F9C7BD01120114,
-                               A198BC270406D66000120114,
-                               A12536AA040BC4FB003D8244,
-                               A12536AB040BC50C003D8244,
-                               A12536AC040BC534003D8244,
-                               A12536AD040BC560003D8244,
-                               A12536AE040BC56A003D8244,
-                               A12536AF040BC56F003D8244,
-                               A12536B0040BC575003D8244,
-                               A12536B1040BC57F003D8244,
-                               A12536B2040BC841003D8244,
-                               A1CA60AF040F2A8A0013F915,
-                       );
-                       isa = PBXSourcesBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517358F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = getuid.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2688203F83E7D01120114 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       isa = PBXFrameworksBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517359003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2688303F83E7D01120114 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       isa = PBXRezBuildPhase;
-                       runOnlyForDeploymentPostprocessing = 0;
+               F517359103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = memmove.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2688403F83E7D01120114 = {
-                       buildPhases = (
-                               F5E2688003F83E7D01120114,
-                               F5E2688103F83E7D01120114,
-                               F5E2688203F83E7D01120114,
-                               F5E2688303F83E7D01120114,
-                       );
-                       buildSettings = {
-                               DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 1;
-                               HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates\" \"$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include\" \"$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/ErrorTables\" \"$(SRCROOT)/../../Common/Headers\" \"$(SRCROOT)/../../KerberosErrors/Headers\" \"$(SRCROOT)/../../KerberosDebug/Headers\" \"$(SRCROOT)/../../KerberosErrors/Headers/Kerberos\" \"$(SRCROOT)/../../CredentialsCache/Headers\" \"$(SRCROOT)/../../CredentialsCache/Headers/Kerberos\" \"$(SRCROOT)/../../KerberosLogin/Headers\" \"$(SRCROOT)/../../KerberosLogin/Headers/Kerberos\"";
-                               LIBRARY_STYLE = STATIC;
-                               PRECOMPILE_PREFIX_HEADER = YES;
-                               PREFIX_HEADER = "$(SRCROOT)/../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h";
-                               PRODUCT_NAME = libKerberos4.a;
-                               REZ_EXECUTABLE = YES;
-                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
-                       };
-                       dependencies = (
-                               A1253781040BF780003D8244,
-                               F5E2688803F8404F01120114,
-                               F5E2688703F8404801120114,
-                       );
-                       isa = PBXLibraryTarget;
-                       name = Kerberos4;
-                       productInstallPath = /usr/local/lib;
-                       productName = Kerberos4;
-                       productReference = F5E2688503F83E7D01120114;
+               F517359203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = "pos-obsolete.h";
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2688503F83E7D01120114 = {
-                       isa = PBXLibraryReference;
-                       path = libKerberos4.a;
-                       refType = 3;
+               F517359303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = setenv.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2688703F8404801120114 = {
-                       isa = PBXTargetDependency;
-                       target = F5CFD5CD022D86AD01120112;
+               F517359403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = sscanf.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2688803F8404F01120114 = {
-                       isa = PBXTargetDependency;
-                       target = F5E2686C03F8336601120114;
+               F517359503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = strcasecmp.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2688903F8405301120114 = {
-                       isa = PBXTargetDependency;
-                       target = F5E2686C03F8336601120114;
+               F517359603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = strdup.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2689B03F8423E01120114 = {
-                       fileRef = F5E2671F03F8200601120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517359703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = strerror.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E2689C03F8423F01120114 = {
-                       fileRef = F5E2672003F8200601120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517359803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = syslog.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268A503F8428101120114 = {
-                       fileRef = F517345A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517359903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = vfprintf.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268A603F8428301120114 = {
-                       fileRef = F517345B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517359A03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = vsprintf.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268A703F8428401120114 = {
-                       fileRef = F517345C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517359B03F1B65A01120114 = {
+                       children = (
+                               F517359E03F1B65A01120114,
+                               F517359F03F1B65A01120114,
+                               F51735A003F1B65A01120114,
+                               F51735A103F1B65A01120114,
+                               F51735A203F1B65A01120114,
+                               F51735A303F1B65A01120114,
+                               F51735A403F1B65A01120114,
+                               F51735A503F1B65A01120114,
+                               F51735A603F1B65A01120114,
+                               F51735A703F1B65A01120114,
+                               F51735A803F1B65A01120114,
+                               F51735A903F1B65A01120114,
+                               F51735AA03F1B65A01120114,
+                               F51735AB03F1B65A01120114,
+                       );
+                       isa = PBXGroup;
+                       path = rcache;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268A803F8428601120114 = {
-                       fileRef = F517345D03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517359E03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268A903F8428C01120114 = {
-                       fileRef = F517346203F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517359F03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268AA03F8429101120114 = {
-                       fileRef = F517346303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735A003F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rc_base.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268AB03F8429301120114 = {
-                       fileRef = F517346403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735A103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = rc_base.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268AC03F8429401120114 = {
-                       fileRef = F517346503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735A203F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rc_conv.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268AD03F8429501120114 = {
-                       fileRef = F517346603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735A303F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rc_dfl.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268AE03F8429A01120114 = {
-                       fileRef = F517346803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735A403F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = rc_dfl.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268AF03F842A001120114 = {
-                       fileRef = F517346A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735A503F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rc_io.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268B003F842A101120114 = {
-                       fileRef = F517346C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735A603F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = rc_io.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268B103F842A701120114 = {
-                       fileRef = F517346E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735A703F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rcdef.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268B203F842B001120114 = {
-                       fileRef = F517347B03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735A803F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = rcfns.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268B303F842B201120114 = {
-                       fileRef = F517347E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735A903F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = README;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268B403F842B401120114 = {
-                       fileRef = F517348003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735AA03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = RELEASE;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268B503F842C401120114 = {
-                       fileRef = F517346903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735AB03F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = ser_rc.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268B603F842C601120114 = {
-                       fileRef = F517345903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51735B103F1B65A01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268BC03F8510401120114 = {
-                       fileRef = F517342403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F517360C03F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = win_glue.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268BD03F8533701120114 = {
-                       fileRef = F517342503F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51736C803F1B65B01120114 = {
+                       children = (
+                               F51736DD03F1B65B01120114,
+                               F51737AF03F1B65B01120114,
+                       );
+                       isa = PBXGroup;
+                       path = util;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268BE03F8533801120114 = {
-                       fileRef = F517342803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51736DD03F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268BF03F8533B01120114 = {
-                       fileRef = F517342903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737AF03F1B65B01120114 = {
+                       children = (
+                               F51737B203F1B65B01120114,
+                               F51737B303F1B65B01120114,
+                               F51737B403F1B65B01120114,
+                               F51737B603F1B65B01120114,
+                               F51737B703F1B65B01120114,
+                               F51737B803F1B65B01120114,
+                               F51737B903F1B65B01120114,
+                               F51737BA03F1B65B01120114,
+                               F51737BB03F1B65B01120114,
+                               F51737BC03F1B65B01120114,
+                               F51737BD03F1B65B01120114,
+                               A198BC2A0406DA8F00120114,
+                               F51737BE03F1B65B01120114,
+                               F51737BF03F1B65B01120114,
+                               F51737C003F1B65B01120114,
+                               F51737C103F1B65B01120114,
+                               F51737C203F1B65B01120114,
+                               F51737C303F1B65B01120114,
+                               F51737C403F1B65B01120114,
+                               F51737C503F1B65B01120114,
+                               F51737C603F1B65B01120114,
+                               F51737C703F1B65B01120114,
+                               F51737C803F1B65B01120114,
+                               F51737C903F1B65B01120114,
+                       );
+                       isa = PBXGroup;
+                       path = profile;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268C003F8534001120114 = {
-                       fileRef = F517342C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737B203F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = argv_parse.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268C103F8534201120114 = {
-                       fileRef = F517342D03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737B303F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = argv_parse.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268C203F8534401120114 = {
-                       fileRef = F517342E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737B403F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = ChangeLog;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268C403F8534A01120114 = {
-                       fileRef = F517343403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737B603F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = dosshell.ini;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268C503F8534B01120114 = {
-                       fileRef = F517343703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737B703F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = krb5.conf;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268C603F8534E01120114 = {
-                       fileRef = F517343803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737B803F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Makefile.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268C703F8534F01120114 = {
-                       fileRef = F517343903F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737B903F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = prof_err.et;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268C803F8535101120114 = {
-                       fileRef = F517343A03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737BA03F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prof_file.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268CA03F8535801120114 = {
-                       fileRef = F517343F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737BB03F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prof_get.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268CB03F8535901120114 = {
-                       fileRef = F517344003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737BC03F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prof_init.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268CC03F8535B01120114 = {
-                       fileRef = F517344303F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737BD03F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = prof_int.h;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268CD03F8535D01120114 = {
-                       fileRef = F517344403F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737BE03F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prof_parse.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268CE03F8535E01120114 = {
-                       fileRef = F517344603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737BF03F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prof_set.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268CF03F8536101120114 = {
-                       fileRef = F517344C03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737C003F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = prof_tree.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268D003F8536301120114 = {
-                       fileRef = F517345703F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737C103F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = profile.5;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268D103F8536601120114 = {
-                       fileRef = F517345803F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737C203F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.exports;
+                       path = profile.exp;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268D203F854CF01120114 = {
-                       fileRef = F517346103F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737C303F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = profile.hin;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268D303F854DD01120114 = {
-                       fileRef = F517345E03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737C403F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = profile.pbexp;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E268D403F854DD01120114 = {
-                       fileRef = F517345F03F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737C503F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
+                       path = prtest.in;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E5979303F9AE8C01120114 = {
-                       fileRef = F517343003F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737C603F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = prtest.script;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E5979403F9C7BD01120114 = {
-                       fileRef = F517348603F1B65A01120114;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
+               F51737C703F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = test.ini;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BD403FD7D5301120114 = {
+               F51737C803F1B65B01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Kerberos5ServerBuild.jam;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = test_parse.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BD503FD803201120114 = {
-                       buildArgumentsString = "-d3 \"-sJAMFILE=$(SRCROOT)/../Scripts/Kerberos5ServerBuild.jam\" $(ACTION)";
-                       buildPhases = (
-                       );
-                       buildSettings = {
-                               PRODUCT_NAME = ServerBuild;
-                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
-                       };
-                       buildToolPath = /Developer/Private/jam;
-                       dependencies = (
-                       );
-                       isa = PBXLegacyTarget;
-                       name = ServerBuild;
-                       passBuildSettingsInEnvironment = 1;
-                       productName = ServerBuild;
-                       settingsToExpand = 6;
-                       settingsToPassInEnvironment = 287;
-                       settingsToPassOnCommandLine = 280;
+               F51737C903F1B65B01120114 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = sourcecode.c.c;
+                       path = test_profile.c;
+                       refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BD603FD832C01120114 = {
+               F5C2DF100240F9F601650119 = {
                        children = (
-                               F5E59BD903FD832C01120114,
-                               F5E59BDA03FD832C01120114,
-                               F5E59BDB03FD832C01120114,
-                               F5E59BDC03FD832C01120114,
-                               F5E59BDD03FD832C01120114,
-                               F5E59BDE03FD832C01120114,
-                               F5E59BDF03FD832C01120114,
-                               F5E59BE003FD832C01120114,
-                               F5E59BE103FD832C01120114,
-                               F5E59BE203FD832C01120114,
-                               F5E59BE303FD832C01120114,
-                               F5E59BE403FD832C01120114,
-                               F5E59BE503FD832C01120114,
-                               F5E59BE603FD832C01120114,
-                               F5E59BE703FD832C01120114,
-                               F5E59BE803FD832C01120114,
-                               F5E59BE903FD832C01120114,
-                               F5E59BEA03FD832C01120114,
-                               F5E59BEB03FD832C01120114,
-                               F5E59BEC03FD832C01120114,
-                               F5E59BED03FD832C01120114,
-                               F5E59BEE03FD832C01120114,
-                               F5E59BEF03FD832C01120114,
-                               F5E59BF003FD832C01120114,
-                               F5E59BF103FD832C01120114,
-                               F5E59BF203FD832C01120114,
-                               F5E59BF303FD832C01120114,
-                               F5E59BF403FD832C01120114,
-                               F5E59BF503FD832C01120114,
-                               F5E59BF603FD832C01120114,
-                               F5E59BF703FD832C01120114,
-                               F5E59BF803FD832C01120114,
-                               F5E59BF903FD832C01120114,
-                               F5E59BFA03FD832C01120114,
-                               F5E59BFB03FD832C01120114,
-                               F5E59BFC03FD832C01120114,
+                               F5C2DF140240F9F601650119,
+                               F5C2DF150240F9F601650119,
+                               F5C2DF160240F9F601650119,
+                               F5C2DF170240F9F601650119,
+                               F5C2DF180240F9F601650119,
+                               F5C2DF190240F9F601650119,
+                               F5C2DF1A0240F9F601650119,
+                               F5C2DF1B0240F9F601650119,
+                               F5C2DF1C0240F9F601650119,
+                               F5E2671F03F8200601120114,
+                               F5E2672003F8200601120114,
+                               F5E2672103F8200601120114,
+                               F5E2672203F8200601120114,
+                               F5E2672303F8200601120114,
+                               F5E2672403F8200601120114,
+                               F5C2DF1D0240F9F601650119,
+                               F5C2DF1E0240F9F601650119,
+                               F5C2DF1F0240F9F601650119,
+                               F5C2DF200240F9F601650119,
+                               F5C2DF210240F9F601650119,
+                               F5C2DF220240F9F601650119,
+                               F5C2DF230240F9F601650119,
+                               F5C2DF240240F9F601650119,
+                               F5C2DF250240F9F601650119,
+                               F5C2DF260240F9F601650119,
+                               F5C2DF270240F9F601650119,
+                               F5C2DF280240F9F601650119,
+                               F5C2DF290240F9F601650119,
+                               F5C2DF2A0240F9F601650119,
+                               F5C2DF2B0240F9F601650119,
                        );
                        isa = PBXGroup;
-                       path = et;
+                       path = ErrorTables;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BD903FD832C01120114 = {
+               F5C2DF140240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ChangeLog;
+                       lastKnownFileType = file;
+                       path = asn1_err.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BDA03FD832C01120114 = {
+               F5C2DF150240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = com_err.3;
+                       lastKnownFileType = file;
+                       path = asn1_err.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BDB03FD832C01120114 = {
+               F5C2DF160240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = com_err.c;
+                       lastKnownFileType = file;
+                       path = asn1_err.strings;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BDC03FD832C01120114 = {
+               F5C2DF170240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = com_err.h;
+                       lastKnownFileType = file;
+                       path = gssapi_err_generic.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BDD03FD832C01120114 = {
+               F5C2DF180240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = com_err.texinfo;
+                       lastKnownFileType = file;
+                       path = gssapi_err_generic.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BDE03FD832C01120114 = {
+               F5C2DF190240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = compile_et.1;
+                       lastKnownFileType = file;
+                       path = gssapi_err_generic.strings;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BDF03FD832C01120114 = {
+               F5C2DF1A0240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = compile_et.c;
+                       lastKnownFileType = file;
+                       path = gssapi_err_krb5.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BE003FD832C01120114 = {
+               F5C2DF1B0240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = compile_et.sh;
+                       lastKnownFileType = file;
+                       path = gssapi_err_krb5.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BE103FD832C01120114 = {
+               F5C2DF1C0240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = compiler.h;
+                       lastKnownFileType = file;
+                       path = gssapi_err_krb5.strings;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BE203FD832C01120114 = {
+               F5C2DF1D0240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = config_script;
+                       lastKnownFileType = file;
+                       path = kdb5_err.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BE303FD832C01120114 = {
+               F5C2DF1E0240F9F601650119 = {
                        fileEncoding = 30;
-                       isa = PBXExecutableFileReference;
-                       path = configure;
+                       isa = PBXFileReference;
+                       lastKnownFileType = file;
+                       path = kdb5_err.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BE403FD832C01120114 = {
+               F5C2DF1F0240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = configure.in;
+                       lastKnownFileType = file;
+                       path = kdb5_err.strings;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BE503FD832C01120114 = {
+               F5C2DF200240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = error_message.c;
+                       lastKnownFileType = file;
+                       path = krb524_err.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BE603FD832C01120114 = {
+               F5C2DF210240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = error_table.h;
+                       lastKnownFileType = file;
+                       path = krb524_err.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BE703FD832C01120114 = {
+               F5C2DF220240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = error_table.y;
+                       lastKnownFileType = file;
+                       path = krb524_err.strings;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BE803FD832C01120114 = {
+               F5C2DF230240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = et.exp;
+                       lastKnownFileType = file;
+                       path = krb5_err.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BE903FD832C01120114 = {
+               F5C2DF240240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = et.pbexp;
+                       lastKnownFileType = file;
+                       path = krb5_err.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BEA03FD832C01120114 = {
+               F5C2DF250240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = et1.et;
+                       lastKnownFileType = file;
+                       path = krb5_err.strings;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BEB03FD832C01120114 = {
+               F5C2DF260240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = et2.et;
+                       lastKnownFileType = file;
+                       path = kv5m_err.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BEC03FD832C01120114 = {
+               F5C2DF270240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = et_c.awk;
+                       lastKnownFileType = file;
+                       path = kv5m_err.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BED03FD832C01120114 = {
+               F5C2DF280240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = et_c.pl;
+                       lastKnownFileType = file;
+                       path = kv5m_err.strings;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BEE03FD832C01120114 = {
+               F5C2DF290240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = et_h.awk;
+                       lastKnownFileType = file;
+                       path = prof_err.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BEF03FD832C01120114 = {
+               F5C2DF2A0240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = et_h.pl;
+                       lastKnownFileType = file;
+                       path = prof_err.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BF003FD832C01120114 = {
+               F5C2DF2B0240F9F601650119 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = et_lex.lex.l;
+                       lastKnownFileType = file;
+                       path = prof_err.strings;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F5CFD36E022D854401120112 = {
+                       buildSettings = {
+                       };
+                       buildStyles = (
+                               F5CFD370022D854401120112,
+                               F5CFD371022D854401120112,
+                       );
+                       hasScannedForEncodings = 1;
+                       isa = PBXProject;
+                       mainGroup = F5CFD36F022D854401120112;
+                       productRefGroup = F5CFD5CB022D86AD01120112;
+                       projectDirPath = "";
+                       targets = (
+                               F5E59BD503FD803201120114,
+                               F5CFD5E6022D8A9901120112,
+                               F5CFD629022D922C01120112,
+                               A1AB1DEC05DDC40100526345,
+                               A1AB1E1005DDC43000526345,
+                               A1AB1E3005DDC45F00526345,
+                               A1AB1E8105DDC47700526345,
+                               A1AB1FBF05DDC48A00526345,
+                       );
+               };
+               F5CFD36F022D854401120112 = {
+                       children = (
+                               A1253783040BF7E6003D8244,
+                               A125378D040BFA0E003D8244,
+                               A1253784040BF80F003D8244,
+                               F5CFD5ED022D8B6001120112,
+                               F5CFD5EC022D8B6001120112,
+                               F5CFD5EE022D8B6001120112,
+                               F5172F7B03F1B65801120114,
+                               F5CFD5E4022D891701120112,
+                               F5CFD5CB022D86AD01120112,
+                       );
+                       isa = PBXGroup;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F5CFD370022D854401120112 = {
+                       buildRules = (
+                       );
+                       buildSettings = {
+                               COPY_PHASE_STRIP = NO;
+                               GCC_DYNAMIC_NO_PIC = NO;
+                               GCC_ENABLE_FIX_AND_CONTINUE = YES;
+                               GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
+                               GCC_OPTIMIZATION_LEVEL = 0;
+                               ZERO_LINK = YES;
+                       };
+                       isa = PBXBuildStyle;
+                       name = Development;
+               };
+               F5CFD371022D854401120112 = {
+                       buildRules = (
+                       );
+                       buildSettings = {
+                               COPY_PHASE_STRIP = YES;
+                               GCC_ENABLE_FIX_AND_CONTINUE = NO;
+                               ZERO_LINK = NO;
+                       };
+                       isa = PBXBuildStyle;
+                       name = Deployment;
+               };
+               F5CFD5CB022D86AD01120112 = {
+                       children = (
+                               A1AB1E0205DDC40100526345,
+                               A1AB1E2205DDC43000526345,
+                               A1AB1E6F05DDC45F00526345,
+                               A1AB1FB105DDC47800526345,
+                               A1AB200305DDC48A00526345,
+                       );
+                       isa = PBXGroup;
+                       name = Products;
                        refType = 4;
+                       sourceTree = "<group>";
+               };
+               F5CFD5E4022D891701120112 = {
+                       children = (
+                               F5E59BD403FD7D5301120114,
+                               F5CFD5E5022D891701120112,
+                               F5CFD60D022D8BD601120112,
+                       );
+                       isa = PBXGroup;
+                       name = Scripts;
+                       path = ../Scripts;
+                       refType = 2;
+                       sourceTree = SOURCE_ROOT;
                };
-               F5E59BF103FD832C01120114 = {
+               F5CFD5E5022D891701120112 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = et_name.c;
+                       lastKnownFileType = sourcecode.jam;
+                       path = Kerberos5Errors.jam;
                        refType = 4;
+                       sourceTree = "<group>";
+               };
+               F5CFD5E6022D8A9901120112 = {
+                       buildArgumentsString = "-d3 \"-sJAMFILE=$(SRCROOT)/../Scripts/Kerberos5Errors.jam\" $(ACTION)";
+                       buildPhases = (
+                       );
+                       buildSettings = {
+                               PRODUCT_NAME = "Error Table Generation";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       buildToolPath = /Developer/Private/jam;
+                       dependencies = (
+                       );
+                       isa = PBXLegacyTarget;
+                       name = "Error Table Generation";
+                       passBuildSettingsInEnvironment = 1;
+                       productName = "Error Table Generation";
+               };
+               F5CFD5EC022D8B6001120112 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = GSS.pbexp;
+                       refType = 2;
+                       sourceTree = SOURCE_ROOT;
+               };
+               F5CFD5ED022D8B6001120112 = {
+                       fileEncoding = 30;
+                       isa = PBXFileReference;
+                       lastKnownFileType = text;
+                       path = Kerberos5.pbexp;
+                       refType = 2;
+                       sourceTree = SOURCE_ROOT;
+               };
+               F5CFD5EE022D8B6001120112 = {
+                       children = (
+                               F5E265DF03F443E901120114,
+                               F5E266F503F443EA01120114,
+                               F5C2DF100240F9F601650119,
+                               A12537EA040C0795003D8244,
+                               A12537EF040C0795003D8244,
+                       );
+                       isa = PBXGroup;
+                       path = Kerberos5.intermediates;
+                       refType = 3;
+                       sourceTree = BUILT_PRODUCTS_DIR;
                };
-               F5E59BF203FD832C01120114 = {
+               F5CFD60D022D8BD601120112 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = init_et.c;
+                       lastKnownFileType = sourcecode.jam;
+                       lineEnding = 0;
+                       path = Kerberos5Headers.jam;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F5CFD629022D922C01120112 = {
+                       buildArgumentsString = "-d3 \"-sJAMFILE=$(SRCROOT)/../Scripts/Kerberos5Headers.jam\" $(ACTION)";
+                       buildPhases = (
+                       );
+                       buildSettings = {
+                               PRODUCT_NAME = "Header Generation";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       buildToolPath = /Developer/Private/jam;
+                       dependencies = (
+                               F5CFD62A022D922C01120112,
+                               A1253780040BF748003D8244,
+                       );
+                       isa = PBXLegacyTarget;
+                       name = "Header Generation";
+                       passBuildSettingsInEnvironment = 1;
+                       productName = "Header Generation";
+               };
+               F5CFD62A022D922C01120112 = {
+                       isa = PBXTargetDependency;
+                       target = F5CFD5E6022D8A9901120112;
+                       targetProxy = A181DA3F05CEFC0400E4C246;
+               };
+               F5E265DF03F443E901120114 = {
+                       children = (
+                               F5E2662703F443E901120114,
+                       );
+                       isa = PBXGroup;
+                       path = build;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F5E2662703F443E901120114 = {
+                       children = (
+                               F5E2662C03F443E901120114,
+                       );
+                       isa = PBXGroup;
+                       path = include;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BF303FD832C01120114 = {
+               F5E2662C03F443E901120114 = {
+                       children = (
+                               F5E2662D03F443E901120114,
+                               F5E2662F03F443E901120114,
+                       );
+                       isa = PBXGroup;
+                       path = krb5;
+                       refType = 4;
+                       sourceTree = "<group>";
+               };
+               F5E2662D03F443E901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = internal.h;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = autoconf.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BF403FD832C01120114 = {
+               F5E2662F03F443E901120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = ISSUES;
+                       lastKnownFileType = sourcecode.c.h;
+                       path = osconf.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BF503FD832C01120114 = {
+               F5E266F503F443EA01120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = Makefile.in;
+                       lastKnownFileType = file;
+                       path = configure.stamp;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BF603FD832C01120114 = {
+               F5E2671F03F8200601120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = "mit-sipb-copyright.h";
+                       lastKnownFileType = file;
+                       path = kadm_err.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BF703FD832C01120114 = {
+               F5E2672003F8200601120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = t_com_err.c;
+                       lastKnownFileType = file;
+                       path = kadm_err.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BF803FD832C01120114 = {
+               F5E2672103F8200601120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = test1.et;
+                       lastKnownFileType = file;
+                       path = kadm_err.strings;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BF903FD832C01120114 = {
+               F5E2672203F8200601120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = test2.et;
+                       lastKnownFileType = file;
+                       path = krb_err.c;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BFA03FD832C01120114 = {
+               F5E2672303F8200601120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = test_et.c;
+                       lastKnownFileType = file;
+                       path = krb_err.h;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BFB03FD832C01120114 = {
+               F5E2672403F8200601120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = texinfo.tex;
+                       lastKnownFileType = file;
+                       path = krb_err.strings;
                        refType = 4;
+                       sourceTree = "<group>";
                };
-               F5E59BFC03FD832C01120114 = {
+               F5E59BD403FD7D5301120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
-                       path = vfprintf.c;
+                       lastKnownFileType = sourcecode.jam;
+                       path = Kerberos5ServerBuild.jam;
                        refType = 4;
+                       sourceTree = "<group>";
+               };
+               F5E59BD503FD803201120114 = {
+                       buildArgumentsString = "-d3 \"-sJAMFILE=$(SRCROOT)/../Scripts/Kerberos5ServerBuild.jam\" $(ACTION)";
+                       buildPhases = (
+                       );
+                       buildSettings = {
+                               PRODUCT_NAME = ServerBuild;
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       buildToolPath = /Developer/Private/jam;
+                       dependencies = (
+                       );
+                       isa = PBXLegacyTarget;
+                       name = ServerBuild;
+                       passBuildSettingsInEnvironment = 1;
+                       productName = ServerBuild;
                };
                F5E59C0D03FD95A101120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = aclocal.m4;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C0E03FD95A101120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = configure.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C0F03FD95CF01120114 = {
                        children = (
                        isa = PBXGroup;
                        path = config;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1103FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ChangeLog;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1203FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = config.guess;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1303FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = config.sub;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1503FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = "install-sh";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1603FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = lib.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1703FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = libobj.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1803FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = "mac-config.cache";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1903FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = "mac-config.README";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1A03FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = "mac-mf.sed";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1B03FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = "mac-post.in";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1C03FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = "mac-pre.in";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1D03FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = mkinstalldirs;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1E03FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = "move-if-changed";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C1F03FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = post.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C2003FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = pre.in;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C2103FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text.script.sh;
                        path = ren2long;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C2203FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = ren2long.awk;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C2303FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = rm.bat;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C2403FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = shlib.conf;
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C2503FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = "win-post.in";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C2603FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = "win-pre.in";
                        refType = 4;
+                       sourceTree = "<group>";
                };
                F5E59C2703FD95D001120114 = {
                        fileEncoding = 30;
                        isa = PBXFileReference;
+                       lastKnownFileType = text;
                        path = winexclude.sed;
                        refType = 4;
+                       sourceTree = "<group>";
                };
        };
        rootObject = F5CFD36E022D854401120112;
index 9f7ce57dd0adab5921262c506c99b2c2a8290b3a..dfa3e8acb28b0ec90def4b757ec053745536b370 100644 (file)
@@ -3,55 +3,55 @@ include "$(SRCROOT)/../../KerberosErrors/Scripts/compile_et.jam" ;
 Intermediates = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates" ;
 IntermediateErrorTables = "$(Intermediates)/ErrorTables" ;
 
-compile_et     "$(IntermediateErrorTables)/prof_err.h"
+compile_et  "$(IntermediateErrorTables)/prof_err.h"
             "$(IntermediateErrorTables)/prof_err.c"
             "$(IntermediateErrorTables)/prof_err.strings" : 
-            "$(SRCROOT)/../Sources/util/profile/prof_err.et" ;
+            "$(SRCROOT)/../../Kerberos5/Sources/util/profile/prof_err.et" ;
 
-compile_et     "$(IntermediateErrorTables)/krb_err.h"
+compile_et  "$(IntermediateErrorTables)/krb_err.h"
             "$(IntermediateErrorTables)/krb_err.c"
             "$(IntermediateErrorTables)/krb_err.strings" : 
-            "$(SRCROOT)/../Sources/lib/krb4/krb_err.et" ;
+            "$(SRCROOT)/../../Kerberos5/Sources/lib/krb4/krb_err.et" ;
 
-compile_et     "$(IntermediateErrorTables)/kadm_err.h"
+compile_et  "$(IntermediateErrorTables)/kadm_err.h"
             "$(IntermediateErrorTables)/kadm_err.c"
             "$(IntermediateErrorTables)/kadm_err.strings" : 
-            "$(SRCROOT)/../Sources/lib/krb4/kadm_err.et" ;
+            "$(SRCROOT)/../../Kerberos5/Sources/lib/krb4/kadm_err.et" ;
 
-compile_et     "$(IntermediateErrorTables)/krb524_err.h"
+compile_et  "$(IntermediateErrorTables)/krb524_err.h"
             "$(IntermediateErrorTables)/krb524_err.c"
             "$(IntermediateErrorTables)/krb524_err.strings" : 
-            "$(SRCROOT)/../Sources/krb524/krb524_err.et" ;
+            "$(SRCROOT)/../../Kerberos5/Sources/lib/krb5/error_tables/krb524_err.et" ;
 
-compile_et     "$(IntermediateErrorTables)/asn1_err.h"
+compile_et  "$(IntermediateErrorTables)/asn1_err.h"
             "$(IntermediateErrorTables)/asn1_err.c"
             "$(IntermediateErrorTables)/asn1_err.strings" : 
-            "$(SRCROOT)/../Sources/lib/krb5/error_tables/asn1_err.et" ;
+            "$(SRCROOT)/../../Kerberos5/Sources/lib/krb5/error_tables/asn1_err.et" ;
 
-compile_et     "$(IntermediateErrorTables)/kdb5_err.h"
+compile_et  "$(IntermediateErrorTables)/kdb5_err.h"
             "$(IntermediateErrorTables)/kdb5_err.c"
             "$(IntermediateErrorTables)/kdb5_err.strings" : 
-            "$(SRCROOT)/../Sources/lib/krb5/error_tables/kdb5_err.et" ;
+            "$(SRCROOT)/../../Kerberos5/Sources/lib/krb5/error_tables/kdb5_err.et" ;
 
-compile_et     "$(IntermediateErrorTables)/krb5_err.h"
+compile_et  "$(IntermediateErrorTables)/krb5_err.h"
             "$(IntermediateErrorTables)/krb5_err.c"
             "$(IntermediateErrorTables)/krb5_err.strings" : 
-            "$(SRCROOT)/../Sources/lib/krb5/error_tables/krb5_err.et" ;
+            "$(SRCROOT)/../../Kerberos5/Sources/lib/krb5/error_tables/krb5_err.et" ;
 
-compile_et     "$(IntermediateErrorTables)/kv5m_err.h"
+compile_et  "$(IntermediateErrorTables)/kv5m_err.h"
             "$(IntermediateErrorTables)/kv5m_err.c"
             "$(IntermediateErrorTables)/kv5m_err.strings" : 
-            "$(SRCROOT)/../Sources/lib/krb5/error_tables/kv5m_err.et" ;
+            "$(SRCROOT)/../../Kerberos5/Sources/lib/krb5/error_tables/kv5m_err.et" ;
 
-compile_et     "$(IntermediateErrorTables)/gssapi_err_generic.h"
+compile_et  "$(IntermediateErrorTables)/gssapi_err_generic.h"
             "$(IntermediateErrorTables)/gssapi_err_generic.c"
             "$(IntermediateErrorTables)/gssapi_err_generic.strings" : 
-            "$(SRCROOT)/../Sources/lib/gssapi/generic/gssapi_err_generic.et" ;
+            "$(SRCROOT)/../../Kerberos5/Sources/lib/gssapi/generic/gssapi_err_generic.et" ;
 
-compile_et     "$(IntermediateErrorTables)/gssapi_err_krb5.h"
+compile_et  "$(IntermediateErrorTables)/gssapi_err_krb5.h"
             "$(IntermediateErrorTables)/gssapi_err_krb5.c"
             "$(IntermediateErrorTables)/gssapi_err_krb5.strings" : 
-            "$(SRCROOT)/../Sources/lib/gssapi/krb5/gssapi_err_krb5.et" ;
+            "$(SRCROOT)/../../Kerberos5/Sources/lib/gssapi/krb5/gssapi_err_krb5.et" ;
                         
 DEPENDS all :  "$(IntermediateErrorTables)/prof_err.h"
                 "$(IntermediateErrorTables)/prof_err.c"
index 02bc57a065a09987e45061c835c9e0da8140f5b2..de62e18c6f15d65651a6098b5540ea0186f3ac5f 100644 (file)
@@ -59,8 +59,6 @@ actions MakeFrameworkHeader
            -e 's:<kerberosIV/krb_err.h>:<Kerberos/krb_err.h>:' \
            -e 's:<profile.h>:<Kerberos/profile.h>:' \
            -e 's:<krb5.h>:<Kerberos/krb5.h>:' \
-           -e 's:<krb524.h>:<Kerberos/krb524.h>:' \
-           -e 's:<krb524_err.h>:<Kerberos/krb524_err.h>:' \
            -e 's:<gssapi/gssapi.h>:<Kerberos/gssapi.h>:' \
            -e 's:<gssapi/gssapi_krb5.h>:<Kerberos/gssapi_krb5.h>:' \
            -e 's:<gssapi/gssapi_generic.h>:<Kerberos/gssapi_generic.h>:' \
@@ -82,37 +80,34 @@ actions CopyHeader
 MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/com_err.h" : "$(SRCROOT)/../../KerberosErrors/Headers/Kerberos/com_err.h" ;
 CopyHeader          "$(IntermediateIncludes)/com_err.h"         : "$(SRCROOT)/../../KerberosErrors/Headers/Kerberos/com_err.h" ;
 
-CopyHeader          "$(IntermediateV4Includes)/des.h"       : "$(SRCROOT)/../Sources/include/kerberosIV/des.h" ;
+CopyHeader          "$(IntermediateV4Includes)/des.h"       : "$(SRCROOT)/../../Kerberos5/Sources/include/kerberosIV/des.h" ;
 MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/des.h" : "$(IntermediateV4Includes)/des.h" ;
 
-CopyHeader          "$(IntermediateV4Includes)/krb.h"           : "$(SRCROOT)/../Sources/include/kerberosIV/krb.h" ;
+CopyHeader          "$(IntermediateV4Includes)/krb.h"           : "$(SRCROOT)/../../Kerberos5/Sources/include/kerberosIV/krb.h" ;
 CopyHeader          "$(IntermediateV4Includes)/krb_err.h"       : "$(IntermediateErrorTables)/krb_err.h" ;
 MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/krb.h"     : "$(IntermediateV4Includes)/krb.h" ;
 MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/krb_err.h" : "$(IntermediateV4Includes)/krb_err.h" ;
 
 CatHeader           "$(IntermediateIncludes)/profile.h"         : "__KERBEROSPROFILE__"
-                                                                  "$(SRCROOT)/../Sources/util/profile/profile.hin"
+                                                                  "$(SRCROOT)/../../Kerberos5/Sources/util/profile/profile.hin"
                                                                   "$(IntermediateErrorTables)/prof_err.h" ;
 MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/profile.h" : "$(IntermediateIncludes)/profile.h" ;
 
 CatHeader           "$(IntermediateIncludes)/krb5.h"               : "__KERBEROS5__"
-                                                                     "$(SRCROOT)/../Sources/include/krb5.hin"
+                                                                     "$(SRCROOT)/../../Kerberos5/Sources/include/krb5.hin"
                                                                      "$(IntermediateErrorTables)/asn1_err.h"
                                                                      "$(IntermediateErrorTables)/kdb5_err.h"
                                                                      "$(IntermediateErrorTables)/krb5_err.h"
+                                                                     "$(IntermediateErrorTables)/krb524_err.h"
                                                                      "$(IntermediateErrorTables)/kv5m_err.h" ;
-CopyHeader          "$(IntermediateIncludes)/krb524.h"             : "$(SRCROOT)/../Sources/krb524/krb524.h" ;
-CopyHeader          "$(IntermediateIncludes)/krb524_err.h"         : "$(IntermediateErrorTables)/krb524_err.h" ;
 MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/krb5.h"       : "$(IntermediateIncludes)/krb5.h" ;
-MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/krb524.h"     : "$(IntermediateIncludes)/krb524.h" ;
-MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/krb524_err.h" : "$(IntermediateIncludes)/krb524_err.h" ;
 
 CatHeader           "$(IntermediateGSSIncludes)/gssapi.h"              : "__GSSAPI__"
-                                                                         "$(SRCROOT)/../Sources/lib/gssapi/generic/gssapi.hin"
+                                                                         "$(SRCROOT)/../../Kerberos5/Sources/lib/gssapi/generic/gssapi.hin"
                                                                          "$(IntermediateErrorTables)/gssapi_err_generic.h"
                                                                          "$(IntermediateErrorTables)/gssapi_err_krb5.h" ;
-CopyHeader          "$(IntermediateGSSIncludes)/gssapi_generic.h"      : "$(SRCROOT)/../Sources/lib/gssapi/generic/gssapi_generic.h" ;
-CopyHeader          "$(IntermediateGSSIncludes)/gssapi_krb5.h"         : "$(SRCROOT)/../Sources/lib/gssapi/krb5/gssapi_krb5.h" ;
+CopyHeader          "$(IntermediateGSSIncludes)/gssapi_generic.h"      : "$(SRCROOT)/../../Kerberos5/Sources/lib/gssapi/generic/gssapi_generic.h" ;
+CopyHeader          "$(IntermediateGSSIncludes)/gssapi_krb5.h"         : "$(SRCROOT)/../../Kerberos5/Sources/lib/gssapi/krb5/gssapi_krb5.h" ;
 MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/gssapi.h"         : "$(IntermediateGSSIncludes)/gssapi.h" ;
 MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/gssapi_generic.h" : "$(IntermediateGSSIncludes)/gssapi_generic.h" ;
 MakeFrameworkHeader "$(IntermediateFrameworkHeaders)/gssapi_krb5.h"    : "$(IntermediateGSSIncludes)/gssapi_krb5.h" ;
@@ -135,11 +130,7 @@ DEPENDS all :      "$(IntermediateIncludes)/com_err.h"
                 "$(IntermediateFrameworkHeaders)/profile.h"
                 
                 "$(IntermediateIncludes)/krb5.h"
-                "$(IntermediateIncludes)/krb524.h"
-                "$(IntermediateIncludes)/krb524_err.h"
                 "$(IntermediateFrameworkHeaders)/krb5.h"
-                "$(IntermediateFrameworkHeaders)/krb524.h"
-                "$(IntermediateFrameworkHeaders)/krb524_err.h"
                 
                 "$(IntermediateGSSIncludes)/gssapi.h"
                 "$(IntermediateGSSIncludes)/gssapi_generic.h"
index 9969720be6ae0972776514b5ab65a84513b38325..24e8944e1c90c47772c94cd93f449a4df16feb51 100644 (file)
@@ -1,10 +1,24 @@
 Intermediates = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates" ;
 IntermediateBuild = "$(Intermediates)/build" ;
-Sources = "$(SRCROOT)/../Sources" ;
+Sources = "$(SRCROOT)/../../Kerberos5/Sources" ;
 
 Reconf = "$(Sources)/util/reconf" ;
 Configure = "$(Sources)/configure" ;
 Makefile = "$(IntermediateBuild)/Makefile" ;
+MakeStamp = "$(IntermediateBuild)/make.stamp" ;
+
+# Assemble CFLAGS
+CONFIGURE_CFLAGS = "-fno-common -include /usr/include/TargetConditionals.h -DUSE_PASSWORD_SERVER" ;
+if $(RC_CFLAGS)      != "" { CONFIGURE_CFLAGS = "$(CONFIGURE_CFLAGS) $(RC_CFLAGS)" ;      }
+if $(CFLAGS)         != "" { CONFIGURE_CFLAGS = "$(CONFIGURE_CFLAGS) $(CFLAGS)" ;         }
+if $(OTHER_CFLAGS)   != "" { CONFIGURE_CFLAGS = "$(CONFIGURE_CFLAGS) $(OTHER_CFLAGS)" ;   }
+if $(WARNING_CFLAGS) != "" { CONFIGURE_CFLAGS = "$(CONFIGURE_CFLAGS) $(WARNING_CFLAGS)" ; }
+CONFIGURE_CFLAGS = "CFLAGS=$(CONFIGURE_CFLAGS)" ;
+
+# Assemble LDFLAGS
+CONFIGURE_LDFLAGS = "-Wl,-search_paths_first" ;
+if $(LDFLAGS) != "" { CONFIGURE_LDFLAGS = "$(LDFLAGS) $(CONFIGURE_LDFLAGS)" ;  }
+CONFIGURE_LDFLAGS = "LDFLAGS=$(CONFIGURE_LDFLAGS:)" ;
 
 #
 # Note: in this jam script we have separated the dependency tree from the 
@@ -32,10 +46,10 @@ rule Configure
 actions Configure
 {
     mkdir -p "$(1:D)"
-    cd "$(1:D)" && /bin/sh "$(2)" --prefix=/usr CFLAGS="-fno-common" || rm -f "$(1)"
+    cd "$(1:D)" && /bin/sh "$(2)" --prefix=/usr --localstatedir=/var/db "$(CONFIGURE_CFLAGS)" "$(CONFIGURE_LDFLAGS)" || rm -f "$(1)"
 }
 
-# Make <stamp file> <build dir> : <makefile>
+# Make <stamp file> : <makefile>
 rule Make
 {
     DEPENDS "$(1)" : "$(2)" ;
@@ -48,8 +62,82 @@ actions Make
     cd "$(1:D)" && make && touch "$(1)" && echo "### HAPPINESS ###"
 }
 
-Make "$(IntermediateBuild)/make.stamp" : "$(Makefile)" ;
+# InstallProgram <destination executable> : <source executable>
+rule InstallProgram
+{
+    DEPENDS "$(1)" : "$(2)" ;
+    DEPENDS "$(2)" : "$(MakeStamp)" ;
+    Clean.Remove clean "$(1)" ;
+}
+actions InstallProgram
+{
+    mkdir -p "$(1:D)"
+    /usr/bin/install -c -s "$(2)" "$(1)" 
+}
+
+# InstallFile <destination file> : <source file>
+rule InstallFile
+{
+    DEPENDS "$(1)" : "$(2)" ;
+    DEPENDS "$(2)" : "$(MakeStamp)" ;
+    Clean.Remove clean "$(1)" ;
+}
+actions InstallFile
+{
+    mkdir -p "$(1:D)"
+    /usr/bin/install -c -m 644 "$(2)" "$(1)" 
+}
+
+Make "$(MakeStamp)" : "$(Makefile)" ;
+
+InstallProgram "$(DSTROOT)/usr/sbin/kadmin"          : "$(IntermediateBuild)/kadmin/cli/kadmin" ;
+InstallProgram "$(DSTROOT)/usr/sbin/kadmin.local"    : "$(IntermediateBuild)/kadmin/cli/kadmin.local" ;
+InstallProgram "$(DSTROOT)/usr/sbin/kadmind"         : "$(IntermediateBuild)/kadmin/server/kadmind" ;
+InstallProgram "$(DSTROOT)/usr/sbin/ktutil"          : "$(IntermediateBuild)/kadmin/ktutil/ktutil" ;
+InstallProgram "$(DSTROOT)/usr/sbin/kdb5_util"       : "$(IntermediateBuild)/kadmin/dbutil/kdb5_util" ;
+InstallProgram "$(DSTROOT)/usr/sbin/kprop"           : "$(IntermediateBuild)/slave/kprop" ;
+InstallProgram "$(DSTROOT)/usr/sbin/kpropd"          : "$(IntermediateBuild)/slave/kpropd" ;
+InstallProgram "$(DSTROOT)/usr/sbin/krb524d"         : "$(IntermediateBuild)/krb524/krb524d" ;
+InstallProgram "$(DSTROOT)/usr/sbin/krb5kdc"         : "$(IntermediateBuild)/kdc/krb5kdc" ;
+InstallProgram "$(DSTROOT)/usr/bin/krb5-config"      : "$(IntermediateBuild)/krb5-config" ;
+                  
+InstallFile "$(DSTROOT)/usr/share/man/man1/kerberos.1"     : "$(SRCROOT)/../../Kerberos5/Sources/gen-manpages/kerberos.M" ;
+InstallFile "$(DSTROOT)/usr/share/man/man5/kdc.conf.5"     : "$(SRCROOT)/../../Kerberos5/Sources/config-files/kdc.conf.M" ;
+InstallFile "$(DSTROOT)/usr/share/man/man5/krb5.conf.5"    : "$(SRCROOT)/../../Kerberos5/Sources/config-files/krb5.conf.M" ;
+InstallFile "$(DSTROOT)/usr/share/man/man8/kadmin.8"       : "$(SRCROOT)/../../Kerberos5/Sources/kadmin/cli/kadmin.M" ;
+InstallFile "$(DSTROOT)/usr/share/man/man8/kadmin.local.8" : "$(SRCROOT)/../../Kerberos5/Sources/kadmin/cli/kadmin.local.M" ;
+InstallFile "$(DSTROOT)/usr/share/man/man8/kadmind.8"      : "$(SRCROOT)/../../Kerberos5/Sources/kadmin/server/kadmind.M" ;
+InstallFile "$(DSTROOT)/usr/share/man/man8/ktutil.8"       : "$(SRCROOT)/../../Kerberos5/Sources/kadmin/ktutil/ktutil.M" ;
+InstallFile "$(DSTROOT)/usr/share/man/man8/kdb5_util.8"    : "$(SRCROOT)/../../Kerberos5/Sources/kadmin/dbutil/kdb5_util.M" ;
+InstallFile "$(DSTROOT)/usr/share/man/man8/kprop.8"        : "$(SRCROOT)/../../Kerberos5/Sources/slave/kprop.M" ;
+InstallFile "$(DSTROOT)/usr/share/man/man8/kpropd.8"       : "$(SRCROOT)/../../Kerberos5/Sources/slave/kpropd.M" ;
+InstallFile "$(DSTROOT)/usr/share/man/man8/krb5kdc.8"      : "$(SRCROOT)/../../Kerberos5/Sources/kdc/krb5kdc.M" ;
+
+
+DEPENDS all     : "$(MakeStamp)" ;
 
-DEPENDS all : "$(IntermediateBuild)/make.stamp" ;
-DEPENDS install : all ;
+DEPENDS install : all 
+                  "$(DSTROOT)/usr/sbin/kadmin"
+                  "$(DSTROOT)/usr/sbin/kadmin.local"
+                  "$(DSTROOT)/usr/sbin/kadmind"
+                  "$(DSTROOT)/usr/sbin/kdb5_util"
+                  "$(DSTROOT)/usr/sbin/kprop"
+                  "$(DSTROOT)/usr/sbin/kpropd"
+                  "$(DSTROOT)/usr/sbin/krb524d"
+                  "$(DSTROOT)/usr/sbin/krb5kdc"
+                  "$(DSTROOT)/usr/sbin/ktutil"
+                  "$(DSTROOT)/usr/bin/krb5-config"
+                  
+                  "$(DSTROOT)/usr/share/man/man1/kerberos.1"
+                  "$(DSTROOT)/usr/share/man/man5/kdc.conf.5"
+                  "$(DSTROOT)/usr/share/man/man5/krb5.conf.5"
+                  "$(DSTROOT)/usr/share/man/man8/kadmin.8"
+                  "$(DSTROOT)/usr/share/man/man8/kadmin.local.8"
+                  "$(DSTROOT)/usr/share/man/man8/kadmind.8"
+                  "$(DSTROOT)/usr/share/man/man8/kdb5_util.8"
+                  "$(DSTROOT)/usr/share/man/man8/kprop.8"
+                  "$(DSTROOT)/usr/share/man/man8/kpropd.8"
+                  "$(DSTROOT)/usr/share/man/man8/krb5kdc.8"
+                  "$(DSTROOT)/usr/share/man/man8/ktutil.8" ;
+                  
 DEPENDS installhdrs : all ;
index af75ff3d79e989886cbbc161d1cd568df4e123c6..19c98f113f320be4b244acc93859971d44fc2fa2 100644 (file)
@@ -43,13 +43,14 @@ clean::
 #
 $(OUTPRE)kprop.$(OBJEXT): kprop.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h kprop.h
+  kprop.h
 $(OUTPRE)kpropd.$(OBJEXT): kpropd.c $(SRCTOP)/include/syslog.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  kprop.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h kprop.h
 
index 7ed1b8ae104e00fa172de696336c1fc16ee4a3ff..91dfb26f92eeeddcb705d10f41aea7d5cf021d5d 100644 (file)
@@ -1,3 +1,13 @@
+2004-02-12  Tom Yu  <tlyu@mit.edu>
+
+       * configure.in: Invoke KRB5_AC_PRIOCNTL_HACK.
+
+2003-06-04  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in (kdb_check): Remove uses of "dump -old", etc., since
+       it doesn't work anymore given the new default for triple-DES
+       master keys.
+
 2003-01-10  Ken Raeburn  <raeburn@mit.edu>
 
        * configure.in: Use V5_AC_OUTPUT_MAKEFILE instead of
index b126a9f986292e478e4f2f1b3717329089f78155..e0fab313fe52b642bc2bcba79e17dd33941cc795 100644 (file)
@@ -35,7 +35,6 @@ kdb_check: kdc.conf
        $(RUN_SETUP) ../tests/verify/kdb5_verify $(KTEST_OPTS) 
        $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump $(TEST_DB).dump
        $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump -ov $(TEST_DB).ovdump
-       $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump -old $(TEST_DB).odump
        $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f
        $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) load $(TEST_DB).dump 
        $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) load -update -ov $(TEST_DB).ovdump 
@@ -49,14 +48,6 @@ kdb_check: kdc.conf
        cmp $(TEST_DB).sort $(TEST_DB).sort2
        cmp $(TEST_DB).ovsort $(TEST_DB).ovsort2
        $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f
-       $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) create -s
-       $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) load -old $(TEST_DB).odump 
-       $(RUN_SETUP) ../tests/verify/kdb5_verify $(KTEST_OPTS) 
-       $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump -old $(TEST_DB).odump2
-       sort $(TEST_DB).odump > $(TEST_DB).osort
-       sort $(TEST_DB).odump2 > $(TEST_DB).osort2
-       cmp $(TEST_DB).osort $(TEST_DB).osort2
-       $(RUN_SETUP) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f
        $(RM) $(TEST_DB)* stash_file
 
 clean::
index d4c54302510c89faedf626145d6d95085bfe59bf..6bed2ccf6670e435cee1b434c3373795c06537ce 100644 (file)
@@ -1,3 +1,34 @@
+2003-05-18  Tom Yu  <tlyu@mit.edu>
+
+       * krb5_decode_test.c (main): Add new test cases for sequence
+       number compatibility.
+
+       * utility.c (krb5_data_hex_parse): Rewrite to be more lenient
+       about whitespace.
+
+2003-05-12  Ezra Peisach  <epeisach@mit.edu>
+
+       * krb5_decode_test.c: Modify decode_run macro to take a cleanup
+       handler to free allocated memory. Add static handlers to free
+       krb5_alt_method, passwd_phrase_element and krb5_enc_data as the
+       krb5 library does not handle at this time.
+
+       * krb5_encode_test.c: Free krb5_context at end. Utilize the many
+       ktest_empty and detroy functions to cleanup memory.
+
+       * ktest.h, ktest.c: Add many ktest free and empty functions to
+       cleanup allocated structures in tests.
+
+       * utility.c (krb5_data_hex_parse): Free temporary data.
+       
+
+2003-05-06  Sam Hartman  <hartmans@mit.edu>
+
+       * krb5_encode_test.c (main): Add etype_info2 support
+
+       * ktest.c (ktest_make_sample_etype_info): Initialize s2kparams to be null.
+       (ktest_make_sample_etype_info2): New function
+
 2002-11-07  Ezra Peisach  <epeisach@bu.edu>
 
        * krb5_decode_test.c: Test for sam_challenege without empty
index 920f3d84f2049c4ecff7be50a9e9bb23db6363db..514f768c28c3e9ed760fea1e242262e0654e108c 100644 (file)
@@ -66,27 +66,29 @@ ktest_equal.o: ktest_equal.h
 #
 $(OUTPRE)krb5_encode_test.$(OBJEXT): krb5_encode_test.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  utility.h $(SRCTOP)/lib/krb5/asn.1/krbasn1.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h \
-  ktest.h debug.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h utility.h $(SRCTOP)/lib/krb5/asn.1/krbasn1.h \
+  $(SRCTOP)/lib/krb5/asn.1/asn1buf.h ktest.h debug.h
 $(OUTPRE)ktest.$(OBJEXT): ktest.c ktest.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h utility.h $(SRCTOP)/lib/krb5/asn.1/krbasn1.h \
-  $(SRCTOP)/lib/krb5/asn.1/asn1buf.h
+  utility.h $(SRCTOP)/lib/krb5/asn.1/krbasn1.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h
 $(OUTPRE)ktest_equal.$(OBJEXT): ktest_equal.c ktest_equal.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h
 $(OUTPRE)utility.$(OBJEXT): utility.c $(BUILDTOP)/include/krb5.h \
   $(COM_ERR_DEPS) utility.h $(SRCTOP)/lib/krb5/asn.1/krbasn1.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h
+  $(SRCTOP)/lib/krb5/asn.1/asn1buf.h
 $(OUTPRE)trval.$(OBJEXT): trval.c
 
index ea679cc0cd49219dcc044e46bcccd1b31e523c76..c205232d9a27966d13d3697db5f442a2b335eff2 100644 (file)
 krb5_context test_context;
 int error_count = 0;
 
+void krb5_ktest_free_alt_method(krb5_context context, krb5_alt_method *val);
+void krb5_ktest_free_pwd_sequence(krb5_context context, 
+                                 passwd_phrase_element *val);
+void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val);
+
 int main(argc, argv)
        int argc;
        char **argv;
@@ -23,6 +28,7 @@ int main(argc, argv)
          exit(1);
   }
   
+
 #define setup(type,typestring,constructor)\
   type ref, *var;\
   retval = constructor(&ref);\
@@ -30,8 +36,8 @@ int main(argc, argv)
     com_err("krb5_decode_test", retval, "while making sample %s", typestring);\
     exit(1);\
   }
-    
-#define decode_run(typestring,description,encoding,decoder,comparator)\
+
+#define decode_run(typestring,description,encoding,decoder,comparator,cleanup)\
     retval = krb5_data_hex_parse(&code,encoding);\
     if(retval){\
       com_err("krb5_decode_test", retval, "while parsing %s", typestring);\
@@ -43,32 +49,204 @@ int main(argc, argv)
       error_count++;\
     }\
     assert(comparator(&ref,var),typestring);\
-    printf("%s\n",description)
+    printf("%s\n",description);\
+    krb5_free_data_contents(test_context, &code);\
+    cleanup(test_context, var);
 
   /****************************************************************/
   /* decode_krb5_authenticator */
   {
     setup(krb5_authenticator,"krb5_authenticator",ktest_make_sample_authenticator);
 
-    decode_run("authenticator","","62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_authenticator,ktest_equal_authenticator);
+    decode_run("authenticator","","62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+    ref.seq_number = 0xffffff80;
+    decode_run("authenticator","(80 -> seq-number 0xffffff80)",
+              "62 81 A1 30 81 9E"
+              "   A0 03 02 01 05"
+              "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+              "   A2 1A 30 18"
+              "      A0 03 02 01 01"
+              "      A1 11 30 0F"
+              "         1B 06 68 66 74 73 61 69"
+              "         1B 05 65 78 74 72 61"
+              "   A3 0F 30 0D"
+              "      A0 03 02 01 01"
+              "      A1 06 04 04 31 32 33 34"
+              "   A4 05 02 03 01 E2 40"
+              "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+              "   A6 13 30 11"
+              "      A0 03 02 01 01"
+              "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+              "   A7 03 02 01 80"
+              "   A8 24 30 22"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+    ref.seq_number = 0xffffffff;
+    decode_run("authenticator","(FF -> seq-number 0xffffffff)",
+              "62 81 A1 30 81 9E"
+              "   A0 03 02 01 05"
+              "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+              "   A2 1A 30 18"
+              "      A0 03 02 01 01"
+              "      A1 11 30 0F"
+              "         1B 06 68 66 74 73 61 69"
+              "         1B 05 65 78 74 72 61"
+              "   A3 0F 30 0D"
+              "      A0 03 02 01 01"
+              "      A1 06 04 04 31 32 33 34"
+              "   A4 05 02 03 01 E2 40"
+              "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+              "   A6 13 30 11"
+              "      A0 03 02 01 01"
+              "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+              "   A7 03 02 01 FF"
+              "   A8 24 30 22"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+    ref.seq_number = 0xff;
+    decode_run("authenticator","(00FF -> seq-number 0xff)",
+              "62 81 A2 30 81 9F"
+              "   A0 03 02 01 05"
+              "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+              "   A2 1A 30 18"
+              "      A0 03 02 01 01"
+              "      A1 11 30 0F"
+              "         1B 06 68 66 74 73 61 69"
+              "         1B 05 65 78 74 72 61"
+              "   A3 0F 30 0D"
+              "      A0 03 02 01 01"
+              "      A1 06 04 04 31 32 33 34"
+              "   A4 05 02 03 01 E2 40"
+              "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+              "   A6 13 30 11"
+              "      A0 03 02 01 01"
+              "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+              "   A7 04 02 02 00 FF"
+              "   A8 24 30 22"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+    ref.seq_number = 0xffffffff;
+    decode_run("authenticator","(00FFFFFFFF -> seq-number 0xffffffff)",
+              "62 81 A5 30 81 A2"
+              "   A0 03 02 01 05"
+              "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+              "   A2 1A 30 18"
+              "      A0 03 02 01 01"
+              "      A1 11 30 0F"
+              "         1B 06 68 66 74 73 61 69"
+              "         1B 05 65 78 74 72 61"
+              "   A3 0F 30 0D"
+              "      A0 03 02 01 01"
+              "      A1 06 04 04 31 32 33 34"
+              "   A4 05 02 03 01 E2 40"
+              "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+              "   A6 13 30 11"
+              "      A0 03 02 01 01"
+              "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+              "   A7 07 02 05 00 FF FF FF FF"
+              "   A8 24 30 22"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+    ref.seq_number = 0x7fffffff;
+    decode_run("authenticator","(7FFFFFFF -> seq-number 0x7fffffff)",
+              "62 81 A4 30 81 A1"
+              "   A0 03 02 01 05"
+              "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+              "   A2 1A 30 18"
+              "      A0 03 02 01 01"
+              "      A1 11 30 0F"
+              "         1B 06 68 66 74 73 61 69"
+              "         1B 05 65 78 74 72 61"
+              "   A3 0F 30 0D"
+              "      A0 03 02 01 01"
+              "      A1 06 04 04 31 32 33 34"
+              "   A4 05 02 03 01 E2 40"
+              "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+              "   A6 13 30 11"
+              "      A0 03 02 01 01"
+              "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+              "   A7 06 02 04 7F FF FF FF"
+              "   A8 24 30 22"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+    ref.seq_number = 0xffffffff;
+    decode_run("authenticator","(FFFFFFFF -> seq-number 0xffffffff)",
+              "62 81 A4 30 81 A1"
+              "   A0 03 02 01 05"
+              "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+              "   A2 1A 30 18"
+              "      A0 03 02 01 01"
+              "      A1 11 30 0F"
+              "         1B 06 68 66 74 73 61 69"
+              "         1B 05 65 78 74 72 61"
+              "   A3 0F 30 0D"
+              "      A0 03 02 01 01"
+              "      A1 06 04 04 31 32 33 34"
+              "   A4 05 02 03 01 E2 40"
+              "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+              "   A6 13 30 11"
+              "      A0 03 02 01 01"
+              "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+              "   A7 06 02 04 FF FF FF FF"
+              "   A8 24 30 22"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              "      30 0F"
+              "         A0 03 02 01 01"
+              "         A1 08 04 06 66 6F 6F 62 61 72"
+              ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
 
     ktest_destroy_checksum(&(ref.checksum));
     ktest_destroy_keyblock(&(ref.subkey));
     ref.seq_number = 0;
     ktest_empty_authorization_data(ref.authorization_data);
-    decode_run("authenticator","(optionals empty)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator);
+    decode_run("authenticator","(optionals empty)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
 
-   ktest_destroy_authorization_data(&(ref.authorization_data));
+    ktest_destroy_authorization_data(&(ref.authorization_data));
     
-    decode_run("authenticator","(optionals NULL)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator);
+    decode_run("authenticator","(optionals NULL)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+    ktest_empty_authenticator(&ref);
   }
   
   /****************************************************************/
   /* decode_krb5_ticket */
   {
     setup(krb5_ticket,"krb5_ticket",ktest_make_sample_ticket);
-    decode_run("ticket","","61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ticket,ktest_equal_ticket);
-    decode_run("ticket","(+ trailing [4] INTEGER","61 61 30 5F A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 03 02 01 01",decode_krb5_ticket,ktest_equal_ticket);
+    decode_run("ticket","","61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+    decode_run("ticket","(+ trailing [4] INTEGER","61 61 30 5F A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 03 02 01 01",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
 
 /*
   "61 80 30 80 "
@@ -89,7 +267,7 @@ int main(argc, argv)
   "  00 00 00 00"
   "00 00 00 00"
 */
-    decode_run("ticket","(indefinite lengths)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00" ,decode_krb5_ticket,ktest_equal_ticket);
+    decode_run("ticket","(indefinite lengths)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00" ,decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
 /*
   "61 80 30 80 "
   "  A0 03 02 01 05 "
@@ -110,37 +288,44 @@ int main(argc, argv)
   "  A4 03 02 01 01 "
   "00 00 00 00"
 */
-    decode_run("ticket","(indefinite lengths + trailing [4] INTEGER)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 A4 03 02 01 01 00 00 00 00",decode_krb5_ticket,ktest_equal_ticket);
+    decode_run("ticket","(indefinite lengths + trailing [4] INTEGER)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 A4 03 02 01 01 00 00 00 00",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+
+    ktest_empty_ticket(&ref);
+
   }
 
   /****************************************************************/
   /* decode_krb5_encryption_key */
   {
     setup(krb5_keyblock,"krb5_keyblock",ktest_make_sample_keyblock);
-    decode_run("encryption_key","","30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key","(+ trailing [2] INTEGER)","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key","(+ trailing [2] SEQUENCE {[0] INTEGER})","30 1A A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 07 30 05 A0 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key","(indefinite lengths)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key","(indefinite lengths + trailing [2] INTEGER)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key","(indefinite lengths + trailing [2] SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 80 30 80 A0 03 02 01 01 00 00 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key","(indefinite lengths + trailing SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 80 A0 03 02 01 01 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
+
+    decode_run("encryption_key","","30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+
+    decode_run("encryption_key","(+ trailing [2] INTEGER)","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+    decode_run("encryption_key","(+ trailing [2] SEQUENCE {[0] INTEGER})","30 1A A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 07 30 05 A0 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+    decode_run("encryption_key","(indefinite lengths)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+    decode_run("encryption_key","(indefinite lengths + trailing [2] INTEGER)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+    decode_run("encryption_key","(indefinite lengths + trailing [2] SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 80 30 80 A0 03 02 01 01 00 00 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+    decode_run("encryption_key","(indefinite lengths + trailing SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 80 A0 03 02 01 01 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
     ref.enctype = -1;
-    decode_run("encryption_key","(enctype = -1)","30 11 A0 03 02 01 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(enctype = -1)","30 11 A0 03 02 01 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
     ref.enctype = -255;
-    decode_run("encryption_key","(enctype = -255)","30 12 A0 04 02 02 FF 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(enctype = -255)","30 12 A0 04 02 02 FF 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
     ref.enctype = 255;
-    decode_run("encryption_key","(enctype = 255)","30 12 A0 04 02 02 00 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(enctype = 255)","30 12 A0 04 02 02 00 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
     ref.enctype = -2147483648;
-    decode_run("encryption_key","(enctype = -2147483648)","30 14 A0 06 02 04 80 00 00 00 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(enctype = -2147483648)","30 14 A0 06 02 04 80 00 00 00 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
     ref.enctype = 2147483647;
-    decode_run("encryption_key","(enctype = 2147483647)","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(enctype = 2147483647)","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+
+    ktest_empty_keyblock(&ref);
   }  
   
   /****************************************************************/
   /* decode_krb5_enc_tkt_part */
   {
     setup(krb5_enc_tkt_part,"krb5_enc_tkt_part",ktest_make_sample_enc_tkt_part);
-    decode_run("enc_tkt_part","","63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part);
+    decode_run("enc_tkt_part","","63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
   
     /* ref.times.starttime = 0; */
     ref.times.starttime = ref.times.authtime;
@@ -153,18 +338,19 @@ int main(argc, argv)
     ktest_destroy_addresses(&(ref.caddrs));
     ktest_destroy_authorization_data(&(ref.authorization_data));
   
-    decode_run("enc_tkt_part","(optionals NULL)","63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part);
+    decode_run("enc_tkt_part","(optionals NULL)","63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part, krb5_free_enc_tkt_part);
 
-    decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 38 bits)","63 81 A6 30 81 A3 A0 08 03 06 02 FE DC BA 98 DC A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part);
+    decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 38 bits)","63 81 A6 30 81 A3 A0 08 03 06 02 FE DC BA 98 DC A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
 
-    decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 40 bits)","63 81 A6 30 81 A3 A0 08 03 06 00 FE DC BA 98 DE A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part);
+    decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 40 bits)","63 81 A6 30 81 A3 A0 08 03 06 00 FE DC BA 98 DE A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
 
-    decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 29 bits)","63 81 A5 30 81 A2 A0 07 03 05 03 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part);
+    decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 29 bits)","63 81 A5 30 81 A2 A0 07 03 05 03 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
 
     ref.flags &= 0xFFFFFF00;
 
-    decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 24 bits)","63 81 A4 30 81 A1 A0 06 03 04 00 FE DC BA A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part);
-    
+    decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 24 bits)","63 81 A4 30 81 A1 A0 06 03 04 00 FE DC BA A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+    ktest_empty_enc_tkt_part(&ref);
   }  
   
   /****************************************************************/
@@ -173,10 +359,10 @@ int main(argc, argv)
     setup(krb5_enc_kdc_rep_part,"krb5_enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part);
   
 #ifdef KRB5_GENEROUS_LR_TYPE
-    decode_run("enc_kdc_rep_part","(compat_lr_type)","7A 82 01 10 30 82 01 0C A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part);
+    decode_run("enc_kdc_rep_part","(compat_lr_type)","7A 82 01 10 30 82 01 0C A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
 #endif
   
-    decode_run("enc_kdc_rep_part","","7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part);
+    decode_run("enc_kdc_rep_part","","7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
   
     ref.key_exp = 0;
     /* ref.times.starttime = 0;*/
@@ -186,10 +372,12 @@ int main(argc, argv)
     ktest_destroy_addresses(&(ref.caddrs));
   
 #ifdef KRB5_GENEROUS_LR_TYPE
-    decode_run("enc_kdc_rep_part","(optionals NULL)(compat lr_type)","7A 81 B4 30 81 B1 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part);
+    decode_run("enc_kdc_rep_part","(optionals NULL)(compat lr_type)","7A 81 B4 30 81 B1 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
 #endif
 
-    decode_run("enc_kdc_rep_part","(optionals NULL)","7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part);
+    decode_run("enc_kdc_rep_part","(optionals NULL)","7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+
+    ktest_empty_enc_kdc_rep_part(&ref);
   }  
 
   /****************************************************************/
@@ -198,7 +386,7 @@ int main(argc, argv)
     setup(krb5_kdc_rep,"krb5_kdc_rep",ktest_make_sample_kdc_rep);
     ref.msg_type = KRB5_AS_REP;
 
-    decode_run("as_rep","","6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep);
+    decode_run("as_rep","","6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
 
 /*
   6B 80 30 80
@@ -249,9 +437,11 @@ int main(argc, argv)
     00 00 00 00
   00 00 00 00
 */
-    decode_run("as_rep","(indefinite lengths)","6B 80 30 80 A0 03 02 01 05 A1 03 02 01 0B A2 80 30 80 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 00 00 00 00 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A5 80 61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00 00 00 A6 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00",decode_krb5_as_rep,ktest_equal_as_rep);
+    decode_run("as_rep","(indefinite lengths)","6B 80 30 80 A0 03 02 01 05 A1 03 02 01 0B A2 80 30 80 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 00 00 00 00 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A5 80 61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00 00 00 A6 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
     ktest_destroy_pa_data_array(&(ref.padata));
-    decode_run("as_rep","(optionals NULL)","6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep);
+    decode_run("as_rep","(optionals NULL)","6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
+
+  ktest_empty_kdc_rep(&ref);
   }  
   
   /****************************************************************/
@@ -260,24 +450,29 @@ int main(argc, argv)
     setup(krb5_kdc_rep,"krb5_kdc_rep",ktest_make_sample_kdc_rep);
     ref.msg_type = KRB5_TGS_REP;
 
-    decode_run("tgs_rep","","6D 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0D A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep);
+    decode_run("tgs_rep","","6D 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0D A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
 
     ktest_destroy_pa_data_array(&(ref.padata));
-    decode_run("tgs_rep","(optionals NULL)","6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep);
+    decode_run("tgs_rep","(optionals NULL)","6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
+
+  ktest_empty_kdc_rep(&ref);
   }  
   
   /****************************************************************/
   /* decode_krb5_ap_req */
   {
     setup(krb5_ap_req,"krb5_ap_req",ktest_make_sample_ap_req);
-    decode_run("ap_req","","6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_req,ktest_equal_ap_req);
+    decode_run("ap_req","","6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_req,ktest_equal_ap_req,krb5_free_ap_req);
+    ktest_empty_ap_req(&ref);
+
   }  
 
   /****************************************************************/
   /* decode_krb5_ap_rep */
   {
     setup(krb5_ap_rep,"krb5_ap_rep",ktest_make_sample_ap_rep);
-    decode_run("ap_rep","","6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_rep,ktest_equal_ap_rep);
+    decode_run("ap_rep","","6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_rep,ktest_equal_ap_rep,krb5_free_ap_rep);
+    ktest_empty_ap_rep(&ref);
   }  
 
   /****************************************************************/
@@ -285,11 +480,12 @@ int main(argc, argv)
   {
     setup(krb5_ap_rep_enc_part,"krb5_ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part);
 
-    decode_run("ap_rep_enc_part","","7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part);
+    decode_run("ap_rep_enc_part","","7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
   
     ktest_destroy_keyblock(&(ref.subkey));
     ref.seq_number = 0;
-    decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part);
+    decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
+    ktest_empty_ap_rep_enc_part(&ref);
   }
   
   /****************************************************************/
@@ -299,7 +495,7 @@ int main(argc, argv)
     ref.msg_type = KRB5_AS_REQ;
 
     ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-    decode_run("as_req","","6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req);
+    decode_run("as_req","","6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
 
     ktest_destroy_pa_data_array(&(ref.padata));
     ktest_destroy_principal(&(ref.client));
@@ -311,14 +507,18 @@ int main(argc, argv)
     ref.rtime = 0;
     ktest_destroy_addresses(&(ref.addresses));
     ktest_destroy_enc_data(&(ref.authorization_data));
-    decode_run("as_req","(optionals NULL except second_ticket)","6A 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0A A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req);
+    decode_run("as_req","(optionals NULL except second_ticket)","6A 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0A A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
     ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
 #ifndef ISODE_SUCKS
     ktest_make_sample_principal(&(ref.server));
 #endif
     ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-    decode_run("as_req","(optionals NULL except server)","6A 69 30 67 A1 03 02 01 05 A2 03 02 01 0A A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_as_req,ktest_equal_as_req);
+    decode_run("as_req","(optionals NULL except server)","6A 69 30 67 A1 03 02 01 05 A2 03 02 01 0A A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
+
+  ktest_empty_kdc_req(&ref);
+
   }
+
   
   /****************************************************************/
   /* decode_krb5_tgs_req */
@@ -327,7 +527,7 @@ int main(argc, argv)
     ref.msg_type = KRB5_TGS_REQ;
 
     ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-    decode_run("tgs_req","","6C 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0C A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req);
+    decode_run("tgs_req","","6C 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0C A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
 
     ktest_destroy_pa_data_array(&(ref.padata));
     ktest_destroy_principal(&(ref.client));
@@ -339,27 +539,30 @@ int main(argc, argv)
     ref.rtime = 0;
     ktest_destroy_addresses(&(ref.addresses));
     ktest_destroy_enc_data(&(ref.authorization_data));
-    decode_run("tgs_req","(optionals NULL except second_ticket)","6C 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0C A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req);
+    decode_run("tgs_req","(optionals NULL except second_ticket)","6C 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0C A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
 
     ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
 #ifndef ISODE_SUCKS
     ktest_make_sample_principal(&(ref.server));
 #endif
     ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-    decode_run("tgs_req","(optionals NULL except server)","6C 69 30 67 A1 03 02 01 05 A2 03 02 01 0C A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_tgs_req,ktest_equal_tgs_req);
+    decode_run("tgs_req","(optionals NULL except server)","6C 69 30 67 A1 03 02 01 05 A2 03 02 01 0C A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
+
+    ktest_empty_kdc_req(&ref);
   }
   
   /****************************************************************/
   /* decode_krb5_kdc_req_body */
   {
     krb5_kdc_req ref, *var;
+    memset(&ref, 0, sizeof(krb5_kdc_req));
     retval = ktest_make_sample_kdc_req_body(&ref);
     if(retval){
       com_err("making sample kdc_req_body",retval,"");
       exit(1);
     }
     ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-    decode_run("kdc_req_body","","30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body);
+    decode_run("kdc_req_body","","30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
 
     ktest_destroy_principal(&(ref.client));
 #ifndef ISODE_SUCKS
@@ -370,66 +573,75 @@ int main(argc, argv)
     ref.rtime = 0;
     ktest_destroy_addresses(&(ref.addresses));
     ktest_destroy_enc_data(&(ref.authorization_data));
-    decode_run("kdc_req_body","(optionals NULL except second_ticket)","30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body);
+    decode_run("kdc_req_body","(optionals NULL except second_ticket)","30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
 
     ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
 #ifndef ISODE_SUCKS
     ktest_make_sample_principal(&(ref.server));
 #endif
     ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-    decode_run("kdc_req_body","(optionals NULL except server)","30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body);
+    decode_run("kdc_req_body","(optionals NULL except server)","30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
     ref.nktypes = 0;
     free(ref.ktype);
     ref.ktype = NULL;
-    decode_run("kdc_req_body","(optionals NULL except server; zero-length etypes)","30 53 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 02 30 00",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body);
+    decode_run("kdc_req_body","(optionals NULL except server; zero-length etypes)","30 53 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 02 30 00",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+
+    ktest_empty_kdc_req(&ref);
   }
+
   
   /****************************************************************/
   /* decode_krb5_safe */
   {
     setup(krb5_safe,"krb5_safe",ktest_make_sample_safe);
-    decode_run("safe","","74 6E 30 6C A0 03 02 01 05 A1 03 02 01 14 A2 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe);
+    decode_run("safe","","74 6E 30 6C A0 03 02 01 05 A1 03 02 01 14 A2 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe);
 
     ref.timestamp = 0;
     ref.usec = 0;
     ref.seq_number = 0;
     ktest_destroy_address(&(ref.r_address));
-    decode_run("safe","(optionals NULL)","74 3E 30 3C A0 03 02 01 05 A1 03 02 01 14 A2 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe);
+    decode_run("safe","(optionals NULL)","74 3E 30 3C A0 03 02 01 05 A1 03 02 01 14 A2 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe);
+
+    ktest_empty_safe(&ref);
   }
   
   /****************************************************************/
   /* decode_krb5_priv */
   {
     setup(krb5_priv,"krb5_priv",ktest_make_sample_priv);
-    decode_run("priv","","75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_priv,ktest_equal_priv);
+    decode_run("priv","","75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_priv,ktest_equal_priv,krb5_free_priv);
+    ktest_empty_priv(&ref);
   }
   
   /****************************************************************/
   /* decode_krb5_enc_priv_part */
   {
     setup(krb5_priv_enc_part,"krb5_priv_enc_part",ktest_make_sample_priv_enc_part);
-    decode_run("enc_priv_part","","7C 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part);
+    decode_run("enc_priv_part","","7C 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
 
     ref.timestamp = 0;
     ref.usec = 0;
     ref.seq_number = 0;
     ktest_destroy_address(&(ref.r_address));
-    decode_run("enc_priv_part","(optionals NULL)","7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part);
+    decode_run("enc_priv_part","(optionals NULL)","7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
+    ktest_empty_priv_enc_part(&ref);
   }
   
   /****************************************************************/
   /* decode_krb5_cred */
   {
     setup(krb5_cred,"krb5_cred",ktest_make_sample_cred);
-    decode_run("cred","","76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_cred,ktest_equal_cred);
+    decode_run("cred","","76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_cred,ktest_equal_cred,krb5_free_cred);
+    ktest_empty_cred(&ref);
   }
   
   /****************************************************************/
   /* decode_krb5_enc_cred_part */
   {
     setup(krb5_cred_enc_part,"krb5_cred_enc_part",ktest_make_sample_cred_enc_part);
-    decode_run("enc_cred_part","","7D 82 02 23 30 82 02 1F A0 82 01 DA 30 82 01 D6 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part);
-
+    decode_run("enc_cred_part","","7D 82 02 23 30 82 02 1F A0 82 01 DA 30 82 01 D6 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part);
+    /* free_cred_enc_part does not free the pointer */
+    krb5_xfree(var);
     ktest_destroy_principal(&(ref.ticket_info[0]->client));
     ktest_destroy_principal(&(ref.ticket_info[0]->server));
     ref.ticket_info[0]->flags = 0;
@@ -443,20 +655,26 @@ int main(argc, argv)
     ref.usec = 0;
     ktest_destroy_address(&(ref.s_address));
     ktest_destroy_address(&(ref.r_address));
-    decode_run("enc_cred_part","(optionals NULL)","7D 82 01 0E 30 82 01 0A A0 82 01 06 30 82 01 02 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part);
+    decode_run("enc_cred_part","(optionals NULL)","7D 82 01 0E 30 82 01 0A A0 82 01 06 30 82 01 02 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part);
+    /* free_cred_enc_part does not free the pointer */
+    krb5_xfree(var);
+
+    ktest_empty_cred_enc_part(&ref);
   }
   
   /****************************************************************/
   /* decode_krb5_error */
   {
     setup(krb5_error,"krb5_error",ktest_make_sample_error);
-    decode_run("error","","7E 81 BA 30 81 B7 A0 03 02 01 05 A1 03 02 01 1E A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A7 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A8 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 0A 1B 08 6B 72 62 35 64 61 74 61 AC 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_error,ktest_equal_error);
+    decode_run("error","","7E 81 BA 30 81 B7 A0 03 02 01 05 A1 03 02 01 1E A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A7 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A8 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 0A 1B 08 6B 72 62 35 64 61 74 61 AC 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_error,ktest_equal_error,krb5_free_error);
 
     ref.ctime = 0;
     ktest_destroy_principal(&(ref.client));
     ktest_empty_data(&(ref.text));
     ktest_empty_data(&(ref.e_data));
-    decode_run("error","(optionals NULL)","7E 60 30 5E A0 03 02 01 05 A1 03 02 01 1E A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_error,ktest_equal_error);
+    decode_run("error","(optionals NULL)","7E 60 30 5E A0 03 02 01 05 A1 03 02 01 1E A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_error,ktest_equal_error,krb5_free_error);
+
+    ktest_empty_error(&ref);
   }
   
   /****************************************************************/
@@ -476,20 +694,25 @@ int main(argc, argv)
     retval = decode_krb5_authdata(&code,&var);
     if(retval) com_err("decoding authorization_data",retval,"");
     assert(ktest_equal_authorization_data(ref,var),"authorization_data\n")
+    krb5_free_data_contents(test_context, &code);
+    krb5_free_authdata(test_context, var);
+    ktest_destroy_authorization_data(&ref);
   }
   
   /****************************************************************/
   /* decode_pwd_sequence */
   {
     setup(passwd_phrase_element,"passwd_phrase_element",ktest_make_sample_passwd_phrase_element);
-    decode_run("PasswdSequence","","30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_sequence,ktest_equal_passwd_phrase_element);
+    decode_run("PasswdSequence","","30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_sequence,ktest_equal_passwd_phrase_element,krb5_ktest_free_pwd_sequence);
+    ktest_empty_passwd_phrase_element(&ref);
   }
 
   /****************************************************************/
   /* decode_passwd_data */
   {
     setup(krb5_pwd_data,"krb5_pwd_data",ktest_make_sample_krb5_pwd_data);
-    decode_run("PasswdData","","30 3D A0 03 02 01 02 A1 36 30 34 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_data,ktest_equal_krb5_pwd_data);
+    decode_run("PasswdData","","30 3D A0 03 02 01 02 A1 36 30 34 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_data,ktest_equal_krb5_pwd_data,krb5_free_pwd_data);
+    ktest_empty_pwd_data(&ref);
   }
 
   /****************************************************************/
@@ -508,7 +731,10 @@ int main(argc, argv)
     }
     retval = decode_krb5_padata_sequence(&code,&var);
     if(retval) com_err("decoding padata_sequence",retval,"");
-    assert(ktest_equal_sequence_of_pa_data(ref,var),"pa_data\n")
+    assert(ktest_equal_sequence_of_pa_data(ref,var),"pa_data\n");
+    krb5_free_pa_data(test_context, var);
+    krb5_free_data_contents(test_context, &code);
+    ktest_destroy_pa_data_array(&ref);
   }
   
   /****************************************************************/
@@ -527,17 +753,20 @@ int main(argc, argv)
     }
     retval = decode_krb5_padata_sequence(&code,&var);
     if(retval) com_err("decoding padata_sequence (empty)",retval,"");
-    assert(ktest_equal_sequence_of_pa_data(ref,var),"pa_data (empty)\n")
+    assert(ktest_equal_sequence_of_pa_data(ref,var),"pa_data (empty)\n");
+    krb5_free_pa_data(test_context, var);
+    krb5_free_data_contents(test_context, &code);
+    ktest_destroy_pa_data_array(&ref);
   }
   
   /****************************************************************/
   /* decode_pwd_sequence */
   {
     setup(krb5_alt_method,"krb5_alt_method",ktest_make_sample_alt_method);
-    decode_run("alt_method","","30 0F A0 03 02 01 2A A1 08 04 06 73 65 63 72 65 74",decode_krb5_alt_method,ktest_equal_krb5_alt_method);
+    decode_run("alt_method","","30 0F A0 03 02 01 2A A1 08 04 06 73 65 63 72 65 74",decode_krb5_alt_method,ktest_equal_krb5_alt_method,krb5_ktest_free_alt_method);
     ref.length = 0;
-    decode_run("alt_method (no data)","","30 05 A0 03 02 01 2A",decode_krb5_alt_method,ktest_equal_krb5_alt_method);
-    
+    decode_run("alt_method (no data)","","30 05 A0 03 02 01 2A",decode_krb5_alt_method,ktest_equal_krb5_alt_method,krb5_ktest_free_alt_method);
+    ktest_empty_alt_method(&ref);
   }
 
   /****************************************************************/
@@ -565,6 +794,7 @@ int main(argc, argv)
       ktest_destroy_etype_info(var);
       ktest_destroy_etype_info_entry(ref[2]);      ref[2] = 0;
       ktest_destroy_etype_info_entry(ref[1]);      ref[1] = 0;
+      krb5_free_data_contents(test_context, &code);
       
       retval = krb5_data_hex_parse(&code,"30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30");
       if(retval){
@@ -581,6 +811,7 @@ int main(argc, argv)
       
       ktest_destroy_etype_info(var);
       ktest_destroy_etype_info_entry(ref[0]);      ref[0] = 0;
+      krb5_free_data_contents(test_context, &code);
       
       retval = krb5_data_hex_parse(&code,"30 00");
       if(retval){
@@ -595,6 +826,7 @@ int main(argc, argv)
       }
       assert(ktest_equal_etype_info(ref,var),"etype_info (no info)\n");
 
+      krb5_free_data_contents(test_context, &code);
       ktest_destroy_etype_info(var);
       ktest_destroy_etype_info(ref);
   }
@@ -603,41 +835,70 @@ int main(argc, argv)
   /* decode_pa_enc_ts */
   {
     setup(krb5_pa_enc_ts,"krb5_pa_enc_ts",ktest_make_sample_pa_enc_ts);
-    decode_run("pa_enc_ts","","30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts);
+    decode_run("pa_enc_ts","","30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
     ref.pausec = 0;
-    decode_run("pa_enc_ts (no usec)","","30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts);
+    decode_run("pa_enc_ts (no usec)","","30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
   }
   
   /****************************************************************/
   /* decode_enc_data */
   {
     setup(krb5_enc_data,"krb5_enc_data",ktest_make_sample_enc_data);
-    decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data);
+    decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+    ktest_destroy_enc_data(&ref);
   }
   
   /****************************************************************/
   /* decode_sam_challenge */
   {
     setup(krb5_sam_challenge,"krb5_sam_challenge",ktest_make_sample_sam_challenge);
-    decode_run("sam_challenge","","30 78 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A3 02 04 00 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A7 02 04 00 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge);
+    decode_run("sam_challenge","","30 78 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A3 02 04 00 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A7 02 04 00 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge);
+    ktest_empty_sam_challenge(&ref);
+
   }
   
   /****************************************************************/
   /* decode_sam_challenge */
   {
     setup(krb5_sam_challenge,"krb5_sam_challenge - no optionals",ktest_make_sample_sam_challenge);
-    decode_run("sam_challenge","","30 70 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge);
+    decode_run("sam_challenge","","30 70 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge);
+    ktest_empty_sam_challenge(&ref);
   }
   
   /****************************************************************/
   /* decode_sam_response */
   {
     setup(krb5_sam_response,"krb5_sam_response",ktest_make_sample_sam_response);
-    decode_run("sam_response","","30 6A A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 14 30 12 A0 03 02 01 01 A1 04 02 02 07 96 A2 05 04 03 6B 65 79 A4 1C 30 1A A0 03 02 01 01 A1 04 02 02 0D 36 A2 0D 04 0B 6E 6F 6E 63 65 20 6F 72 20 74 73 A5 05 02 03 54 32 10 A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_sam_response,ktest_equal_sam_response);
+    decode_run("sam_response","","30 6A A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 14 30 12 A0 03 02 01 01 A1 04 02 02 07 96 A2 05 04 03 6B 65 79 A4 1C 30 1A A0 03 02 01 01 A1 04 02 02 0D 36 A2 0D 04 0B 6E 6F 6E 63 65 20 6F 72 20 74 73 A5 05 02 03 54 32 10 A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_sam_response,ktest_equal_sam_response,krb5_free_sam_response);
+
+    ktest_empty_sam_response(&ref);
   }
   
+  krb5_free_context(test_context);
   exit(error_count);
   return(error_count);
 }
 
 
+void krb5_ktest_free_alt_method(krb5_context context, krb5_alt_method *val)
+{
+  if (val->data)
+    krb5_xfree(val->data);
+  krb5_xfree(val);
+}
+
+void krb5_ktest_free_pwd_sequence(krb5_context context, 
+                                 passwd_phrase_element *val)
+{
+  krb5_free_data(context, val->passwd);
+  krb5_free_data(context, val->phrase);
+  krb5_xfree(val);
+}
+
+void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val)
+{
+  if(val) {
+       krb5_free_data_contents(context, &(val->ciphertext));
+       free(val);
+  }
+}
index 012be90b44e792293016d1d16338a95ab754e2e2..284d31b7730c561bfa80df1eab93b62984319ca5 100644 (file)
@@ -133,6 +133,7 @@ main(argc, argv)
 
     ktest_destroy_authorization_data(&(authent.authorization_data));
     encode_run(authent,authenticator,"authenticator","(optionals NULL)",encode_krb5_authenticator);
+    ktest_empty_authenticator(&authent);
   }
   
   /****************************************************************/
@@ -141,6 +142,7 @@ main(argc, argv)
     krb5_ticket tkt;
     setup(tkt,ticket,"ticket",ktest_make_sample_ticket);
     encode_run(tkt,ticket,"ticket","",encode_krb5_ticket);
+    ktest_empty_ticket(&tkt);
   }
 
   /****************************************************************/
@@ -150,12 +152,14 @@ main(argc, argv)
     setup(keyblk,keyblock,"keyblock",ktest_make_sample_keyblock);
     current_appl_type = 1005;
     encode_run(keyblk,keyblock,"keyblock","",encode_krb5_encryption_key);
+    ktest_empty_keyblock(&keyblk);
   }  
   
   /****************************************************************/
   /* encode_krb5_enc_tkt_part */
   {
     krb5_ticket tkt;
+    memset(&tkt, 0, sizeof(krb5_ticket));
     tkt.enc_part2 = (krb5_enc_tkt_part*)calloc(1,sizeof(krb5_enc_tkt_part));
     if(tkt.enc_part2 == NULL) com_err("allocating enc_tkt_part",errno,"");
     setup(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part",ktest_make_sample_enc_tkt_part);
@@ -174,13 +178,16 @@ main(argc, argv)
     ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data));
   
     encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","(optionals NULL)",encode_krb5_enc_tkt_part);
+    ktest_empty_ticket(&tkt);
   }  
   
   /****************************************************************/
   /* encode_krb5_enc_kdc_rep_part */
   {
     krb5_kdc_rep kdcr;
-  
+
+    memset(&kdcr, 0, sizeof(kdcr));
     kdcr.enc_part2 = (krb5_enc_kdc_rep_part*)
       calloc(1,sizeof(krb5_enc_kdc_rep_part));
     if(kdcr.enc_part2 == NULL) com_err("allocating enc_kdc_rep_part",errno,"");
@@ -194,6 +201,8 @@ main(argc, argv)
     ktest_destroy_addresses(&(kdcr.enc_part2->caddrs));
   
     encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","(optionals NULL)",encode_krb5_enc_kdc_rep_part);
+
+    ktest_empty_kdc_rep(&kdcr);
   }  
 
   /****************************************************************/
@@ -212,6 +221,9 @@ main(argc, argv)
   
     ktest_destroy_pa_data_array(&(kdcr.padata));
     encode_run(kdcr,as_rep,"as_rep","(optionals NULL)",encode_krb5_as_rep);
+
+    ktest_empty_kdc_rep(&kdcr);
+
   }  
   
   /****************************************************************/
@@ -229,6 +241,9 @@ main(argc, argv)
 
     ktest_destroy_pa_data_array(&(kdcr.padata));
     encode_run(kdcr,tgs_rep,"tgs_rep","(optionals NULL)",encode_krb5_tgs_rep);
+
+    ktest_empty_kdc_rep(&kdcr);
+
   }  
   
   /****************************************************************/
@@ -237,6 +252,7 @@ main(argc, argv)
     krb5_ap_req apreq;
     setup(apreq,ap_req,"ap_req",ktest_make_sample_ap_req);
     encode_run(apreq,ap_req,"ap_req","",encode_krb5_ap_req);
+    ktest_empty_ap_req(&apreq);
   }  
 
   /****************************************************************/
@@ -245,6 +261,7 @@ main(argc, argv)
     krb5_ap_rep aprep;
     setup(aprep,ap_rep,"ap_rep",ktest_make_sample_ap_rep);
     encode_run(aprep,ap_rep,"ap_rep","",encode_krb5_ap_rep);
+    ktest_empty_ap_rep(&aprep);
   }  
 
   /****************************************************************/
@@ -257,6 +274,7 @@ main(argc, argv)
     ktest_destroy_keyblock(&(apenc.subkey));
     apenc.seq_number = 0;
     encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","(optionals NULL)",encode_krb5_ap_rep_enc_part);
+    ktest_empty_ap_rep_enc_part(&apenc);
   }
   
   /****************************************************************/
@@ -285,6 +303,7 @@ main(argc, argv)
 #endif
     asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
     encode_run(asreq,as_req,"as_req","(optionals NULL except server)",encode_krb5_as_req);
+    ktest_empty_kdc_req(&asreq);
   }
   
   /****************************************************************/
@@ -314,12 +333,15 @@ main(argc, argv)
 #endif
     tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
     encode_run(tgsreq,tgs_req,"tgs_req","(optionals NULL except server)",encode_krb5_tgs_req);
+
+    ktest_empty_kdc_req(&tgsreq);
   }
   
   /****************************************************************/
   /* encode_krb5_kdc_req_body */
   {
     krb5_kdc_req kdcrb;
+    memset(&kdcrb, 0, sizeof(kdcrb));
     setup(kdcrb,kdc_req_body,"kdc_req_body",ktest_make_sample_kdc_req_body);
     kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
     current_appl_type = 1007;  /* Force interpretation as kdc-req-body */
@@ -344,6 +366,8 @@ main(argc, argv)
     kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
     current_appl_type = 1007;  /* Force interpretation as kdc-req-body */
     encode_run(kdcrb,kdc_req_body,"kdc_req_body","(optionals NULL except server)",encode_krb5_kdc_req_body);
+
+    ktest_empty_kdc_req(&kdcrb);
   }
   
   /****************************************************************/
@@ -358,6 +382,8 @@ main(argc, argv)
     s.seq_number = 0;
     ktest_destroy_address(&(s.r_address));
     encode_run(s,safe,"safe","(optionals NULL)",encode_krb5_safe);
+
+    ktest_empty_safe(&s);
   }
   
   /****************************************************************/
@@ -366,6 +392,7 @@ main(argc, argv)
     krb5_priv p;
     setup(p,priv,"priv",ktest_make_sample_priv);
     encode_run(p,priv,"priv","",encode_krb5_priv);
+    ktest_empty_priv(&p);
   }
   
   /****************************************************************/
@@ -380,6 +407,8 @@ main(argc, argv)
     ep.seq_number = 0;
     ktest_destroy_address(&(ep.r_address));
     encode_run(ep,enc_priv_part,"enc_priv_part","(optionals NULL)",encode_krb5_enc_priv_part);
+
+    ktest_empty_priv_enc_part(&ep);
   }
   
   /****************************************************************/
@@ -388,6 +417,7 @@ main(argc, argv)
     krb5_cred c;
     setup(c,cred,"cred",ktest_make_sample_cred);
     encode_run(c,cred,"cred","",encode_krb5_cred);
+    ktest_empty_cred(&c);
   }
   
   /****************************************************************/
@@ -410,6 +440,8 @@ main(argc, argv)
     ktest_destroy_address(&(cep.s_address));
     ktest_destroy_address(&(cep.r_address));
     encode_run(cep,enc_cred_part,"enc_cred_part","(optionals NULL)",encode_krb5_enc_cred_part);
+
+    ktest_empty_cred_enc_part(&cep);
   }
   
   /****************************************************************/
@@ -424,6 +456,8 @@ main(argc, argv)
     ktest_empty_data(&(kerr.text));
     ktest_empty_data(&(kerr.e_data));
     encode_run(kerr,error,"error","(optionals NULL)",encode_krb5_error);
+
+    ktest_empty_error(&kerr);
   }
   
   /****************************************************************/
@@ -439,6 +473,8 @@ main(argc, argv)
     }
     current_appl_type = 1004;  /* Force type to be authdata */
     encoder_print_results(code, "authorization_data", "");
+
+    ktest_destroy_authorization_data(&ad);
   }
   
   /****************************************************************/
@@ -447,6 +483,7 @@ main(argc, argv)
     passwd_phrase_element ppe;
     setup(ppe,passwd_phrase_element,"PasswdSequence",ktest_make_sample_passwd_phrase_element);
     encode_run(ppe,passwd_phrase_element,"pwd_sequence","",encode_krb5_pwd_sequence);
+    ktest_empty_passwd_phrase_element(&ppe);
   }
 
   /****************************************************************/
@@ -455,6 +492,7 @@ main(argc, argv)
     krb5_pwd_data pd;
     setup(pd,krb5_pwd_data,"PasswdData",ktest_make_sample_krb5_pwd_data);
     encode_run(pd,krb5_pwd_data,"pwd_data","",encode_krb5_pwd_data);
+    ktest_empty_pwd_data(&pd);
   }
 
   /****************************************************************/
@@ -469,6 +507,8 @@ main(argc, argv)
        exit(1);
     }
     encoder_print_results(code, "padata_sequence", "");
+    
+    ktest_destroy_pa_data_array(&pa);
   }
 
   /****************************************************************/
@@ -483,6 +523,8 @@ main(argc, argv)
        exit(1);
     }
     encoder_print_results(code, "padata_sequence(empty)", "");
+
+    ktest_destroy_pa_data_array(&pa);
   }
 
   /****************************************************************/
@@ -492,9 +534,12 @@ main(argc, argv)
     setup(am,krb5_alt_method,"AltMethod",ktest_make_sample_alt_method);
     encode_run(am,krb5_alt_method,"alt_method","",encode_krb5_alt_method);
     am.length = 0;
+    if (am.data)
+      free(am.data);
     am.data = 0;
     encode_run(am,krb5_alt_method,"alt_method (no data)","",
               encode_krb5_alt_method);
+    ktest_empty_alt_method(&am);
   }
 
   /****************************************************************/
@@ -529,7 +574,34 @@ main(argc, argv)
     }
     encoder_print_results(code, "etype_info (no info)", "");
 
-    free(info);
+    ktest_destroy_etype_info(info);
+  }
+
+  /* encode_etype_info 2*/
+  {
+    krb5_etype_info_entry **info;
+    
+    setup(info,krb5_etype_info_entry **,"etype_info2",
+         ktest_make_sample_etype_info2);
+    retval = encode_krb5_etype_info2((const krb5_etype_info_entry **)info,&(code));
+    if(retval) {
+       com_err("encoding etype_info",retval,"");
+       exit(1);
+    }
+    encoder_print_results(code, "etype_info2", "");
+    ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
+    ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
+
+    retval = encode_krb5_etype_info2((const krb5_etype_info_entry **)info,&(code));
+    if(retval) {
+       com_err("encoding etype_info (only 1)",retval,"");
+       exit(1);
+    }
+    encoder_print_results(code, "etype_info2 (only 1)", "");
+
+    ktest_destroy_etype_info(info);
+/*    ktest_destroy_etype_info_entry(info[0]);      info[0] = 0;*/
+    
   }
 
   /****************************************************************/
@@ -549,6 +621,7 @@ main(argc, argv)
     setup(enc_data,krb5_enc_data,"enc_data",ktest_make_sample_enc_data);
     current_appl_type = 1001;
     encode_run(enc_data,krb5_enc_data,"enc_data","",encode_krb5_enc_data);
+    ktest_destroy_enc_data(&enc_data);
   }
   /****************************************************************/
   /* encode_krb5_sam_challenge */
@@ -558,6 +631,7 @@ main(argc, argv)
          ktest_make_sample_sam_challenge);
     encode_run(sam_ch,krb5_sam_challenge,"sam_challenge","",
               encode_krb5_sam_challenge);
+    ktest_empty_sam_challenge(&sam_ch);
   }
   /****************************************************************/
   /* encode_krb5_sam_response */
@@ -567,6 +641,7 @@ main(argc, argv)
          ktest_make_sample_sam_response);
     encode_run(sam_ch,krb5_sam_response,"sam_response","",
               encode_krb5_sam_response);
+    ktest_empty_sam_response(&sam_ch);
   }
 #if 0
   /****************************************************************/
@@ -598,6 +673,7 @@ main(argc, argv)
   }
 #endif
 
+  krb5_free_context(test_context);
   exit(error_count);
   return(error_count);
 }
index af02d1ad7331d94135f3f7e953f816c19868bb0e..12ff8fb93fbe056ddd52ec088736bcb3bc012ce9 100644 (file)
@@ -71,6 +71,7 @@ krb5_error_code ktest_make_sample_ticket(tkt)
   if(retval) return retval;
   retval = ktest_make_sample_enc_data(&(tkt->enc_part));
   if(retval) return retval;
+  tkt->enc_part2 = NULL;
 
   return 0;
 }
@@ -228,8 +229,6 @@ krb5_error_code ktest_make_sample_last_req(lr)
   *lr = (krb5_last_req_entry**)calloc(3,sizeof(krb5_last_req_entry*));
   if(*lr == NULL) return ENOMEM;
   for(i=0; i<=1; i++){
-    (*lr)[i] = (krb5_last_req_entry*)calloc(1,sizeof(krb5_last_req_entry));
-    if((*lr)[i] == NULL) return ENOMEM;
     retval = ktest_make_sample_last_req_entry(&((*lr)[i]));
     if(retval) return retval;
   }
@@ -628,7 +627,8 @@ krb5_error_code ktest_make_sample_alt_method(p)
      krb5_alt_method * p;
 {
     p->method = 42;
-    p->data = (krb5_octet *) "secret";
+    p->data = (krb5_octet *) strdup("secret");
+    if(p->data == NULL) return ENOMEM;
     p->length = strlen((char *) p->data);
     return 0;
 }
@@ -656,6 +656,8 @@ krb5_error_code ktest_make_sample_etype_info(p)
        if (info[i]->salt == 0)
            goto memfail;
        strcpy((char *) info[i]->salt, buf);
+       info[i]->s2kparams.data = NULL;
+       info[i]->s2kparams.length = 0;
        info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
     }
     free(info[1]->salt);
@@ -668,6 +670,49 @@ memfail:
     return ENOMEM;
 }
 
+
+krb5_error_code ktest_make_sample_etype_info2(p)
+     krb5_etype_info_entry *** p;
+{
+    krb5_etype_info_entry **info;
+    int        i;
+    char buf[80];
+
+    info = malloc(sizeof(krb5_etype_info_entry *) * 4);
+    if (!info)
+       return ENOMEM;
+    memset(info, 0, sizeof(krb5_etype_info_entry *) * 4);
+
+    for (i=0; i < 3; i++) {
+       info[i] = malloc(sizeof(krb5_etype_info_entry));
+       if (info[i] == 0)
+           goto memfail;
+       info[i]->etype = i;
+       sprintf(buf, "Morton's #%d", i);
+       info[i]->length = strlen(buf);
+       info[i]->salt = malloc((size_t) (info[i]->length+1));
+       if (info[i]->salt == 0)
+           goto memfail;
+       strcpy((char *) info[i]->salt, buf);
+       sprintf(buf, "s2k: %d", i);
+       info[i]->s2kparams.data = malloc(strlen(buf)+1);
+       if (info[i]->s2kparams.data == NULL)
+           goto memfail;
+       strcpy( info[i]->s2kparams.data, buf);
+       info[i]->s2kparams.length = strlen(buf);
+       info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
+    }
+    free(info[1]->salt);
+    info[1]->length = KRB5_ETYPE_NO_SALT;
+    info[1]->salt = 0;
+    *p = info;
+    return 0;
+memfail:
+    ktest_destroy_etype_info(info);
+    return ENOMEM;
+}
+
+
 krb5_error_code ktest_make_sample_pa_enc_ts(pa_enc)
      krb5_pa_enc_ts * pa_enc;
 {
@@ -685,15 +730,19 @@ krb5_error_code ktest_make_sample_sam_challenge(p)
   p->magic = KV5M_SAM_CHALLENGE;
   p->sam_type = 42; /* information */
   p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */
-  p->sam_type_name.data = "type name";
+  p->sam_type_name.data = strdup("type name");
+  if (p->sam_type_name.data == NULL) return ENOMEM;
   p->sam_type_name.length = strlen(p->sam_type_name.data);
   p->sam_track_id.data = 0;
   p->sam_track_id.length = 0;
-  p->sam_challenge_label.data = "challenge label";
+  p->sam_challenge_label.data = strdup("challenge label");
+  if (p->sam_challenge_label.data == NULL) return ENOMEM;
   p->sam_challenge_label.length = strlen(p->sam_challenge_label.data);
-  p->sam_challenge.data = "challenge ipse";
+  p->sam_challenge.data = strdup("challenge ipse");
+  if (p->sam_challenge.data == NULL) return ENOMEM;
   p->sam_challenge.length = strlen(p->sam_challenge.data);
-  p->sam_response_prompt.data = "response_prompt ipse";
+  p->sam_response_prompt.data = strdup("response_prompt ipse");
+  if (p->sam_response_prompt.data == NULL) return ENOMEM;
   p->sam_response_prompt.length = strlen(p->sam_response_prompt.data);
   p->sam_pk_for_sad.data = 0;
   p->sam_pk_for_sad.length = 0;
@@ -710,13 +759,16 @@ krb5_error_code ktest_make_sample_sam_response(p)
   p->magic = KV5M_SAM_RESPONSE;
   p->sam_type = 42; /* information */
   p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */
-  p->sam_track_id.data = "track data";
+  p->sam_track_id.data = strdup("track data");
+  if (p->sam_track_id.data == NULL) return ENOMEM;
   p->sam_track_id.length = strlen(p->sam_track_id.data);
-  p->sam_enc_key.ciphertext.data = "key";
+  p->sam_enc_key.ciphertext.data = strdup("key");
+  if (p->sam_enc_key.ciphertext.data == NULL) return ENOMEM;
   p->sam_enc_key.ciphertext.length = strlen(p->sam_enc_key.ciphertext.data);
   p->sam_enc_key.enctype = ENCTYPE_DES_CBC_CRC;
   p->sam_enc_key.kvno = 1942;
-  p->sam_enc_nonce_or_ts.ciphertext.data = "nonce or ts";
+  p->sam_enc_nonce_or_ts.ciphertext.data = strdup("nonce or ts");
+  if (p->sam_enc_nonce_or_ts.ciphertext.data == NULL) return ENOMEM;
   p->sam_enc_nonce_or_ts.ciphertext.length = 
     strlen(p->sam_enc_nonce_or_ts.ciphertext.data);
   p->sam_enc_nonce_or_ts.enctype = ENCTYPE_DES_CBC_CRC;
@@ -764,6 +816,17 @@ void ktest_destroy_checksum(cs)
   }
 }
 
+void ktest_empty_keyblock(kb)
+     krb5_keyblock * kb;
+{
+  if (kb != NULL) {
+    if (kb->contents) {
+      free (kb->contents);
+      kb->contents = NULL;
+    }
+  }
+}
+
 void ktest_destroy_keyblock(kb)
      krb5_keyblock ** kb;
 {
@@ -779,8 +842,10 @@ void ktest_empty_authorization_data(ad)
 {
   int i;
 
-  for(i=0; ad[i] != NULL; i++)
-    ktest_destroy_authdata(&(ad[i]));
+  if(*ad != NULL) {
+    for(i=0; ad[i] != NULL; i++)
+      ktest_destroy_authdata(&(ad[i]));
+  }
 }
 
 void ktest_destroy_authorization_data(ad)
@@ -863,6 +928,8 @@ void ktest_destroy_principal(p)
 
   for(i=0; i<(*p)->length; i++)
     ktest_empty_data(&(((*p)->data)[i]));
+  ktest_empty_data(&((*p)->realm));
+  free((*p)->data);
   free(*p);
   *p = NULL;
 }
@@ -899,10 +966,22 @@ void ktest_destroy_ticket(tkt)
 {
   ktest_destroy_principal(&((*tkt)->server));
   ktest_destroy_enc_data(&((*tkt)->enc_part));
+  /*  ktest_empty_enc_tkt_part(((*tkt)->enc_part2));*/
   free(*tkt);
   *tkt = NULL;
 }  
 
+void ktest_empty_ticket(tkt)
+     krb5_ticket * tkt;
+{
+  if(tkt->server)
+    ktest_destroy_principal(&((tkt)->server));
+  ktest_destroy_enc_data(&((tkt)->enc_part));
+  if (tkt->enc_part2) {
+    ktest_destroy_enc_tkt_part(&(tkt->enc_part2));
+  }
+}  
+
 void ktest_destroy_enc_data(ed)
      krb5_enc_data * ed;
 {
@@ -915,6 +994,7 @@ void ktest_destroy_etype_info_entry(i)
 {
     if (i->salt)
        free(i->salt);
+    ktest_empty_data(&(i->s2kparams));
     free(i);
 }
 
@@ -929,3 +1009,283 @@ void ktest_destroy_etype_info(info)
 }
     
 
+void ktest_empty_kdc_req(kr)
+     krb5_kdc_req *kr;
+{
+  if (kr->padata)
+      ktest_destroy_pa_data_array(&(kr->padata));
+
+  if (kr->client)
+      ktest_destroy_principal(&(kr->client));
+
+  if (kr->server)
+      ktest_destroy_principal(&(kr->server));
+  if (kr->ktype)
+      free(kr->ktype);
+  if (kr->addresses)
+      ktest_destroy_addresses(&(kr->addresses));
+      ktest_destroy_enc_data(&(kr->authorization_data));
+  if (kr->unenc_authdata)
+      ktest_destroy_authorization_data(&(kr->unenc_authdata));
+  if (kr->second_ticket)
+      ktest_destroy_sequence_of_ticket(&(kr->second_ticket));
+
+}
+
+void ktest_empty_kdc_rep(kr)
+     krb5_kdc_rep *kr;
+{
+  if (kr->padata)
+      ktest_destroy_pa_data_array(&(kr->padata));
+
+  if (kr->client)
+      ktest_destroy_principal(&(kr->client));
+
+  if (kr->ticket)
+      ktest_destroy_ticket(&(kr->ticket));
+
+  ktest_destroy_enc_data(&kr->enc_part);
+
+  if (kr->enc_part2) {
+    ktest_empty_enc_kdc_rep_part(kr->enc_part2);
+    free(kr->enc_part2);
+    kr->enc_part2 = NULL;
+  }
+}
+
+
+void ktest_empty_authenticator(a)
+     krb5_authenticator * a;
+{
+
+  if(a->client) 
+    ktest_destroy_principal(&(a->client));
+  if(a->checksum)
+    ktest_destroy_checksum(&(a->checksum));
+  if(a->subkey)
+    ktest_destroy_keyblock(&(a->subkey));
+  if(a->authorization_data)
+    ktest_destroy_authorization_data(&(a->authorization_data));
+}
+
+void ktest_empty_enc_tkt_part(etp)
+     krb5_enc_tkt_part * etp;
+{
+
+  if(etp->session)
+    ktest_destroy_keyblock(&(etp->session));
+  if(etp->client) 
+    ktest_destroy_principal(&(etp->client));
+  if (etp->caddrs)
+      ktest_destroy_addresses(&(etp->caddrs));
+  if(etp->authorization_data)
+    ktest_destroy_authorization_data(&(etp->authorization_data));
+  ktest_destroy_transited(&(etp->transited));
+}
+
+void ktest_destroy_enc_tkt_part(etp)
+     krb5_enc_tkt_part ** etp;
+{
+  if(*etp) {
+    ktest_empty_enc_tkt_part(*etp);
+    free(*etp);
+    *etp = NULL;
+  }
+}
+
+void ktest_empty_enc_kdc_rep_part(ekr)
+     krb5_enc_kdc_rep_part * ekr;
+{
+
+  if(ekr->session)
+    ktest_destroy_keyblock(&(ekr->session));
+
+  if(ekr->server) 
+    ktest_destroy_principal(&(ekr->server));
+
+  if (ekr->caddrs)
+    ktest_destroy_addresses(&(ekr->caddrs));
+  ktest_destroy_last_req(&(ekr->last_req));
+}
+
+
+void ktest_destroy_transited(t)
+     krb5_transited * t;
+{
+  if(t->tr_contents.data)
+    ktest_empty_data(&(t->tr_contents));
+}
+
+
+void ktest_empty_ap_rep(ar)
+     krb5_ap_rep * ar;
+{
+  ktest_destroy_enc_data(&ar->enc_part);
+}
+
+void ktest_empty_ap_req(ar)
+     krb5_ap_req * ar;
+{
+
+  if(ar->ticket)
+      ktest_destroy_ticket(&(ar->ticket));
+  ktest_destroy_enc_data(&(ar->authenticator));
+}
+
+void ktest_empty_cred_enc_part(cep)
+     krb5_cred_enc_part * cep;
+{
+  if (cep->s_address)
+      ktest_destroy_address(&(cep->s_address));
+  if (cep->r_address)
+      ktest_destroy_address(&(cep->r_address));
+  if (cep->ticket_info)
+    ktest_destroy_sequence_of_cred_info(&(cep->ticket_info));
+}
+
+void ktest_destroy_cred_info(ci)
+     krb5_cred_info ** ci;
+{
+  if((*ci)->session)
+    ktest_destroy_keyblock(&((*ci)->session));
+  if((*ci)->client) 
+    ktest_destroy_principal(&((*ci)->client));
+  if((*ci)->server) 
+    ktest_destroy_principal(&((*ci)->server));
+  if ((*ci)->caddrs)
+    ktest_destroy_addresses(&((*ci)->caddrs));
+  free(*ci);
+  *ci = NULL;
+}
+
+void ktest_destroy_sequence_of_cred_info(soci)
+     krb5_cred_info *** soci;
+{
+  int i;
+
+  for(i=0; (*soci)[i] != NULL; i++)
+    ktest_destroy_cred_info(&((*soci)[i]));
+  free(*soci);
+  *soci = NULL;
+}
+
+
+void ktest_empty_safe(s)
+     krb5_safe * s;
+{
+  ktest_empty_data(&(s->user_data));
+  ktest_destroy_address(&(s->s_address));
+  ktest_destroy_address(&(s->r_address));
+  ktest_destroy_checksum(&(s->checksum));
+}
+
+void ktest_empty_priv_enc_part(pep)
+     krb5_priv_enc_part * pep;
+{
+  ktest_empty_data(&(pep->user_data));
+  ktest_destroy_address(&(pep->s_address));
+  ktest_destroy_address(&(pep->r_address));
+}
+
+void ktest_empty_priv(p)
+     krb5_priv * p;
+{
+  ktest_destroy_enc_data(&(p->enc_part));
+}
+
+void ktest_empty_cred(c)
+     krb5_cred * c;
+{
+
+  ktest_destroy_sequence_of_ticket(&(c->tickets));
+  ktest_destroy_enc_data(&(c->enc_part));
+  /* enc_part2 */
+
+}
+
+void ktest_destroy_last_req(lr)
+     krb5_last_req_entry *** lr;
+{
+  int i;
+
+  if(*lr) {
+    for(i=0; (*lr)[i] != NULL; i++) {
+      free((*lr)[i]);
+    }
+    free(*lr);
+  }
+}
+
+void ktest_empty_error(kerr)
+     krb5_error * kerr;
+{
+  if(kerr->client)
+    ktest_destroy_principal(&(kerr->client));
+  if(kerr->server)
+    ktest_destroy_principal(&(kerr->server));
+  ktest_empty_data(&(kerr->text));
+  ktest_empty_data(&(kerr->e_data));
+}
+
+void ktest_empty_ap_rep_enc_part(arep)
+     krb5_ap_rep_enc_part * arep;
+{
+  ktest_destroy_keyblock(&((arep)->subkey));
+}
+
+void ktest_empty_passwd_phrase_element(ppe)
+     passwd_phrase_element * ppe;
+{
+  ktest_destroy_data(&(ppe->passwd));
+  ktest_destroy_data(&(ppe->phrase));
+}
+
+void ktest_empty_pwd_data(pd)
+     krb5_pwd_data * pd;
+{
+  int i;
+
+  for(i=0; i <= pd->sequence_count; i++){
+    if(pd->element[i]) {
+      ktest_empty_passwd_phrase_element(pd->element[i]);
+      free(pd->element[i]);
+      pd->element[i] = NULL;
+    }
+  }
+  free(pd->element);
+  
+}
+
+void ktest_empty_alt_method(am)
+     krb5_alt_method *am;
+{
+  if (am->data) {
+    free(am->data);
+    am->data = NULL;
+  }
+}
+
+void ktest_empty_sam_challenge(p)
+     krb5_sam_challenge * p;
+{
+  ktest_empty_data(&(p->sam_type_name));
+  ktest_empty_data(&(p->sam_track_id));
+  ktest_empty_data(&(p->sam_challenge_label));
+  ktest_empty_data(&(p->sam_challenge));
+  ktest_empty_data(&(p->sam_response_prompt));
+  ktest_empty_data(&(p->sam_pk_for_sad));
+
+  if(p->sam_cksum.contents != NULL) {
+    free(p->sam_cksum.contents);
+    p->sam_cksum.contents = NULL;
+  }
+
+}
+
+void ktest_empty_sam_response(p)
+     krb5_sam_response * p;
+{
+  ktest_empty_data(&(p->sam_track_id));
+  ktest_empty_data(&(p->sam_enc_key.ciphertext));
+  ktest_empty_data(&(p->sam_enc_nonce_or_ts.ciphertext));
+}
index 59e87047c6dacbde129ec8c7b022a5a44a1153d5..915f36a0094395e44b065654bba3c2ad4655994e 100644 (file)
@@ -89,6 +89,8 @@ krb5_error_code ktest_make_sample_alt_method
 
 krb5_error_code ktest_make_sample_etype_info
     (krb5_etype_info_entry *** p);
+krb5_error_code ktest_make_sample_etype_info2
+    (krb5_etype_info_entry *** p);
 krb5_error_code ktest_make_sample_pa_enc_ts
        (krb5_pa_enc_ts *am);
 krb5_error_code ktest_make_sample_sam_challenge
@@ -125,6 +127,8 @@ void ktest_destroy_principal
        (krb5_principal *p);
 void ktest_destroy_checksum
        (krb5_checksum **cs);
+void ktest_empty_keyblock
+       (krb5_keyblock *kb);
 void ktest_destroy_keyblock
        (krb5_keyblock **kb);
 void ktest_destroy_authdata
@@ -135,14 +139,65 @@ void ktest_destroy_sequence_of_ticket
        (krb5_ticket ***sot);
   void ktest_destroy_ticket
        (krb5_ticket **tkt);
+void ktest_empty_ticket
+       (krb5_ticket *tkt);
 void ktest_destroy_enc_data
        (krb5_enc_data *ed);
-
+void ktest_empty_error
+        (krb5_error * kerr);
 void ktest_destroy_etype_info_entry
        (krb5_etype_info_entry *i);
 void ktest_destroy_etype_info
        (krb5_etype_info_entry **info);
 
+void ktest_empty_kdc_req
+        (krb5_kdc_req *kr);
+void ktest_empty_kdc_rep
+        (krb5_kdc_rep *kr);
+
+void ktest_empty_authenticator
+        (krb5_authenticator *a);
+void ktest_empty_enc_tkt_part
+        (krb5_enc_tkt_part * etp);
+void ktest_destroy_enc_tkt_part
+        (krb5_enc_tkt_part ** etp);
+void ktest_empty_enc_kdc_rep_part
+        (krb5_enc_kdc_rep_part * ekr);
+void ktest_destroy_transited
+        (krb5_transited * t);
+void ktest_empty_ap_rep
+        (krb5_ap_rep * ar);
+void ktest_empty_ap_req
+        (krb5_ap_req * ar);
+void ktest_empty_cred_enc_part
+        (krb5_cred_enc_part * cep);
+void ktest_destroy_cred_info
+        (krb5_cred_info ** ci);
+void ktest_destroy_sequence_of_cred_info
+        (krb5_cred_info *** soci);
+void ktest_empty_safe
+        (krb5_safe * s);
+void ktest_empty_priv
+        (krb5_priv * p);
+void ktest_empty_priv_enc_part
+        (krb5_priv_enc_part * pep);
+void ktest_empty_cred
+        (krb5_cred * c);
+void ktest_destroy_last_req
+        (krb5_last_req_entry *** lr);
+void ktest_empty_ap_rep_enc_part
+        (krb5_ap_rep_enc_part * arep);
+void ktest_empty_passwd_phrase_element
+        (passwd_phrase_element * ppe);
+void ktest_empty_pwd_data
+        (krb5_pwd_data * pd);
+void ktest_empty_alt_method
+       (krb5_alt_method *am);
+void ktest_empty_sam_challenge
+       (krb5_sam_challenge * p);
+void ktest_empty_sam_response
+       (krb5_sam_response * p);
+
 extern krb5_context test_context;
 extern char *sample_principal_name;
 
index 0dbfc8d77fa3aefa0611849d7c71b4a26fafdd41..a118c050ded3da7cf12255b18e4f3ecaa6c152b4 100644 (file)
@@ -44,6 +44,8 @@ encode_krb5_alt_method (no data): 30 05 A0 03 02 01 2A
 encode_krb5_etype_info: 30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32
 encode_krb5_etype_info (only 1): 30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30
 encode_krb5_etype_info (no info): 30 00
+encode_krb5_etype_info2: 30 51 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30 30 0F A0 03 02 01 01 A2 08 04 06 73 32 6B 3A 20 31 30 1E A0 03 02 01 02 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 32 A2 08 04 06 73 32 6B 3A 20 32
+encode_krb5_etype_info2 (only 1): 30 20 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30
 encode_krb5_pa_enc_ts: 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40
 encode_krb5_pa_enc_ts (no usec): 30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
 encode_krb5_enc_data: 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
index 2287d5facd4a3f43dfc4d0ab9477b4bef3910b98..95311d3fe2d0813edd94a5b513842f4628d3bf00 100644 (file)
@@ -1124,6 +1124,29 @@ encode_krb5_etype_info (no info):
 
 [Sequence/Sequence Of] 
 
+encode_krb5_etype_info2:
+
+[Sequence/Sequence Of] 
+.  [Sequence/Sequence Of] 
+.  .  [0] [Integer] 0
+.  .  [1] [General string] "Morton's #0"
+.  .  [2] [Octet String] "s2k: 0"
+.  [Sequence/Sequence Of] 
+.  .  [0] [Integer] 1
+.  .  [2] [Octet String] "s2k: 1"
+.  [Sequence/Sequence Of] 
+.  .  [0] [Integer] 2
+.  .  [1] [General string] "Morton's #2"
+.  .  [2] [Octet String] "s2k: 2"
+
+encode_krb5_etype_info2 (only 1):
+
+[Sequence/Sequence Of] 
+.  [Sequence/Sequence Of] 
+.  .  [0] [Integer] 0
+.  .  [1] [General string] "Morton's #0"
+.  .  [2] [Octet String] "s2k: 0"
+
 encode_krb5_pa_enc_ts:
 
 [Sequence/Sequence Of] 
index 07addc4a1202819e069fbc1ca1d9e4fb25433cfb..526cdce2d3d5d0f464b1fe4a1dc3c84bc0715a27 100644 (file)
@@ -2,6 +2,7 @@
 #include "utility.h"
 #include <stdlib.h>
 #include <stdio.h>
+#include <ctype.h>
 
 char hexchar (const unsigned int digit);
 
@@ -60,33 +61,40 @@ krb5_error_code krb5_data_parse(d, s)
   return 0;
 }
 
-krb5_error_code krb5_data_hex_parse(d, s)
-     krb5_data * d;
-     const char * s;
+krb5_error_code krb5_data_hex_parse(krb5_data *d, const char *s)
 {
-  int i, digit;
-  char *copy; 
-  char *pos;
+    int lo;
+    long v;
+    const char *cp;
+    char *dp;
+    char buf[2];
 
-    /* 
-     * Do a strdup() and use that, because some systems can't handle non
-     * writeable strings being passed to sscanf() --proven.
-     */
-    copy = strdup(s);
-  d->data = (char*)calloc((strlen(copy)+1)/3,sizeof(char));
-  if(d->data == NULL) return ENOMEM;
-  d->length = (strlen(copy)+1)/3;
-  for(i=0,pos=(char*)copy; i<d->length; i++,pos+=3){
-    if(!sscanf(pos,"%x",&digit)) {
-#ifdef KRB5_USE_ISODE
-           return EINVAL;
-#else
+    d->data = calloc((strlen(s) / 2 + 1), 1);
+    if (d->data == NULL)
+       return ENOMEM;
+    d->length = 0;
+    buf[1] = '\0';
+    for (lo = 0, dp = d->data, cp = s; *cp; cp++) {
+       if (*cp < 0)
            return ASN1_PARSE_ERROR;
-#endif
+       else if (isspace(*cp))
+           continue;
+       else if (isxdigit(*cp)) {
+           buf[0] = *cp;
+           v = strtol(buf, NULL, 16);
+       } else
+           return ASN1_PARSE_ERROR;
+       if (lo) {
+           *dp++ |= v;
+           lo = 0;
+       } else {
+           *dp = v << 4;
+           lo = 1;
+       }
     }
-    d->data[i] = (char)digit;
-  }
-  return 0;
+
+    d->length = dp - d->data;
+    return 0;
 }
 
 #if 0
index 205eb1dc41b5865f986ff8d246ed6b7cfa6d7770..cc814503422258e4bed3af0fbaa96d6a209ea0de 100644 (file)
@@ -26,4 +26,5 @@ else
        KRB4_DEJAGNU_TEST="KRBIV=1"
 fi
 AC_SUBST(KRB4_DEJAGNU_TEST)
+KRB5_AC_PRIOCNTL_HACK
 V5_AC_OUTPUT_MAKEFILE(. resolve asn.1 create hammer verify gssapi dejagnu)
index 02e46dfbccd3cac095f5cab276cfad3e403d54bb..001b6b1f402661bbea8da3c75bd0d8096519614b 100644 (file)
@@ -1,3 +1,8 @@
+2003-05-22  Ezra Peisach  <epeisach@mit.edu>
+
+       * kdb5_mkdums.c (main): When attempting to register writable
+       keytab, do not fail if error is KRB5_KT_TYPE_EXISTS.
+
 2002-08-29  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.in: Revert $(S)=>/ change, for Windows support.
index babce9eb10ce3ed7d4c86b570e9ee7ca810c632f..119cef001d92d7ef0a85d528601875225a1e0061 100644 (file)
@@ -25,7 +25,8 @@ clean::
 #
 $(OUTPRE)kdb5_mkdums.$(OBJEXT): kdb5_mkdums.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SS_DEPS)
+  $(SS_DEPS)
 
index d9c34062da0a006be993d8c4ee627ec5541ebf0a..4a1f0e94f958171693a20388af7df718a26485ca 100644 (file)
@@ -151,9 +151,11 @@ main(argc, argv)
 
 
     if ((retval = krb5_kt_register(test_context, &krb5_ktf_writable_ops))) {
-       com_err(progname, retval,
+        if (retval != KRB5_KT_TYPE_EXISTS) {
+         com_err(progname, retval,
                "while registering writable key table functions");
-       exit(1);
+         exit(1);
+       }
     }
 
     if (!enctypedone)
index 51affdd6ed0a76b41657a6697037f538fb8bdab3..560919156f2b23a426167e38ab33be8f3057cd55 100644 (file)
@@ -1,3 +1,7 @@
+2004-02-12  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in (check-runtest-yes): Add PRIOCNTL_HACK.
+
 2003-01-05  Sam Hartman  <hartmans@mit.edu>
 
        * t_inetd.c: Remove declaration of errno
index e245299334bba45283cecf8c3ef43cb4ebc2a77e..15e82c263334a4ecb0bee9d5bdbe62cd78581f6b 100644 (file)
@@ -22,7 +22,7 @@ check-runtest-no::
        @echo "+++"
 
 check-runtest-yes:: t_inetd site.exp
-       $(RUNTEST) --tool krb --srcdir $(srcdir) $(KRB4_RUNTESTFLAGS) $(RUNTESTFLAGS)
+       $(RUNTEST) --tool krb --srcdir $(srcdir) $(KRB4_RUNTESTFLAGS) PRIOCNTL_HACK=@PRIOCNTL_HACK@ $(RUNTESTFLAGS)
 
 t_inetd:: t_inetd.o $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o t_inetd t_inetd.o $(KRB5_BASE_LIBS)
@@ -44,6 +44,7 @@ runenv.vals: runenv.vars
 site.exp: runenv.vals
        echo "set runvarlist [list `cat runenv.vals | tr '\n' ' '`]" | \
                sed -e 's%=\.%='`pwd`'/.%g' > site.exp
+
 # +++ Dependency line eater +++
 # 
 # Makefile dependencies follow.  This must be the last section in
index 7d8589b47df11d728e50ec4d189325c72030f093..17104bbb3a54fe890b9a3535f5647c5c7399127f 100644 (file)
@@ -1,3 +1,80 @@
+2004-02-13  Tom Yu  <tlyu@mit.edu>
+
+       * default.exp (PRIOCNTL_HACK): Use "==" instead of "eq", which is
+       not present in tcl-8.3.
+
+2004-02-12  Tom Yu  <tlyu@mit.edu>
+
+       * default.exp (PRIOCNTL_HACK): Wrap "spawn" to do priocntl things
+       to work around Solaris 9 pty-close bug.
+
+2003-06-05  Ken Raeburn  <raeburn@mit.edu>
+
+       * default.exp (setup_root_shell): Check for "not authorized".  Map
+       eof to unsupported.
+
+2003-06-04  Tom Yu  <tlyu@mit.edu>
+
+       * default.exp (setup_root_shell): Don't try to use the procedure
+       "-" when handling error messages from rlogin.
+
+2003-06-03  Ken Raeburn  <raeburn@mit.edu>
+
+       * default.exp (setup_root_shell): Handle error messages indicating
+       "-x" isn't supported.
+       (start_kerberos_daemons): "cannont" => "cannot".
+
+2003-06-01  Ken Raeburn  <raeburn@mit.edu>
+
+       * default.exp: Default RLOGIN_FLAGS to "-x".
+       (start_kerberos_daemons): Watch for "Cannot bind server socket"
+       and log it.  Watch for "no sockets set up" and report an error.
+       (setup_root_shell): Watch for "Cannot assign requested address",
+       log it and give up.
+
+2003-05-21  Tom Yu  <tlyu@mit.edu>
+
+       * default.exp: Be slightly more lenient about matching password
+       prompts.
+
+2003-05-16  Ken Raeburn  <raeburn@mit.edu>
+
+       * default.exp (spawn_xterm): Add KPASSWD and REALMNAME to the list
+       of exported variables.
+
+2003-04-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * default.exp: Add passes for testing AES.
+       (start_kerberos_daemons): Add a small delay between starting the
+       "tail -f" processes and appending the markers to their files.
+       (spawn_xterm): Add RLOGIN, RLOGIND, FTP, and FTPD to the list of
+       variables to export to the environment.  Check that variables are
+       defined before exporting them.
+
+2003-03-28  Tom Yu  <tlyu@mit.edu>
+
+       * default.exp (start_kerberos_daemons): If we get a timeout
+       looking for the mark, log out the last 10 lines of the kdc
+       logfile.
+
+2003-03-26  Tom Yu  <tlyu@mit.edu>
+
+       * default.exp (v4kinit): Expect failure when kiniting to a des3
+       TGT, due to fix for MITKRB5-SA-2003-004.
+       (setup_kadmind_srvtab): Remove.  It's not needed anymore.
+
+2003-03-14  Ken Raeburn  <raeburn@mit.edu>
+
+       * default.exp (setup_root_shell): If we get connection refused
+       messages, followed by no unrecognized errors and then eof, report
+       it as an unsupported test.
+
+2003-03-14  Ken Raeburn  <raeburn@mit.edu>
+
+       * default.exp (setup_root_shell): If we get connection refused
+       messages, followed by no unrecognized errors and then eof, report
+       it as an unsupported test.
+
 2003-02-04  Tom Yu  <tlyu@mit.edu>
 
        * default.exp (start_kerberos_daemons): Use correct argument to
index f025eb76377c6a52f19c55c98c2742c4c0ce1f51..c80d01e8fe854737fde8dc1bed11728e9618258d 100644 (file)
@@ -54,6 +54,44 @@ if 0 {
     }
 }
 
+# Hack around Solaris 9 kernel race condition that causes last output
+# from a pty to get dropped.
+if { $PRIOCNTL_HACK } {
+    catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
+    rename spawn oldspawn
+    proc spawn { args } {
+       upvar 1 spawn_id spawn_id
+       set newargs {}
+       set inflags 1
+       set eatnext 0
+       foreach arg $args {
+           if { $arg == "-ignore" \
+                    || $arg == "-open" \
+                    || $arg == "-leaveopen" } {
+               lappend newargs $arg
+               set eatnext 1
+               continue
+           }
+           if [string match "-*" $arg] {
+               lappend newargs $arg
+               continue
+           }
+           if { $eatnext } {
+               set eatnext 0
+               lappend newargs $arg
+               continue
+           }
+           if { $inflags } {
+               set inflags 0
+               set newargs [concat $newargs {priocntl -e -c FX -p 0}]
+           }
+           lappend newargs $arg
+       }
+       set pid [eval oldspawn $newargs]
+       return $pid
+    }
+}
+
 # The des.des3-tgt.no-kdc-des3 pass will fail if the KDC doesn't
 # constrain ticket key enctypes to those in permitted_enctypes.  It
 # does this by not putting des3 in the permitted_enctypes, while
@@ -85,6 +123,39 @@ set passes {
        {kdc_supported_enctypes=des3-cbc-sha1:normal des-cbc-crc:normal}
        {dummy=[verbose -log "DES3 TGT, DES3 + DES enctypes"]}
     }
+    {
+       aes
+       des3_krbtgt=0
+       {supported_enctypes=aes256-cts-hmac-sha1-96:normal des-cbc-crc:normal}
+       {kdc_supported_enctypes=aes256-cts-hmac-sha1-96:normal des-cbc-crc:normal}
+       {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des-cbc-crc}
+       {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des-cbc-crc}
+       {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des-cbc-crc}
+       {master_key_type=aes256-cts-hmac-sha1-96}
+       {dummy=[verbose -log "AES + DES enctypes"]}
+    }
+    {
+       aes-des3
+       des3_krbtgt=0
+       {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des-cbc-crc:normal}
+       {kdc_supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des-cbc-crc:normal}
+       {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+       {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+       {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+       {master_key_type=aes256-cts-hmac-sha1-96}
+       {dummy=[verbose -log "AES + DES enctypes"]}
+    }
+    {
+       des3-aes
+       des3_krbtgt=1
+       {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des-cbc-crc:normal}
+       {kdc_supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des-cbc-crc:normal}
+       {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+       {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+       {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+       {master_key_type=aes256-cts-hmac-sha1-96}
+       {dummy=[verbose -log "AES + DES enctypes, DES3 TGT"]}
+    }
     {
        des-v4
        des3_krbtgt=0
@@ -203,31 +274,30 @@ set unused_passes {
        all-enctypes
        des3_krbtgt=1
        {supported_enctypes=\
-       rijndael256-hmac-sha1:normal rijndael192-hmac-sha1:normal rijndael128-hmac-sha1:normal \
-       serpent256-hmac-sha1:normal serpent192-hmac-sha1:norealm serpent128-hmac-sha1:normal \
-       twofish256-hmac-sha1:normal twofish192-hmac-sha1:norealm twofish128-hmac-sha1:normal \
+       aes256-cts-hmac-sha1-96:normal aes256-cts-hmac-sha1-96:norealm \
+       aes128-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:norealm \
        des3-cbc-sha1:normal des3-cbc-sha1:none \
        des-cbc-md5:normal des-cbc-md4:normal des-cbc-crc:normal \
        des-cbc-md5:v4 des-cbc-md4:v4 des-cbc-crc:v4 \
        }
        {kdc_supported_enctypes=\
-       rijndael256-hmac-sha1:normal rijndael192-hmac-sha1:normal rijndael128-hmac-sha1:normal \
-       serpent256-hmac-sha1:normal serpent192-hmac-sha1:norealm serpent128-hmac-sha1:normal \
-       twofish256-hmac-sha1:normal twofish192-hmac-sha1:norealm twofish128-hmac-sha1:normal \
        des3-cbc-sha1:normal des3-cbc-sha1:none \
        des-cbc-md5:normal des-cbc-md4:normal des-cbc-crc:normal \
        des-cbc-md5:v4 des-cbc-md4:v4 des-cbc-crc:v4 \
        }
        {dummy=[verbose -log "DES3 TGT, default enctypes"]}
     }
+    # This won't work for anything using GSSAPI until it gets AES support.
     {
-       aes
+       aes-only
        des3_krbtgt=0
-       {supported_enctypes=des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal}
-       {kdc_supported_enctypes=des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal}
-       {default_tgs_enctypes=rijndael256-hmac-sha1 des-cbc-crc}
-       {default_tkt_enctypes=rijndael256-hmac-sha1 des-cbc-crc}
-       {dummy=[verbose -log "DES3 TGT, default enctypes"]}
+       {supported_enctypes=aes256-cts-hmac-sha1-96:normal}
+       {kdc_supported_enctypes=aes256-cts-hmac-sha1-96:normal}
+       {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96}
+       {permitted_enctypes(client)=aes256-cts-hmac-sha1-96}
+       {permitted_enctypes(server)=aes256-cts-hmac-sha1-96}
+       {master_key_type=aes256-cts-hmac-sha1-96}
+       {dummy=[verbose -log "AES only, no DES or DES3 support"]}
     }
 }
 #      {supported_enctypes=des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal }
@@ -346,7 +416,7 @@ if ![info exists RLOGIN] {
 }
 
 if ![info exists RLOGIN_FLAGS] {
-    set RLOGIN_FLAGS ""
+    set RLOGIN_FLAGS "-x"
 }
 
 # We use a couple of variables to hold shell prompts which may be
@@ -692,7 +762,6 @@ proc setup_kerberos_files { } {
        puts $conffile "                database_name = $tmppwd/db"
        puts $conffile "                admin_database_name = $tmppwd/adb"
        puts $conffile "                admin_database_lockfile = $tmppwd/adb.lock"
-       puts $conffile "                admin_keytab = $tmppwd/admin-keytab"
        puts $conffile "                key_stash_file = $tmppwd/stash"
        puts $conffile "                acl_file = $tmppwd/acl"
        puts $conffile "                kadmind_port = 3750"
@@ -938,83 +1007,6 @@ proc restore_kerberos_env { } {
 
 }
 
-# setup_kadmind_srvtab
-# A procedure to build the srvtab for kadmind5 so that kadmin5 and it
-# may successfully communicate.
-# Returns 1 on success, 0 on failure.
-proc setup_kadmind_srvtab {  } {
-    global REALMNAME
-    global KADMIN_LOCAL
-    global KEY
-    global tmppwd
-
-    catch "exec rm -f $tmppwd/admin-keytab"
-    envstack_push
-    setup_kerberos_env kdc
-    spawn $KADMIN_LOCAL -r $REALMNAME
-    envstack_pop
-    catch expect_after
-    expect_after {
-       -re "(.*)\r\nkadmin.local:  " {
-           fail "kadmin.local admin-keytab (unmatched output: $expect_out(1,string)"
-           catch "exec rm -f $tmppwd/admin-keytab"
-           catch "expect_after"
-           return 0
-       }
-       timeout {
-           fail "kadmin.local admin-keytab (timeout)"
-           catch "exec rm -f $tmppwd/admin-keytab"
-           catch "expect_after"
-           return 0
-       }
-       eof {
-           fail "kadmin.local admin-keytab (eof)"
-           catch "exec rm -f $tmppwd/admin-keytab"
-           catch "expect_after"
-           return 0
-       }
-    }
-    expect "kadmin.local:  "
-    send "xst -k admin-new-srvtab kadmin/admin\r"
-    expect "xst -k admin-new-srvtab kadmin/admin\r\n"
-    expect -re ".*Entry for principal kadmin/admin.* added to keytab WRFILE:admin-new-srvtab."
-    expect "kadmin.local:  "
-
-    catch "exec mv -f admin-new-srvtab changepw-new-srvtab" exec_output
-    if ![string match "" $exec_output] {
-       verbose -log "$exec_output"
-       perror "can't mv admin-new-srvtab"
-       catch expect_after
-       return 0
-    }
-
-    send "xst -k changepw-new-srvtab kadmin/changepw\r"
-    expect "xst -k changepw-new-srvtab kadmin/changepw\r\n"
-    expect -re ".*Entry for principal kadmin/changepw.* added to keytab WRFILE:changepw-new-srvtab."
-    expect "kadmin.local:  "
-    send "quit\r"
-    expect eof
-    catch expect_after
-    if ![check_exit_status "kadmin.local admin-keytab"] {
-       catch "exec rm -f $tmppwd/admin-keytab"
-       perror "kadmin.local admin-keytab exited abnormally"
-       return 0
-    }
-
-    catch "exec mv -f changepw-new-srvtab $tmppwd/admin-keytab" exec_output
-    if ![string match "" $exec_output] {
-       verbose -log "$exec_output"
-       perror "can't mv new admin-keytab"
-       return 0
-    }
-
-    # Make the srvtab file globally readable in case we are using a
-    # root shell and the srvtab is NFS mounted.
-    catch "exec chmod a+r $tmppwd/admin-keytab"
-
-    return 1
-}
-
 # setup_kerberos_db
 # Initialize the Kerberos database.  If the argument is non-zero, call
 # pass at relevant points.  Returns 1 on success, 0 on failure.
@@ -1270,12 +1262,7 @@ proc setup_kerberos_db { standalone } {
            }
        }
     }
-    # XXX should deal with envstack inside setup_kadmind_srvtab too
-    set ret [setup_kadmind_srvtab]
     envstack_pop
-    if !$ret {
-       return 0
-    }
 
     # create the admin database lock file
     catch "exec touch $tmppwd/adb.lock"
@@ -1336,8 +1323,10 @@ proc start_kerberos_daemons { standalone } {
     set tailf_pid [exp_pid]
 
     set markstr "===MARK $tailf_pid [exec date] ==="
+    sleep 2
     set f [open $kdc_lfile a]
     puts $f $markstr
+    flush $f
     close $f
 
     expect {
@@ -1345,6 +1334,8 @@ proc start_kerberos_daemons { standalone } {
        -ex "$markstr\r\n" { }
        -re "\[^\r\n\]*\r\n" { exp_continue }
        timeout {
+           verbose -log "tail $kdc_lfile output:"
+           verbose -log [exec tail $kdc_lfile]
            if {$standalone} {
                verbose -log "tail -f timed out ($timeout sec) looking for mark in kdc log"
                fail "krb5kdc"
@@ -1369,6 +1360,23 @@ proc start_kerberos_daemons { standalone } {
     expect {
        -i $tailf_spawn_id
        -re "commencing operation\r\n" { }
+       -re "krb5kdc: \[a-zA-Z\]* - Cannot bind server socket to \[ 0-9a-fA-F:.\]*\r\n" {
+           verbose -log "warning: $expect_out(0,string)"
+           exp_continue
+       }
+       "no sockets set up?" {
+           if {$standalone} {
+               verbose -log "krb5kdc startup failed to bind listening sockets"
+               fail "krb5kdc"
+           } else {
+               perror "krb5kdc startup failed to bind listening sockets"
+           }
+           stop_kerberos_daemons
+           exec kill $tailf_pid
+           expect -i $tailf_spawn_id eof
+           wait -i $tailf_spawn_id
+           return 0
+       }
        timeout {
            if {$standalone} {
                verbose -log "krb5kdc startup timed out"
@@ -1413,6 +1421,7 @@ proc start_kerberos_daemons { standalone } {
     set tailf_pid [exp_pid]
 
     set markstr "===MARK $tailf_pid [exec date] ==="
+    sleep 2
     set f [open $kadmind_lfile a]
     puts $f $markstr
     close $f
@@ -1455,7 +1464,7 @@ proc start_kerberos_daemons { standalone } {
     expect {
        -i $tailf_spawn_id
        "Seeding random number" exp_continue
-       "cannont initialize network" {
+       "cannot initialize network" {
            if {$standalone} {
                verbose -log "kadmind failed network init"
                fail "kadmind"
@@ -1588,7 +1597,7 @@ proc add_kerberos_key { kkey standalone } {
                break
            }
        }
-       expect "Enter password:"
+       expect -re "assword\[^\r\n\]*: *"
        send "adminpass$KEY\r"
        expect "Enter password for principal \"$kkey@$REALMNAME\":"
        send "$kkey"
@@ -1650,7 +1659,7 @@ proc add_random_key { kkey standalone } {
                break
            }
        }
-       expect "Enter password:"
+       expect -re "assword\[^\r\n\]*: *"
        send "adminpass$KEY\r"
        expect {
            "Principal \"$kkey@$REALMNAME\" created" { }
@@ -2029,6 +2038,7 @@ proc v4kinit { name pass standalone } {
     global REALMNAME
     global KINIT
     global spawn_id
+    global des3_krbtgt
 
     # Use kinit to get a ticket.
        #
@@ -2052,10 +2062,20 @@ proc v4kinit { name pass standalone } {
     }
     send "$pass\r"
     expect eof
-    if ![check_exit_status kinit] {
-       return 0
+    if {$des3_krbtgt == 0} {
+       if ![check_exit_status v4kinit] {
+           return 0
+       }
+    } else {
+       # Fail if kinit is successful with a des3 TGT.
+       set status_list [wait -i $spawn_id]
+       set testname v4kinit
+       verbose "wait -i $spawn_id returned $status_list ($testname)"
+       if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } {
+           verbose -log "exit status: $status_list"
+           fail "$testname (exit status)"
+       }
     }
-
     if {$standalone} {
        pass "v4kinit"
     }
@@ -2234,19 +2254,35 @@ proc setup_root_shell { testname } {
     set rlogin_pid [exp_pid]
     set old_timeout $timeout
     set timeout 300
+    set got_refused 0
 
     expect {
        -re {connect to address [0-9a-fA-F.:]*: Connection refused} {
            note $expect_out(buffer)
+           set got_refused 1
            exp_continue
        }
-       -re "word:|erberos rlogin failed|ection refused|ection reset by peer" {
+       -re "word:|erberos rlogin failed|ection refused|ection reset by peer|not authorized" {
            note "$testname test requires ability to rlogin as root"
            unsupported "$testname"
            set timeout $old_timeout
            stop_root_shell
            return 0
        }
+       "Cannot assign requested address" {
+           note "$testname: rlogin as root 'cannot assign requested address'"
+           unsupported "$testname"
+           set timeout $old_timeout
+           stop_root_shell
+           return 0
+       }
+       -re "usage: rlogin|illegal option -- x|invalid option -- x" {
+           note "$testname: rlogin doesn't like command-line flags"
+           unsupported "$testname"
+           set timeout $old_timeout
+           stop_root_shell
+           return 0
+       }
        -re "$ROOT_PROMPT" { }
        timeout {
            perror "timeout from rlogin $hostname -l root"
@@ -2257,7 +2293,17 @@ proc setup_root_shell { testname } {
            return 0
        }
        eof {
-           perror "eof from rlogin $hostname -l root"
+           if {$got_refused} {
+               # reported some errors, continued, and failed
+               note "$testname test requires ability to log in as root"
+               unsupported $testname
+           } else {
+               # unknown problem?
+#              perror "eof from rlogin $hostname -l root"
+               note "eof (and unrecognized messages?) from rlogin $hostname -l root"
+               note "$testname test requires ability to log in as root"
+               unsupported $testname
+           }
            stop_root_shell
            set timeout $old_timeout
            catch "expect_after"
@@ -2501,9 +2547,9 @@ proc krb_exit { } {
 # helpful sometimes for debugging the test suite
 proc spawn_xterm { } {
     global env
-    foreach i {KDB5_UTIL KRB5KDC KADMIND KADMIN KADMIN_LOCAL KINIT KTUTIL KLIST} {
+    foreach i {KDB5_UTIL KRB5KDC KADMIND KADMIN KADMIN_LOCAL KINIT KTUTIL KLIST RLOGIN RLOGIND FTP FTPD KPASSWD REALMNAME} {
        global $i
-       set env($i) [set $i]
+       if [info exists $i] { set env($i) [set $i] }
     }
     exec "xterm"
 }
index fe3f185a6b1801532ed327cf9f19c593a06b6a62..9755ebf6cda0dd2bcc1b59b0b09b5530f48a3233 100644 (file)
@@ -1,3 +1,23 @@
+2004-02-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * gssapi.exp (doit): Run server with additional options to export
+       and re-import the GSSAPI context, and log info to a file in
+       tmpdir.
+
+2003-05-21  Tom Yu  <tlyu@mit.edu>
+
+       * kadmin.exp: Be slightly more lenient about matching password
+       prompts.
+
+2003-03-26  Tom Yu  <tlyu@mit.edu>
+
+       * v4gssftp.exp (v4ftp_test): Return early if $des3_krbtgt set.
+
+       * v4krb524d.exp (doit): Return early if $des3_krbtgt set.
+
+       * v4standalone.exp (check_and_destroy_v4_tix): Return early if
+       $des3_krbtgt set.
+
 2003-01-01  Ezra Peisach  <epeisach@bu.edu>
 
        * standalone.exp: Only run the keytab to srvtab tests if kerberos 4
index fa717282e58e9f3ed8470e22477a1ff68819b820..b4046a31051dcdd51f66207f45fd20bff9739658 100644 (file)
@@ -280,7 +280,7 @@ proc doit { } {
     verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
 
     # Now start the gss-server.
-    spawn $GSSSERVER -port 5556 gssservice@$hostname
+    spawn $GSSSERVER -export -logfile $tmppwd/gss-server.log -verbose -port 5556 gssservice@$hostname
     set gss_server_pid [exp_pid]
     set gss_server_spawn_id $spawn_id
     sleep 2
index d4754e489c7eae83e53676cd3f709ec26e3d51a7..ded386d3de1c67dd00338adc305ea499ba32fb9a 100644 (file)
@@ -52,7 +52,7 @@ proc kadmin_add { pname password } {
            return 0
        }
     }
-    expect "Enter password:" {
+    expect -re "assword\[^\r\n\]*:" {
        send "adminpass$KEY\r"
     }
     expect "Enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
@@ -155,7 +155,7 @@ proc kadmin_add_rnd { pname } {
            return 0
        }
     }
-    expect "Enter password:" {
+    expect -re "assword\[^\r\n\]*: *" {
        send "adminpass$KEY\r"
     }
     expect "Principal \"$pname@$REALMNAME\" created." { set good 1 }
@@ -236,7 +236,7 @@ proc kadmin_show { pname } {
            return 0
        }
     }
-    expect "Enter password:"
+    expect -re "assword\[^\r\n\]*: *"
     send "adminpass$KEY\r"
     expect -re "\r.*Principal: $pname@$REALMNAME.*Key: .*Attributes:.*Policy: .*\r"
     expect_after
@@ -277,7 +277,7 @@ proc kadmin_cpw { pname password } {
            return 0
        }
     }
-    expect "Enter password:" {
+    expect -re "assword\[^\r\n\]*: *" {
        send "adminpass$KEY\r"
     }
 
@@ -324,7 +324,7 @@ proc kadmin_cpw_rnd { pname } {
            return 0
        }
     }
-    expect "Enter password:" {
+    expect -re "assword\[^\r\n\]*: *" {
        send "adminpass$KEY\r"
     }
     # When in doubt, jam one of these in there.
@@ -368,7 +368,7 @@ proc kadmin_modify { pname flags } {
            return 0
        }
     }
-    expect "Enter password:"
+    expect -re "assword\[^\r\n\]*: *"
     send "adminpass$KEY\r"
     # When in doubt, jam one of these in there.
     expect "\r"
@@ -413,7 +413,7 @@ proc kadmin_list {  } {
            return 0
        }
     }
-    expect "Enter password:" {
+    expect -re "assword\[^\r\n\]*: *" {
        send "adminpass$KEY\r"
     }
     expect -re "\(.*@$REALMNAME\r\n\)*"
@@ -459,7 +459,7 @@ proc kadmin_extract { instance name } {
            return 0
        }
     }
-    expect "Enter password:" {
+    expect -re "assword\[^\r\n\]*: *" {
        send "adminpass$KEY\r"
     }
 #    expect -re "kadmin: Entry for principal $name/$instance with kvno [0-9], encryption type .* added to keytab WRFILE:$tmppwd/keytab."
@@ -504,7 +504,7 @@ proc kadmin_extract { instance name } {
 #          return 0
 #      }
 #    }
-#    expect "Enter password:" {
+#    expect -re "assword\[^\r\n\]*: *" {
 #      send "adminpass$KEY\r"
 #    }
 #    expect "extracted entry $name to key table $instance-new-v4-srvtab"
@@ -550,7 +550,7 @@ proc kadmin_delete { pname } {
            return 0
        }
     }
-    expect "Enter password:" {
+    expect -re "assword\[^\r\n\]*: *" {
        send "adminpass$KEY\r"
     }
     expect "Principal \"$pname@$REALMNAME\" deleted." { set good 1 }
@@ -676,7 +676,7 @@ proc kadmin_addpol { pname } {
            return 0
        }
     }
-    expect "Enter password:" {
+    expect -re "assword\[^\r\n\]*: *" {
        send "adminpass$KEY\r"
     }
     expect_after
@@ -759,7 +759,7 @@ proc kadmin_delpol { pname } {
            return 0
        }
     }
-    expect "Enter password:" {
+    expect -re "assword\[^\r\n\]*: *" {
        send "adminpass$KEY\r"
     }
     expect_after
@@ -834,7 +834,7 @@ proc kadmin_listpols {  } {
            return 0
        }
     }
-    expect "Enter password:" {
+    expect -re "assword\[^\r\n\]*: *" {
        send "adminpass$KEY\r"
     }
     expect_after
@@ -875,7 +875,7 @@ proc kadmin_modpol { pname flags } {
            return 0
        }
     }
-    expect "Enter password:"
+    expect -re "assword\[^\r\n\]*: *"
     send "adminpass$KEY\r"
     # When in doubt, jam one of these in there.
     expect "\r"
@@ -918,7 +918,7 @@ proc kadmin_showpol { pname } {
            return 0
        }
     }
-    expect "Enter password:"
+    expect -re "assword\[^\r\n\]*: *"
     send "adminpass$KEY\r"
     expect -re "\r.*Policy: $pname.*Number of old keys kept: .*Reference count: .*\r"
     expect_after
index c0b95d0ae02769ef36952ab9c00aece399b830a9..c4d5fd35c4fe27250137f82762378bab58022dd3 100644 (file)
@@ -179,7 +179,11 @@ proc v4ftp_test { } {
     global tmppwd
     global ftp_save_ktname
     global ftp_save_ccname
+    global des3_krbtgt
 
+    if {$des3_krbtgt} {
+       return
+    }
     # Start up the kerberos and kadmind daemons and get a srvtab and a
     # ticket file.
     if {![start_kerberos_daemons 0] \
index 5506a06b7dc9bdd3fd87a3c126f83c7df01f9d9b..6e922c7e15fc16630e99b8eff0ec5d71f793271f 100644 (file)
@@ -78,7 +78,11 @@ proc doit { } {
     global KDESTROY
     global tmppwd
     global REALMNAME
+    global des3_krbtgt
 
+    if {$des3_krbtgt} {
+       return
+    }
     # Start up the kerberos and kadmind daemons.
     if ![start_kerberos_daemons 1] {
        return
index 62db0a794b94a49606077ffd3ffbdd97f621d6b9..cc42e8dabad9f33742ca555360c1b3d6f13c7690 100644 (file)
@@ -26,7 +26,12 @@ if ![setup_kerberos_db 1] {
 
 proc check_and_destroy_v4_tix { client server } {
     global REALMNAME
+    global des3_krbtgt
 
+    # Skip this if we're using a des3 TGT, since that's supposed to fail.
+    if {$des3_krbtgt} {
+       return
+    }
     # Make sure that klist can see the ticket.
     if ![v4klist "$client" "$server" "v4klist"] {
        return
index 67cf97620f57cee4f187f102a135073081fa4ea2..a74aee02faf546363f167da41e0169c9e2f70896 100644 (file)
@@ -24,7 +24,7 @@ clean::
 #
 $(OUTPRE)kdc5_hammer.$(OBJEXT): kdc5_hammer.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
 
index e88913df99ea3b01c844749bb52302c9ad988ec7..dd923a6928673292cf11a65d329fba126a62e1d5 100644 (file)
@@ -24,7 +24,8 @@ clean::
 #
 $(OUTPRE)kdb5_verify.$(OBJEXT): kdb5_verify.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SS_DEPS)
+  $(SS_DEPS)
 
index 926b6c46d034f88d65d641522698b5336ff7dffe..c78eb048844d6d9719aa0a6192de1a9973e0174b 100644 (file)
@@ -1,3 +1,35 @@
+2004-02-12  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in (all-unix, clean-unix): Add new rule to build fake
+       root directory for _RLD_ROOT hacks.
+
+2003-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * depfix.sed: Don't check for krb524 headers.
+
+2003-05-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * depgen.sed: Put print command on separate lines from
+       substitution commands, instead of using s///p form.
+
+2003-05-15  Tom Yu  <tlyu@mit.edu>
+
+       * mkrel: Remote autom4te.cache files.
+
+2003-04-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * reconf: Restore support for 2.52; reject older versions.
+
+2003-04-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * reconf: Drop support for 2.52 and earlier.
+
+2003-04-10  Tom Yu  <tlyu@mit.edu>
+
+       * reconf: Warn if autoconf-2.52 is used, as it generates buggy
+       configure scripts that don't work with BSD /bin/sh, and don't
+       comply with POSIX.2 (no conditions inside "case" statement).
+
 2003-02-05  Tom Yu  <tlyu@mit.edu>
 
        * mkrel: Exclude .rconf files.
index 1176f2a38f4a2a9cff3ea3631f7eaac1bb0edced..69e075fd87600e1c597bf6dd38da226e34ad973c 100644 (file)
@@ -26,8 +26,15 @@ HAVE_GCC=@HAVE_GCC@
 SLIBSH=sed -e 's|@''CC''@|$(CC)|g' -e 's,@''HOST_TYPE''@,$(HOST_TYPE),g' -e 's,@''HAVE_GCC''@,$(HAVE_GCC),g'
 
 all-recurse: libupdate makeshlib
+all-unix:: $(FAKEPREFIX)/lib
 all-mac::
 
+$(FAKEPREFIX)/lib:
+       $(SRCTOP)/config/mkinstalldirs $(FAKEPREFIX) && ln -s `pwd`/../lib $(FAKEPREFIX)
+
+clean-unix::
+       $(RM) -r $(FAKEPREFIX)
+
 NO_OUTDIR=1
 all-windows::
        @echo Making in util\windows
index acac38ef1967c7ecd5f3822d1adb7ea2b89ce46f..4259b31ed01f4e320337affd277a9773dd1dd7d8 100644 (file)
@@ -1,3 +1,24 @@
+2004-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * configure.in: Check for sys/param.h too.
+
+2004-05-07  Ken Raeburn  <raeburn@mit.edu>
+
+       * configure.in: Check for machine/endian.h too.
+
+2004-05-05  Ken Raeburn  <raeburn@mit.edu>
+
+       * Makefile.in (all-prerecurse): Make sure headers generated by
+       config.status are up to date.
+       (include/config.h, $(srcdir)/include/config.h.in,
+       include/db-config.h): New rules.
+       * configure.in: Don't check byte order here.  Check for endian.h.
+
+2003-04-01  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in (install-unix): Delete install-libs.  We don't want
+       to install our in-tree libdb.
+
 2003-01-10  Ken Raeburn  <raeburn@mit.edu>
 
        * configure.in: Don't explicitly invoke AC_PROG_INSTALL.
index 0d4634ff073295f0580c763981d11532a120fdab..3a90c0392ea077ae6f4871a67ecd28cbf9213504 100644 (file)
@@ -16,8 +16,8 @@ HDRDIR=$(BUILDTOP)/include
 HDRS = $(HDRDIR)/db.h $(HDRDIR)/db-config.h $(HDRDIR)/db-ndbm.h
 
 all-unix:: all-liblinks includes
+all-prerecurse: include/config.h include/db-config.h
 clean-unix:: clean-liblinks clean-libs clean-includes
-install-unix:: install-libs
 
 includes:: $(HDRS)
 
@@ -28,6 +28,13 @@ $(HDRDIR)/db-config.h: include/db-config.h
 $(HDRDIR)/db-ndbm.h: $(srcdir)/include/db-ndbm.h
        $(CP) $(srcdir)/include/db-ndbm.h $@
 
+include/config.h: $(srcdir)/include/config.h.in
+       cd $(thisconfigdir) && $(SHELL) config.status
+$(srcdir)/include/config.h.in: $(srcdir)/configure.in $(SRCTOP)/aclocal.m4
+       cd $(srcdir) && ($(AUTOHEADER) --include=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS) || $(AUTOHEADER) --localdir=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS))
+include/db-config.h: $(srcdir)/include/db-config.h.in
+       cd $(thisconfigdir) && $(SHELL) config.status
+
 clean-includes::
        $(RM) $(HDRS)
 # @lib_frag@
index 6fe60397a76baf5e4a24a4e7130c6674426b38f3..c5930b585e7241fecb893e7cefaa48c3d11af924 100644 (file)
@@ -63,7 +63,11 @@ AC_COMPILE_TYPE(u_int32_t, unsigned int)
 
 dnl checks for structures
 dnl checks for compiler characteristics
-AC_C_BIGENDIAN
+dnl AC_C_BIGENDIAN - No, check at compile time; Darwin can build for multiple
+dnl                  targets in one tree.
+AC_CHECK_HEADERS(endian.h machine/endian.h sys/param.h)
+dnl sys/param.h for AIX 4.3.3 (actually sys/machine.h)
+dnl There's also sys/endian.h on IRIX, but we already check _MIPSE{L,B}.
 AC_C_CONST
 AC_CHECK_SIZEOF(int)
 
index eacdbc8b7bfc4666b4fdcf139f644e2eb7e51b34..676bbd44a7c41685e5d52689e5df629e28766b4f 100644 (file)
@@ -1,3 +1,22 @@
+2004-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * db-int.h: Include sys/param.h if available.
+
+2004-05-07  Ken Raeburn  <raeburn@mit.edu>
+
+       * db-int.h: Include machine/endian.h if available.  Check for
+       __LITTLE_ENDIAN__ and __BIG_ENDIAN__, _MIPSEB and _MIPSEL.
+
+2004-05-05  Ken Raeburn  <raeburn@mit.edu>
+
+       * db-int.h: Include stdlib.h, and endian.h if available.
+       (LITTLE_ENDIAN, BIG_ENDIAN, BYTE_ORDER): If not defined, and if
+       versions with one or two leading underscores are defined, define
+       the no-underscore form in terms of the with-underscore one.
+       (DB_BYTE_ORDER): Define by checking LITTLE_ENDIAN, BIG_ENDIAN, and
+       BYTE_ORDER; report an error if that doesn't work.  Don't check
+       WORDS_BIGENDIAN.
+
 2002-09-05  Ken Raeburn  <raeburn@mit.edu>
 
        * db-int.h: If stdint.h or inttypes.h are found, include them.
index 2c21fb207a787b4201ee75d5063a1db981604e3c..bbb22925aabd182ce8a4809636c9618bd11f0e01 100644 (file)
 #define DB_LITTLE_ENDIAN 1234
 #define DB_BIG_ENDIAN 4321
 
+#include <stdlib.h>
+#ifdef HAVE_ENDIAN_H
+# include <endian.h>
+#endif
+#ifdef HAVE_MACHINE_ENDIAN_H
+# include <machine/endian.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+#endif
+/* Handle both BIG and LITTLE defined and BYTE_ORDER matches one, or
+   just one defined; both with and without leading underscores.
+
+   Ignore "PDP endian" machines, this code doesn't support them
+   anyways.  */
+#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER)
+# ifdef __LITTLE_ENDIAN__
+#  define LITTLE_ENDIAN __LITTLE_ENDIAN__
+# endif
+# ifdef __BIG_ENDIAN__
+#  define BIG_ENDIAN __BIG_ENDIAN__
+# endif
+#endif
+#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER)
+# ifdef _LITTLE_ENDIAN
+#  define LITTLE_ENDIAN _LITTLE_ENDIAN
+# endif
+# ifdef _BIG_ENDIAN
+#  define BIG_ENDIAN _BIG_ENDIAN
+# endif
+# ifdef _BYTE_ORDER
+#  define BYTE_ORDER _BYTE_ORDER
+# endif
+#endif
+#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER)
+# ifdef __LITTLE_ENDIAN
+#  define LITTLE_ENDIAN __LITTLE_ENDIAN
+# endif
+# ifdef __BIG_ENDIAN
+#  define BIG_ENDIAN __BIG_ENDIAN
+# endif
+# ifdef __BYTE_ORDER
+#  define BYTE_ORDER __BYTE_ORDER
+# endif
+#endif
+
+#if defined(_MIPSEL) && !defined(LITTLE_ENDIAN)
+# define LITTLE_ENDIAN
+#endif
+#if defined(_MIPSEB) && !defined(BIG_ENDIAN)
+# define BIG_ENDIAN
+#endif
+
+#if defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN) && defined(BYTE_ORDER)
+# if LITTLE_ENDIAN == BYTE_ORDER
+#  define DB_BYTE_ORDER DB_LITTLE_ENDIAN
+# elif BIG_ENDIAN == BYTE_ORDER
+#  define DB_BYTE_ORDER DB_BIG_ENDIAN
+# else
+#  error "LITTLE_ENDIAN and BIG_ENDIAN defined, but can't determine byte order"
+# endif
+#elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
+# define DB_BYTE_ORDER DB_LITTLE_ENDIAN
+#elif defined(BIG_ENDIAN) && !defined(LITTLE_ENDIAN)
+# define DB_BYTE_ORDER DB_BIG_ENDIAN
+#else
+# error "can't determine byte order from included system headers"
+#endif
+
+#if 0
 #ifdef WORDS_BIGENDIAN
 #define DB_BYTE_ORDER DB_BIG_ENDIAN
 #else
 #define DB_BYTE_ORDER DB_LITTLE_ENDIAN
 #endif
+#endif
 
 /* end autoconf-based stuff */
 
diff --git a/src/util/db2/test/Makefile b/src/util/db2/test/Makefile
deleted file mode 100644 (file)
index 6685dec..0000000
+++ /dev/null
@@ -1,652 +0,0 @@
-############################################################
-## config/pre.in
-## common prefix for all Makefile.in in the Kerberos V5 tree.
-##
-
-WHAT = unix
-SHELL=/bin/sh
-
-all:: all-$(WHAT)
-
-clean:: clean-$(WHAT)
-
-distclean:: distclean-$(WHAT)
-
-install:: install-$(WHAT)
-
-check:: check-$(WHAT)
-
-install-headers:: install-headers-$(WHAT)
-
-##############################
-# Recursion rule support
-#
-
-# The commands for the recursion targets live in config/post.in.
-#
-# General form of recursion rules:
-#
-# Each recursive target foo-unix has related targets: foo-prerecurse,
-# foo-recurse, and foo-postrecurse
-#
-# The foo-recurse rule is in post.in.  It is what actually recursively
-# calls make.
-#
-# foo-recurse depends on foo-prerecurse, so any targets that must be
-# built before descending into subdirectories must be dependencies of
-# foo-prerecurse.
-#
-# foo-postrecurse depends on foo-recurse, but targets that must be
-# built after descending into subdirectories should be have
-# foo-recurse as dependencies in addition to being listed under
-# foo-postrecurse, to avoid ordering issues.
-#
-# The foo-prerecurse, foo-recurse, and foo-postrecurse rules are all
-# single-colon rules, to avoid nasty ordering problems with
-# double-colon rules.
-#
-# e.g.
-# all:: includes foo
-# foo:
-#      echo foo
-# includes::
-#      echo bar
-# includes::
-#      echo baz
-#
-# will result in "bar", "foo", "baz" on AIX, and possibly others.
-all-unix:: all-postrecurse
-all-postrecurse: all-recurse
-all-recurse: all-prerecurse
-
-all-prerecurse:
-all-postrecurse:
-
-clean-unix:: clean-postrecurse
-clean-postrecurse: clean-recurse
-clean-recurse: clean-prerecurse
-
-clean-prerecurse:
-clean-postrecurse:
-
-distclean-unix: distclean-postrecurse
-distclean-postrecurse: distclean-recurse
-distclean-recurse: distclean-prerecurse
-
-distclean-prerecurse:
-distclean-postrecurse:
-
-install-unix:: install-postrecurse
-install-postrecurse: install-recurse
-install-recurse: install-prerecurse
-
-install-prerecurse:
-install-postrecurse:
-
-install-headers-unix:: install-headers-postrecurse
-install-headers-postrecurse: install-headers-recurse
-install-headers-recurse: install-headers-prerecurse
-
-install-headers-prerecurse:
-install-headers-postrecurse:
-
-check-unix:: check-postrecurse
-check-postrecurse: check-recurse
-check-recurse: check-prerecurse
-
-check-prerecurse:
-check-postrecurse:
-
-Makefiles: Makefiles-postrecurse
-Makefiles-postrecurse: Makefiles-recurse
-Makefiles-recurse: Makefiles-prerecurse
-
-Makefiles-prerecurse:
-Makefiles-postrecurse:
-
-#
-# end recursion rule support
-##############################
-
-# Directory syntax:
-#
-# begin relative path
-REL=
-# this is magic... should only be used for preceding a program invocation
-C=./
-# "/" for UNIX, "\" for Windows; *sigh*
-S=/
-
-SUBDIRS =  $(LOCAL_SUBDIRS)
-srcdir = .
-SRCTOP = ./$(BUILDTOP)
-
-CONFIG_RELTOPDIR = ../..
-
-ALL_CFLAGS = $(DEFS) $(DEFINES) $(LOCALINCLUDES) $(CPPFLAGS) $(CFLAGS)
-CFLAGS = -g
-CPPFLAGS = -I$(BUILDTOP)/include -I$(SRCTOP)/include -I$(BUILDTOP)/include/krb5 -I$(SRCTOP)/include/krb5 -I/usr/athena/include  -DKRB5_KRB4_COMPAT -DKRB5_PRIVATE=1
-DEFS = -DHAVE_CONFIG_H
-CC = /usr/gcc/bin/gcc
-LD = $(PURE) /usr/gcc/bin/gcc
-DEPLIBS = @DEPLIBS@
-LDFLAGS = -L/usr/athena/lib 
-LD_UNRESOLVED_PREFIX = @LD_UNRESOLVED_PREFIX@
-LD_SHLIBDIR_PREFIX = @LD_SHLIBDIR_PREFIX@
-LDARGS = @LDARGS@
-LIBS = -lsocket -lnsl  -lresolv
-SRVLIBS = @SRVLIBS@
-SRVDEPLIBS = @SRVDEPLIBS@
-CLNTLIBS = @CLNTLIBS@
-CLNTDEPLIBS = @CLNTDEPLIBS@
-
-INSTALL=/usr/athena/bin/install -c
-INSTALL_STRIP=
-INSTALL_PROGRAM=${INSTALL} $(INSTALL_STRIP)
-INSTALL_DATA=${INSTALL} -m 644
-INSTALL_SHLIB=$(INSTALL_DATA)
-INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
-## This is needed because autoconf will sometimes define ${prefix} to be
-## ${prefix}.
-prefix=/usr/local
-INSTALL_PREFIX=$(prefix)
-INSTALL_EXEC_PREFIX=${prefix}
-exec_prefix=${prefix}
-SHLIB_TAIL_COMP=@SHLIB_TAIL_COMP@
-
-KRB5MANROOT = ${prefix}/man
-ADMIN_BINDIR = ${exec_prefix}/sbin
-SERVER_BINDIR = ${exec_prefix}/sbin
-CLIENT_BINDIR =${exec_prefix}/bin
-ADMIN_MANDIR = $(KRB5MANROOT)/man8
-SERVER_MANDIR = $(KRB5MANROOT)/man8
-CLIENT_MANDIR = $(KRB5MANROOT)/man1
-FILE_MANDIR = $(KRB5MANROOT)/man5
-KRB5_LIBDIR = ${exec_prefix}/lib
-KRB5_SHLIBDIR = ${exec_prefix}/lib$(SHLIB_TAIL_COMP)
-KRB5_INCDIR = ${prefix}/include
-KRB5_INCSUBDIRS = \
-       $(KRB5_INCDIR)/gssapi \
-       $(KRB5_INCDIR)/kerberosIV
-
-#
-# Macros used by the KADM5 (OV-based) unit test system.
-# XXX check which of these are actually used!
-#
-TESTDIR                = $(BUILDTOP)/kadmin/testing
-STESTDIR       = $(SRCTOP)/kadmin/testing
-COMPARE_DUMP   = $(TESTDIR)/scripts/compare_dump.pl
-FIX_CONF_FILES = $(TESTDIR)/scripts/fixup-conf-files.pl
-INITDB         = $(STESTDIR)/scripts/init_db
-MAKE_KEYTAB    = $(TESTDIR)/scripts/make-host-keytab.pl
-LOCAL_MAKE_KEYTAB= $(TESTDIR)/scripts/make-host-keytab.pl
-RESTORE_FILES  = $(STESTDIR)/scripts/restore_files.sh
-SAVE_FILES     = $(STESTDIR)/scripts/save_files.sh
-ENV_SETUP      = $(TESTDIR)/scripts/env-setup.sh
-CLNTTCL                = $(TESTDIR)/util/ovsec_kadm_clnt_tcl
-SRVTCL         = $(TESTDIR)/util/ovsec_kadm_srv_tcl
-# Dejagnu variables.
-# We have to set the host with --host so that setup_xfail will work.
-# If we don't set it, then the host type used is "native", which
-# doesn't match "*-*-*".
-host=sparc-sun-solaris2.8
-DEJAFLAGS      = $(DEJALFLAGS) $(CLFLAGS) --debug --srcdir $(srcdir) --host \
-                  $(host)
-RUNTEST                = runtest $(DEJAFLAGS)
-
-START_SERVERS  = $(STESTDIR)/scripts/start_servers $(TEST_SERVER) $(TEST_PATH)
-START_SERVERS_LOCAL = $(STESTDIR)/scripts/start_servers_local
-
-STOP_SERVERS   = $(STESTDIR)/scripts/stop_servers $(TEST_SERVER) $(TEST_PATH)
-STOP_SERVERS_LOCAL = $(STESTDIR)/scripts/stop_servers_local
-#
-# End of macros for the KADM5 unit test system.
-#
-
-transform = s,x,x,
-
-RM = rm -f
-CP  = cp
-MV = mv -f
-CHMOD=chmod
-RANLIB = ranlib
-ARCHIVE = @ARCHIVE@
-ARADD = @ARADD@
-LN = ln -s
-AWK = @AWK@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-YACC = @YACC@
-AUTOCONF = autoconf
-AUTOCONFFLAGS = 
-AUTOCONFINCFLAGS = --localdir
-AUTOHEADER = autoheader
-AUTOHEADERFLAGS = 
-
-HOST_TYPE = @HOST_TYPE@
-SHEXT = @SHEXT@
-STEXT=@STEXT@
-VEXT=@VEXT@
-DO_MAKE_SHLIB = @DO_MAKE_SHLIB@
-SHLIB_STATIC_TARGET=@SHLIB_STATIC_TARGET@
-
-TOPLIBD = $(BUILDTOP)/lib
-
-OBJEXT = o
-LIBEXT = a
-EXEEXT =
-
-#
-# variables for libraries, for use in linking programs
-# -- this may want to get broken out into a separate frag later
-#
-#
-# Note: the following variables must be set in any Makefile.in that
-# uses KRB5_BUILD_PROGRAM
-#
-# PROG_LIBPATH list of dirs, in -Ldir form, to search for libraries at link
-# PROG_RPATH   list of dirs, in dir1:dir2 form, for rpath purposes
-#
-# invocation is like:
-# prog: foo.o bar.o $(KRB5_BASE_DEPLIBS)
-#      $(CC_LINK) -o $@ foo.o bar.o $(KRB5_BASE_LIBS)
-
-
-CC_LINK=$(PURE) $(CC) $(PROG_LIBPATH) $(LDFLAGS)
-
-# prefix (with no spaces after) for rpath flag to cc
-RPATH_FLAG=-R
-
-# this gets set by configure to either $(STLIBEXT) or $(SHLIBEXT),
-# depending on whether we're building with shared libraries.
-DEPLIBEXT=.a
-
-KADMCLNT_DEPLIB        = $(TOPLIBD)/libkadm5clnt$(DEPLIBEXT)
-KADMSRV_DEPLIB = $(TOPLIBD)/libkadm5srv$(DEPLIBEXT)
-KDB5_DEPLIB    = $(TOPLIBD)/libkdb5$(DEPLIBEXT)
-DB_DEPLIB      = $(DB_DEPLIB-k5)
-DB_DEPLIB-k5   = $(TOPLIBD)/libdb$(DEPLIBEXT)
-DB_DEPLIB-sys  =
-GSSRPC_DEPLIB  = $(TOPLIBD)/libgssrpc$(DEPLIBEXT)
-GSS_DEPLIB     = $(TOPLIBD)/libgssapi_krb5$(DEPLIBEXT)
-KRB4_DEPLIB    = $(TOPLIBD)/libkrb4$(DEPLIBEXT)                # $(TOPLIBD)/libkrb4$(DEPLIBEXT)
-DES425_DEPLIB  = $(TOPLIBD)/libdes425$(DEPLIBEXT)      # $(TOPLIBD)/libdes425$(DEPLIBEXT)
-KRB5_DEPLIB    = $(TOPLIBD)/libkrb5$(DEPLIBEXT)
-CRYPTO_DEPLIB  = $(TOPLIBD)/libk5crypto$(DEPLIBEXT)
-COM_ERR_DEPLIB = $(COM_ERR_DEPLIB-k5)
-COM_ERR_DEPLIB-sys = # empty
-COM_ERR_DEPLIB-k5 = $(TOPLIBD)/libcom_err$(DEPLIBEXT)
-
-# These are forced to use ".a" as an extension because they're never
-# built shared.
-SS_DEPLIB      = $(SS_DEPLIB-k5)
-SS_DEPLIB-k5   = $(TOPLIBD)/libss.a
-SS_DEPLIB-sys  =
-KRB524_DEPLIB  = $(BUILDTOP)/krb524/libkrb524.a
-PTY_DEPLIB     = $(TOPLIBD)/libpty.a
-
-KRB5_BASE_DEPLIBS      = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB)
-KRB4COMPAT_DEPLIBS     = $(KRB4_DEPLIB) $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS)
-KDB5_DEPLIBS           = $(KDB5_DEPLIB) $(DB_DEPLIB)
-GSS_DEPLIBS            = $(GSS_DEPLIB)
-GSSRPC_DEPLIBS         = $(GSSRPC_DEPLIB) $(GSS_DEPLIBS)
-KADM_COMM_DEPLIBS      = $(GSSRPC_DEPLIBS) $(KDB5_DEPLIBS) $(GSSRPC_DEPLIBS)
-KADMSRV_DEPLIBS                = $(KADMSRV_DEPLIB) $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS)
-KADMCLNT_DEPLIBS       = $(KADMCLNT_DEPLIB) $(KADM_COMM_DEPLIBS)
-
-# Header file dependencies we might override.
-# See util/depfix.sed.
-# Also see depend-verify-* in post.in, which wants to confirm that we're using
-# the in-tree versions.
-COM_ERR_VERSION = k5
-COM_ERR_DEPS   = $(COM_ERR_DEPS-k5)
-COM_ERR_DEPS-sys =
-COM_ERR_DEPS-k5        = $(BUILDTOP)/include/com_err.h
-SS_VERSION     = k5
-SS_DEPS                = $(SS_DEPS-k5)
-SS_DEPS-sys    =
-SS_DEPS-k5     = $(BUILDTOP)/include/ss/ss.h $(BUILDTOP)/include/ss/ss_err.h
-DB_VERSION     = k5
-DB_DEPS                = $(DB_DEPS-k5)
-DB_DEPS-sys    =
-DB_DEPS-k5     = $(BUILDTOP)/include/db.h $(BUILDTOP)/include/db-config.h
-DB_DEPS-redirect = $(BUILDTOP)/include/db.h
-
-# Header file dependencies that might depend on whether krb4 support
-# is compiled.
-
-KRB_ERR_H_DEP  = $(BUILDTOP)/include/kerberosIV/krb_err.h
-KRB524_H_DEP   = $(BUILDTOP)/include/krb524.h
-KRB524_ERR_H_DEP= $(BUILDTOP)/include/krb524_err.h
-
-# LIBS gets substituted in... e.g. -lnsl -lsocket
-
-# GEN_LIB is -lgen if needed for regexp
-GEN_LIB                = 
-
-SS_LIB         = $(SS_LIB-k5)
-SS_LIB-sys     = 
-SS_LIB-k5      = $(TOPLIBD)/libss.a
-KDB5_LIB       = -lkdb5
-DB_LIB         = -ldb
-
-KRB5_LIB                       = -lkrb5
-K5CRYPTO_LIB                   = -lk5crypto
-COM_ERR_LIB                    = -lcom_err
-GSS_KRB5_LIB                   = -lgssapi_krb5
-
-# KRB4_LIB is -lkrb4 if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-KRB4_LIB       = -lkrb4
-
-# DES425_LIB is -ldes425 if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-DES425_LIB     = -ldes425
-
-# KRB524_LIB is $(BUILDTOP)/krb524/libkrb524.a if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-KRB524_LIB     = $(BUILDTOP)/krb524/libkrb524.a
-
-# HESIOD_LIBS is -lhesiod...
-HESIOD_LIBS    = 
-
-KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(GEN_LIB) $(LIBS)
-KRB4COMPAT_LIBS        = $(KRB4_LIB) $(DES425_LIB) $(KRB5_BASE_LIBS)
-KDB5_LIBS      = $(KDB5_LIB) $(DB_LIB)
-GSS_LIBS       = $(GSS_KRB5_LIB)
-# needs fixing if ever used on Mac OS X!
-GSSRPC_LIBS    = -lgssrpc $(GSS_LIBS)
-KADM_COMM_LIBS = $(GSSRPC_LIBS)
-# need fixing if ever used on Mac OS X!
-KADMSRV_LIBS   = -lkadm5srv $(HESIOD_LIBS) $(KDB5_LIBS) $(KADM_COMM_LIBS)
-KADMCLNT_LIBS  = -lkadm5clnt $(KADM_COMM_LIBS)
-
-# need fixing if ever used on Mac OS X!
-PTY_LIB                = -lpty
-
-#
-# some more stuff for --with-krb4
-KRB4_LIBPATH   = 
-KRB4_INCLUDES  = -I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV
-
-#
-# variables for --with-tcl=
-TCL_LIBS       = @TCL_LIBS@
-TCL_LIBPATH    = @TCL_LIBPATH@
-TCL_RPATH      = @TCL_RPATH@
-TCL_MAYBE_RPATH = @TCL_MAYBE_RPATH@
-TCL_INCLUDES   = @TCL_INCLUDES@
-
-# error table rules
-#
-### /* these are invoked as $(...) foo.et, which works, but could be better */
-COMPILE_ET= $(COMPILE_ET-k5)
-COMPILE_ET-sys= compile_et
-COMPILE_ET-k5= $(BUILDTOP)/util/et/compile_et -d $(SRCTOP)/util/et
-
-.SUFFIXES:  .h .c .et .ct
-
-# These versions cause both .c and .h files to be generated at once.
-# But GNU make doesn't understand this, and parallel builds can trigger
-# both of them at once, causing them to stomp on each other.  The versions
-# below only update one of the files, so compile_et has to get run twice,
-# but it won't break parallel builds.
-#.et.h: ; $(COMPILE_ET) $<
-#.et.c: ; $(COMPILE_ET) $<
-
-.et.h:
-       d=ettmp$$$$ ; (cp $< $$d.et && $(COMPILE_ET) $$d.et && mv $$d.h $*.h) ; \
-               e=$$? ; rm -f $$d.* ; exit $$e
-
-.et.c:
-       d=ettmp$$$$ ; (cp $< $$d.et && $(COMPILE_ET) $$d.et && mv $$d.c $*.c) ; \
-               e=$$? ; rm -f $$d.* ; exit $$e
-
-# rule to make object files
-#
-.SUFFIXES: .c .o
-.c.o:
-       $(CC) $(ALL_CFLAGS) -c $<
-
-# ss command table rules
-#
-MAKE_COMMANDS= $(MAKE_COMMANDS-k5)
-MAKE_COMMANDS-sys= mk_cmds
-MAKE_COMMANDS-k5= $(BUILDTOP)/util/ss/mk_cmds
-
-.ct.c:
-       $(MAKE_COMMANDS) $<
-
-##
-## end of pre.in
-############################################################
-thisconfigdir=./..
-myfulldir=util/db2/test
-mydir=test
-BUILDTOP=$(REL)..$(S)..$(S)..
-
-FCTSH = /usr/bin/sh
-TMPDIR=.
-
-LOCALINCLUDES= -I. -I$(srcdir)/../include -I../include -I$(srcdir)/../mpool \
-               -I$(srcdir)/../btree -I$(srcdir)/../hash -I$(srcdir)/../db
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-KRB5_RUN_ENV= 
-
-all::
-
-dbtest: dbtest.o $(DB_DEPLIB)
-       $(CC_LINK) -o $@ dbtest.o $(STRERROR_OBJ) $(DB_LIB)
-
-check:: dbtest
-       $(KRB5_RUN_ENV) srcdir=$(srcdir) TMPDIR=$(TMPDIR) $(FCTSH) $(srcdir)/run.test
-
-bttest.o: $(srcdir)/btree.tests/main.c
-       $(CC) $(ALL_CFLAGS) -c $(srcdir)/btree.tests/main.c -o $@
-
-bttest: bttest.o $(DB_DEPLIB)
-       $(CC_LINK) -o $@ bttest.o $(STRERROR_OBJ) $(DB_LIB)
-
-clean-unix::
-       $(RM) dbtest.o dbtest __dbtest
-       $(RM) bttest.o bttest
-############################################################
-## config/post.in
-##
-
-# in case there is no default target (very unlikely)
-all::
-
-check-windows::
-
-##############################
-# dependency generation
-#
-
-depend:: depend-postrecurse
-depend-postrecurse: depend-recurse
-depend-recurse: depend-prerecurse
-
-depend-prerecurse:
-depend-postrecurse:
-
-depend-postrecurse: depend-update-makefile
-
-ALL_DEP_SRCS= $(SRCS) $(EXTRADEPSRCS)
-
-# be sure to check ALL_DEP_SRCS against *what it would be if SRCS and
-# EXTRADEPSRCS are both empty*
-.depend-verify-srcdir:
-       @if test "$(srcdir)" = "." ; then \
-               echo 1>&2 error: cannot build dependencies with srcdir=. ; \
-               echo 1>&2 "(can't distinguish generated files from source files)" ; \
-               exit 1 ; \
-       else \
-               if test -r .depend-verify-srcdir; then :; \
-                       else (set -x; touch .depend-verify-srcdir); fi \
-       fi
-.depend-verify-et: depend-verify-et-$(COM_ERR_VERSION)
-depend-verify-et-k5:
-       @if test -r .depend-verify-et; then :; \
-               else (set -x; touch .depend-verify-et); fi
-depend-verify-et-sys:
-       @echo 1>&2 error: cannot build dependencies using system et package
-       @exit 1
-.depend-verify-ss: depend-verify-ss-$(SS_VERSION)
-depend-verify-ss-k5:
-       @if test -r .depend-verify-ss; then :; \
-               else (set -x; touch .depend-verify-ss); fi
-depend-verify-ss-sys:
-       @echo 1>&2 error: cannot build dependencies using system ss package
-       @exit 1
-.depend-verify-db: depend-verify-db-$(DB_VERSION)
-depend-verify-db-k5:
-       @if test -r .depend-verify-db; then :; \
-               else (set -x; touch .depend-verify-db); fi
-depend-verify-db-sys:
-       @echo 1>&2 error: cannot build dependencies using system db package
-       @exit 1
-.depend-verify-gcc: depend-verify-gcc-yes
-depend-verify-gcc-yes:
-       @if test -r .depend-verify-gcc; then :; \
-               else (set -x; touch .depend-verify-gcc); fi
-depend-verify-gcc-no:
-       @echo 1>&2 error: The '"depend"' rules are written for gcc.
-       @echo 1>&2 Please use gcc, or update the rules to handle your compiler.
-       @exit 1
-
-DEP_CFG_VERIFY = .depend-verify-srcdir \
-       .depend-verify-et .depend-verify-ss .depend-verify-db
-DEP_VERIFY = $(DEP_CFG_VERIFY) .depend-verify-gcc
-
-.d: $(ALL_DEP_SRCS) $(DEP_CFG_VERIFY) depend-dependencies
-       if test "$(ALL_DEP_SRCS)" != " " ; then \
-               $(RM) .dtmp && $(MAKE) .dtmp && mv -f .dtmp .d ; \
-       else \
-               touch .d ; \
-       fi
-
-# These are dependencies of the depend target that do not get fed to
-# the compiler.  Examples include generated header files.
-depend-dependencies:
-
-# .dtmp must *always* be out of date so that $? can be used to perform
-# VPATH searches on the sources.
-#
-# NOTE: This will fail when using Make programs whose VPATH support is
-# broken.
-.dtmp: $(ALL_DEP_SRCS)
-       $(CC) -M $(ALL_CFLAGS) $? > .dtmp
-
-# Generate a script for dropping in the appropriate make variables, using
-# directory-specific parameters.  General substitutions independent of local
-# make variables happen in depfix.sed.
-.depfix2.sed: .depend-verify-gcc Makefile $(SRCTOP)/util/depgen.sed
-       x=`$(CC) -print-libgcc-file-name` ; \
-       echo '$(SRCTOP)' '$(myfulldir)' '$(srcdir)' '$(BUILDTOP)' "$$x" | sed -f $(SRCTOP)/util/depgen.sed > .depfix2.tmp
-       mv -f .depfix2.tmp .depfix2.sed
-
-DEPLIBOBJNAMEFIX = sed -e 's;^\$$(OUTPRE)\([a-zA-Z0-9_\-]*\)\.\$$(OBJEXT):;\1.so \1.po &;'
-
-# NOTE: This will also generate spurious $(OUTPRE) and $(OBJEXT)
-# references in rules for non-library objects in a directory where
-# library objects happen to be built.  It's mostly harmless.
-.depend: .d .depfix2.sed $(SRCTOP)/util/depfix.sed
-       sed -f .depfix2.sed < .d | sed -f $(SRCTOP)/util/depfix.sed | \
-       (if test "x$(STLIBOBJS)" != "x"; then $(DEPLIBOBJNAMEFIX) ; else cat; fi ) \
-       > .depend
-
-depend-update-makefile: .depend depend-recurse
-       if test -n "$(SRCS)" ; then \
-               sed -e '/^# +++ Dependency line eater +++/,$$d' \
-                       < $(srcdir)/Makefile.in | cat - .depend \
-                       > $(srcdir)/Makefile.in.new; \
-       $(SRCTOP)/config/move-if-changed $(srcdir)/Makefile.in.new $(srcdir)/Makefile.in ; \
-       else :; fi
-
-DEPTARGETS = .depend .d .dtmp .depfix2.sed .depfix2.tmp $(DEP_VERIFY)
-
-#
-# end dependency generation
-##############################
-
-clean:: clean-$(WHAT)
-
-clean-unix::
-       $(RM) $(OBJS) $(DEPTARGETS)
-
-clean-windows::
-       $(RM) *.$(OBJEXT)
-       $(RM) msvc.pdb *.err
-
-distclean:: distclean-$(WHAT)
-
-distclean-normal-clean:
-       $(MAKE) NORECURSE=true clean
-distclean-prerecurse: distclean-normal-clean
-distclean-nuke-configure-state:
-       $(RM) config.log config.cache config.status Makefile
-distclean-postrecurse: distclean-nuke-configure-state
-
-Makefiles-prerecurse: Makefile
-
-# thisconfigdir = relative path from this Makefile to config.status
-# mydir = relative path from config.status to this Makefile
-Makefile: $(srcdir)/Makefile.in $(thisconfigdir)/config.status \
-               $(SRCTOP)/config/pre.in $(SRCTOP)/config/post.in
-       cd $(thisconfigdir) && $(SHELL) config.status $(mydir)/Makefile
-$(thisconfigdir)/config.status: $(srcdir)/$(thisconfigdir)/configure
-       cd $(thisconfigdir) && $(SHELL) config.status --recheck
-$(srcdir)/$(thisconfigdir)/configure: $(srcdir)/$(thisconfigdir)/configure.in \
-               $(SRCTOP)/aclocal.m4
-       -$(RM) -r $(srcdir)/$(thisconfigdir)/autom4te.cache
-       cd $(srcdir)/$(thisconfigdir) && \
-               $(AUTOCONF) ${AUTOCONFINCFLAGS}=$(CONFIG_RELTOPDIR) $(AUTOCONFFLAGS)
-       -$(RM) -r $(srcdir)/$(thisconfigdir)/autom4te.cache
-
-RECURSE_TARGETS=all-recurse clean-recurse distclean-recurse install-recurse \
-       check-recurse depend-recurse Makefiles-recurse install-headers-recurse
-
-# MY_SUBDIRS overrides any setting of SUBDIRS generated by the
-# configure script that generated this Makefile.  This is needed when
-# the configure script that produced this Makefile creates multiple
-# Makefiles in different directories; the setting of SUBDIRS will be
-# the same in each.
-#
-# LOCAL_SUBDIRS seems to account for the case where the configure
-# script doesn't call any other subsidiary configure scripts, but
-# generates multiple Makefiles.
-$(RECURSE_TARGETS):
-       @case "`echo 'x$(MFLAGS)'|sed -e 's/^x//' -e 's/ --.*$$//'`" \
-               in *[ik]*) e="status=1" ;; *) e="exit 1";; esac; \
-       if test -z "$(MY_SUBDIRS)" ; then \
-               do_subdirs="$(SUBDIRS)" ; \
-       else \
-               do_subdirs="$(MY_SUBDIRS)" ; \
-       fi; \
-       status=0; \
-       if test -n "$$do_subdirs" && test -z "$(NORECURSE)"; then \
-       for i in $$do_subdirs ; do \
-               if test -d $$i && test -r $$i/Makefile ; then \
-               case $$i in .);; *) \
-                       target=`echo $@|sed s/-recurse//`; \
-                       echo "making $$target in $(CURRENT_DIR)$$i..."; \
-                       if (cd $$i ; $(MAKE) \
-                           CURRENT_DIR=$(CURRENT_DIR)$$i/ $$target) then :; \
-                       else eval $$e; fi; \
-                       ;; \
-               esac; \
-               else \
-                       echo "Skipping missing directory $(CURRENT_DIR)$$i" ; \
-               fi; \
-       done; \
-       else :; \
-       fi;\
-       exit $$status
-
-##
-## end of post.in
-############################################################
index 650dda62709f28b3df130fc696238833ec1805a7..22fa394e562df0e6abe40dd43467d24f881088f9 100644 (file)
@@ -53,8 +53,6 @@ s;\$(BUILDTOP)/include/db.h \$(BUILDTOP)/include/db-config.h ;$(DB_DEPS) ;g
 
 # Some krb4 dependencies should only be present if building with krb4 enabled
 s;\$(BUILDTOP)/include/kerberosIV/krb_err.h ;$(KRB_ERR_H_DEP) ;g
-s;\$(BUILDTOP)/include/krb524.h ;$(KRB524_H_DEP) ;g
-s;\$(BUILDTOP)/include/krb524_err.h ;$(KRB524_ERR_H_DEP) ;g
 
 # now delete trailing whitespace
 s; *$;;g
index 1aaaf6ca23cf81cda0c62b155ad0dca29ad68657..1f43ce0318bc0de1fa1933bb4ce4fa570d7e0e91 100644 (file)
@@ -1,3 +1,23 @@
+2003-07-04  Kenneth Raeburn  <raeburn@mit.edu>
+
+       * test_et.c: Conditionalize sys_nerr declaration on
+       NEED_SYS_ERRLIST, not HAVE_SYS_ERRLIST.
+
+2003-06-12  Alexandra Ellwood  <lxs@mit.edu>
+    * error_table.h, et_c.awk, et_c.pl, et_h.awk, et_c.awk: Removed Mac 
+    OS support because it prevents darwin builds from getting com error 
+    strings via the initialize_*_error_table function
+
+2003-04-29  Ken Raeburn  <raeburn@mit.edu>
+
+       * test_et.c [HAVE_SYS_ERRLIST]: Do declare sys_nerr.
+
+2003-04-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * compile_et.c: Don't declare malloc or errno.  Include stdlib.h
+       and errno.h.
+       * test_et.c: Don't declare errno or sys_nerr.
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
     * com_err.c, com_err.h, error_message.c, et_c.awk, et_h.awk: 
       Removed Mac OS 9-specific code.
index 23771a0a7d3084dfcff934c81ccf2682e7df28ad..dfaad5f576537d0b9a1e78af286b6685f00a186b 100644 (file)
@@ -12,6 +12,8 @@
 #include <sys/file.h>
 #include <string.h>
 #include <sys/param.h>
+#include <stdlib.h>
+#include <errno.h>
 #include "mit-sipb-copyright.h"
 #include "compiler.h"
 
@@ -27,10 +29,6 @@ char buffer[BUFSIZ];
 char *table_name = (char *)NULL;
 FILE *hfile, *cfile;
 
-/* C library */
-extern char *malloc();
-extern int errno;
-
 /* lex stuff */
 extern FILE *yyin;
 extern int yylineno;
index 505521dfe54417516f33c9590e53c61ff1d33115..9e1d26fa5c825a8eb6e24505756cc8c2bfed24ca 100644 (file)
@@ -9,17 +9,13 @@
 
 #include <errno.h>
 
-#if defined(macintosh)
-#define ET_EBUFSIZ 256
-#else
 #define ET_EBUFSIZ 64
-#endif
 
 struct et_list {
     /*@dependent@*//*@null@*/ struct et_list *next;
     /*@dependent@*//*@null@*/ const struct error_table *table;
 };
-#if !defined(_WIN32) && !defined(macintosh) && !(defined(__MACH__) && defined(__APPLE__))
+#if !defined(_WIN32)
 /*@null@*//*@dependent@*/ extern struct et_list * _et_list;
 #endif
 
index 04451366e4ea92102958a80791d8c1710b7f71d2..fc2e1ac53aa59298cf377a8ebe84bbe164ce02ae 100644 (file)
@@ -113,7 +113,7 @@ c2n["_"]=63
        print "# include \"win-mac.h\"" > outfile
        print "#endif" > outfile
        print "" > outfile
-       print "#if !defined(_WIN32) && !defined(macintosh) && !(defined(__MACH__) && defined(__APPLE__))" > outfile
+       print "#if !defined(_WIN32)" > outfile
        print "extern void initialize_" table_name "_error_table (void);" > outfile
        print "#endif" > outfile
        print "" > outfile
@@ -199,7 +199,7 @@ END {
                tab_base_low, table_item_count) > outfile
        }
        print "" > outfile
-       print "#if !defined(_WIN32) && !defined(macintosh) && !(defined(__MACH__) && defined(__APPLE__))" > outfile
+       print "#if !defined(_WIN32)" > outfile
        print "void initialize_" table_name "_error_table (void)" > outfile
        print "    /*@modifies internalState@*/" > outfile
        print "{" > outfile
index b512252c6b3d52bb5e2d7473494d9a48c8bd4946..f635bc1ac044cfcd5d7473dc8c6bbbaa94b9d1dc 100644 (file)
@@ -146,7 +146,7 @@ line: while (<>) {
        &Pick('>', $outfile) &&
            (print $fh
 
-             '#if !defined(_WIN32) && !defined(macintosh) && !(defined(__MACH__) && defined(__APPLE__))');
+             '#if !defined(_WIN32)');
        &Pick('>', $outfile) &&
            (print $fh 'extern void initialize_' . $table_name .
 
@@ -238,18 +238,8 @@ line: while (<>) {
     (print $fh '};');
 &Pick('>', $outfile) &&
     (print $fh '');
-&Pick('>', $outfile) &&
-    (print $fh
-
-      '#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))');
-&Pick('>', $outfile) &&
-    (print $fh '#include <KerberosComErr/KerberosComErr.h>');
-&Pick('>', $outfile) &&
-    (print $fh '#else');
 &Pick('>', $outfile) &&
     (print $fh '#include <com_err.h>');
-&Pick('>', $outfile) &&
-    (print $fh '#endif');
 &Pick('>', $outfile) &&
     (print $fh '');
 if ($tab_base_high == 0) {
@@ -273,7 +263,7 @@ else {
 &Pick('>', $outfile) &&
     (print $fh
 
-      '#if !defined(_WIN32) && !defined(macintosh) && !(defined(__MACH__) && defined(__APPLE__))');
+      '#if !defined(_WIN32)');
 &Pick('>', $outfile) &&
     (print $fh 'void initialize_' . $table_name . '_error_table (void)');
 &Pick('>', $outfile) &&
index 6bccc98e9713ad376b086b7a66c2c73f9ea74469..7a81dfa3f8afbb681636eb9bc3141f9d65468278 100644 (file)
@@ -148,7 +148,7 @@ END {
        print "" > outfile
        print "extern const struct error_table et_" table_name "_error_table;" > outfile
        print "" > outfile
-       print "#if !defined(_WIN32) && !defined(macintosh) && !(defined(__MACH__) && defined(__APPLE__))" > outfile
+       print "#if !defined(_WIN32)" > outfile
        print "/* for compatibility with older versions... */" > outfile
        print "extern void initialize_" table_name "_error_table () /*@modifies internalState@*/;" > outfile
        print "#else" > outfile
index 5debb486962ac4ccd0cac0c4b29b3d6b292f7d46..1105550989ebf740270022c3e94b7165c231b39a 100644 (file)
@@ -136,18 +136,8 @@ line: while (<>) {
            (print $fh ' */');
        &Pick('>', $outfile) &&
            (print $fh '');
-       &Pick('>', $outfile) &&
-           (print $fh
-
-             '#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))');
-       &Pick('>', $outfile) &&
-           (print $fh '#include <KerberosComErr/KerberosComErr.h>');
-       &Pick('>', $outfile) &&
-           (print $fh '#else');
        &Pick('>', $outfile) &&
            (print $fh '#include <com_err.h>');
-       &Pick('>', $outfile) &&
-           (print $fh '#endif');
        &Pick('>', $outfile) &&
            (print $fh '');
     }
@@ -203,7 +193,7 @@ else {
 &Pick('>', $outfile) &&
     (print $fh
 
-      '#if !defined(_WIN32) && !defined(macintosh) && !(defined(__MACH__) && defined(__APPLE__))');
+      '#if !defined(_WIN32)');
 &Pick('>', $outfile) &&
     (print $fh '/* for compatibility with older versions... */');
 &Pick('>', $outfile) &&
index 41ac394d5916ea18b9c5242fd1354b84b100ce50..1089c2166380ff3cd2828b9e609687bd35ed35c3 100644 (file)
@@ -4,11 +4,13 @@
 #include "test1.h"
 #include "test2.h"
 
-extern int sys_nerr, errno;
-
 /* XXX Not part of official public API.  */
 extern const char *error_table_name (errcode_t);
 
+#ifdef NEED_SYS_ERRLIST
+extern int sys_nerr;
+#endif
+
 int main()
 {
        printf("Before initiating error table:\n\n");
index db58774db80d01e9f14cb95f9e082cbe89864e3a..a576fbd228cdc5f617ecc640a1efbd65fd7f7b45 100644 (file)
@@ -136,6 +136,7 @@ echo "Nuking unneeded files..."
 find $reldir \( -name TODO -o -name todo -o -name .cvsignore \
        -o -name BADSYMS -o -name .Sanitize -o -name .rconf \) -print \
        | xargs rm -f
+find $reldir -type d -name autom4te.cache -exec rm -rf {} \;
 
 if test $dodoc = t; then
        echo "Building doc..."
index 396058b7b5efdd05421905ce2e3d1f4db1e0d006..9f7f25960bf232f258cfdf5cd3646814fe59458b 100644 (file)
@@ -1,3 +1,19 @@
+2004-01-30  Alexandra Ellwood  <lxs@mit.edu>
+
+    * prof-int.h: prof-int.h should include pthread.h when USE_PTHREADS 
+    is defined.
+
+2003-12-14 Jeffrey Altman <jaltman@mit.edu>
+
+   * all files: move prof-int.h to be the first include file
+     in order to obtain platform specific config preprocessor
+     variables which are used to selectively include stdlib.h
+
+2003-07-03 Alexandra Ellwood <lxs@mit.edu>
+
+    * profile.hin: Remove leading spaces in #define and #include 
+    in public headers to support K&R C compilers
+    
 2003-03-06 Alexandra Ellwood <lxs@mit.edu>
     * profile.hin, prof_file.c (profile_flush_file_data): Stop copying
     the resource fork.  We stopped writing resources to the krb5
index fc446e3f13ffa7b9883e3a25a640c7acf023490a..5a7b42500965970264312c5093fce723af6b4c59 100644 (file)
@@ -132,20 +132,20 @@ check-windows:: $(OUTPRE)test_profile.exe $(OUTPRE)test_parse.exe
 # the Makefile.in file
 #
 prof_tree.so prof_tree.po $(OUTPRE)prof_tree.$(OBJEXT): prof_tree.c prof_int.h \
-  $(COM_ERR_DEPS) profile.h
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
 prof_file.so prof_file.po $(OUTPRE)prof_file.$(OBJEXT): prof_file.c prof_int.h \
-  $(COM_ERR_DEPS) profile.h
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
 prof_parse.so prof_parse.po $(OUTPRE)prof_parse.$(OBJEXT): prof_parse.c prof_int.h \
-  $(COM_ERR_DEPS) profile.h
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
 prof_get.so prof_get.po $(OUTPRE)prof_get.$(OBJEXT): prof_get.c prof_int.h \
-  $(COM_ERR_DEPS) profile.h
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
 prof_set.so prof_set.po $(OUTPRE)prof_set.$(OBJEXT): prof_set.c prof_int.h \
-  $(COM_ERR_DEPS) profile.h
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
 prof_err.so prof_err.po $(OUTPRE)prof_err.$(OBJEXT): prof_err.c $(COM_ERR_DEPS)
 prof_init.so prof_init.po $(OUTPRE)prof_init.$(OBJEXT): prof_init.c prof_int.h \
-  $(COM_ERR_DEPS) profile.h
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
 test_parse.so test_parse.po $(OUTPRE)test_parse.$(OBJEXT): test_parse.c prof_int.h \
-  $(COM_ERR_DEPS) profile.h
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
 test_profile.so test_profile.po $(OUTPRE)test_profile.$(OBJEXT): test_profile.c prof_int.h \
-  $(COM_ERR_DEPS) profile.h argv_parse.h
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h argv_parse.h
 
index 539517ad7d136b0bac4a58781105b11d1581f4cf..7740d5345e096525d5fd9f392b4457661f99a5c0 100644 (file)
  * Version 1.1, modified 2/27/1999
  */
 
+#include "prof_int.h"
+
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
 #include <ctype.h>
 #include <string.h>
 #include "argv_parse.h"
index 8a4d95d71c08454d3dc76b166a23a0531586c649..ad1018779fa9b8c9894d7f344cc13d4bcc8bdb4c 100644 (file)
@@ -2,6 +2,8 @@
  * prof_file.c ---- routines that manipulate an individual profile file.
  */
 
+#include "prof_int.h"
+
 #include <stdio.h>
 #ifdef HAVE_STDLIB_H
 #include <stdlib.h>
@@ -11,8 +13,6 @@
 #endif
 #include <string.h>
 
-#include "prof_int.h"
-
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <errno.h>
index d678a25f27c5dc191e06521b714595065cbc5538..80a18a1fc5b63686c734a08658d24e0b8351fb50 100644 (file)
@@ -4,6 +4,7 @@
  *
  */
 
+#include "prof_int.h"
 #include <stdio.h>
 #include <string.h>
 #ifdef HAVE_STDLIB_H
@@ -11,7 +12,6 @@
 #endif
 #include <errno.h>
 #include <limits.h>
-#include "prof_int.h"
 
 /*
  * These functions --- init_list(), end_list(), and add_to_list() are
index 76a4943f2d79d06475bc345d08394dc83bbc0bf9..2dbcd826f77f063f859cd7f772c0d1f403bd4537 100644 (file)
@@ -3,6 +3,8 @@
  *     object.
  */
 
+#include "prof_int.h"
+
 #include <stdio.h>
 #include <string.h>
 #ifdef HAVE_STDLIB_H
@@ -10,8 +12,6 @@
 #endif
 #include <errno.h>
 
-#include "prof_int.h"
-
 /* Find a 4-byte integer type */
 #if    (SIZEOF_SHORT == 4)
 typedef short  prof_int32;
index 06fce875775ff8efe313222639b321ca920eafc6..919141168f89ae974e2625ef9e4b7c4078ad75c1 100644 (file)
@@ -4,6 +4,7 @@
 
 #include <time.h>
 #include <stdio.h>
+
 #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
 #include <TargetConditionals.h>
 #define USE_PTHREADS
 #define SHARE_TREE_DATA
 #endif
 
+#if defined(USE_PTHREADS)
+#include <sys/types.h>
+#include <pthread.h>
+#endif
+
 #include "com_err.h"
 #include "profile.h"
 
index 56f1c30f0441c6ba87a8728057cdf6507189f4fe..b18b8befac8234776ef78ea8d264a8720df10b5e 100644 (file)
@@ -1,3 +1,5 @@
+#include "prof_int.h"
+
 #include <stdio.h>
 #include <string.h>
 #ifdef HAVE_STDLIB_H
@@ -6,8 +8,6 @@
 #include <errno.h>
 #include <ctype.h>
 
-#include "prof_int.h"
-
 #define SECTION_SEP_CHAR '/'
 
 #define STATE_INIT_COMMENT     1
index 5abf5ec9afabc700de099cf09138d16268f299ca..c121d64da650d2300186dccf06e7eb3a900b3a3f 100644 (file)
@@ -11,6 +11,8 @@
  *
  */
 
+#include "prof_int.h"
+
 #include <stdio.h>
 #include <string.h>
 #ifdef HAVE_STDLIB_H
@@ -18,8 +20,6 @@
 #endif
 #include <errno.h>
 
-#include "prof_int.h"
-
 static errcode_t rw_setup(profile)
        profile_t       profile;
 {
index 7032a34e9b4ed070226a55a8012d46710fb2b0f6..38b86f36897ff587b8f1e538c4f986b94e589a2c 100644 (file)
@@ -17,6 +17,8 @@
  */
 
 
+#include "prof_int.h"
+
 #include <stdio.h>
 #include <string.h>
 #ifdef HAVE_STDLIB_H
@@ -25,8 +27,6 @@
 #include <errno.h>
 #include <ctype.h>
 
-#include "prof_int.h"
-
 struct profile_node {
        errcode_t       magic;
        char *name;
index 156375c81f97efffadb803bf3ca2ac2d0a36e6ec..581ee10bf90abce7c52384a6533f11fc16ee0ef0 100644 (file)
 #endif
 
 #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
-       #include <TargetConditionals.h>
-    #if TARGET_RT_MAC_CFM
-        #error "Use KfM 4.0 SDK headers for CFM compilation."
-    #endif
-#endif
-#if TARGET_OS_MAC
-    #if defined(__MWERKS__)
-        #pragma import on
-        #pragma enumsalwaysint on
-    #endif
-    #pragma options align=mac68k
+#    include <TargetConditionals.h>
+#    if TARGET_RT_MAC_CFM
+#        error "Use KfM 4.0 SDK headers for CFM compilation."
+#    endif
 #endif
 
 #ifndef KRB5_CALLCONV
@@ -41,6 +34,12 @@ typedef struct _profile_t *profile_t;
 extern "C" {
 #endif /* __cplusplus */
 
+#if TARGET_OS_MAC
+#    if defined(__MWERKS__)
+#        pragma import on
+#    endif
+#endif
+
 typedef char* profile_filespec_t;      /* path as C string */
 typedef char* profile_filespec_list_t; /* list of : separated paths, C string */
 typedef const char * const_profile_filespec_t; /* path as C string */
@@ -115,11 +114,9 @@ long KRB5_CALLCONV profile_add_relation
                   const char *new_value);
 
 #if TARGET_OS_MAC
-    #if defined(__MWERKS__)
-        #pragma enumsalwaysint reset
-        #pragma import reset
-    #endif
-    #pragma options align=reset
+#    if defined(__MWERKS__)
+#        pragma import reset
+#    endif
 #endif
 
 #ifdef __cplusplus
index 7aa0eeb620f4a581b545998126833eca7475f538..961149c8014876637bc15339a4d5b8bef4702dad 100644 (file)
@@ -1,3 +1,5 @@
+#include "prof_int.h"
+
 #include <stdio.h>
 #include <string.h>
 #ifdef HAVE_STDLIB_H
@@ -6,8 +8,6 @@
 #include <errno.h>
 #include <ctype.h>
 
-#include "prof_int.h"
-
 void dump_profile (struct profile_node *root, int level);
 
 int main(argc, argv)
index 8a97dd2f7a5b64ffdef67c9b713610d90c1e8000..5cdbf7689c168c2a658918dc9d368e448560edd3 100644 (file)
@@ -2,13 +2,14 @@
  * test_profile.c --- testing program for the profile routine
  */
 
+#include "prof_int.h"
+
 #include <stdio.h>
 #include <string.h>
 #ifdef HAVE_STDLIB_H
 #include <stdlib.h>
 #endif
 
-#include "prof_int.h"
 #include "argv_parse.h"
 #include "com_err.h"
 
index f29f9df851c46402b41a679c793484e8646b7887..e4544552b0af61c3affb75763ada0fcad065cccd 100644 (file)
@@ -149,5 +149,5 @@ init.so init.po $(OUTPRE)init.$(OBJEXT): init.c $(COM_ERR_DEPS) libpty.h \
 sane_hostname.so sane_hostname.po $(OUTPRE)sane_hostname.$(OBJEXT): sane_hostname.c $(COM_ERR_DEPS) \
   pty-int.h pty_err.h libpty.h $(SRCTOP)/include/socket-utils.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/port-sockets.h
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/k5-platform.h
 
index c2462720394323f4a759318d5d2d7764fdddaf96..6a5038145fc8e17063fcc42a4c9f4c8bc61ae8ce 100644 (file)
@@ -24,9 +24,8 @@ do
   esac
 done
 
-# Currently (2000-10-03) we need 2.13 or later.
-# The pattern also recognizes 2.40 and up.
-patb="2.(1[3-9])|([4-9][0-9])"
+# Currently (2003-04-24) we need 2.52 or later.
+patb="2.(1[0-9][0-9])|(5[2-9])|([6-9][0-9])"
 
 # sedcmd1 recognizes the older 2.12 version, and sedcmd2 the newer 2.49
 sedcmd1="s,.*version \(.*\)$,\1,"
@@ -39,18 +38,13 @@ if autoreconf --version | sed -e "$sedcmd1" -e "$sedcmd2" | egrep "$patb" >/dev/
     autoreconfoptions=
     autoconfversion=`autoconf --version | sed -e "$sedcmd1" -e "$sedcmd2"`
        echo "Using autoconf version $autoconfversion found in your path..."
-       # Determine if localdir needs to be relative or absolute
-       case "$autoconfversion" in
-         2.1*)
-              localdir=.
-              ;;
-            *)
-              localdir=`pwd`
-              ;;
-       esac
+       localdir=`pwd`
 
        # Determine if we need to patch autoreconf for 2.53
        case "$autoconfversion" in
+         2.52)
+              echo "WARNING: autoconf 2.52 is known to generate buggy configure scripts!"
+              ;;
          2.53)
               echo "Patching autoreconf"
               # Walk the path to find autoreconf
@@ -89,7 +83,7 @@ if autoreconf --version | sed -e "$sedcmd1" -e "$sedcmd2" | egrep "$patb" >/dev/
               ;;
        esac
 else
-       echo "Couldn't find autoconf 2.13 or higher in your path."
+       echo "Couldn't find autoconf 2.52 or higher in your path."
        echo " "
        echo "Please install or add to your path and re-run ./util/reconf"
        exit 1
index 15d6edc6a179a5d3f65b55274ce521bd4f352c30..66c86c76443446e521ad96df961587659aa5e9ea 100644 (file)
@@ -1,3 +1,7 @@
+2003-04-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * ss.h: Don't declare errno.  Include errno.h.
+
 2003-02-05  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.in (std_rqs.c): Depend on ct_c.sed and ct_c.awk.
index b2fd21f0060522d115d88f165af4c8a8bc6e881c..062003d3c2fac8bd7d703af18d1f9501a2fecda4 100644 (file)
@@ -7,10 +7,9 @@
 #ifndef _ss_h
 #define _ss_h __FILE__
 
+#include <errno.h>
 #include <ss/ss_err.h>
 
-extern int errno;
-
 #ifdef __STDC__
 #define __SS_CONST const
 #define __SS_PROTO (int, const char * const *, int, void *)
index 5fa15b833ba7ac44dadbcc0c9736f37a4eb70b9a..c37fca7f13dd12025237d2f43db564c182ca2744 100644 (file)
@@ -1,3 +1,121 @@
+2004-06-11  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3.4 final.
+
+2004-06-03  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3.4-beta1.
+
+2004-04-06  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3.3 final.
+
+2004-03-31  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3.3-beta2.
+
+2004-03-23  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3.3-beta1.
+
+2004-02-26  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3.2 final.
+
+2004-02-23  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: Update for krb5-1.3.2-beta5.
+
+2004-02-17  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: Update for krb5-1.3.2-beta4.
+
+2004-02-11  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: Update for krb5-1.3.2-beta3.
+
+2004-02-03  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: Update for krb5-1.3.2-beta2.
+
+2004-02-02  Jeffrey Altman <jaltman@mit.edu>
+
+    * README: Document PreserveInitialTicketIdentity registry key
+
+2004-01-30  Jeffrey Altman <jaltman@mit.edu>
+
+    * README: Update the text to include the details of the new 
+      Windows registry keys necessary to access the TGT session key.
+      Also, provide details on the incompatibility of the gss.exe
+      sample client and the versions distributed by Microsoft.
+
+2004-01-07  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: Update copyright years.  Update for
+       krb5-1.3.2-beta1.
+
+2003-07-30  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3.1 final.
+
+2003-12-22  Jeffrey Altman <jaltman@mit.edu>
+
+    * README: Update to more clearly specify the build environment 
+      requirements.  Supported compilers include MSVC++ 6.0, MSVS.NET,
+      and MSVS.NET 2003.  Clarify requirements for building with DNS
+      support.  Also, add text describing MSLSA: credential cache 
+      and how to configure Windows so it can be used.
+
+2003-07-22  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3.1-beta1.
+
+       * README: Revert previous change, as it was in error; socklen_t
+       was introduced in Aug 2001 Platform SDK, and the actual problem
+       reported was very probably a compilation environment
+       misconfiguration.
+
+2003-07-18  Tom Yu  <tlyu@mit.edu>
+
+       * README: Note requirement for Feb 2003 Platform SDK.  Thanks to
+       Doug Engert and Rodney Dyer.
+
+2003-07-08  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3 final.
+
+2003-06-27  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3-beta5.
+
+2003-06-16  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3-beta4.
+
+2003-06-09  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3-beta3.
+
+2003-05-27  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3-beta2.
+
+2003-05-14  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3-beta1.
+
+2003-04-29  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3-alpha3.
+
+2003-04-11  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3-alpha2.
+
+2003-03-14  Tom Yu  <tlyu@mit.edu>
+
+       * version.rc: krb5-1.3-alpha1.
+
 2002-04-10  Danilo Almeida  <dalmeida@mit.edu>
 
        * Makefile.in: Build ms2mit.
index 81e28431b1bfa164d8912be4b40ceeeffc621b82..96757e92560ba3245c391b36d6ce727c3ca38f87 100644 (file)
@@ -1,10 +1,10 @@
               Building & Running Kerberos 5 on Windows
               ----------------------------------------
 
-Kerberos 5 builds on Windows with MSVC++ 6.0.  You will need the
-November 2001 platform SDK or later; this SDK is required to define
-getaddrinfo.  It may or may not build with other compilers or make
-utilities.
+Kerberos 5 builds on Windows with MSVC++ 6.0, MSVS.NET, and 
+MSVS.NET 2003.  You will need the November 2001 platform SDK or 
+later; this SDK is required to define getaddrinfo.  It may or 
+may not build with other compilers or make utilities.
 
 These build instructions assume that you have the standalone source
 distribution of Kerberos 5 rather than the MIT Kerberos for Windows
@@ -22,19 +22,28 @@ Runtime library, which is not found on most Windows systems unless
 they have development tools.  To build a release version, you need to
 define NODEBUG either in the environment or the nmake command-line.
 
-DNS Support: To support DNS lookups, you will need to define
-KRB5_DNS_LOOKUP, KRB5_DNS_LOOKUP_KDC, or KRB5_DNS_LOOKUP_REALMS.  The
-DNS code will default to trying to use the wshelper library.  If you
-would rather use a resolver library whose include files more closely
-match the Unix resolver library, define KRB5_NO_WSHELPER.  You will
-also need to define DNS_INC to point to the include directory for the
-library and DNS_LIB to library itself.  The default is not to support
-DNS because the build cannot know whether there is a DNS resolver
-library around for it to use.
+To configuring the build environment execute first the compiler
+batch file, vcvars32.bat or vsvars32.bat, followed by the SDK
+batch file, setenv.bat.  For example, 
+
+  "c:\program files\microsoft visual studio .net 2003\common7\tools\vsvars32.bat"
+  "c:\program files\microsoft sdk\setenv.bat" /2000 /RETAIL
 
-Building ms2mit requires that you have a reasonably recent Microsoft
-Platform SDK installed.  Anything starting at the Windows 2000 edition
-should be fine.
+or 
+
+  "c:\program files\microsoft visual studio\vc98\bin\vcvars32.bat"
+  "c:\program files\microsoft sdk\setenv.bat" /2000 /DEBUG
+  
+DNS Support: To support DNS lookups, you will need to define
+KRB5_DNS_LOOKUP, KRB5_DNS_LOOKUP_KDC, or KRB5_DNS_LOOKUP_REALMS.  When 
+any of the KRB5_DNS_LOOKUP definitions are used, the default build will use
+the WSHelper library which is part of the Kerberos for Windows (Kfw) 
+distribution.  If you are building outside of KfW and wish to build Krb5 
+with DNS support, you must provide a resolver library whose include files 
+match the Unix resolver library.  You will need to define KRB5_NO_WSHELPER,
+define DNS_INC to point to the include directory for the library and DNS_LIB 
+to library itself.  The default is not to support DNS because the build 
+cannot know whether there is a DNS resolver library around for it to use.
 
 
 Traditional Build Method:
@@ -54,7 +63,7 @@ On the PC side
         - or -
    pkunzip -d kerbsrc.zip
 4) nmake [NODEBUG=1] [DNS-options]     # Build the sources
-5) nmake install [NODEBUG=1]           # Copy headers, libs, executables
+5) nmake install [NODEBUG=1] [options] # Copy headers, libs, executables
 
 
 All-Windows Build Method:
@@ -64,8 +73,8 @@ First, make sure you have sed, gawk, cat, and cp.
 
 1) cd xxx/src                          # Go to where the source lives
 2) nmake -f Makefile.in prep-windows   # Create Makefile for Windows
-3) nmake [NODEBUG=1] [DNS-options      # Build the sources
-4) nmake install [NODEBUG=1]           # Copy headers, libs, executables
+3) nmake [NODEBUG=1] [DNS-options]     # Build the sources
+4) nmake install [NODEBUG=1] [options] # Copy headers, libs, executables
 
 
 Notes on the install Target:
@@ -132,11 +141,160 @@ In addition to standard FILE: (disk file) and MEMORY: (in-process
 non-shared memory) Windows supports the API: cache type, which is a
 shared memory cache.  This is implemented by krbcc32.dll, which is not
 included the the krb5-only distribution.  Rather, it is part of MIT's
-Kerberos for Win32 suite.
-
-
-Othes Issues:
-------------
+Kerberos for Win32 suite.  
+
+As of the 1.3.2 release, a new cache type, MSLSA:, has been added for
+use in accessing the Microsoft Kerberos Logon Session credentials 
+cache.  The MSLSA: cache is available when the user logon is performed
+using Kerberos either to an Active Directory Domain or a non-Microsoft
+KDC.
+
+A user is able to logon to Windows using the Kerberos LSA if the machine
+is part of a Windows 2000 or Windows 2003 Active Directory domain or
+if the machine has been configured to authenticate to a non-Microsoft KDC
+such as MIT.  The instructions for configuring a Windows 2000 XP
+workstation to authenticate to a non-Microsoft KDC are documented
+in TechNet somewhere.  In brief:
+
+  1. Install the Windows 2000 or XP support tools in order to obtain
+     the tools: KSETUP.EXE and KTPASS.EXE.
+  2. Install the Windows 2000 or XP Resource Kit to obtain the tools
+     KERBTRAY.EXE and KLIST.EXE
+  3. Add Realms and associated KDCs with: *KSETUP /AddKdc <realm>
+     [<kdcname>]*.  If you leave off the <kdcname> DNS SRV records will
+     be used.
+  4. Specify the password change service host for the realm with:
+     *KSETUP /AddKpasswd <realm> <Kpwdhost>*
+  5. Assign the realm of the local machine with: *KSETUP /SetRealm
+     <realm>* where realm must be all upper case.   
+  6. Assign the local machine's password with: *KSETUP
+     /SetComputerPassword <Password>
+     *
+  7. Specify the capabilities of the Realm KDC with: *KSETUP
+     /SetRealmFlags <realm> <flag> [<flag> ...]* where flags may be
+     *None, SendAddress, TcpSupported, Delegate, *and *NcSupported*,
+  8. Map principal names to local accounts with: *KSETUP /MapUser
+     <principal> <account>*
+
+On the MIT KDC, you must then create service principals using the "Password" 
+assigned to the machine.  So far the minimum list of principals required appear 
+to be for a machine named "mymachine" in the realm "EXAMPLE.COM" with a 
+domain name of "example.com":
+
+   * host/mymachine@EXAMPLE.COM
+   * host/mymachine.example.com@EXAMPLE.COM
+   * cifs/mymachine@EXAMPLE.COM
+   * cifs/mymachine.example.com@EXAMPLE.COM
+
+There may very well be other serivces for which principals must be created depending 
+on what services are being executed on the machine.
+
+It is very important to note that while you can successfully log into a Windows 
+workstation by authenticating to the KDC without creating a host key; the logon 
+session you receive will not be a Kerberos Logon Session.  There will be no Kerberos 
+principal and no LSA cache to access.
+
+The result of a real KSETUP configuration looks like this:
+
+   [C:\4\4NT]ksetup
+   default realm = KRB5.COLUMBIA.EDU (external)
+   ATHENA.MIT.EDU:
+           kdc = kerberos.mit.edu
+           kdc = kerberos-1.mit.edu
+           kdc = kerberos-2.mit.edu
+           kdc = kerberos-3.mit.edu
+           Realm Flags = 0x0 none
+   CC.COLUMBIA.EDU:
+           kdc = kerberos.cc.columbia.edu
+           Realm Flags = 0x0 none
+   GRAND.CENTRAL.ORG:
+           kdc = penn.central.org
+           kdc = grand-opening.mit.edu
+           Realm Flags = 0x0 none
+   KRB5.COLUMBIA.EDU:
+           kdc = yclept.kermit.columbia.edu
+           Realm Flags = 0x0 none
+   OPENAFS.ORG:
+           kdc = virtue.openafs.org
+           Realm Flags = 0x0 none
+   Mapping jaltman@KRB5.COLUMBIA.EDU to jaltman.
+   Mapping jaltman@CC.COLUMBIA.EDU to jaltman.
+   Mapping jaltman@ATHENA.MIT.EDU to jaltman.
+   Mapping all users (*) to a local account by the same name (*).
+
+The MSLSA: credential cache relies on the ability to extract the entire
+Kerberos ticket including the session key from the Kerberos LSA.  In an
+attempt to increase security Microsoft has begun to implement a feature
+by which they no longer export the session keys for Ticket Getting Tickets.
+This has the side effect of making them useless to the MIT krb5 library
+when attempting to request additional service tickets.
+
+This new feature has been seen in Windows 2003 Server, Windows 2000 Server SP4,
+and Windows XP SP2 Beta.  We assume that it will be implemented in all future
+Microsoft operating systems supporting the Kerberos SSPI.  Microsoft does work
+closely with MIT and has provided a registry key to disable this new feature.
+
+  HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
+    AllowTGTSessionKey = 0x01 (DWORD)
+
+On Windows XP SP2 Beta 1 the key was specified as 
+
+  HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
+    AllowTGTSessionKey = 0x01 (DWORD)
+
+However, we anticipate that this will be changed to match the Server platforms 
+in time for SP2 RC1.
+
+It has been noted that the Microsoft Kerberos LSA does not provide enough 
+information within its KERB_EXTERNAL_TICKET structure to properly construct
+the Client Principal simply by examining a single ticket. From the MSDN
+Library:
+
+  ClientName 
+    KERB_EXTERNAL_NAME structure that contains the client name in the ticket. 
+    This name is relative to the current domain. 
+
+  DomainName 
+    UNICODE_STRING that contains the name of the domain that corresponds to 
+    the ServiceName member. This is the domain that issued the ticket. 
+
+  TargetDomainName 
+    UNICODE_STRING that contains the name of the domain in which the ticket is
+    valid. For an interdomain ticket, this is the destination domain. 
+
+  AltTargetDomainName 
+    UNICODE_STRING that contains a synonym for the destination domain. Every 
+    domain has two names: a DNS name and a NetBIOS name. If the name returned 
+    in the ticket is different from the name used to request the ticket (the 
+    Kerberos Key Distribution Center (KDC) may do name mapping), this string 
+    contains the original name. 
+
+Unfortunately, there is no field here which contains the domain of the client.
+In order for the krb5_ccache to properly report the client principal name, the 
+client principal name is constructed by utilizing the ClientName and DomainName
+fields of the Initial TGT associated with the Kerberos LSA credential cache.
+To disable the use of the TGT info and instead simply use the "DomainName" field
+of the current ticket define one of the following registry keys depending on
+whether the change should be system global or just for the current user.
+
+   HKLM\Software\MIT\Kerberos5\
+      PreserveInitialTicketIdentity = 0x0 (DWORD)
+
+   HKCU\Software\MIT\Kerberos5\
+      PreserveInitialTicketIdentity = 0x0 (DWORD)
+
+GSSAPI Sample Client:
+---------------------
+
+The GSS API Sample Client provided in this distribution is compatible with the
+gss-server application built on Unix/Linux systems.  This client is not compatible
+with the Platform SDK/Samples/Security/SSPI/GSS/ samples which Microsoft has been
+shipping as of January 2004.  Revised versions of these samples are available upon 
+request to krbdev@mit.edu.  Microsoft is committed to distribute revised samples
+which are compatible with the MIT distributed tools in a future SDK and via MSDN.
+
+Kerberos 4 Library Support:
+---------------------------
 
 The krb4_32.dll that is built (but not installed) is not supported.
 If you need Kerberos 4, you can use the krbv4w32.dll that MIT
index 54cfa75c49fe5372a478d0efd530693fe7424228..73960c0806293068880971bff1345059a4c5f7c1 100644 (file)
@@ -1,3 +1,9 @@
+2004-01-30  Jeffrey Altman <jaltman@mit.edu>
+
+    * options.c, cnsres5.rc, cns.h, cns_reg.c cns_reg.h, cns.c:
+      Add checkbox for requesting "no addresses" if it is not
+      specified in the krb5.ini file.
+
 2003-02-25  Tom Yu  <tlyu@mit.edu>
 
        * kpasswd.c (k5_change_password): Don't pass a NULL pointer to
index 13404b73664c9165ebc032b2946f2525b7ad68b2..7a02abba7e59e1f0cdc22cd3ef167e3451376e27 100644 (file)
@@ -58,6 +58,7 @@ char confname[FILENAME_MAX];           /* krb5.conf (or krb.conf for krb4) */
 #ifdef KRB5
 char ccname[FILENAME_MAX];             /* ccache file location */
 BOOL forwardable;                      /* TRUE to get forwardable tickets */
+BOOL noaddresses;
 krb5_context k5_context;
 krb5_ccache k5_ccache;
 #endif
@@ -1224,7 +1225,10 @@ kwin_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify)
     krb5_get_init_creds_opt_init(&opts);
     krb5_get_init_creds_opt_set_forwardable(&opts, forwardable);
     krb5_get_init_creds_opt_set_tkt_life(&opts, lifetime * 60);
-    
+    if (noaddresses) {
+               krb5_get_init_creds_opt_set_address_list(&opts, NULL);
+       }    
+
     /*
      * get the initial creds using the password and the options we set above
      */
@@ -1491,7 +1495,6 @@ kwin_paint(HWND hwnd)
 LRESULT CALLBACK
 kwin_wnd_proc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
 {
-  int n;
 
 #if 0
   if (message == wm_kerberos_changed) {       /* Message from the ccache */
@@ -1704,6 +1707,7 @@ init_instance(HINSTANCE hinstance, int ncmdshow)
    * ticket options
    */
   forwardable = cns_res.forwardable;
+  noaddresses = cns_res.noaddresses;
 
   /*
    * Load clock icons
index 7cc93ab9aee5a34df61eceaf984ec92b85f3f5ee..cdd6da3b3973a340e1daa91ea739791913463143 100644 (file)
 #define     IDD_ALERT 312
 #define   IDD_TKOPT 320
 #define   IDD_FORWARDABLE 321
+#define   IDD_NOADDRESSES 322
 
 /*
  * the entire range (400 through 499) is reserved for the blasted variable
@@ -199,6 +200,7 @@ extern krb5_context k5_context;
 extern krb5_ccache k5_ccache;
 extern char ccname[FILENAME_MAX];
 extern BOOL forwardable;
+extern BOOL noaddresses;
 #endif
 
 /*
index 160eb15e3fc9dd3b38487d9e513faa8731f19456..92255fe4f5494878cbe97f26e23d368286dc7a94 100644 (file)
@@ -45,7 +45,7 @@ cns_load_registry(void)
   cns_res.beep = 0;
   cns_res.lifetime = DEFAULT_TKT_LIFE * 5;
   cns_res.forwardable = 1;
-
+  cns_res.noaddresses = 0;
     
   for (i = 1 ; i < FILE_MENU_MAX_LOGINS ; i++)
     cns_res.logins[i][0] = '\0';
@@ -117,6 +117,9 @@ cns_load_registry(void)
   if (registry_dword_get(key, "forwardable", &tdw) == 0)
          cns_res.forwardable = tdw;
 
+  if (registry_dword_get(key, "noaddresses", &tdw) == 0)
+         cns_res.noaddresses = tdw;
   if (registry_dword_get(key, "alert", &tdw) == 0)
          cns_res.alert = tdw;
 
@@ -196,6 +199,7 @@ cns_save_registry(void)
   registry_dword_set(key, "beep", cns_res.beep);
   registry_dword_set(key, "lifetime", cns_res.lifetime);
   registry_dword_set(key, "forwardable", cns_res.forwardable);
+  registry_dword_set(key, "noaddresses", cns_res.noaddresses);
 
   registry_string_set(key, "name", cns_res.name);
   registry_string_set(key, "realm", cns_res.realm);
index 7ec726356966f748239d7c64fc5264a3398ee627..9ebed4fe858d6e4b1069e01e6f32b4d88c269288 100644 (file)
@@ -17,6 +17,7 @@ typedef struct cns_reg {
   DWORD         forwardable;                     /* get forwardable tickets? */
   DWORD         conf_override;                   /* allow changing of confname */
   DWORD         cc_override;                     /* allow changing of ccname */
+  DWORD         noaddresses;                     /* Don't require address in tickets */
   char          name[MAX_K_NAME_SZ];             /* last user used */
   char          realm[MAX_K_NAME_SZ];            /* last realm used */
   char          confname[FILENAME_MAX];
index e56375334b8299be8857da3c235122cc20db1e6d..d398078e3972b761758a66e75ff69954e6f8dc2a 100644 (file)
@@ -161,7 +161,9 @@ BEGIN
                     95,65,39,12
     GROUPBOX        "Ticket options",IDD_TKOPT,5,86,158,23,WS_GROUP
     CONTROL         "&Forwardable",IDD_FORWARDABLE,"Button",BS_AUTOCHECKBOX | 
-                    WS_TABSTOP,54,95,65,12
+                    WS_TABSTOP,25,95,65,12
+    CONTROL         "&NoAddresses",IDD_NOADDRESSES,"Button",BS_AUTOCHECKBOX |
+                    WS_TABSTOP,90,95,65,12
     DEFPUSHBUTTON   "OK",IDOK,19,117,52,14
     PUSHBUTTON      "Cancel",IDCANCEL,95,117,52,14
 END
index f133145754c3cc1bca5a8f4dcb6b4f310f74e16c..9e7c30e94e2f0e65975ccb0bffabf5558adcebc1 100644 (file)
@@ -74,6 +74,9 @@ opts_initdialog(HWND hwnd, HWND hwndFocus, LPARAM lParam)
   forwardable = cns_res.forwardable;
   SendDlgItemMessage(hwnd, IDD_FORWARDABLE, BM_SETCHECK, forwardable, 0);
 
+  noaddresses = cns_res.noaddresses;
+  SendDlgItemMessage(hwnd, IDD_NOADDRESSES, BM_SETCHECK, noaddresses, 0);
   return TRUE;
 }
 
@@ -161,6 +164,9 @@ opts_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify)
     forwardable = SendDlgItemMessage(hwnd, IDD_FORWARDABLE, BM_GETCHECK, 0, 0);
     cns_res.forwardable = forwardable;
 
+    noaddresses = SendDlgItemMessage(hwnd, IDD_NOADDRESSES, BM_GETCHECK, 0, 0);
+    cns_res.noaddresses = noaddresses;
+
     EndDialog(hwnd, IDOK);
 
     return; /* TRUE */
index b426555a37ccad52f7b40dfc753d5bef60aa30c6..64d57dd7dd125c470c9ec73258a2dad26d6de3b1 100644 (file)
@@ -1,3 +1,42 @@
+2004-02-12  Jeffrey Altman <jaltman@mit.edu>
+
+    * Fix libpath for krbcc32.lib (only affects KRB5_KFW_COMPILE builds)
+
+2004-02-11  Jeffrey Altman <jaltman@mit.edu>
+
+    * gss-misc.h: Add file.  Copy from src/appl/gss-sample/
+
+2004-02-06  Jeffrey Altman <jaltman@mit.edu>
+
+    * resource.h: add new component id values for replay, mutual, sequence
+
+    * gss.rc: add new components for replay, mutual, sequence
+
+    * gss.h, gss.c, gss-client.c: add support for replay, mutual, and sequence
+
+2004-02-04  Jeffrey Altman <jaltman@mit.edu>
+
+    * resource.h: add new component id values for ccache
+
+    * Makefile.in: add conditional linkage to krbcc32.lib (if KRB5_KFW_BUILD)
+
+    * gss.rc: add new component for ccache selection
+    * gss.h, gss.c, gss-client.c: add support for ccache selection and 
+      if built with USE_LEASH add support for dynamic querying of the 
+      available ccache list
+
+2004-01-30  Jeffrey Altman <jaltman@mit.edu>
+
+    * resource.h: new file containing new ui component id values
+    
+    * gss.rc: new user interface definition
+
+    * gss.h, gss-misc.c, gss-client.c: Updates to support new UI and 
+      corrections to add compatibility with the Unix gss-server
+
+    * Makefile.in: add linkage to comctl32.lib
+
 2002-06-13  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.in (SYSLIBS): Use ws2_32.lib instead of wsock32.lib.
index b545599aeb45db83e5d3d532a7253cbf909e2459..9c87f185d4076ba24dbd2bf2b4314589c01864c8 100644 (file)
@@ -8,7 +8,12 @@ XOBJS  = $(RESFILE)
 ##### Options
 # Set NODEBUG if building release instead of debug
 BUILDTOP=..\..
-LOCALINCLUDES= /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5
+
+!if defined(KRB5_KFW_COMPILE)
+KFWINC= /I$(BUILDTOP)\..\..\krbcc\include
+KFWLIB= $(BUILDTOP)\..\..\..\..\target\lib\$(CPU)\$(OUTPRE_DBG)\krbcc32.lib
+!endif
+LOCALINCLUDES= /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5 $(KFWINC)
 
 ##### RC Compiler
 RFLAGS = $(LOCALINCLUDES)
@@ -17,14 +22,14 @@ RCFLAGS     = $(RFLAGS) -D_WIN32 -DGSS_APP
 ##### Linker
 LINK   = link
 LIBS   = $(GLIB) $(CLIB) $(WLIB)
-SYSLIBS        = kernel32.lib ws2_32.lib user32.lib gdi32.lib comdlg32.lib
+SYSLIBS        = kernel32.lib ws2_32.lib user32.lib gdi32.lib comdlg32.lib comctl32.lib
 LFLAGS = /nologo $(LOPTS)
 
 all:: Makefile $(OUTPRE)gss.exe
 
 $(OUTPRE)gss.exe: gss.def $(OBJS) $(XOBJS) $(LIBS)
        $(LINK) $(LFLAGS) /map:$*.map /out:$@ $(OBJS) $(XOBJS) \
-         $(LIBS) $(SYSLIBS)
+         $(LIBS) $(SYSLIBS) $(KFWLIB)
 
 $(OBJS) $(XOBJS): gss.h
 
index d5e8972b311072fbfc6510b1a38bc308a997c42b..d9c1491c207c208e5120d1c3374ae1920c086ecb 100644 (file)
@@ -9,7 +9,7 @@
  * in advertising or publicity pertaining to distribution of the software
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
+ * purpose.  It is provided "as is" without express or implied warranty.
  * 
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  * PERFORMANCE OF THIS SOFTWARE.
  */
-
-#include "gss.h"
-
-static const gss_OID_desc oids[] = {
-   {10, "\052\206\110\206\367\022\001\002\001\004"},
-};
-
-const gss_OID_desc * nt_service_name = oids+0;
-
-int
-gss (char *host, char *name, char *oid, char *msg, int port)
-{
-       if (port == 0 || port == -1)
-        port = 4444;
-
-    if (call_server(host, port, name, oid, msg) < 0)
-        return 1;
-
-    return 0;
-}
-
-/*+
- * Function: call_server
- *
- * Purpose: Call the "sign" service.
- *
- * Arguments:
- *
- *             host                    (r) the host providing the service
- *             port                    (r) the port to connect to on host
- *             service_name    (r) the GSS-API service name to authenticate to 
- *             msg                             (r) the message to have "signed"
- *
- * Returns: 0 on success, -1 on failure
+/*
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
  *
- * Effects:
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
  * 
- * call_server opens a TCP connection to <host:port> and establishes a
- * GSS-API context with service_name over the connection.  It then
- * seals msg in a GSS-API token with gss_seal, sends it to the server,
- * reads back a GSS-API signature block for msg from the server, and
- * verifies it with gss_verify.         -1 is returned if any step fails,
- * otherwise 0 is returned.
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
  */
-int
-call_server (char *host, u_short port, char *service_name, char *oid, char *msg)
-{
-    gss_ctx_id_t context;
-    gss_buffer_desc in_buf, out_buf;
-    int s, state;
-    OM_uint32 maj_stat, min_stat;
-
-    /* Open connection */
-    if ((s = connect_to_server(host, port)) < 0)
-        return -1;
-
-    /* Establish context */
-    if (client_establish_context(s, service_name, oid, &context) < 0)
-        return -1;
-
-    /* Seal the message */
-    in_buf.value = msg;
-    in_buf.length = strlen(msg) + 1;
-    maj_stat = gss_seal(&min_stat, context, 1, GSS_C_QOP_DEFAULT,
-        &in_buf, &state, &out_buf);
-    if (maj_stat != GSS_S_COMPLETE) {
-        display_status("sealing message", maj_stat, min_stat);
-        return -1;
-    } else if (! state) {
-        OkMsgBox ("Warning!  Message not encrypted.\n");
-    }
-
-    /* Send to server */
-    if (send_token(s, &out_buf) < 0)
-        return -1;
-    (void) gss_release_buffer(&min_stat, &out_buf);
-
-    /* Read signature block into out_buf */
-    if (recv_token(s, &out_buf) < 0)
-        return -1;
-
-    /* Verify signature block */
-    maj_stat = gss_verify(&min_stat, context, &in_buf, &out_buf, &state);
-    if (maj_stat != GSS_S_COMPLETE) {
-        display_status("verifying signature", maj_stat, min_stat);
-        return -1;
-    }
-    (void) gss_release_buffer(&min_stat, &out_buf);
 
-    OkMsgBox ("Signature verified.");
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <windows.h>
+#include <winsock.h>
 
-    /* Delete context */
-    maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
-    if (maj_stat != GSS_S_COMPLETE) {
-        display_status("deleting context", maj_stat, min_stat);
-        return -1;
-    }
-    (void) gss_release_buffer(&min_stat, &out_buf);
+#include <gssapi/gssapi_generic.h>
+#include <gssapi\gssapi_krb5.h>
+#include "gss.h"
+#include "gss-misc.h"
 
-    closesocket(s);
-        
-    return 0;
-}
+static int verbose = 1;
 
-/*+
+/*
  * Function: connect_to_server
  *
  * Purpose: Opens a TCP connection to the name host and port.
  *
  * Arguments:
  *
- *             host                    (r) the target host name
- *             port                    (r) the target port, in host byte order
+ *     host            (r) the target host name
+ *     port            (r) the target port, in host byte order
  *
  * Returns: the established socket file desciptor, or -1 on failure
  *
@@ -141,34 +74,36 @@ call_server (char *host, u_short port, char *service_name, char *oid, char *msg)
  * opened and connected.  If an error occurs, an error message is
  * displayed and -1 is returned.
  */
-int
-connect_to_server (char *host, u_short port)
+static int connect_to_server(host, port)
+     char *host;
+     u_short port;
 {
-    struct sockaddr_in saddr;
-    struct hostent *hp;
-    int s;
-        
-    if ((hp = gethostbyname(host)) == NULL) {
-        OkMsgBox ("Unknown host: %s\n", host);
-        return -1;
-    }
-        
-    saddr.sin_family = hp->h_addrtype;
-    memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
-    saddr.sin_port = htons(port);
+     struct sockaddr_in saddr;
+     struct hostent *hp;
+     int s;
+     
+     if ((hp = gethostbyname(host)) == NULL) {
+         printf("Unknown host: %s\r\n", host);
+         return -1;
+     }
+     
+     saddr.sin_family = hp->h_addrtype;
+     memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
+     saddr.sin_port = htons(port);
 
-    if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-        my_perror("creating socket");
-        return -1;
-    }
-    if (connect(s, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) {
-        my_perror("connecting to server");
-        return -1;
-    }
-    return s;
+     if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+         perror("creating socket");
+         return -1;
+     }
+     if (connect(s, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) {
+         perror("connecting to server");
+         (void) closesocket(s);
+         return -1;
+     }
+     return s;
 }
 
-/*+
+/*
  * Function: client_establish_context
  *
  * Purpose: establishes a GSS-API context with a specified service and
@@ -176,15 +111,19 @@ connect_to_server (char *host, u_short port)
  *
  * Arguments:
  *
- *             s                               (r) an established TCP connection to the service
- *             sname           (r) the ASCII service name of the service
- *             context                 (w) the established GSS-API context
+ *     s               (r) an established TCP connection to the service
+ *     service_name    (r) the ASCII service name of the service
+ *     gss_flags       (r) GSS-API delegation flag (if any)
+ *     auth_flag       (r) whether to actually do authentication
+ *     oid             (r) OID of the mechanism to use
+ *     context         (w) the established GSS-API context
+ *     ret_flags       (w) the returned flags from init_sec_context
  *
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
  * 
- * sname is imported as a GSS-API name and a GSS-API context is
+ * service_name is imported as a GSS-API name and a GSS-API context is
  * established with the corresponding service; the service should be
  * listening on the TCP connection s.  The default GSS-API mechanism
  * is used, and mutual authentication and replay detection are
@@ -194,100 +133,483 @@ connect_to_server (char *host, u_short port)
  * unsuccessful, the GSS-API error messages are displayed on stderr
  * and -1 is returned.
  */
-int
-client_establish_context (int s, char *sname, char *oid_name,
-                         gss_ctx_id_t *gss_context)
+int client_establish_context( int s, 
+                              char *service_name,
+                              OM_uint32 gss_flags, 
+                              int auth_flag,
+                              int v1_format, 
+                              gss_OID oid, 
+                              gss_ctx_id_t *gss_context, 
+                              OM_uint32 *ret_flags)
 {
-    gss_buffer_desc send_tok, recv_tok, *token_ptr;
-    gss_name_t target_name;
-    OM_uint32 maj_stat, min_stat;
-    gss_OID oid = GSS_C_NULL_OID;
-
-    if (oid_name && oid_name[0]) {
-           send_tok.value = oid_name;
-           send_tok.length = strlen(oid_name);
-           maj_stat = gss_str_to_oid(&min_stat, &send_tok, &oid);
-           if (maj_stat != GSS_S_COMPLETE) {
-                   display_status("str_to_oid", maj_stat, min_stat);
-                   return -1;
-           }
-    }
+    if (auth_flag) {
+        gss_buffer_desc send_tok, recv_tok, *token_ptr;
+        gss_name_t target_name;
+        OM_uint32 maj_stat, min_stat, init_sec_min_stat;
+        int token_flags;
 
-    /*
-     * Import the name into target_name.  Use send_tok to save
-     * local variable space.
-     */
-    send_tok.value = sname;
-    send_tok.length = strlen(sname) + 1;
-    maj_stat = gss_import_name(&min_stat, &send_tok,
-        (gss_OID) nt_service_name, &target_name);
-    if (maj_stat != GSS_S_COMPLETE) {
-        display_status("parsing name", maj_stat, min_stat);
-        return -1;
-    }
-        
-       /*
-        * Perform the context-establishement loop.
-        *
-        * On each pass through the loop, token_ptr points to the token
-        * to send to the server (or GSS_C_NO_BUFFER on the first pass).
-        * Every generated token is stored in send_tok which is then
-        * transmitted to the server; every received token is stored in
-        * recv_tok, which token_ptr is then set to, to be processed by
-        * the next call to gss_init_sec_context.
-        * 
-        * GSS-API guarantees that send_tok's length will be non-zero
-        * if and only if the server is expecting another token from us,
-        * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
-        * and only if the server has another token to send us.
-        */
-        
-    token_ptr = GSS_C_NO_BUFFER;
-    *gss_context = GSS_C_NO_CONTEXT;
-
-    do {
-        maj_stat =
-            gss_init_sec_context(&min_stat,
-                                            GSS_C_NO_CREDENTIAL,
-                                                                gss_context,
-                                                                target_name,
-                                                                oid,
-                                                                GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
-                                                                0,
-                                                                NULL,          /* no channel bindings */
-                                                                token_ptr,
-                                                                NULL,          /* ignore mech type */
-                                                                &send_tok,
-                                                                NULL,          /* ignore ret_flags */
-                                                                NULL);         /* ignore time_rec */
-
-        if (token_ptr != GSS_C_NO_BUFFER)
-            (void) gss_release_buffer(&min_stat, &recv_tok);
-
-        if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
-            display_status("initializing context", maj_stat, min_stat);
-            (void) gss_release_name(&min_stat, &target_name);
+       /*
+        * Import the name into target_name.  Use send_tok to save
+        * local variable space.
+        */
+        send_tok.value = service_name;
+        send_tok.length = strlen(service_name) ;
+        maj_stat = gss_import_name(&min_stat, &send_tok,
+                                    (gss_OID) gss_nt_service_name, &target_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("parsing name", maj_stat, min_stat);
             return -1;
         }
-
-        if (send_tok.length != 0) {
-            if (send_token(s, &send_tok) < 0) {
-                (void) gss_release_buffer(&min_stat, &send_tok);
+     
+        if (!v1_format) {
+            if (send_token(s, TOKEN_NOOP|TOKEN_CONTEXT_NEXT, empty_token) < 0) {
                 (void) gss_release_name(&min_stat, &target_name);
                 return -1;
             }
         }
-        (void) gss_release_buffer(&min_stat, &send_tok);
-                 
-        if (maj_stat == GSS_S_CONTINUE_NEEDED) {
-            if (recv_token(s, &recv_tok) < 0) {
+
+       /*
+        * Perform the context-establishement loop.
+        *
+        * On each pass through the loop, token_ptr points to the token
+        * to send to the server (or GSS_C_NO_BUFFER on the first pass).
+        * Every generated token is stored in send_tok which is then
+        * transmitted to the server; every received token is stored in
+        * recv_tok, which token_ptr is then set to, to be processed by
+        * the next call to gss_init_sec_context.
+        * 
+        * GSS-API guarantees that send_tok's length will be non-zero
+        * if and only if the server is expecting another token from us,
+        * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
+        * and only if the server has another token to send us.
+        */
+
+        token_ptr = GSS_C_NO_BUFFER;
+        *gss_context = GSS_C_NO_CONTEXT;
+
+        do {
+            maj_stat =
+                gss_init_sec_context(&init_sec_min_stat,
+                                      GSS_C_NO_CREDENTIAL,
+                                      gss_context,
+                                      target_name,
+                                      oid,
+                                      gss_flags,
+                                      0,
+                                      NULL,    /* no channel bindings */
+                                      token_ptr,
+                                      NULL,    /* ignore mech type */
+                                      &send_tok,
+                                      ret_flags,
+                                      NULL);   /* ignore time_rec */
+
+            if (token_ptr != GSS_C_NO_BUFFER)
+                free (recv_tok.value);
+
+            if (send_tok.length != 0) {
+                if (verbose)
+                    printf("Sending init_sec_context token (size=%d)...",
+                            (int) send_tok.length);
+                if (send_token(s, v1_format?0:TOKEN_CONTEXT, &send_tok) < 0) {
+                    (void) gss_release_buffer(&min_stat, &send_tok);
+                    (void) gss_release_name(&min_stat, &target_name);
+                    return -1;
+                }
+            }
+            (void) gss_release_buffer(&min_stat, &send_tok);
+
+            if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
+                display_status("initializing context", maj_stat,
+                                init_sec_min_stat);
                 (void) gss_release_name(&min_stat, &target_name);
+                if (*gss_context != GSS_C_NO_CONTEXT)
+                    gss_delete_sec_context(&min_stat, gss_context,
+                                            GSS_C_NO_BUFFER);
                 return -1;
             }
-            token_ptr = &recv_tok;
-        }
-    } while (maj_stat == GSS_S_CONTINUE_NEEDED);
 
-    (void) gss_release_name(&min_stat, &target_name);
+            if (maj_stat == GSS_S_CONTINUE_NEEDED) {
+                if (verbose)
+                    printf("continue needed...");
+                if (recv_token(s, &token_flags, &recv_tok) < 0) {
+                    (void) gss_release_name(&min_stat, &target_name);
+                    return -1;
+                }
+                token_ptr = &recv_tok;
+            }
+            if (verbose)
+                printf("\r\n");
+        } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+        (void) gss_release_name(&min_stat, &target_name);
+    }
+    else {
+        if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+            return -1;
+    }
+
     return 0;
 }
+
+static void read_file(file_name, in_buf)
+    char               *file_name;
+    gss_buffer_t       in_buf;
+{
+    int fd, count;
+    struct stat stat_buf;
+    
+    if ((fd = open(file_name, O_RDONLY, 0)) < 0) {
+       perror("open");
+       printf("Couldn't open file %s\r\n", file_name);
+       exit(1);
+    }
+    if (fstat(fd, &stat_buf) < 0) {
+       perror("fstat");
+       exit(1);
+    }
+    in_buf->length = stat_buf.st_size;
+
+    if (in_buf->length == 0) {
+       in_buf->value = NULL;
+       return;
+    }
+
+    if ((in_buf->value = malloc(in_buf->length)) == 0) {
+       printf("Couldn't allocate %d byte buffer for reading file\r\n",
+               (int) in_buf->length);
+       exit(1);
+    }
+
+    /* this code used to check for incomplete reads, but you can't get
+       an incomplete read on any file for which fstat() is meaningful */
+
+    count = read(fd, in_buf->value, in_buf->length);
+    if (count < 0) {
+       perror("read");
+       exit(1);
+    }
+    if (count < in_buf->length)
+       printf("Warning, only read in %d bytes, expected %d\r\n",
+               count, (int) in_buf->length);
+}
+
+/*
+ * Function: call_server
+ *
+ * Purpose: Call the "sign" service.
+ *
+ * Arguments:
+ *
+ *     host            (r) the host providing the service
+ *     port            (r) the port to connect to on host
+ *     service_name    (r) the GSS-API service name to authenticate to
+ *     gss_flags       (r) GSS-API delegation flag (if any)
+ *     auth_flag       (r) whether to do authentication
+ *     wrap_flag       (r) whether to do message wrapping at all
+ *     encrypt_flag    (r) whether to do encryption while wrapping
+ *     mic_flag        (r) whether to request a MIC from the server
+ *     msg             (r) the message to have "signed"
+ *     use_file        (r) whether to treat msg as an input file name
+ *     mcount          (r) the number of times to send the message
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ * 
+ * call_server opens a TCP connection to <host:port> and establishes a
+ * GSS-API context with service_name over the connection.  It then
+ * seals msg in a GSS-API token with gss_wrap, sends it to the server,
+ * reads back a GSS-API signature block for msg from the server, and
+ * verifies it with gss_verify.  -1 is returned if any step fails,
+ * otherwise 0 is returned.  */
+int call_server(char *host, u_short port, gss_OID oid, char *service_name, 
+                OM_uint32 gss_flags, int auth_flag,
+                       int wrap_flag, int encrypt_flag, int mic_flag, int v1_format, 
+                char *msg, int use_file, int mcount)
+{
+     gss_ctx_id_t context;
+     gss_buffer_desc in_buf, out_buf;
+     int s, state;
+     OM_uint32 ret_flags;
+     OM_uint32 maj_stat, min_stat;
+     gss_name_t                src_name, targ_name;
+     gss_buffer_desc   sname, tname;
+     OM_uint32         lifetime;
+     gss_OID           mechanism, name_type;
+     int               is_local;
+     OM_uint32         context_flags;
+     int               is_open;
+     gss_qop_t         qop_state;
+     gss_OID_set       mech_names;
+     gss_buffer_desc   oid_name;
+     size_t    i;
+     int token_flags;
+
+     /* Open connection */
+     if ((s = connect_to_server(host, port)) < 0)
+         return -1;
+
+     /* Establish context */
+     if (client_establish_context(s, service_name, gss_flags, auth_flag,
+                                 v1_format, oid, &context,
+                                 &ret_flags) < 0) {
+         (void) closesocket(s);
+         return -1;
+     }
+
+     if (auth_flag) {
+         if (verbose) {
+             /* display the flags */
+             /* display_ctx_flags(ret_flags); */
+
+             /* Get context information */
+             maj_stat = gss_inquire_context(&min_stat, context,
+                                       &src_name, &targ_name, &lifetime,
+                                       &mechanism, &context_flags,
+                                       &is_local,
+                                       &is_open);
+             if (maj_stat != GSS_S_COMPLETE) {
+                 display_status("inquiring context", maj_stat, min_stat);
+                 return -1;
+             }
+
+             maj_stat = gss_display_name(&min_stat, src_name, &sname,
+                                          &name_type);
+             if (maj_stat != GSS_S_COMPLETE) {
+                 display_status("displaying source name", maj_stat, min_stat);
+                 return -1;
+             }
+             maj_stat = gss_display_name(&min_stat, targ_name, &tname,
+                                          (gss_OID *) NULL);
+             if (maj_stat != GSS_S_COMPLETE) {
+                 display_status("displaying target name", maj_stat, min_stat);
+                 return -1;
+             }
+             printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\r\n",
+                     (int) sname.length, (char *) sname.value,
+                     (int) tname.length, (char *) tname.value, lifetime,
+                     context_flags,
+                     (is_local) ? "locally initiated" : "remotely initiated",
+                     (is_open) ? "open" : "closed");
+
+             (void) gss_release_name(&min_stat, &src_name);
+             (void) gss_release_name(&min_stat, &targ_name);
+             (void) gss_release_buffer(&min_stat, &sname);
+             (void) gss_release_buffer(&min_stat, &tname);
+
+             maj_stat = gss_oid_to_str(&min_stat,
+                                        name_type,
+                                        &oid_name);
+             if (maj_stat != GSS_S_COMPLETE) {
+                 display_status("converting oid->string", maj_stat, min_stat);
+                 return -1;
+             }
+             printf("Name type of source name is %.*s.\r\n",
+                     (int) oid_name.length, (char *) oid_name.value);
+             (void) gss_release_buffer(&min_stat, &oid_name);
+
+             /* Now get the names supported by the mechanism */
+             maj_stat = gss_inquire_names_for_mech(&min_stat,
+                                                    mechanism,
+                                                    &mech_names);
+             if (maj_stat != GSS_S_COMPLETE) {
+                 display_status("inquiring mech names", maj_stat, min_stat);
+                 return -1;
+             }
+
+             maj_stat = gss_oid_to_str(&min_stat,
+                                        mechanism,
+                                        &oid_name);
+             if (maj_stat != GSS_S_COMPLETE) {
+                 display_status("converting oid->string", maj_stat, min_stat);
+                 return -1;
+             }
+             printf("Mechanism %.*s supports %d names\r\n",
+                     (int) oid_name.length, (char *) oid_name.value,
+                     (int) mech_names->count);
+             (void) gss_release_buffer(&min_stat, &oid_name);
+
+             for (i=0; i<mech_names->count; i++) {
+                 maj_stat = gss_oid_to_str(&min_stat,
+                                            &mech_names->elements[i],
+                                            &oid_name);
+                 if (maj_stat != GSS_S_COMPLETE) {
+                     display_status("converting oid->string", maj_stat, min_stat);
+                     return -1;
+                 }
+                 printf("  %d: %.*s\r\n", (int) i,
+                         (int) oid_name.length, (char *) oid_name.value);
+
+                 (void) gss_release_buffer(&min_stat, &oid_name);
+             }
+             (void) gss_release_oid_set(&min_stat, &mech_names);
+         }
+     }
+     
+     if (use_file) {
+         read_file(msg, &in_buf);
+     } else {
+        /* Seal the message */
+        in_buf.value = msg;
+        in_buf.length = strlen(msg);
+     }
+
+     for (i = 0; i < mcount; i++) {
+       if (wrap_flag) {
+        maj_stat = gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT,
+                            &in_buf, &state, &out_buf);
+        if (maj_stat != GSS_S_COMPLETE) {
+          display_status("wrapping message", maj_stat, min_stat);
+          (void) closesocket(s);
+          (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
+          return -1;
+        } else if (encrypt_flag && ! state) {
+          fprintf(stderr, "Warning!  Message not encrypted.\r\n");
+        }
+       }
+       else {
+        out_buf = in_buf;
+       }
+
+       /* Send to server */
+       if (send_token(s, (v1_format?0
+                         :(TOKEN_DATA |
+                         (wrap_flag ? TOKEN_WRAPPED : 0) |
+                         (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
+                         (mic_flag ? TOKEN_SEND_MIC : 0))), &out_buf) < 0) {
+        (void) closesocket(s);
+        (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
+        return -1;
+       }
+       if (out_buf.value != in_buf.value)
+        (void) gss_release_buffer(&min_stat, &out_buf);
+
+       /* Read signature block into out_buf */
+       if (recv_token(s, &token_flags, &out_buf) < 0) {
+        (void) closesocket(s);
+        (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
+        return -1;
+       }
+
+       if (mic_flag) {
+        /* Verify signature block */
+        maj_stat = gss_verify_mic(&min_stat, context, &in_buf,
+                                  &out_buf, &qop_state);
+        if (maj_stat != GSS_S_COMPLETE) {
+          display_status("verifying signature", maj_stat, min_stat);
+          (void) closesocket(s);
+          (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
+          return -1;
+        }
+
+        if (verbose)
+          printf("Signature verified.\r\n");
+       }
+       else {
+        if (verbose)
+          printf("Response received.\r\n");
+       }
+
+       free (out_buf.value);
+     }
+
+     if (use_file)
+       free(in_buf.value);
+
+     /* Send NOOP */
+     if (!v1_format)
+     (void) send_token(s, TOKEN_NOOP, empty_token);
+
+     if (auth_flag) {
+       /* Delete context */
+       maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
+       if (maj_stat != GSS_S_COMPLETE) {
+        display_status("deleting context", maj_stat, min_stat);
+        (void) closesocket(s);
+        (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
+        return -1;
+       }
+
+       (void) gss_release_buffer(&min_stat, &out_buf);
+     }
+
+     (void) closesocket(s);
+     return 0;
+}
+
+static void parse_oid(char *mechanism, gss_OID *oid)
+{
+    char       *mechstr = 0, *cp;
+    gss_buffer_desc tok;
+    OM_uint32 maj_stat, min_stat;
+    
+    if (isdigit((int) mechanism[0])) {
+       mechstr = malloc(strlen(mechanism)+5);
+       if (!mechstr) {
+           printf("Couldn't allocate mechanism scratch!\r\n");
+           return;
+       }
+       sprintf(mechstr, "{ %s }", mechanism);
+       for (cp = mechstr; *cp; cp++)
+           if (*cp == '.')
+               *cp = ' ';
+       tok.value = mechstr;
+    } else
+       tok.value = mechanism;
+    tok.length = strlen(tok.value);
+    maj_stat = gss_str_to_oid(&min_stat, &tok, oid);
+    if (maj_stat != GSS_S_COMPLETE) {
+       display_status("str_to_oid", maj_stat, min_stat);
+       return;
+    }
+    if (mechstr)
+       free(mechstr);
+}
+
+int
+gss (char *server_host, char *service_name, char *mechanism, char *msg, int port,
+     int verbose, int delegate, int mutual, int replay, int sequence, 
+     int v1_format, int auth_flag, int wrap_flag,
+     int encrypt_flag, int mic_flag, int ccount, int mcount, char *ccache)
+{
+    int use_file = 0;
+    OM_uint32 gss_flags = 0, min_stat;
+    gss_OID oid = GSS_C_NULL_OID;
+    OM_uint32     minor_status;
+    int i;
+    int rc = 0;
+
+    if (ccount <= 0)  ccount = 1;
+    if (mcount <= 0)  mcount = 1;
+
+    if (mechanism && mechanism[0])
+        parse_oid(mechanism, &oid);
+
+    if ( delegate )
+        gss_flags |= GSS_C_DELEG_FLAG;
+    if ( mutual )
+        gss_flags |= GSS_C_MUTUAL_FLAG;
+    if ( replay )
+        gss_flags |= GSS_C_REPLAY_FLAG;
+    if ( sequence )
+        gss_flags |= GSS_C_SEQUENCE_FLAG;
+
+    /* By using this function the independence between the application and
+     * the underlying authentication system is broken
+     */
+    if ( ccache && ccache[0] )
+        gss_krb5_ccache_name(&minor_status, ccache, NULL);
+
+    for (i = 0; i < ccount; i++) {
+        if (call_server(server_host, port, oid, service_name,
+                         gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
+                         v1_format, msg, use_file, mcount) < 0)
+            rc = -1;
+        break;
+    }
+
+    if (oid != GSS_C_NULL_OID)
+        (void) gss_release_oid(&min_stat, &oid);
+        
+    return rc;
+}
index cb84e9327946f1cfa6a969ccc324eaa544a2e415..28227e24834a7f20499ef01d57b7dd302a54f561 100644 (file)
  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  * PERFORMANCE OF THIS SOFTWARE.
  */
+/*
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
 #include "gss.h"
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
 #include <stdlib.h>
+#include <sys\timeb.h>
+#include <time.h>
 
-/*+
+FILE *display_file;
+DWORD ws_err;
+
+gss_buffer_desc empty_token_buf = { 0, (void *) "" };
+gss_buffer_t empty_token = &empty_token_buf;
+
+static void display_status_1
+       (char *m, OM_uint32 code, int type);
+
+static int write_all(int fildes, char *buf, unsigned int nbyte)
+{
+    int ret;
+    char *ptr;
+
+    for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
+        ret = send(fildes, ptr, nbyte, 0);
+        if (ret < 0) {
+            ws_err = WSAGetLastError();
+            errno = ws_err;
+            return(ret);
+        } else if (ret == 0) {
+            return(ptr-buf);
+        }
+    }
+
+    return(ptr-buf);
+}
+
+static int read_all(int s, char *buf, unsigned int nbyte)
+{
+    int ret;
+    char *ptr;
+    fd_set rfds;
+    struct timeval tv;
+
+    FD_ZERO(&rfds);
+    FD_SET(s, &rfds);
+    tv.tv_sec = 10;
+    tv.tv_usec = 0;
+
+    for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
+        if ( select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0 || !FD_ISSET(s, &rfds) )
+            return(ptr-buf);
+        ret = recv(s, ptr, nbyte, 0);
+        if (ret < 0) {
+            ws_err = WSAGetLastError();
+            errno = ws_err;
+            return(ret);
+        } else if (ret == 0) {
+            return(ptr-buf);
+        }
+    }
+
+    return(ptr-buf);
+}
+
+/*
  * Function: send_token
  *
  * Purpose: Writes a token to a file descriptor.
  *
  * Arguments:
  *
- *     s               (r) an open file descriptor
- *     tok             (r) the token to write
+ *     s               (r) an open file descriptor
+ *     flags           (r) the flags to write
+ *     tok             (r) the token to write
  *
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
  *
- * send_token writes the token length (as a network long) and then the
- * token data to the file descriptor s.         It returns 0 on success, and
- * -1 if an error occurs or if it could not write all the data.
+ * If the flags are non-null, send_token writes the token flags (a
+ * single byte, even though they're passed in in an integer). Next,
+ * the token length (as a network long) and then the token data are
+ * written to the file descriptor s.  It returns 0 on success, and -1
+ * if an error occurs or if it could not write all the data.
  */
-int send_token(int s, gss_buffer_t tok) {
-    long len;
-    size_t ret;
-    size_t ws_err;
+int send_token(int s, int flags, gss_buffer_t tok)
+{
+     int len, ret;
+     unsigned char char_flags = (unsigned char) flags;
+     unsigned char lenbuf[4];
 
-    len = htonl(tok->length);
+     if (char_flags) {
+         ret = write_all(s, (char *)&char_flags, 1);
+         if (ret != 1) {
+             my_perror("sending token flags");
+             OkMsgBox ("Winsock error  %d \n", ws_err);
+             return -1;
+         }
+     }
+    if (tok->length > 0xffffffffUL)
+        abort();
+    lenbuf[0] = (tok->length >> 24) & 0xff;
+    lenbuf[1] = (tok->length >> 16) & 0xff;
+    lenbuf[2] = (tok->length >> 8) & 0xff;
+    lenbuf[3] = tok->length & 0xff;
 
-    ret = send (s, (char *) &len, 4, 0);        // Send length over the socket
+    ret = write_all(s, lenbuf, 4);
     if (ret < 0) {
-               ws_err = WSAGetLastError();
-               errno = ws_err;
-               my_perror("sending token length");
+        my_perror("sending token length");
                OkMsgBox ("Winsock error  %d \n", ws_err);
-               return -1;
+        return -1;
     } else if (ret != 4) {
-           ws_err = WSAGetLastError();
-           OkMsgBox("sending token length: %d of %d bytes written\nWinsock error = %d\n",
-                    ret, 4, ws_err);
-           return -1;
+        if (verbose)
+            printf("sending token length: %d of %d bytes written\r\n", 
+                     ret, 4);
+        return -1;
     }
 
-    ret = send (s, tok->value, tok->length, 0); // Send the data
+    ret = write_all(s, tok->value, tok->length);
     if (ret < 0) {
-           ws_err = WSAGetLastError();
-           errno = ws_err;
-           my_perror("sending token data");
-           OkMsgBox ("Winsock error  %d \n", ws_err);
-           return -1;
+        my_perror("sending token data");
+               OkMsgBox ("Winsock error  %d \n", ws_err);
+        return -1;
     } else if (ret != tok->length) {
-           ws_err = WSAGetLastError();
-           OkMsgBox ("sending token data: %d of %d bytes written\nWinsock error = %d\n",
-                     ret, tok->length, ws_err);
-           return -1;
+        if (verbose)
+            printf("sending token data: %d of %d bytes written\r\n", 
+                     ret, (int) tok->length);
+        return -1;
     }
 
     return 0;
 }
 
-/*+
+/*
  * Function: recv_token
  *
  * Purpose: Reads a token from a file descriptor.
  *
  * Arguments:
  *
- *     s               (r) an open file descriptor
- *     tok             (w) the read token
+ *     s               (r) an open file descriptor
+ *     flags           (w) the read flags
+ *     tok             (w) the read token
  *
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
  * 
- * recv_token reads the token length (as a network long), allocates
- * memory to hold the data, and then reads the token data from the
- * file descriptor s.  It blocks to read the length and data, if
- * necessary.  On a successful return, the token should be freed with
- * gss_release_buffer. It returns 0 on success, and -1 if an error
- * occurs or if it could not read all the data.
+ * recv_token reads the token flags (a single byte, even though
+ * they're stored into an integer, then reads the token length (as a
+ * network long), allocates memory to hold the data, and then reads
+ * the token data from the file descriptor s.  It blocks to read the
+ * length and data, if necessary.  On a successful return, the token
+ * should be freed with gss_release_buffer.  It returns 0 on success,
+ * and -1 if an error occurs or if it could not read all the data.
  */
-int
-recv_token (int s, gss_buffer_t tok) {
+int recv_token(int s, int * flags, gss_buffer_t tok)
+{
     int ret;
-    unsigned long len;
-       size_t ws_err;
+    unsigned char char_flags;
+    unsigned char lenbuf[4];
 
-    ret = recv (s, (char *) &len, 4, 0);
+    ret = read_all(s, (char *) &char_flags, 1);
     if (ret < 0) {
-           ws_err = WSAGetLastError();
-           errno = ws_err;
-           my_perror("reading token length");
-           OkMsgBox ("Winsock error  %d \n", ws_err);
+        my_perror("reading token flags");
+               OkMsgBox ("Winsock error  %d \n", ws_err);
         return -1;
-    } else if (ret != 4) {
-           ws_err = WSAGetLastError();
-           OkMsgBox ("reading token length: %d of %d bytes written\nWinsock error = %d\n",
-                     ret, 4, ws_err);
-           return -1;
+    } else if (! ret) {
+        if (display_file)
+            printf("reading token flags: 0 bytes read\r\n", display_file);
+        return -1;
+    } else {
+        *flags = (int) char_flags;
     }
-         
-    len = ntohl(len);
-    tok->length = (size_t) len;
-    tok->value = (char *) malloc(tok->length);
-    if (tok->value == NULL) {
-        OkMsgBox ("Out of memory allocating token data\n");
+
+    if (char_flags == 0 ) {
+        lenbuf[0] = 0;
+        ret = read_all(s, &lenbuf[1], 3);
+        if (ret < 0) {
+            my_perror("reading token length");
+            OkMsgBox ("Winsock error  %d \n", ws_err);
+            return -1;
+        } else if (ret != 3) {
+            if (verbose)
+                printf("reading token length: %d of %d bytes read\r\n", 
+                         ret, 3);
+            return -1;
+        }
+    }
+    else {
+        ret = read_all(s, lenbuf, 4);
+        if (ret < 0) {
+            my_perror("reading token length");
+            OkMsgBox ("Winsock error  %d \n", ws_err);
+            return -1;
+        } else if (ret != 4) {
+            if (verbose)
+                printf("reading token length: %d of %d bytes read\r\n", 
+                         ret, 4);
+            return -1;
+        }
+    }
+
+    tok->length = ((lenbuf[0] << 24)
+                    | (lenbuf[1] << 16)
+                    | (lenbuf[2] << 8)
+                    | lenbuf[3]);
+    tok->value = (char *) malloc(tok->length ? tok->length : 1);
+    if (tok->length && tok->value == NULL) {
+        if (verbose)
+            printf("Out of memory allocating token data\r\n");
         return -1;
     }
 
-    ret = recv (s, (char *) tok->value, tok->length, 0);
+    ret = read_all(s, (char *) tok->value, tok->length);
     if (ret < 0) {
-           ws_err = WSAGetLastError();
-           errno = ws_err;
-           my_perror("reading token data");
-           OkMsgBox ("Winsock error  %d \n", ws_err);
-           free(tok->value);
-           return -1;
-    } else if ((size_t) ret != tok->length) {
-           ws_err = WSAGetLastError();
-           OkMsgBox ("reading token data: %d of %d bytes written\nWinsock error = %d\n",
-                     ret, tok->length, ws_err);
-           free(tok->value);
-           return -1;
+        my_perror("reading token data");
+               OkMsgBox ("Winsock error  %d \n", ws_err);
+        free(tok->value);
+        return -1;
+    } else if (ret != tok->length) {
+        printf("sending token data: %d of %d bytes written\r\n", 
+                 ret, (int) tok->length);
+        free(tok->value);
+        return -1;
     }
 
     return 0;
 }
 
+void 
+free_token(gss_buffer_t tok)
+{
+    if (tok->length <= 0 || tok->value == NULL)
+        return;
+
+    free(tok->value);
+    tok->value = NULL;
+    tok->length = 0;
+}
+
 /*+
  * Function: display_status
  *
@@ -183,6 +317,9 @@ display_status_1(char *m, OM_uint32 code, int type) {
         maj_stat = gss_display_status(&min_stat, code,
                                       type, GSS_C_NULL_OID,
                                       &msg_ctx, &msg);
+        if (verbose)
+            printf("GSS-API error %s: %s\r\n", m,
+                     (char *)msg.value); 
         OkMsgBox ("GSS-API error %s: %s\n", m,
             (char *)msg.value);
         (void) gss_release_buffer(&min_stat, &msg);
@@ -191,6 +328,70 @@ display_status_1(char *m, OM_uint32 code, int type) {
             break;
     }
 }
+
+/*
+ * Function: display_ctx_flags
+ *
+ * Purpose: displays the flags returned by context initation in
+ *         a human-readable form
+ *
+ * Arguments:
+ *
+ *     int             ret_flags
+ *
+ * Effects:
+ *
+ * Strings corresponding to the context flags are printed on
+ * stdout, preceded by "context flag: " and followed by a newline
+ */
+
+void display_ctx_flags(flags)
+     OM_uint32 flags;
+{
+     if (flags & GSS_C_DELEG_FLAG)
+         printf("context flag: GSS_C_DELEG_FLAG\r\n");
+     if (flags & GSS_C_MUTUAL_FLAG)
+         printf("context flag: GSS_C_MUTUAL_FLAG\r\n");
+     if (flags & GSS_C_REPLAY_FLAG)
+         printf("context flag: GSS_C_REPLAY_FLAG\r\n");
+     if (flags & GSS_C_SEQUENCE_FLAG)
+         printf("context flag: GSS_C_SEQUENCE_FLAG\r\n");
+     if (flags & GSS_C_CONF_FLAG )
+         printf("context flag: GSS_C_CONF_FLAG \r\n");
+     if (flags & GSS_C_INTEG_FLAG )
+         printf("context flag: GSS_C_INTEG_FLAG \r\n");
+}
+
+void print_token(tok)
+     gss_buffer_t tok;
+{
+    int i;
+    unsigned char *p = tok->value;
+
+    if (!verbose)
+       return;
+    for (i=0; i < tok->length; i++, p++) {
+       printf("%02x ", *p);
+       if ((i % 16) == 15) {
+           printf("\r\n");
+       }
+    }
+    printf("\r\n");
+}
+
+
+int gettimeofday (struct timeval *tv, void *ignore_tz)
+{
+    struct _timeb tb;
+    _tzset();
+    _ftime(&tb);
+    if (tv) {
+       tv->tv_sec = tb.time;
+       tv->tv_usec = tb.millitm * 1000;
+    }
+    return 0;
+}
+
 /*+*************************************************************************
 ** 
 ** OkMsgBox
similarity index 63%
rename from src/krb524/misc.c
rename to src/windows/gss/gss-misc.h
index 7e3f4e3bc43aa1c1cf310165363d80a791dc11c4..35b3b73906fb243aa2055dee302503481094e4b5 100644 (file)
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-#include <krb5.h>
+/*
+ * $Id$
+ */
+
+#ifndef _GSSMISC_H_
+#define _GSSMISC_H_
+
+#include <gssapi/gssapi_generic.h>
 #include <stdio.h>
-#include <sys/types.h>
 
-#ifndef _WIN32
-#include <sys/time.h>
-#include <sys/signal.h>
-#include <netinet/in.h>
-#endif
+extern FILE *display_file;
 
-#include <krb.h>
-#include "krb524.h"
+int send_token
+       (int s, int flags, gss_buffer_t tok);
+int recv_token
+       (int s, int *flags, gss_buffer_t tok);
+void display_status
+       (char *msg, OM_uint32 maj_stat, OM_uint32 min_stat);
+void display_ctx_flags
+       (OM_uint32 flags);
+void print_token
+       (gss_buffer_t tok);
 
-void krb524_init_ets(context)
-     krb5_context context;
-{
-     initialize_k524_error_table();
-}
+/* Token types */
+#define TOKEN_NOOP             (1<<0)
+#define TOKEN_CONTEXT          (1<<1)
+#define TOKEN_DATA             (1<<2)
+#define TOKEN_MIC              (1<<3)
+
+/* Token flags */
+#define TOKEN_CONTEXT_NEXT     (1<<4)
+#define TOKEN_WRAPPED          (1<<5)
+#define TOKEN_ENCRYPTED                (1<<6)
+#define TOKEN_SEND_MIC         (1<<7)
+
+extern gss_buffer_t empty_token;
+
+#endif
index 2a9b93dcf6fcf273f7ca4b990774799ca1d3390c..f42d293eaf91f129f3d86c6cfb1fa30b23188549 100644 (file)
@@ -1,3 +1,26 @@
+/*
+ * Copyright (C) 2003, 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
 /*+*************************************************************************
 **
 ** GSS test    - Windows scaffolding to test the gssapi dll
 #include <windows.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <commctrl.h>
 #include "gss.h"
+#include <krb5.h>
+#ifdef USE_LEASH
+#include <cacheapi.h>
+#endif
 
-#define GSS_CONNECT_NAME            102
-#define GSS_OK                      100
-#define GSS_CANCEL                  101
+#include "resource.h"
 
-#define GSSAPI_INI     "kerberos.ini"                          // Which INI file
+#define GSSAPI_INI     "gsstest.ini"                           // Which INI file
 #define INI_HOSTS      "GSSAPI Hosts"                          // INI file section
 #define INI_HOST       "Host"                                          // INI file line label
+#define INI_SVCS       "GSSAPI Services"                       // INI file section
+#define INI_SVC            "Service"                                   // INI file line label
+#define INI_MSGS       "GSSAPI Messages"                       // INI file section
+#define INI_MSG            "Message"                                   // INI file line label
+#define INI_MECHS      "GSSAPI Mechanisms"                     // INI file section
+#define INI_MECH       "Mech"                                          // INI file line label
+#define INI_LAST    "GSSAPI Most Recent" 
+#define INI_LAST_HOST "Host"
+#define INI_LAST_PORT "Port"
+#define INI_LAST_SVC  "Service"
+#define INI_LAST_MECH "Mechanism"
+#define INI_LAST_MSG  "Message"
+#define INI_LAST_DELEGATE  "Delegation"
+#define INI_LAST_SEQUENCE  "Sequence"
+#define INI_LAST_MUTUAL    "Mutual"
+#define INI_LAST_REPLAY    "Replay"
+#define INI_LAST_VERBOSE   "Verbose"
+#define INI_LAST_CCOUNT    "Call Count"
+#define INI_LAST_MCOUNT    "Message Count"
+#define INI_LAST_VER1      "Version One"
+#define INI_LAST_NOAUTH    "No Auth"
+#define INI_LAST_NOWRAP    "No Wrap"
+#define INI_LAST_NOCRYPT   "No Encrypt"
+#define INI_LAST_NOMIC     "No Mic"
+#define INI_LAST_CCACHE    "CCache"
 
-#define MAX_HOSTS 9
-char hosts[MAX_HOSTS][256];
+#define MAX_SAVED 9
+char hosts[MAX_SAVED][256];
+char svcs[MAX_SAVED][256];
+char msgs[MAX_SAVED][256];
+char mechs[MAX_SAVED][256];
 char szHost[256];                      // GSSAPI Host to connect to
-char szServiceName[256];               // Service to do
-char szOID[256];                       // OID to use   
+char szService[256];           // Service to do
+char szMessage[256];        // Message to send
+char szMech[256];                      // OID to use
+char szCCache[256];         // CCache to use
 int port = 0;                          // Which port to use
+int delegate = 0;           // Delegate?
+int replay = 1;             // Replay?
+int mutual = 1;             // Mutual?
+int sequence = 0;           // Sequence?
+int verbose = 1;            // Verbose?
+int ccount = 1;             // Call Count
+int mcount = 1;             // Message Count
+int gssv1 = 0;              // Version 1?
+int noauth = 0;             // No Auth?
+int nowrap = 0;             // No Wrap?
+int nocrypt = 0;            // No Crypt?
+int nomic = 0;              // No Mic?
 
-static void do_gssapi_test (char *name);
+HWND hDialog = 0;
+
+static void do_gssapi_test (void);
 static void parse_name (char *name);
-static int read_hosts(void);
-static void write_hosts (void);
-static void    update_hosts (char *name);
+static void read_saved(void);
+static void write_saved (void);
+static void    update_saved (void);
 static void fill_combo (HWND hDlg);
 
 /*+*************************************************************************
@@ -40,17 +110,15 @@ static void fill_combo (HWND hDlg);
 ** Sets up the Dialog that drives our program
 **
 ***************************************************************************/
-int PASCAL
-WinMain (hInstance, hPrevInstance, lpszCmdLine, nCmdShow)
-HANDLE hInstance, hPrevInstance;
-LPSTR lpszCmdLine;
-int nCmdShow;
+int __stdcall
+WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdLine, int nCmdShow)
 {
-       FARPROC lpfnDlgProc;
        WSADATA wsadata;
        WORD versionrequested;
        int rc;
 
+       InitCommonControls();
+
        versionrequested = 0x0101;              /* Version 1.1 */
        rc = WSAStartup(versionrequested, &wsadata);
        if (rc) {
@@ -65,9 +133,8 @@ int nCmdShow;
            return FALSE;
        }
        
-       lpfnDlgProc = MakeProcInstance(OpenGssapiDlg, hInstance);
-       DialogBox (hInstance, "OPENGSSAPIDLG", NULL, lpfnDlgProc);
-       FreeProcInstance(lpfnDlgProc);
+       rc = DialogBoxParam (hInstance, "GSSAPIDLG", HWND_DESKTOP, OpenGssapiDlg, 0L);
+       rc = GetLastError();
 
        WSACleanup();
        return 0;
@@ -80,14 +147,15 @@ int nCmdShow;
 **
 ***************************************************************************/
 void
-do_gssapi_test (char *name) {
+do_gssapi_test (void) {
        int n;                                                                          // Return value
        HCURSOR hcursor;                                                        // For the hourglass cursor
 
-       parse_name(name);                                                       // Get host, service and port
-
        hcursor = SetCursor(LoadCursor(NULL, IDC_WAIT));
-       n = gss (szHost, szServiceName, szOID, "Test Gssapi Message", port);
+       n = gss (szHost, szService, szMech, szMessage[0] ? szMessage : "Test Gssapi Message", port,
+             verbose, delegate, mutual, replay, sequence, 
+             gssv1, !noauth, !nowrap, !nocrypt, !nomic, ccount, mcount,
+             szCCache);
        SetCursor(hcursor);
 
        if (n)
@@ -105,19 +173,21 @@ do_gssapi_test (char *name) {
 **     WM_COMMAND    - Input received
 **
 ***************************************************************************/
-BOOL PASCAL
+INT_PTR CALLBACK
 OpenGssapiDlg(
        HWND hDlg,
-       WORD message,
-       WORD wParam,
-       LONG lParam)
+       UINT message,
+       WPARAM wParam,
+       LPARAM lParam)
 {
        HDC hDC;                                                                        // For getting graphic info
        DWORD Ext;                                                                      // Size of dialog
        int xExt, yExt;                                                         // Size broken apart
-       char hostname[256];                                                     // What the user typed
+    char buff[64];
+
        switch (message) {
        case WM_INITDIALOG:
+        hDialog = hDlg;
                /*
                ** First center the dialog
                */
@@ -131,12 +201,56 @@ OpenGssapiDlg(
                        0, 0, SWP_NOSIZE | SWP_NOZORDER | SWP_SHOWWINDOW);
                ReleaseDC(hDlg, hDC);
 
-               read_hosts ();                                                  // Get the host list
+        SendDlgItemMessage(hDlg, GSS_HOST_NAME, CB_LIMITTEXT, sizeof(szHost), 0);
+               read_saved ();                                                  // Get the host list
                fill_combo (hDlg);                                              // Put into combo box
 
-               SendMessage(hDlg, WM_SETFOCUS, NULL, NULL);
+               SendMessage(hDlg, WM_SETFOCUS, 0, 0);
                return (TRUE);
 
+    case WM_HSCROLL:
+               switch (LOWORD(wParam)) {
+               case TB_THUMBTRACK:
+               case TB_THUMBPOSITION: 
+                       {
+                               long pos = HIWORD(wParam); // the position of the slider
+                               int  ctrlID = GetDlgCtrlID((HWND)lParam);
+
+                               if (ctrlID == GSS_CALL_COUNT) {
+                    sprintf(buff,"Call Count: %d",pos);
+                                       SetWindowText(GetDlgItem(hDialog, IDC_STATIC_CCOUNT),buff);
+                               }
+                               if (ctrlID == GSS_MESSAGE_COUNT) {
+                    sprintf(buff,"Message Count: %d",pos);
+                                       SetWindowText(GetDlgItem(hDialog, IDC_STATIC_MSG_COUNT),buff);
+                               }
+                       }
+                       break;
+        case TB_BOTTOM:
+        case TB_TOP:
+        case TB_ENDTRACK:
+        case TB_LINEDOWN:
+        case TB_LINEUP:
+        case TB_PAGEDOWN:
+        case TB_PAGEUP:
+               default:
+                       {
+                               int  ctrlID = GetDlgCtrlID((HWND)lParam);
+                               long pos = SendMessage(GetDlgItem(hDialog,ctrlID), TBM_GETPOS, 0, 0); // the position of the slider
+
+                               if (ctrlID == GSS_CALL_COUNT) {
+                    sprintf(buff,"Call Count: %d",pos);
+                                       SetWindowText(GetDlgItem(hDialog, IDC_STATIC_CCOUNT),buff);
+                               }
+                               if (ctrlID == GSS_MESSAGE_COUNT) {
+                    sprintf(buff,"Message Count: %d",pos);
+                                       SetWindowText(GetDlgItem(hDialog, IDC_STATIC_MSG_COUNT),buff);
+                               }
+                       }
+               }
+        break;
+
+
        case WM_COMMAND:
                switch (wParam) {
                case GSS_CANCEL:                                                // Only way out of the dialog
@@ -145,22 +259,75 @@ OpenGssapiDlg(
                        break;
 
                case GSS_OK:
-                       GetDlgItemText(hDlg, GSS_CONNECT_NAME, hostname, 256);
-                       SendDlgItemMessage(hDlg, GSS_CONNECT_NAME, CB_SHOWDROPDOWN,
-                               FALSE, NULL);
+                       GetDlgItemText(hDlg, GSS_HOST_NAME, szHost, 256);
+                       SendDlgItemMessage(hDlg, GSS_HOST_NAME, CB_SHOWDROPDOWN, FALSE, 0);
 
-                       if (! *hostname) {
-                               MessageBox(hDlg, "You must enter a host name",
-                                       NULL, MB_OK);
+                       if (!*szHost) {
+                               MessageBox(hDlg, "You must enter a host name", NULL, MB_OK);
                                break;
                        }
-                       do_gssapi_test (hostname);                      // Test GSSAPI
-                       update_hosts (hostname);                        // Add it to the host list
+
+                       GetDlgItemText(hDlg, GSS_SERVICE_NAME, szService, 256);
+                       SendDlgItemMessage(hDlg, GSS_SERVICE_NAME, CB_SHOWDROPDOWN, FALSE, 0);
+
+                       if (!*szService) {
+                               MessageBox(hDlg, "You must enter a service name", NULL, MB_OK);
+                               break;
+                       }
+
+            GetDlgItemText(hDlg, GSS_MECHANISM, szMech, 256);
+            GetDlgItemText(hDlg, GSS_CCACHE_NAME, szCCache, 256);
+            GetDlgItemText(hDlg, GSS_MESSAGE, szMessage, 256);
+            GetDlgItemText(hDlg, GSS_PORT, buff, 32);
+            if (!*buff) {
+                               MessageBox(hDlg, "You must enter a valid port number", NULL, MB_OK);
+                               break;
+            }
+            port = atoi(buff);
+            if (port == 0 || port == -1)
+                port = 4444;
+
+            ccount = SendDlgItemMessage( hDlg, GSS_CALL_COUNT, TBM_GETPOS, 0, 0);
+            mcount = SendDlgItemMessage( hDlg, GSS_MESSAGE_COUNT, TBM_GETPOS, 0, 0);
+
+            verbose = IsDlgButtonChecked(hDlg, GSS_VERBOSE);
+            delegate = IsDlgButtonChecked(hDlg, GSS_DELEGATION);
+            mutual = IsDlgButtonChecked(hDlg, GSS_MUTUAL);
+            replay = IsDlgButtonChecked(hDlg, GSS_REPLAY);
+            sequence = IsDlgButtonChecked(hDlg, GSS_SEQUENCE);
+            gssv1 = IsDlgButtonChecked(hDlg, GSS_VERSION_ONE);
+
+            noauth = IsDlgButtonChecked(hDlg, GSS_NO_AUTH);
+            if ( noauth ) {
+                nowrap = nocrypt = nomic = 0;
+            } else {
+                nowrap = IsDlgButtonChecked(hDlg, GSS_NO_WRAP);
+                nocrypt = IsDlgButtonChecked(hDlg, GSS_NO_ENCRYPT);
+                nomic = IsDlgButtonChecked(hDlg, GSS_NO_MIC);
+            }
+
+                       update_saved ();                                // Add it to the host list
                        fill_combo (hDlg);                                      // Update the combo box
+            SetDlgItemText(hDlg, GSS_OUTPUT, "");
+            do_gssapi_test ();                         // Test GSSAPI
 
                        //EndDialog(hDlg, TRUE);
                        break;
-               }
+               
+        case GSS_NO_AUTH:
+            if ( IsDlgButtonChecked(hDlg, GSS_NO_AUTH) ) {
+                // disable the other no_xxx options
+                EnableWindow(GetDlgItem(hDlg, GSS_NO_WRAP), FALSE);
+                EnableWindow(GetDlgItem(hDlg, GSS_NO_ENCRYPT), FALSE);
+                EnableWindow(GetDlgItem(hDlg, GSS_NO_MIC), FALSE);
+            } else {
+                // enable the other no_xxx options
+                EnableWindow(GetDlgItem(hDlg, GSS_NO_WRAP), TRUE);
+                EnableWindow(GetDlgItem(hDlg, GSS_NO_ENCRYPT), TRUE);
+                EnableWindow(GetDlgItem(hDlg, GSS_NO_MIC), TRUE);
+            }
+            break;
+        }
                return FALSE;
        }
        return FALSE;
@@ -199,84 +366,221 @@ parse_name (char *name) {
            ptr = strtok( NULL, seps);
        }
        if( ptr ){
-           strcpy( szServiceName, ptr );
+           strcpy( szService, ptr );
        }else{
-           wsprintf (szServiceName, "sample@%s", szHost); // Make the service name
+           wsprintf (szService, "sample@%s", szHost); // Make the service name
        }
        if( ptr ){
            ptr = strtok( NULL, seps);
        }
        if( ptr ){
-           wsprintf (szOID, "{ %s }", ptr); // Put in the OID
-           for (ptr = szOID; *ptr; ptr++)
+           wsprintf (szMech, "{ %s }", ptr); // Put in the OID
+           for (ptr = szMech; *ptr; ptr++)
                    if (*ptr == '.')
                            *ptr = ' ';
     } else {
-          szOID[0] = 0;
+          szMech[0] = 0;
        }
 
 }
 /*+*************************************************************************
 **
-** Read_hosts
+** read_saved
 **
 ** Reads all the hosts listed in the INI file.
 **
 ***************************************************************************/
-static int
-read_hosts (void) {
+static void
+read_saved (void) {
        int i;                                  /* Index */
-       char buff[10];
+       char buff[32];
        
-       for (i = 0; MAX_HOSTS; ++i) {           /* Read this many entries */
+       for (i = 0; MAX_SAVED; ++i) {           /* Read this many entries */
                wsprintf (buff, INI_HOST "%d", i);
                GetPrivateProfileString(INI_HOSTS, buff, "", hosts[i], 256, GSSAPI_INI);
                if (*hosts[i] == '\0')          /* No more entries??? */
                        break;
        }
-
-       return i;
+       for (i = 0; MAX_SAVED; ++i) {           /* Read this many entries */
+               wsprintf (buff, INI_SVC "%d", i);
+               GetPrivateProfileString(INI_SVCS, buff, "", svcs[i], 256, GSSAPI_INI);
+               if (*svcs[i] == '\0')           /* No more entries??? */
+                       break;
+       }
+       for (i = 0; MAX_SAVED; ++i) {           /* Read this many entries */
+               wsprintf (buff, INI_MSG "%d", i);
+               GetPrivateProfileString(INI_MSGS, buff, "", msgs[i], 256, GSSAPI_INI);
+               if (*msgs[i] == '\0')           /* No more entries??? */
+                       break;
+       }
+       for (i = 0; MAX_SAVED; ++i) {           /* Read this many entries */
+               wsprintf (buff, INI_MECH "%d", i);
+               GetPrivateProfileString(INI_MECHS, buff, "", mechs[i], 256, GSSAPI_INI);
+               if (*mechs[i] == '\0')          /* No more entries??? */
+                       break;
+       }
+    GetPrivateProfileString(INI_LAST, INI_LAST_HOST, "", szHost, 256, GSSAPI_INI);
+    GetPrivateProfileString(INI_LAST, INI_LAST_PORT, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        port = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_SVC, "", szService, 256, GSSAPI_INI);
+    GetPrivateProfileString(INI_LAST, INI_LAST_MSG, "", szMessage, 256, GSSAPI_INI);
+    GetPrivateProfileString(INI_LAST, INI_LAST_MECH, "", szMech, 256, GSSAPI_INI);
+    GetPrivateProfileString(INI_LAST, INI_LAST_CCACHE, "", szCCache, 256, GSSAPI_INI);
+    GetPrivateProfileString(INI_LAST, INI_LAST_DELEGATE, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        delegate = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_MUTUAL, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        mutual = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_REPLAY, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        replay = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_SEQUENCE, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        sequence = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_VERBOSE, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        verbose = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_CCOUNT, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        ccount = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_MCOUNT, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        mcount = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_VER1, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        gssv1 = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_NOAUTH, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        noauth = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_NOWRAP, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        nowrap = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_NOCRYPT, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        nocrypt = atoi(buff);
+    GetPrivateProfileString(INI_LAST, INI_LAST_NOMIC, "", buff, 32, GSSAPI_INI);
+    if ( buff[0] )  
+        nomic = atoi(buff);
 }
+
 /*+*************************************************************************
 **
-** Write_hosts
+** write_saved
 **
 ** Writes the hosts list back to the ini file.
 **
 ***************************************************************************/
 static void
-write_hosts () {
+write_saved () {
        int i;                                                                          // Index
-       char buff[10];
+       char buff[32];
 
-       for (i = 0; i < MAX_HOSTS; ++i) {
+       for (i = 0; i < MAX_SAVED; ++i) {
                if (*hosts[i] == '\0')                                  // End of the list?
                        break;
                wsprintf (buff, INI_HOST "%d", i);
                WritePrivateProfileString(INI_HOSTS, buff, hosts[i], GSSAPI_INI);
        }
+       for (i = 0; i < MAX_SAVED; ++i) {
+               if (*svcs[i] == '\0')                                   // End of the list?
+                       break;
+               wsprintf (buff, INI_SVC "%d", i);
+               WritePrivateProfileString(INI_SVCS, buff, svcs[i], GSSAPI_INI);
+       }
+       for (i = 0; i < MAX_SAVED; ++i) {
+               if (*msgs[i] == '\0')                                   // End of the list?
+                       break;
+               wsprintf (buff, INI_MSG "%d", i);
+               WritePrivateProfileString(INI_MSGS, buff, msgs[i], GSSAPI_INI);
+       }
+       for (i = 0; i < MAX_SAVED; ++i) {
+               if (*mechs[i] == '\0')                                  // End of the list?
+                       break;
+               wsprintf (buff, INI_MECH "%d", i);
+               WritePrivateProfileString(INI_MECHS, buff, mechs[i], GSSAPI_INI);
+       }
+    WritePrivateProfileString(INI_LAST, INI_LAST_HOST, szHost, GSSAPI_INI);
+    wsprintf(buff, "%d", port);
+    WritePrivateProfileString(INI_LAST, INI_LAST_PORT, buff, GSSAPI_INI);
+    WritePrivateProfileString(INI_LAST, INI_LAST_SVC, szService, GSSAPI_INI);
+    WritePrivateProfileString(INI_LAST, INI_LAST_MECH, szMech, GSSAPI_INI);
+    WritePrivateProfileString(INI_LAST, INI_LAST_CCACHE, szCCache, GSSAPI_INI);
+    WritePrivateProfileString(INI_LAST, INI_LAST_MSG, szMessage, GSSAPI_INI);
+    wsprintf(buff, "%d", delegate);
+    WritePrivateProfileString(INI_LAST, INI_LAST_DELEGATE, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", mutual);
+    WritePrivateProfileString(INI_LAST, INI_LAST_MUTUAL, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", replay);
+    WritePrivateProfileString(INI_LAST, INI_LAST_REPLAY, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", sequence);
+    WritePrivateProfileString(INI_LAST, INI_LAST_SEQUENCE, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", verbose);
+    WritePrivateProfileString(INI_LAST, INI_LAST_VERBOSE, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", ccount);
+    WritePrivateProfileString(INI_LAST, INI_LAST_CCOUNT, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", mcount);
+    WritePrivateProfileString(INI_LAST, INI_LAST_MCOUNT, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", gssv1);
+    WritePrivateProfileString(INI_LAST, INI_LAST_VER1, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", noauth);
+    WritePrivateProfileString(INI_LAST, INI_LAST_NOAUTH, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", nowrap);
+    WritePrivateProfileString(INI_LAST, INI_LAST_NOWRAP, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", nocrypt);
+    WritePrivateProfileString(INI_LAST, INI_LAST_NOCRYPT, buff, GSSAPI_INI);
+    wsprintf(buff, "%d", nomic);
+    WritePrivateProfileString(INI_LAST, INI_LAST_NOMIC, buff, GSSAPI_INI);
 }
 /*+*************************************************************************
 **
-** Update_hosts
+** Update_saved
 **
 ** Updates the host list with the new NAME the user typed.
 **
 ***************************************************************************/
 static void
-update_hosts (char *name) {
+update_saved (void) {
        int i;                                                                          // Index
 
-       for (i = 0; i < MAX_HOSTS-1; ++i) {                     // Find it in the list
-               if (! _stricmp (name, hosts[i]))                // A match
+       for (i = 0; i < MAX_SAVED-1; ++i) {                     // Find it in the list
+               if (! _stricmp (szHost, hosts[i]))              // A match
                        break;
                if (*hosts[i] == '\0')                                  // End of the list
                        break;
        }
        memmove (hosts[1], hosts[0], i * sizeof(hosts[0])); // Move the data down
-       strcpy (hosts[0], name);                                        // Insert this item
+       strcpy (hosts[0], szHost);                                      // Insert this item
+
+    for (i = 0; i < MAX_SAVED-1; ++i) {                        // Find it in the list
+               if (! _stricmp (szService, svcs[i]))            // A match
+                       break;
+               if (*svcs[i] == '\0')                                   // End of the list
+                       break;
+       }
+       memmove (svcs[1], svcs[0], i * sizeof(svcs[0])); // Move the data down
+       strcpy (svcs[0], szService);                                    // Insert this item
 
-       write_hosts ();
+       for (i = 0; i < MAX_SAVED-1; ++i) {                     // Find it in the list
+               if (! _stricmp (szMessage, msgs[i]))            // A match
+                       break;
+               if (*msgs[i] == '\0')                                   // End of the list
+                       break;
+       }
+       memmove (msgs[1], msgs[0], i * sizeof(msgs[0])); // Move the data down
+       strcpy (msgs[0], szMessage);                                    // Insert this item
+
+       for (i = 0; i < MAX_SAVED-1; ++i) {                     // Find it in the list
+               if (! _stricmp (szMech, mechs[i]))              // A match
+                       break;
+               if (*mechs[i] == '\0')                                  // End of the list
+                       break;
+       }
+       memmove (mechs[1], mechs[0], i * sizeof(hosts[0])); // Move the data down
+       strcpy (mechs[0], szMech);                                      // Insert this item
+
+       write_saved ();
 }
 /*+*************************************************************************
 **
@@ -289,16 +593,130 @@ update_hosts (char *name) {
 static void
 fill_combo (HWND hDlg) {
        int i;                                                                          // Index
+    char buff[256];
+#ifdef USE_LEASH
+    krb5_error_code retval;
+    apiCB * cc_ctx = 0;
+    struct _infoNC ** pNCi = 0;
+#endif
 
-       SendDlgItemMessage(hDlg, GSS_CONNECT_NAME, CB_RESETCONTENT, NULL, NULL);
+       SendDlgItemMessage(hDlg, GSS_HOST_NAME, CB_RESETCONTENT, 0, 0);
+       SetDlgItemText(hDlg, GSS_HOST_NAME, szHost);
+       SendDlgItemMessage(hDlg, GSS_HOST_NAME, CB_SETEDITSEL, 0, 0);
+       for (i = 1; i < MAX_SAVED; ++i) {                       // Fill in the list box
+               if (*hosts[i] == '\0')
+                       break;
+               SendDlgItemMessage(hDlg, GSS_HOST_NAME, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) hosts[i]));
+       }
 
-       SetDlgItemText(hDlg, GSS_CONNECT_NAME, hosts[0]);
-       SendDlgItemMessage(hDlg, GSS_CONNECT_NAME, CB_SETEDITSEL, NULL, NULL);
+       SendDlgItemMessage(hDlg, GSS_SERVICE_NAME, CB_RESETCONTENT, 0, 0);
+       SetDlgItemText(hDlg, GSS_SERVICE_NAME, szService);
+       SendDlgItemMessage(hDlg, GSS_SERVICE_NAME, CB_SETEDITSEL, 0, 0);
+       for (i = 1; i < MAX_SAVED; ++i) {                       // Fill in the list box
+               if (*svcs[i] == '\0')
+                       break;
+               SendDlgItemMessage(hDlg, GSS_SERVICE_NAME, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) svcs[i]));
+       }
 
-       for (i = 1; i < MAX_HOSTS; ++i) {                       // Fill in the list box
-               if (*hosts[i] == '\0')
+       SendDlgItemMessage(hDlg, GSS_MECHANISM, CB_RESETCONTENT, 0, 0);
+       SetDlgItemText(hDlg, GSS_MECHANISM, szMech);
+       SendDlgItemMessage(hDlg, GSS_MECHANISM, CB_SETEDITSEL, 0, 0);
+       for (i = 1; i < MAX_SAVED; ++i) {                       // Fill in the list box
+               if (*mechs[i] == '\0')
                        break;
-               SendDlgItemMessage(hDlg, GSS_CONNECT_NAME, CB_ADDSTRING, 0,
-                       (LPARAM) ((LPSTR) hosts[i]));
+               SendDlgItemMessage(hDlg, GSS_MECHANISM, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) mechs[i]));
        }
+
+    SendDlgItemMessage(hDlg, GSS_CCACHE_NAME, CB_RESETCONTENT, 0, 0);
+       SetDlgItemText(hDlg, GSS_CCACHE_NAME, szCCache);
+       SendDlgItemMessage(hDlg, GSS_CCACHE_NAME, CB_SETEDITSEL, 0, 0);
+
+#ifdef USE_LEASH
+    retval = cc_initialize(&cc_ctx, CC_API_VER_2, NULL, NULL);
+    if (retval)
+        goto skip_ccache;
+
+    retval = cc_get_NC_info(cc_ctx, &pNCi);
+    if (retval) 
+        goto clean_ccache;
+
+    for ( i=0; pNCi[i]; i++ ) {
+        if (pNCi[i]->vers == CC_CRED_V5) {
+            sprintf(buff,"API:%s",pNCi[i]->name);
+            SendDlgItemMessage(hDlg, GSS_CCACHE_NAME, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) buff));
+        }
+    }
+
+  clean_ccache:
+    if (pNCi)
+        cc_free_NC_info(cc_ctx, &pNCi);
+    if (cc_ctx)
+        cc_shutdown(&cc_ctx);
+  skip_ccache:
+#endif /* USE_LEASH */
+    if ( szCCache[0] )
+        SendDlgItemMessage(hDlg, GSS_CCACHE_NAME, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) szCCache));
+    SendDlgItemMessage(hDlg, GSS_CCACHE_NAME, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) "MSLSA:"));
+
+       SendDlgItemMessage(hDlg, GSS_MESSAGE, CB_RESETCONTENT, 0, 0);
+       SetDlgItemText(hDlg, GSS_MESSAGE, szMessage);
+       SendDlgItemMessage(hDlg, GSS_MESSAGE, CB_SETEDITSEL, 0, 0);
+       for (i = 1; i < MAX_SAVED; ++i) {                       // Fill in the list box
+               if (*msgs[i] == '\0')
+                       break;
+               SendDlgItemMessage(hDlg, GSS_MESSAGE, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) msgs[i]));
+       }
+
+    wsprintf(buff, "%d", port);
+    SetDlgItemText(hDlg, GSS_PORT, buff);
+
+    CheckDlgButton(hDlg, GSS_VERBOSE, verbose);
+    CheckDlgButton(hDlg, GSS_DELEGATION, delegate);
+    CheckDlgButton(hDlg, GSS_MUTUAL, mutual);
+    CheckDlgButton(hDlg, GSS_REPLAY, replay);
+    CheckDlgButton(hDlg, GSS_SEQUENCE, sequence);
+    CheckDlgButton(hDlg, GSS_VERSION_ONE, gssv1);
+    CheckDlgButton(hDlg, GSS_NO_AUTH, noauth);
+    CheckDlgButton(hDlg, GSS_NO_WRAP, nowrap);
+    CheckDlgButton(hDlg, GSS_NO_ENCRYPT, nocrypt);
+    CheckDlgButton(hDlg, GSS_NO_MIC, nomic);
+
+    if ( noauth ) {
+        // disable the other no_xxx options
+        EnableWindow(GetDlgItem(hDlg, GSS_NO_WRAP), FALSE);
+        EnableWindow(GetDlgItem(hDlg, GSS_NO_ENCRYPT), FALSE);
+        EnableWindow(GetDlgItem(hDlg, GSS_NO_MIC), FALSE);
+    } else {
+        // enable the other no_xxx options
+        EnableWindow(GetDlgItem(hDlg, GSS_NO_WRAP), TRUE);
+        EnableWindow(GetDlgItem(hDlg, GSS_NO_ENCRYPT), TRUE);
+        EnableWindow(GetDlgItem(hDlg, GSS_NO_MIC), TRUE);
+    }
+
+    SendDlgItemMessage(hDlg, GSS_CALL_COUNT, TBM_SETRANGEMIN, (WPARAM) FALSE, (LPARAM) 1);
+    SendDlgItemMessage(hDlg, GSS_CALL_COUNT, TBM_SETRANGEMAX, (WPARAM) FALSE, (LPARAM) 20);
+    SendDlgItemMessage(hDlg, GSS_CALL_COUNT, TBM_SETPOS, (WPARAM) FALSE, (LPARAM) ccount);
+    sprintf(buff,"Call Count: %d",ccount);
+    SetWindowText(GetDlgItem(hDialog, IDC_STATIC_CCOUNT),buff);
+
+    SendDlgItemMessage(hDlg, GSS_MESSAGE_COUNT, TBM_SETRANGEMIN, (WPARAM) FALSE, (LPARAM) 1);
+    SendDlgItemMessage(hDlg, GSS_MESSAGE_COUNT, TBM_SETRANGEMAX, (WPARAM) FALSE, (LPARAM) 20);
+    SendDlgItemMessage(hDlg, GSS_MESSAGE_COUNT, TBM_SETPOS, (WPARAM) FALSE, (LPARAM) mcount);
+    sprintf(buff,"Message Count: %d",mcount);
+    SetWindowText(GetDlgItem(hDialog, IDC_STATIC_MSG_COUNT),buff);
+}
+
+int
+gss_printf (const char *format, ...) {
+    static char myprtfstr[4096];
+    int i, len, rc=0;
+    char *cp;
+    va_list ap;
+
+    va_start(ap, format);
+    rc = _vsnprintf(myprtfstr, sizeof(myprtfstr)-1, format, ap);
+    va_end(ap);
+
+    SendDlgItemMessage(hDialog, GSS_OUTPUT, EM_REPLACESEL, FALSE, (LPARAM) myprtfstr);
+    return rc;
 }
index e9b43c507097fa2f4c7889941c900c9ef9e8ea25..60d91bf6b522ac0bafaeb48ce42338af990902bc 100644 (file)
 #include <gssapi/gssapi_generic.h>
 
 // gss.c
-BOOL PASCAL OpenGssapiDlg(HWND hDlg, WORD message, WORD wParam, LONG lParam);
+INT_PTR CALLBACK OpenGssapiDlg(        HWND hDlg,      UINT message,   WPARAM wParam,  LPARAM lParam);
 
 // gss-misc.c
-int send_token(int s, gss_buffer_t tok);
-int recv_token(int s, gss_buffer_t tok);
+int send_token(int s, int flags, gss_buffer_t tok);
+int recv_token(int s, int *flags, gss_buffer_t tok);
+void free_token(gss_buffer_t tok);
 void display_status(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat);
 static void display_status_1(char *m, OM_uint32 code, int type);
 void OkMsgBox (char *format, ...);
 void my_perror (char *msg);
 
 // gss-client.c
-int gss (char *host, char *name, char *msg, char *oid, int port);
-int call_server(char *host, u_short port, char *service_name, char *oid, char *msg);
+int
+gss (char *server_host, char *service_name, char *mechanism, char *msg, int port,
+     int verbose, int delegate, int mutual, int replay, int sequence, 
+     int v1_format, int auth_flag, int wrap_flag,
+     int encrypt_flag, int mic_flag, int ccount, int mcount, char * ccache);
+int call_server(char *host, u_short port, gss_OID oid, char *service_name, 
+                OM_uint32 deleg_flag, int auth_flag,
+                       int wrap_flag, int encrypt_flag, int mic_flag, int v1_format, 
+                char *msg, int use_file, int mcount);
 int connect_to_server(char *host, u_short port);
-int client_establish_context(int s, char *service_name, char *oid, gss_ctx_id_t *gss_context);
+int client_establish_context(int s, char *service_name, OM_uint32 deleg_flag,
+                             int auth_flag, int v1_format, gss_OID oid, 
+                             gss_ctx_id_t *gss_context, OM_uint32 *ret_flags);
+
+
+extern int verbose;
+#define printf  gss_printf
index 95458df6f12b577fca8cbe368448ddd1cb07717e..46cf6424ed848e47635c35f8c2d307c33b733578 100644 (file)
-/*+*************************************************************************
-**
-**     Gss
-**     
-**     Tests the gssapi dll.
-**
-***************************************************************************/
-
-#include <windows.h>
-#include <winver.h>
+// Microsoft Visual C++ generated resource script.
+//
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#define APSTUDIO_HIDDEN_SYMBOLS
+#include "windows.h"
+#undef APSTUDIO_HIDDEN_SYMBOLS
+#include "resource.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// English (U.S.) resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+#ifdef _WIN32
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+#pragma code_page(1252)
+#endif //_WIN32
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Icon
+//
+
+// Icon with lowest ID value placed first to ensure application icon
+// remains consistent on all systems.
+GSS                     ICON                    "gss.ico"
 
-#define GSS_CONNECT_NAME            102
-#define GSS_OK                      100
-#define GSS_CANCEL                  101
+/////////////////////////////////////////////////////////////////////////////
+//
+// Dialog
+//
 
-gss ICON gss.ico
+GSSAPIDLG DIALOGEX 63, 65, 330, 311
+STYLE DS_SETFONT | DS_MODALFRAME | DS_3DLOOK | WS_POPUP | WS_CAPTION | 
+    WS_SYSMENU
+CAPTION "Test GSSAPI Connection"
+FONT 8, "MS Sans Serif", 0, 0, 0x0
+BEGIN
+    RTEXT           "Hostname:",IDC_STATIC_HOST,5,12,60,10,NOT WS_GROUP
+    COMBOBOX        GSS_HOST_NAME,70,9,245,60,CBS_DROPDOWN | CBS_AUTOHSCROLL | 
+                    WS_VSCROLL | WS_GROUP | WS_TABSTOP
+    DEFPUSHBUTTON   "Test",GSS_OK,80,290,51,14,WS_GROUP
+    PUSHBUTTON      "Exit",GSS_CANCEL,185,290,51,14
+    RTEXT           "Port:",IDC_STATIC_PORT,16,27,50,8
+    EDITTEXT        GSS_PORT,70,25,40,14,ES_RIGHT | ES_AUTOHSCROLL | 
+                    ES_NUMBER
+    COMBOBOX        GSS_SERVICE_NAME,70,41,245,60,CBS_DROPDOWN | CBS_SORT | 
+                    WS_VSCROLL | WS_TABSTOP
+    RTEXT           "GSS Service Name:",IDC_STATIC_SERVICE,1,44,64,8
+    COMBOBOX        GSS_CCACHE_NAME,70,69,245,60,CBS_DROPDOWN | CBS_SORT | 
+                    WS_VSCROLL | WS_TABSTOP
+    RTEXT           "CCache Name:",IDC_STATIC_CCACHE,16,71,49,8
+    COMBOBOX        GSS_MECHANISM,70,110,245,60,CBS_DROPDOWN | 
+                    CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP
+    RTEXT           "Mechanism (OID):",IDC_STATIC_MECH,0,115,65,8
+    RTEXT           "Test Message:",IDC_STATIC_MSG,0,55,65,8
+    COMBOBOX        GSS_MESSAGE,70,55,245,60,CBS_DROPDOWN | CBS_AUTOHSCROLL | 
+                    CBS_SORT | WS_VSCROLL | WS_TABSTOP
+    LTEXT           "The following items are optional and should only be altered by those who understand their implications.",
+                    IDC_STATIC_OPTIONS,10,85,305,20
+    CONTROL         "Verbose Output",GSS_VERBOSE,"Button",BS_AUTOCHECKBOX | 
+                    WS_TABSTOP,72,138,65,10
+    CONTROL         "Delegation",GSS_DELEGATION,"Button",BS_AUTOCHECKBOX | 
+                    WS_TABSTOP,72,150,50,10
+    CONTROL         "Version 1",GSS_VERSION_ONE,"Button",BS_AUTOCHECKBOX | 
+                    WS_TABSTOP,150,138,45,10
+    CONTROL         "No Auth",GSS_NO_AUTH,"Button",BS_AUTOCHECKBOX | 
+                    WS_TABSTOP,72,162,42,10
+    CONTROL         "No Wrap",GSS_NO_WRAP,"Button",BS_AUTOCHECKBOX | 
+                    WS_TABSTOP,132,162,45,10
+    CONTROL         "No Encrypt",GSS_NO_ENCRYPT,"Button",BS_AUTOCHECKBOX | 
+                    WS_TABSTOP,198,162,51,10
+    CONTROL         "No Mic",GSS_NO_MIC,"Button",BS_AUTOCHECKBOX | 
+                    WS_TABSTOP,270,162,39,10
+    CONTROL         "Slider1",GSS_CALL_COUNT,"msctls_trackbar32",TBS_BOTH | 
+                    WS_TABSTOP,66,174,100,15
+    CONTROL         "Slider2",GSS_MESSAGE_COUNT,"msctls_trackbar32",TBS_BOTH | 
+                    WS_TABSTOP,204,174,100,15
+    CTEXT           "Call Count",IDC_STATIC_CCOUNT,72,192,90,8
+    CTEXT           "Message Count",IDC_STATIC_MSG_COUNT,210,192,90,8
+    GROUPBOX        "Output",IDC_GROUP_OUTPUT,0,210,325,75
+    GROUPBOX        "Configuration Options",IDC_GROUP_OPTIONS,0,0,325,205
+    EDITTEXT        GSS_OUTPUT,0,220,320,60,ES_MULTILINE | ES_AUTOVSCROLL | 
+                    ES_AUTOHSCROLL | ES_READONLY | WS_VSCROLL | WS_HSCROLL
+    CONTROL         "Mutual",GSS_MUTUAL,"Button",BS_AUTOCHECKBOX | 
+                    WS_TABSTOP,132,150,37,10
+    CONTROL         "Replay",GSS_REPLAY,"Button",BS_AUTOCHECKBOX | 
+                    WS_TABSTOP,198,150,38,10
+    CONTROL         "Sequence",GSS_SEQUENCE,"Button",BS_AUTOCHECKBOX | 
+                    WS_TABSTOP,270,150,49,10
+END
+
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE 
+BEGIN
+    "resrc1.h\0"
+END
 
-OPENGSSAPIDLG DIALOG 63, 65, 330, 71
-STYLE DS_ABSALIGN | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
-CAPTION "Open GSSAPI Connection"
-FONT 8, "MS Sans Serif"
+2 TEXTINCLUDE 
 BEGIN
-       CONTROL "Host Port Service:", -1, "STATIC", NOT WS_GROUP, 5, 10, 60, 10
-       CONTROL "Example: foo 34000 sample@foo.bar.com", -1, "STATIC", NOT WS_GROUP, 70, 25, 256, 10
-       CONTROL "", GSS_CONNECT_NAME, "COMBOBOX", CBS_DROPDOWN | WS_VSCROLL | WS_GROUP | WS_TABSTOP, 70, 9, 256, 60
-       CONTROL "Test", GSS_OK, "BUTTON", WS_GROUP | WS_TABSTOP | BS_DEFPUSHBUTTON, 70, 50, 51, 14
-       CONTROL "Exit", GSS_CANCEL, "BUTTON", WS_TABSTOP, 150, 50, 51, 14
+    "#define APSTUDIO_HIDDEN_SYMBOLS\r\n"
+    "#include ""windows.h""\r\n"
+    "#undef APSTUDIO_HIDDEN_SYMBOLS\r\n"
+    "#include ""resource.h""\r\n"
+    "\0"
 END
 
+3 TEXTINCLUDE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+#endif    // English (U.S.) resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+
+
+#include <winver.h>
 #include "..\version.rc"
 
 TestTrackerMOTD TEXT ver_serv.txt
-
diff --git a/src/windows/gss/resource.h b/src/windows/gss/resource.h
new file mode 100644 (file)
index 0000000..de7b2c1
--- /dev/null
@@ -0,0 +1,50 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Developer Studio generated include file.
+// Used by gss.rc
+//
+#define GSS_HOST_NAME                   1000
+#define GSS_PORT                        1001
+#define GSS_SERVICE_NAME                1003
+#define IDC_STATIC_SERVICE              1004
+#define GSS_MECHANISM                   1005
+#define IDC_STATIC_MECH                 1006
+#define IDC_STATIC_MSG                  1007
+#define GSS_MESSAGE                     1008
+#define IDC_STATIC_OPTIONS              1009
+#define GSS_VERBOSE                     1010
+#define GSS_DELEGATION                  1011
+#define GSS_VERSION_ONE                 1012
+#define GSS_NO_AUTH                     1013
+#define GSS_NO_WRAP                     1014
+#define GSS_NO_ENCRYPT                  1015
+#define GSS_NO_MIC                      1016
+#define GSS_CALL_COUNT                  1017
+#define GSS_MESSAGE_COUNT               1018
+#define IDC_STATIC_CCOUNT               1019
+#define IDC_STATIC_MSG_COUNT            1020
+#define IDC_GROUP_OUTPUT                1021
+#define IDC_GROUP_OPTIONS               1022
+#define GSS_OUTPUT                      1023
+#define GSS_OK                          1024
+#define GSS_CANCEL                      1025
+#define IDC_STATIC_PORT                 1026
+#define IDC_STATIC_HOST                 1027
+#define GSS_CCACHE_NAME                 1028
+#define IDC_STATIC_CCACHE               1029
+#define GSS_MUTUAL                      1030
+#define GSS_REPLAY                      1031
+#define GSS_SEQUENCE                    1032
+
+#define IDD_GSSAPIDLG                   101
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NO_MFC                     1
+#define _APS_NEXT_RESOURCE_VALUE        102
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1033
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
diff --git a/src/windows/installer/nsis/ChangeLog b/src/windows/installer/nsis/ChangeLog
new file mode 100644 (file)
index 0000000..8041458
--- /dev/null
@@ -0,0 +1,19 @@
+2004-05-17  Jeffrey Altman <jaltman@mit.edu>
+
+* kfw.nsi, kfw-fixed.nsi, utils.nsi:
+  - replace the UpdateDLL macro with the ReplaceDLL macro
+  - use ReplaceDLL to install all .exe and .dll files
+  this will allow the installer to work even when some files
+  are loaded by modules which cannot be terminated such as 
+  Network Providers (afslogon.dll for example)
+
+2004-04-14  Jeffrey Altman <jaltman@mit.edu>
+
+* nsi-includes.nsi:  update version to 2.6.1
+
+* kfw-fixed.nsi:  add kvno.exe, gss-client.exe, gss-server.exe
+
+2004-03-31  Jeffrey Altman <jaltman@mit.edu>
+
+* Add the NSIS installer for KFW 2.6 to the repository
+
diff --git a/src/windows/installer/nsis/KfWConfigPage.ini b/src/windows/installer/nsis/KfWConfigPage.ini
new file mode 100644 (file)
index 0000000..abc0ed6
--- /dev/null
@@ -0,0 +1,59 @@
+[Settings]
+NumFields=7
+
+[Field 1]
+Type=label
+Text=The Kerberos Client may utilize configuration files to assist in contacting KDCs.  Where do you want to get these files?
+Left=0
+Right=-1
+Top=0
+Bottom=20
+
+[Field 2]
+Type=RadioButton
+Text=Use existing configuration files from a previous installation.
+Left=10
+Right=-1
+Top=25
+Bottom=35
+
+[Field 3]
+Type=RadioButton
+Text=Use packaged configuration files.
+Left=10
+Right=-1
+Top=40
+Bottom=50
+
+[Field 4]
+type=RadioButton
+Text=Download from web path:
+State=0
+Left=10
+Right=-1
+Top=55
+Bottom=65
+
+[Field 5]
+type=Text
+State=
+Left=20
+Right=-1
+Top=70
+Bottom=80
+
+[Field 6]
+type=radioButton
+text=Select a directory
+Left=10
+Right=-1
+Top=85
+Bottom=95
+
+[Field 7]
+type=DirRequest
+Flags=PATH_MUST_EXIST
+Left=20
+Right=-40
+Top=100
+Bottom=110
diff --git a/src/windows/installer/nsis/KfWConfigPage2.ini b/src/windows/installer/nsis/KfWConfigPage2.ini
new file mode 100644 (file)
index 0000000..ffa3d78
--- /dev/null
@@ -0,0 +1,28 @@
+[Settings]
+NumFields=3
+
+[Field 1]
+Type=label
+Text=The Leash ticket manager maybe installed with the following optional functionality.  Please check those items you wish activated.
+Left=0
+Right=-1
+Top=0
+Bottom=20
+
+[Field 2]
+Type=CheckBox
+Text=Autostart the Leash ticket manager each time you login to Windows.
+State=1 
+Left=10
+Right=-1
+Top=25
+Bottom=35
+
+[Field 3]
+Type=CheckBox
+Text=Ensure that Kerberos tickets are available throughout the Windows logon session [-autoinit].
+State=1
+Left=10
+Right=-1
+Top=40
+Bottom=60
diff --git a/src/windows/installer/nsis/kfw-fixed.nsi b/src/windows/installer/nsis/kfw-fixed.nsi
new file mode 100644 (file)
index 0000000..84ecff6
--- /dev/null
@@ -0,0 +1,1428 @@
+;-----------------------------------------------------------------
+; KfW defines and functionality
+; Copyright (c) 2004 Massachusetts Institute of Technology
+
+!define KFW_VERSION "${KFW_MAJORVERSION}.${KFW_MINORVERSION}.${KFW_PATCHLEVEL}"
+
+!define PROGRAM_NAME "Kerberos for Windows"
+!ifdef RELEASE
+!ifndef DEBUG        ; !DEBUG on v2.0b4
+Name "MIT ${PROGRAM_NAME} ${KFW_VERSION}"
+!else                ; DEBUG on v2.0b4
+Name "MIT ${PROGRAM_NAME} ${KFW_VERSION} Checked/Debug"
+!endif               ; End DEBUG/!DEBUG
+!else
+!ifdef BETA
+!ifndef DEBUG        ; !DEBUG on v2.0b4
+Name "MIT ${PROGRAM_NAME} ${KFW_VERSION} Beta ${BETA}"
+!else                ; DEBUG on v2.0b4
+Name "MIT ${PROGRAM_NAME} ${KFW_VERSION} Beta ${BETA} Checked/Debug"
+!endif               ; End DEBUG/!DEBUG
+!else
+!ifndef DEBUG        ; !DEBUG on v2.0b4
+Name "MIT ${PROGRAM_NAME} ${KFW_VERSION} ${__DATE__} ${__TIME__}"
+!else                ; DEBUG on v2.0b4
+Name "MIT ${PROGRAM_NAME} ${KFW_VERSION} ${__DATE__} ${__TIME__} Checked/Debug"
+!endif               ; End DEBUG/!DEBUG
+!endif
+!endif
+VIProductVersion "${KFW_MAJORVERSION}.${KFW_MINORVERSION}.${KFW_PATCHLEVEL}.00"
+VIAddVersionKey "ProductName" "${PROGRAM_NAME}"
+VIAddVersionKey "CompanyName" "Massachusetts Institute of Technology"
+VIAddVersionKey "ProductVersion" ${VIProductVersion}
+VIAddVersionKey "FileVersion" ${VIProductVersion}
+VIAddVersionKey "FileDescription" "MIT Kerberos for Windows Installer"
+VIAddVersionKey "LegalCopyright" "(C)2004"
+!ifdef DEBUG
+VIAddVersionKey "PrivateBuild" "Checked/Debug"
+!endif               ; End DEBUG
+
+
+;--------------------------------
+;Configuration
+
+  ;General
+  SetCompressor lzma
+!ifndef DEBUG
+  OutFile "MITKerberosForWindows.exe"
+!else
+  OutFile "MITKerberosForWindows-DEBUG.exe"
+!endif
+  SilentInstall normal
+  ShowInstDetails show
+  XPStyle on
+  !define MUI_ICON "kfw.ico"
+  !define MUI_UNICON "kfw.ico"
+  !define KFW_COMPANY_NAME "Massachusetts Institute of Technology"
+  !define KFW_PRODUCT_NAME "${PROGRAM_NAME}"
+  !define KFW_REGKEY_ROOT  "Software\MIT\Kerberos\"
+  CRCCheck force
+  !define REPLACEDLL_NOREGISTER
+
+  ;Folder selection page
+  InstallDir "$PROGRAMFILES\MIT\Kerberos"      ; Install to shorter path
+  
+  ;Remember install folder
+  InstallDirRegKey HKLM "${KFW_REGKEY_ROOT}" ""
+  
+  ;Remember the installer language
+  !define MUI_LANGDLL_REGISTRY_ROOT "HKLM" 
+  !define MUI_LANGDLL_REGISTRY_KEY "${KFW_REGKEY_ROOT}" 
+  !define MUI_LANGDLL_REGISTRY_VALUENAME "Installer Language"
+  
+  ;Where are the files?
+  !define KFW_BIN_DIR "${KFW_TARGETDIR}\bin\i386"
+  !define KFW_DOC_DIR "${KFW_TARGETDIR}\doc"
+  !define KFW_INC_DIR "${KFW_TARGETDIR}\inc"
+  !define KFW_LIB_DIR "${KFW_TARGETDIR}\lib\i386"
+  !define KFW_INSTALL_DIR "${KFW_TARGETDIR}\install"
+  !define SYSTEMDIR   "$%SystemRoot%\System32" 
+
+;--------------------------------
+;Modern UI Configuration
+
+  !define MUI_LICENSEPAGE
+  !define MUI_CUSTOMPAGECOMMANDS
+  !define MUI_WELCOMEPAGE
+  !define MUI_COMPONENTSPAGE
+  !define MUI_COMPONENTSPAGE_SMALLDESC
+  !define MUI_DIRECTORYPAGE
+
+  !define MUI_ABORTWARNING
+  !define MUI_FINISHPAGE
+  
+  !define MUI_UNINSTALLER
+  !define MUI_UNCONFIRMPAGE
+  
+  
+  !insertmacro MUI_PAGE_WELCOME
+  !insertmacro MUI_PAGE_LICENSE "Licenses.rtf"
+  !insertmacro MUI_PAGE_COMPONENTS
+  !insertmacro MUI_PAGE_DIRECTORY
+  Page custom KFWPageGetConfigFiles
+  Page custom KFWPageGetStartupConfig
+  !insertmacro MUI_PAGE_INSTFILES
+  !insertmacro MUI_PAGE_FINISH
+  
+;--------------------------------
+;Languages
+
+  !insertmacro MUI_LANGUAGE "English"
+  
+;--------------------------------
+;Language Strings
+    
+  ;Descriptions
+  LangString DESC_SecCopyUI ${LANG_ENGLISH} "${PROGRAM_NAME}: English"
+
+  LangString DESC_secClient ${LANG_ENGLISH} "Client: Allows you to utilize MIT Kerberos from your Windows PC."
+  
+  LangString DESC_secSDK ${LANG_ENGLISH} "SDK: Allows you to build MIT Kerberos aware applications."
+  
+  LangString DESC_secDocs ${LANG_ENGLISH} "Documentation: Release Notes and User Manuals."
+  
+; Popup error messages
+  LangString RealmNameError ${LANG_ENGLISH} "You must specify a realm name for your client to use."
+
+  LangString ConfigFileError ${LANG_ENGLISH} "You must specify a valid configuration file location from which files can be copied during the install"
+  LangString URLError ${LANG_ENGLISH} "You must specify a URL if you choose the option to download the config files."
+  
+; Upgrade/re-install strings
+   LangString UPGRADE_CLIENT ${LANG_ENGLISH} "Upgrade Kerberos Client"
+   LangString REINSTALL_CLIENT ${LANG_ENGLISH} "Re-install Kerberos Client"
+   LangString DOWNGRADE_CLIENT ${LANG_ENGLISH} "Downgrade Kerberos Client"
+  
+   LangString UPGRADE_SDK ${LANG_ENGLISH} "Upgrade Kerberos SDK"
+   LangString REINSTALL_SDK ${LANG_ENGLISH} "Re-install Kerberos SDK"
+   LangString DOWNGRADE_SDK ${LANG_ENGLISH} "Downgrade Kerberos SDK"
+  
+   LangString UPGRADE_DOCS ${LANG_ENGLISH} "Upgrade Kerberos Documentation"
+   LangString REINSTALL_DOCS ${LANG_ENGLISH} "Re-install Kerberos Documentation"
+   LangString DOWNGRADE_DOCS ${LANG_ENGLISH} "Downgrade Kerberos Documentation"
+  
+  ReserveFile "${KFW_CONFIG_DIR}\krb.con"
+  ReserveFile "${KFW_CONFIG_DIR}\krbrealm.con"
+  ReserveFile "${KFW_CONFIG_DIR}\krb5.ini"
+  !insertmacro MUI_RESERVEFILE_INSTALLOPTIONS ;InstallOptions plug-in
+  !insertmacro MUI_RESERVEFILE_LANGDLL ;Language selection dialog
+
+;--------------------------------
+;Reserve Files
+  
+  ;Things that need to be extracted on first (keep these lines before any File command!)
+  ;Only useful for BZIP2 compression
+  !insertmacro MUI_RESERVEFILE_LANGDLL
+  
+;--------------------------------
+; Load Macros
+!include "utils.nsi"
+
+;--------------------------------
+;Installer Sections
+
+;----------------------
+; Kerberos for Windows CLIENT
+Section "KfW Client" secClient
+
+  SetShellVarContext all
+  ; Stop any running services or we can't replace the files
+  ; Stop the running processes
+  GetTempFileName $R0
+  File /oname=$R0 "Killer.exe"
+  nsExec::Exec '$R0 leash32.exe'
+  nsExec::Exec '$R0 krbcc32s.exe'
+  nsExec::Exec '$R0 k95.exe'
+  nsExec::Exec '$R0 k95g.exe'
+  nsExec::Exec '$R0 krb5.exe'
+  nsExec::Exec '$R0 gss.exe'
+  nsExec::Exec '$R0 afscreds.exe'
+
+  RMDir /r "$INSTDIR\bin"
+
+   ; Do client components
+  SetOutPath "$INSTDIR\bin"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\aklog.exe"           "$INSTDIR\bin\aklog.exe"         "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\comerr32.dll"        "$INSTDIR\bin\comerr32.dll"      "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\gss.exe"             "$INSTDIR\bin\gss.exe"           "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\gss-client.exe"      "$INSTDIR\bin\gss-client.exe"    "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\gss-server.exe"      "$INSTDIR\bin\gss-server.exe"    "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\gssapi32.dll"        "$INSTDIR\bin\gssapi32.dll"      "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\k524init.exe"        "$INSTDIR\bin\k524init.exe"      "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\kclnt32.dll"         "$INSTDIR\bin\kclnt32.dll"       "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\kdestroy.exe"        "$INSTDIR\bin\kdestroy.exe"      "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\kinit.exe"           "$INSTDIR\bin\kinit.exe"         "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\klist.exe"           "$INSTDIR\bin\klist.exe"         "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\kpasswd.exe"         "$INSTDIR\bin\kpasswd.exe"       "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\kvno.exe"            "$INSTDIR\bin\kvno.exe"          "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\krb5_32.dll"         "$INSTDIR\bin\krb5_32.dll"       "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\krb524.dll"          "$INSTDIR\bin\krb524.dll"        "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\krbcc32.dll"         "$INSTDIR\bin\krbcc32.dll"       "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\krbcc32s.exe"        "$INSTDIR\bin\krbcc32s.exe"      "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\krbv4w32.dll"        "$INSTDIR\bin\krbv4w32.dll"      "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\leash32.exe"         "$INSTDIR\bin\leash32.exe"       "$INSTDIR"
+!ifdef OLDHELP                                                                 
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\leash32.hlp"         "$INSTDIR\bin\leash32.hlp"       "$INSTDIR"
+!else                                                                          
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\leash32.chm"         "$INSTDIR\bin\leash32.chm"       "$INSTDIR"
+!endif                                                                         
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\leashw32.dll"        "$INSTDIR\bin\leashw32.dll"      "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\ms2mit.exe"          "$INSTDIR\bin\ms2mit.exe"        "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\wshelp32.dll"        "$INSTDIR\bin\wshelp32.dll"      "$INSTDIR"
+  !insertmacro ReplaceDLL "${KFW_BIN_DIR}\xpprof32.dll"        "$INSTDIR\bin\xpprof32.dll"      "$INSTDIR"
+  
+!ifdef DEBUG
+  File "${KFW_BIN_DIR}\aklog.pdb"
+  File "${KFW_BIN_DIR}\comerr32.pdb"
+  File "${KFW_BIN_DIR}\gss.pdb"
+  File "${KFW_BIN_DIR}\gss-client.pdb"
+  File "${KFW_BIN_DIR}\gss-server.pdb"
+  File "${KFW_BIN_DIR}\gssapi32.pdb"
+  File "${KFW_BIN_DIR}\k524init.pdb"
+  File "${KFW_BIN_DIR}\kclnt32.pdb"
+  File "${KFW_BIN_DIR}\kdestroy.pdb"
+  File "${KFW_BIN_DIR}\kinit.pdb"
+  File "${KFW_BIN_DIR}\klist.pdb"
+  File "${KFW_BIN_DIR}\kpasswd.pdb"
+  File "${KFW_BIN_DIR}\kvno.pdb"
+  File "${KFW_BIN_DIR}\krb5_32.pdb"
+  File "${KFW_BIN_DIR}\krb524.pdb"
+  File "${KFW_BIN_DIR}\krbcc32.pdb"
+  File "${KFW_BIN_DIR}\krbcc32s.pdb"
+  File "${KFW_BIN_DIR}\krbv4w32.pdb"
+  File "${KFW_BIN_DIR}\leashw32.pdb"
+  File "${KFW_BIN_DIR}\leash32.pdb"
+  File "${KFW_BIN_DIR}\ms2mit.pdb"
+  File "${KFW_BIN_DIR}\wshelp32.pdb"
+  File "${KFW_BIN_DIR}\xpprof32.pdb"
+
+!IFDEF CL_1310
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcr71d.dll"    "$INSTDIR\bin\msvcr71d.dll"  "$INSTDIR"
+  File "${SYSTEMDIR}\msvcr71d.pdb"                                           
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcp71d.dll"    "$INSTDIR\bin\msvcp71d.dll"  "$INSTDIR"
+  File "${SYSTEMDIR}\msvcp71d.pdb"                                           
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\mfc71d.dll"      "$INSTDIR\bin\mfc71d.dll"    "$INSTDIR"
+  File "${SYSTEMDIR}\mfc71d.pdb"                                             
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71CHS.DLL"    "$INSTDIR\bin\MFC71CHS.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71CHT.DLL"    "$INSTDIR\bin\MFC71CHT.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71DEU.DLL"    "$INSTDIR\bin\MFC71DEU.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71ENU.DLL"    "$INSTDIR\bin\MFC71ENU.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71ESP.DLL"    "$INSTDIR\bin\MFC71ESP.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71FRA.DLL"    "$INSTDIR\bin\MFC71FRA.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71ITA.DLL"    "$INSTDIR\bin\MFC71ITA.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71JPN.DLL"    "$INSTDIR\bin\MFC71JPN.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71KOR.DLL"    "$INSTDIR\bin\MFC71KOR.DLL"  "$INSTDIR"
+!ELSE                                                                   
+!IFDEF CL_1300                                                          
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcr70d.dll"    "$INSTDIR\bin\msvcr70d.dll"  "$INSTDIR"
+  File "${SYSTEMDIR}\msvcr70d.pdb"                                           
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcp70d.dll"    "$INSTDIR\bin\msvcp70d.dll"  "$INSTDIR"
+  File "${SYSTEMDIR}\msvcp70d.pdb"                                           
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\mfc70d.dll"      "$INSTDIR\bin\mfc70d.dll"    "$INSTDIR"
+  File "${SYSTEMDIR}\mfc70d.pdb"                                             
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70CHS.DLL"    "$INSTDIR\bin\MFC70CHS.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70CHT.DLL"    "$INSTDIR\bin\MFC70CHT.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70DEU.DLL"    "$INSTDIR\bin\MFC70DEU.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70ENU.DLL"    "$INSTDIR\bin\MFC70ENU.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70ESP.DLL"    "$INSTDIR\bin\MFC70ESP.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70FRA.DLL"    "$INSTDIR\bin\MFC70FRA.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70ITA.DLL"    "$INSTDIR\bin\MFC70ITA.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70JPN.DLL"    "$INSTDIR\bin\MFC70JPN.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70KOR.DLL"    "$INSTDIR\bin\MFC70KOR.DLL"  "$INSTDIR"
+!ELSE                                                                   
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\mfc42d.dll"      "$INSTDIR\bin\mfc42d.dll"    "$INSTDIR"
+  File "${SYSTEMDIR}\mfc42d.pdb"                                             
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcp60d.dll"    "$INSTDIR\bin\msvcp60d.dll"  "$INSTDIR"
+  File "${SYSTEMDIR}\msvcp60d.pdb"                                           
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcrtd.dll"     "$INSTDIR\bin\msvcrtd.dll"   "$INSTDIR"
+  File "${SYSTEMDIR}\msvcrtd.pdb"                                            
+!ENDIF                                                                  
+!ENDIF                                                                  
+!ELSE                                                                   
+!IFDEF CL_1310                                                          
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\mfc71.dll"       "$INSTDIR\bin\mfc71.dll"     "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcr71.dll"     "$INSTDIR\bin\msvcr71.dll"   "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcp71.dll"     "$INSTDIR\bin\msvcp71.dll"   "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71CHS.DLL"    "$INSTDIR\bin\MFC71CHS.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71CHT.DLL"    "$INSTDIR\bin\MFC71CHT.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71DEU.DLL"    "$INSTDIR\bin\MFC71DEU.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71ENU.DLL"    "$INSTDIR\bin\MFC71ENU.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71ESP.DLL"    "$INSTDIR\bin\MFC71ESP.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71FRA.DLL"    "$INSTDIR\bin\MFC71FRA.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71ITA.DLL"    "$INSTDIR\bin\MFC71ITA.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71JPN.DLL"    "$INSTDIR\bin\MFC71JPN.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71KOR.DLL"    "$INSTDIR\bin\MFC71KOR.DLL"  "$INSTDIR"
+!ELSE                                                                   
+!IFDEF CL_1300                                                          
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\mfc70.dll"       "$INSTDIR\bin\mfc70.dll"     "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcr70.dll"     "$INSTDIR\bin\msvcr70.dll"   "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcp70.dll"     "$INSTDIR\bin\msvcp70.dll"   "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70CHS.DLL"    "$INSTDIR\bin\MFC70CHS.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70CHT.DLL"    "$INSTDIR\bin\MFC70CHT.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70DEU.DLL"    "$INSTDIR\bin\MFC70DEU.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70ENU.DLL"    "$INSTDIR\bin\MFC70ENU.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70ESP.DLL"    "$INSTDIR\bin\MFC70ESP.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70FRA.DLL"    "$INSTDIR\bin\MFC70FRA.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70ITA.DLL"    "$INSTDIR\bin\MFC70ITA.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70JPN.DLL"    "$INSTDIR\bin\MFC70JPN.DLL"  "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70KOR.DLL"    "$INSTDIR\bin\MFC70KOR.DLL"  "$INSTDIR"
+!ELSE                                                                   
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\mfc42.dll"       "$INSTDIR\bin\mfc42.dll"     "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcp60.dll"     "$INSTDIR\bin\msvcp60.dll"   "$INSTDIR"
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcrt.dll"      "$INSTDIR\bin\msvcrt.dll"    "$INSTDIR"
+!ENDIF                                                                  
+!ENDIF                                                                  
+!ENDIF                                                                  
+  !insertmacro ReplaceDLL "${SYSTEMDIR}\psapi.dll"       "$INSTDIR\bin\psapi.dll"     "$INSTDIR"
+   
+  ; Do WINDOWSDIR components
+  ;SetOutPath "$WINDOWSDIR"
+!ifdef DEBUG
+!endif
+  
+  ; Do Windows SYSDIR (Control panel)
+  ;SetOutPath "$SYSDIR"
+!ifdef DEBUG
+!endif
+  
+  ; Get Kerberos config files
+  Call kfw.GetConfigFiles
+
+  Call KFWCommon.Install
+  
+  ; KfW Reg entries
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion" "VersionString" ${KFW_VERSION}
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion" "Title" "KfW"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion" "Description" "${PROGRAM_NAME}"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion" "PathName" "$INSTDIR"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion" "Software Type" "Authentication"
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion" "MajorVersion" ${KFW_MAJORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion" "MinorVersion" ${KFW_MINORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion" "PatchLevel" ${KFW_PATCHLEVEL}
+
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "VersionString" ${KFW_VERSION}
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "Title" "KfW"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "Description" "${PROGRAM_NAME}"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "PathName" "$INSTDIR"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "Software Type" "Authentication"
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "MajorVersion" ${KFW_MAJORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "MinorVersion" ${KFW_MINORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "PatchLevel" ${KFW_PATCHLEVEL}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "PatchLevel" ${KFW_PATCHLEVEL}
+  
+  ;Write start menu entries
+  CreateDirectory "$SMPROGRAMS\${PROGRAM_NAME}"
+  SetOutPath "$INSTDIR\bin"
+  CreateShortCut  "$SMPROGRAMS\${PROGRAM_NAME}\Uninstall ${PROGRAM_NAME}.lnk" "$INSTDIR\Uninstall.exe"
+
+  ReadINIStr $R0 $1 "Field 2" "State"  ; startup
+  ReadINIStr $R1 $1 "Field 3" "State"  ; autoinit
+
+  StrCmp $R1 "0" noauto
+  CreateShortCut  "$SMPROGRAMS\${PROGRAM_NAME}\Leash Kerberos Ticket Manager.lnk" "$INSTDIR\bin\leash32.exe" "-autoinit" "$INSTDIR\bin\leash32.exe" 
+  goto startshort
+noauto:
+  CreateShortCut  "$SMPROGRAMS\${PROGRAM_NAME}\Leash Kerberos Ticket Manager.lnk" "$INSTDIR\bin\leash32.exe" "" "$INSTDIR\bin\leash32.exe" 
+
+startshort:
+  StrCmp $R0 "0" nostart
+  StrCmp $R1 "0" nostartauto
+  CreateShortCut  "$SMSTARTUP\Leash Kerberos Ticket Manager.lnk" "$INSTDIR\bin\leash32.exe" "-autoinit" "$INSTDIR\bin\leash32.exe" 0 SW_SHOWMINIMIZED
+  goto checkconflicts
+nostartauto:  
+  CreateShortCut  "$SMSTARTUP\Leash Kerberos Ticket Manager.lnk" "$INSTDIR\bin\leash32.exe" "" "$INSTDIR\bin\leash32.exe" 0 SW_SHOWMINIMIZED
+  goto checkconflicts
+
+nostart:
+  Delete  "$SMSTARTUP\Leash Kerberos Ticket Manager.lnk"
+
+checkconflicts:
+  Call GetSystemPath
+  Push "krb5_32.dll"
+  Call SearchPath
+  Pop  $R0
+  StrCmp $R0 "" addpath
+
+  Push $R0
+  Call GetParent
+  Pop $R0
+  StrCmp $R0 "$INSTDIR\bin" addpath
+  MessageBox MB_OK|MB_ICONINFORMATION|MB_TOPMOST "A previous installation of MIT Kerberos for Windows binaries has been found in folder $R0.  This may interfere with the use of the current installation."
+
+addpath:
+  ; Add kfw bin to path
+  Push "$INSTDIR\bin"
+  Call AddToSystemPath
+
+  Call GetWindowsVersion
+  Pop $R0
+  StrCmp $R0 "2003" addAllowTgtKey
+  StrCmp $R0 "2000" addAllowTgtKey
+  StrCmp $R0 "XP"   addAllowTgtKey
+  goto skipAllowTgtKey
+
+addAllowTgtKey:
+  ReadRegDWORD $R0 HKLM "SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters" "AllowTGTSessionKey" 
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "AllowTGTSessionKeyBackup" $R0
+  WriteRegDWORD HKLM "SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters" "AllowTGTSessionKey" "1"
+skipAllowTgtKey:  
+
+SectionEnd
+
+;----------------------
+; Kerberos for Windows SDK
+Section "KfW SDK" secSDK
+
+  RMDir /r "$INSTDIR\inc"
+  RMDir /r "$INSTDIR\lib"
+  RMDir /r "$INSTDIR\install"
+
+  SetOutPath "$INSTDIR\inc\kclient"
+  File /r "${KFW_INC_DIR}\kclient\*"  
+
+  SetOutPath "$INSTDIR\inc\krb4"
+  File /r "${KFW_INC_DIR}\krb4\*"  
+
+  SetOutPath "$INSTDIR\inc\krb5"
+  File /r "${KFW_INC_DIR}\krb5\*"  
+
+  SetOutPath "$INSTDIR\inc\krbcc"
+  File /r "${KFW_INC_DIR}\krbcc\*"  
+
+  SetOutPath "$INSTDIR\inc\leash"
+  File /r "${KFW_INC_DIR}\leash\*"  
+
+  SetOutPath "$INSTDIR\inc\loadfuncs"
+  File /r "${KFW_INC_DIR}\loadfuncs\*"  
+
+  SetOutPath "$INSTDIR\inc\wshelper"
+  File /r "${KFW_INC_DIR}\wshelper\*"  
+
+  SetOutPath "$INSTDIR\lib\i386"
+  File /r "${KFW_LIB_DIR}\*"
+
+  SetOutPath "$INSTDIR\install"
+  File "${KFW_INSTALL_DIR}\*"
+
+  Call KFWCommon.Install
+  
+  ; KfW Reg entries
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion" "VersionString" ${KFW_VERSION}
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion" "Title" "KfW"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion" "Description" "${PROGRAM_NAME}"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion" "PathName" "$INSTDIR"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion" "Software Type" "Authentication"
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion" "MajorVersion" ${KFW_MAJORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion" "MinorVersion" ${KFW_MINORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion" "PatchLevel" ${KFW_PATCHLEVEL}
+
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\SDK\${KFW_VERSION}"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\SDK\${KFW_VERSION}" "VersionString" ${KFW_VERSION}
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\SDK\${KFW_VERSION}" "Title" "KfW"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\SDK\${KFW_VERSION}" "Description" "${PROGRAM_NAME}"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\SDK\${KFW_VERSION}" "PathName" "$INSTDIR"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\SDK\${KFW_VERSION}" "Software Type" "Authentication"
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\SDK\${KFW_VERSION}" "MajorVersion" ${KFW_MAJORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\SDK\${KFW_VERSION}" "MinorVersion" ${KFW_MINORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\SDK\${KFW_VERSION}" "PatchLevel" ${KFW_PATCHLEVEL}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\SDK\${KFW_VERSION}" "PatchLevel" ${KFW_PATCHLEVEL}
+  
+SectionEnd
+
+;----------------------
+; Kerberos for Windows Documentation
+Section "KfW Documentation" secDocs
+
+  RMDir /r "$INSTDIR\doc"
+
+  SetOutPath "$INSTDIR\doc"
+  File "${KFW_DOC_DIR}\relnotes.html"
+  File "${KFW_DOC_DIR}\leash_userdoc.pdf"
+   
+  Call KFWCommon.Install
+  
+  ; KfW Reg entries
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion" "VersionString" ${KFW_VERSION}
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion" "Title" "KfW"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion" "Description" "${PROGRAM_NAME}"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion" "PathName" "$INSTDIR"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion" "Software Type" "Authentication"
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion" "MajorVersion" ${KFW_MAJORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion" "MinorVersion" ${KFW_MINORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion" "PatchLevel" ${KFW_PATCHLEVEL}
+
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\Documentation\${KFW_VERSION}"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Documentation\${KFW_VERSION}" "VersionString" ${KFW_VERSION}
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Documentation\${KFW_VERSION}" "Title" "KfW"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Documentation\${KFW_VERSION}" "Description" "${PROGRAM_NAME}"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Documentation\${KFW_VERSION}" "PathName" "$INSTDIR"
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}\Documentation\${KFW_VERSION}" "Software Type" "Authentication"
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Documentation\${KFW_VERSION}" "MajorVersion" ${KFW_MAJORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Documentation\${KFW_VERSION}" "MinorVersion" ${KFW_MINORVERSION}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Documentation\${KFW_VERSION}" "PatchLevel" ${KFW_PATCHLEVEL}
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\Documentation\${KFW_VERSION}" "PatchLevel" ${KFW_PATCHLEVEL}
+  
+  ;Write start menu entries
+  CreateDirectory "$SMPROGRAMS\${PROGRAM_NAME}"
+  SetOutPath "$INSTDIR\doc"
+  CreateShortCut  "$SMPROGRAMS\${PROGRAM_NAME}\Release Notes.lnk" "$INSTDIR\doc\relnotes.html" 
+  CreateShortCut  "$SMPROGRAMS\${PROGRAM_NAME}\Leash User Documentation.lnk" "$INSTDIR\doc\leash_userdoc.pdf" 
+
+SectionEnd
+
+;Display the Finish header
+;Insert this macro after the sections if you are not using a finish page
+;!insertmacro MUI_SECTIONS_FINISHHEADER
+
+;--------------------------------
+;Installer Functions
+
+Function .onInit
+  !insertmacro MUI_LANGDLL_DISPLAY
+  
+  ; Set the default install options
+  Push $0
+
+   Call IsUserAdmin
+   Pop $R0
+   StrCmp $R0 "true" checkVer
+
+   MessageBox MB_OK|MB_ICONSTOP|MB_TOPMOST "You must be an administrator of this machine to install this software."
+   Abort
+   
+checkVer:
+  ; Check Version of Windows.   Do not install onto Windows 95
+   Call GetWindowsVersion
+   Pop $R0
+   StrCmp $R0 "95" wrongVersion
+   goto checkIPHLPAPI
+
+wrongVersion:
+   MessageBox MB_OK|MB_ICONSTOP|MB_TOPMOST "MIT ${PROGRAM_NAME} requires Microsoft Windows 98 or higher."
+   Abort
+
+checkIPHLPAPI:
+   ClearErrors
+   ReadEnvStr $R0 "WinDir"
+   GetDLLVersion "$R0\System32\iphlpapi.dll" $R1 $R2
+   IfErrors +1 +3 
+   GetDLLVersion "$R0\System\iphlpapi.dll" $R1 $R2
+   IfErrors iphlperror
+   IntOp $R3 $R2 / 0x00010000
+   IntCmpU $R3 1952 iphlpwarning checkprevious checkprevious
+
+iphlperror:
+   MessageBox MB_OK|MB_ICONSTOP|MB_TOPMOST "MIT ${PROGRAM_NAME} requires Internet Explorer version 5.01 or higher. IPHLPAPI.DLL is missing."
+   Abort
+
+iphlpwarning:
+   MessageBox MB_OK|MB_ICONINFORMATION|MB_TOPMOST "IPHLPAPI.DLL must be upgraded.  Please install Internet Explorer 5.01 or higher."
+
+checkprevious:
+  ClearErrors
+  ReadRegStr $R0 HKLM \
+  "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PROGRAM_NAME}" \
+  "DisplayVersion"
+  IfErrors contInstall
+  StrCmp $R0 "${KFW_VERSION}" contInstall
+
+  MessageBox MB_OKCANCEL|MB_ICONEXCLAMATION \
+  "${PROGRAM_NAME} is already installed. $\n$\nClick `OK` to remove the \
+  previous version or `Cancel` to cancel this upgrade or downgrade." \
+  IDOK uninst
+  Abort
+  
+;Run the uninstaller
+uninst:
+  ReadRegStr $R0 HKLM \
+  "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PROGRAM_NAME}" \
+  "UninstallString"
+  ClearErrors
+  ExecWait '$R0 _?=$INSTDIR' ;Do not copy the uninstaller to a temp file
+
+  IfErrors no_remove_uninstaller
+    ;You can either use Delete /REBOOTOK in the uninstaller or add some code
+    ;here to remove the uninstaller. Use a registry key to check
+    ;whether the user has chosen to uninstall. If you are using an uninstaller
+    ;components page, make sure all sections are uninstalled.
+
+  Push $R1
+  Call RestartRequired
+  Exch $R1
+  StrCmp $R1 "1" RestartRequired RestartNotRequired 
+
+RestartRequired:
+   MessageBox MB_OK|MB_ICONSTOP|MB_TOPMOST "Please reboot and then restart the installer."
+   Abort
+RestartNotRequired:
+no_remove_uninstaller:
+
+contInstall:
+   ; Our logic should be like this.
+   ;     1) If no KfW components are installed, we do a clean install with default options. (Client/Docs)
+   ;     2) If existing modules are installed, we keep them selected
+   ;     3) If it is an upgrade, we set the text accordingly, else we mark it as a re-install
+   ;  TODO: Downgrade?
+   Call IsAnyKfWInstalled
+   Pop $R0
+   StrCmp $R0 "0" DefaultOptions
+   
+   Call ShouldClientInstall
+   Pop $R2
+   
+   StrCmp $R2 "0" NoClient
+   StrCmp $R2 "1" ReinstallClient
+   StrCmp $R2 "2" UpgradeClient
+   StrCmp $R2 "3" DowngradeClient
+   
+       SectionGetFlags ${secClient} $0
+       IntOp $0 $0 | ${SF_SELECTED}
+       SectionSetFlags ${secClient} $0
+    ;# !insertmacro SelectSection ${secClient}
+   goto skipClient
+NoClient:
+       ;StrCpy $1 ${secClient} ; Gotta remember which section we are at now...
+       SectionGetFlags ${secClient} $0
+       IntOp $0 $0 & ${SECTION_OFF}
+       SectionSetFlags ${secClient} $0
+   goto skipClient
+UpgradeClient:
+       SectionGetFlags ${secClient} $0
+       IntOp $0 $0 | ${SF_SELECTED}
+       SectionSetFlags ${secClient} $0
+   SectionSetText ${secClient} $(UPGRADE_CLIENT)
+   goto skipClient
+ReinstallClient:
+       SectionGetFlags ${secClient} $0
+       IntOp $0 $0 | ${SF_SELECTED}
+       SectionSetFlags ${secClient} $0
+   SectionSetText ${secClient} $(REINSTALL_CLIENT)
+   goto skipClient
+DowngradeClient:
+       SectionGetFlags ${secClient} $0
+       IntOp $0 $0 | ${SF_SELECTED}
+       SectionSetFlags ${secClient} $0
+   SectionSetText ${secClient} $(DOWNGRADE_CLIENT)
+   goto skipClient
+
+   
+skipClient:   
+   
+   Call ShouldSDKInstall
+   Pop $R2
+   StrCmp $R2 "0" NoSDK
+   StrCmp $R2 "1" ReinstallSDK
+   StrCmp $R2 "2" UpgradeSDK
+   StrCmp $R2 "3" DowngradeSDK
+   
+       SectionGetFlags ${secSDK} $0
+       IntOp $0 $0 | ${SF_SELECTED}
+       SectionSetFlags ${secSDK} $0
+       ;# !insertmacro UnselectSection ${secSDK}
+   goto skipSDK
+
+UpgradeSDK:
+   SectionGetFlags ${secSDK} $0
+   IntOp $0 $0 | ${SF_SELECTED}
+   SectionSetFlags ${secSDK} $0
+   SectionSetText ${secSDK} $(UPGRADE_SDK)
+   goto skipSDK
+
+ReinstallSDK:
+   SectionGetFlags ${secSDK} $0
+   IntOp $0 $0 | ${SF_SELECTED}
+   SectionSetFlags ${secSDK} $0
+   SectionSetText ${secSDK} $(REINSTALL_SDK)
+   goto skipSDK
+
+DowngradeSDK:
+   SectionGetFlags ${secSDK} $0
+   IntOp $0 $0 | ${SF_SELECTED}
+   SectionSetFlags ${secSDK} $0
+   SectionSetText ${secSDK} $(DOWNGRADE_SDK)
+   goto skipSDK
+   
+NoSDK:
+       SectionGetFlags ${secSDK} $0
+       IntOp $0 $0 & ${SECTION_OFF}
+       SectionSetFlags ${secSDK} $0
+       ;# !insertmacro UnselectSection ${secSDK}
+   goto skipSDK
+   
+skipSDK:
+
+   Call ShouldDocumentationInstall
+   Pop $R2
+   StrCmp $R2 "0" NoDocumentation
+   StrCmp $R2 "1" ReinstallDocumentation
+   StrCmp $R2 "2" UpgradeDocumentation
+   StrCmp $R2 "3" DowngradeDocumentation
+   
+       SectionGetFlags ${secDocs} $0
+       IntOp $0 $0 | ${SF_SELECTED}
+       SectionSetFlags ${secDocs} $0
+       ;# !insertmacro UnselectSection ${secDocs}
+   goto skipDocumentation
+
+UpgradeDocumentation:
+   SectionGetFlags ${secDocs} $0
+   IntOp $0 $0 | ${SF_SELECTED}
+   SectionSetFlags ${secDocs} $0
+   SectionSetText ${secDocs} $(UPGRADE_DOCS)
+   goto skipDocumentation
+
+ReinstallDocumentation:
+   SectionGetFlags ${secDocs} $0
+   IntOp $0 $0 | ${SF_SELECTED}
+   SectionSetFlags ${secDocs} $0
+   SectionSetText ${secDocs} $(REINSTALL_DOCS)
+   goto skipDocumentation
+
+DowngradeDocumentation:
+   SectionGetFlags ${secDocs} $0
+   IntOp $0 $0 | ${SF_SELECTED}
+   SectionSetFlags ${secDocs} $0
+   SectionSetText ${secDocs} $(DOWNGRADE_DOCS)
+   goto skipDocumentation
+   
+NoDocumentation:
+       SectionGetFlags ${secDocs} $0
+       IntOp $0 $0 & ${SECTION_OFF}
+       SectionSetFlags ${secDocs} $0
+       ;# !insertmacro UnselectSection ${secDocs}
+   goto skipDocumentation
+   
+skipDocumentation:
+   goto end
+   
+DefaultOptions:
+   ; Client Selected
+       SectionGetFlags ${secClient} $0
+       IntOp $0 $0 | ${SF_SELECTED}
+       SectionSetFlags ${secClient} $0
+
+   ; SDK NOT selected
+       SectionGetFlags ${secSDK} $0
+       IntOp $0 $0 & ${SECTION_OFF}
+       SectionSetFlags ${secSDK} $0
+   
+   ; Documentation selected
+       SectionGetFlags ${secDocs} $0
+       IntOp $0 $0 | ${SF_SELECTED}
+       SectionSetFlags ${secDocs} $0
+   goto end
+
+end:
+       Pop $0
+  
+   Push $R0
+  
+  ; See if we can set a default installation path...
+  ReadRegStr $R0 HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion" "PathName"
+  StrCmp $R0 "" TrySDK
+  StrCpy $INSTDIR $R0
+  goto Nope
+  
+TrySDK:
+  ReadRegStr $R0 HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion" "PathName"
+  StrCmp $R0 "" TryDocs
+  StrCpy $INSTDIR $R0
+  goto Nope
+
+TryDocs:
+  ReadRegStr $R0 HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion" "PathName"
+  StrCmp $R0 "" TryRoot
+  StrCpy $INSTDIR $R0
+  goto Nope
+
+TryRoot:
+  ReadRegStr $R0 HKLM "${KFW_REGKEY_ROOT}" "InstallDir"
+  StrCmp $R0 "" Nope
+  StrCpy $INSTDIR $R0
+  
+Nope:
+  Pop $R0
+  
+  GetTempFilename $0
+  File /oname=$0 KfWConfigPage.ini
+  GetTempFilename $1
+  File /oname=$1 KfWConfigPage2.ini
+  
+FunctionEnd
+
+
+;--------------------------------
+; These are our cleanup functions
+Function .onInstFailed
+Delete $0
+Delete $1
+FunctionEnd
+
+Function .onInstSuccess
+Delete $0
+Delete $1
+FunctionEnd
+
+
+;--------------------------------
+;Descriptions
+
+  !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN
+  !insertmacro MUI_DESCRIPTION_TEXT ${secClient} $(DESC_secClient)
+  !insertmacro MUI_DESCRIPTION_TEXT ${secSDK} $(DESC_secSDK)
+  !insertmacro MUI_DESCRIPTION_TEXT ${secDocs} $(DESC_secDocs)
+  !insertmacro MUI_FUNCTION_DESCRIPTION_END
+;--------------------------------
+;Uninstaller Section
+
+Section "Uninstall"
+  ; Make sure the user REALLY wants to do this, unless they did a silent uninstall, in which case...let them!
+  IfSilent StartRemove     ; New in v2.0b4
+  MessageBox MB_YESNO "Are you sure you want to remove MIT ${PROGRAM_NAME} from this machine?" IDYES StartRemove
+  abort
+  
+StartRemove:
+  
+  SetShellVarContext all
+  ; Stop the running processes
+  GetTempFileName $R0
+  File /oname=$R0 "Killer.exe"
+  nsExec::Exec '$R0 leash32.exe'
+  nsExec::Exec '$R0 krbcc32s.exe'
+
+  Push "$INSTDIR\bin"
+  Call un.RemoveFromSystemPath
+  
+  ; Delete documentation
+  Delete "$INSTDIR\doc\relnotes.html"
+  Delete "$INSTDIR\doc\leash_userdoc.pdf"
+
+   Delete /REBOOTOK "$INSTDIR\bin\aklog.exe"
+   Delete /REBOOTOK "$INSTDIR\bin\comerr32.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\gss.exe"
+   Delete /REBOOTOK "$INSTDIR\bin\gss-client.exe"
+   Delete /REBOOTOK "$INSTDIR\bin\gss-server.exe"
+   Delete /REBOOTOK "$INSTDIR\bin\gssapi32.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\k524init.exe"
+   Delete /REBOOTOK "$INSTDIR\bin\kclnt32.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\kdestroy.exe"
+   Delete /REBOOTOK "$INSTDIR\bin\kinit.exe"
+   Delete /REBOOTOK "$INSTDIR\bin\klist.exe"   
+   Delete /REBOOTOK "$INSTDIR\bin\kpasswd.exe"   
+   Delete /REBOOTOK "$INSTDIR\bin\kvno.exe"   
+   Delete /REBOOTOK "$INSTDIR\bin\krb5_32.dll" 
+   Delete /REBOOTOK "$INSTDIR\bin\krb524.dll"  
+   Delete /REBOOTOK "$INSTDIR\bin\krbcc32.dll" 
+   Delete /REBOOTOK "$INSTDIR\bin\krbcc32s.exe"
+   Delete /REBOOTOK "$INSTDIR\bin\krbv4w32.dll"
+!ifdef OLDHELP
+   Delete /REBOOTOK "$INSTDIR\bin\leash32.hlp"
+!else
+   Delete /REBOOTOK "$INSTDIR\bin\leash32.chm" 
+!endif
+   Delete /REBOOTOK "$INSTDIR\bin\leashw32.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\ms2mit.exe"  
+   Delete /REBOOTOK "$INSTDIR\bin\wshelp32.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\xpprof32.dll"
+
+!IFDEF DEBUG
+   Delete /REBOOTOK "$INSTDIR\bin\aklog.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\comerr32.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\gss.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\gss-client.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\gss-server.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\gssapi32.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\k524init.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\kclnt32.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\kdestroy.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\kinit.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\klist.pdb"   
+   Delete /REBOOTOK "$INSTDIR\bin\kpasswd.pdb"   
+   Delete /REBOOTOK "$INSTDIR\bin\kvno.pdb"   
+   Delete /REBOOTOK "$INSTDIR\bin\krb5_32.pdb" 
+   Delete /REBOOTOK "$INSTDIR\bin\krb524.pdb"  
+   Delete /REBOOTOK "$INSTDIR\bin\krbcc32.pdb" 
+   Delete /REBOOTOK "$INSTDIR\bin\krbcc32s.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\krbv4w32.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\leashw32.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\ms2mit.pdb"  
+   Delete /REBOOTOK "$INSTDIR\bin\wshelp32.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\xpprof32.pdb"
+
+!IFDEF CL_1310
+   Delete /REBOOTOK "$INSTDIR\bin\msvcr71d.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcr71d.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcp71d.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcp71d.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\mfc71d.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\mfc71d.pdb"
+!ELSE
+!IFDEF CL_1300
+   Delete /REBOOTOK "$INSTDIR\bin\msvcr70d.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcr70d.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcp70d.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcp70d.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\mfc70d.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\mfc70d.pdb"
+!ELSE
+   Delete /REBOOTOK "$INSTDIR\bin\mfc42d.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\mfc42d.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcp60d.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcp60d.pdb"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcrtd.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcrtd.pdb"
+!ENDIF
+!ENDIF
+!ELSE
+!IFDEF CL_1310
+   Delete /REBOOTOK "$INSTDIR\bin\mfc71.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcr71.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcp71.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC71CHS.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC71CHT.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC71DEU.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC71ENU.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC71ESP.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC71FRA.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC71ITA.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC71JPN.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC71KOR.DLL"
+!ELSE
+!IFDEF CL_1300
+   Delete /REBOOTOK "$INSTDIR\bin\mfc70.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcr70.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcp70.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC70CHS.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC70CHT.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC70DEU.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC70ENU.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC70ESP.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC70FRA.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC70ITA.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC70JPN.DLL"
+   Delete /REBOOTOK "$INSTDIR\bin\MFC70KOR.DLL"
+!ELSE
+   Delete /REBOOTOK "$INSTDIR\bin\mfc42.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcp60.dll"
+   Delete /REBOOTOK "$INSTDIR\bin\msvcrt.dll"
+!ENDIF
+!ENDIF
+!ENDIF
+   Delete /REBOOTOK "$INSTDIR\bin\psapi.dll"
+
+  RMDir  "$INSTDIR\bin"
+  RmDir  "$INSTDIR\doc"
+  RmDir  "$INSTDIR\lib"
+  RmDir  "$INSTDIR\inc"
+  RmDir  "$INSTDIR\install"
+  RMDir  "$INSTDIR"
+  
+  Delete  "$SMPROGRAMS\${PROGRAM_NAME}\Uninstall ${PROGRAM_NAME}.lnk"
+  Delete  "$SMPROGRAMS\${PROGRAM_NAME}\Leash Kerberos Ticket Manager.lnk"
+  Delete  "$SMPROGRAMS\${PROGRAM_NAME}\Release Notes.lnk"
+  Delete  "$SMPROGRAMS\${PROGRAM_NAME}\Leash User Documentation.lnk"
+  RmDir   "$SMPROGRAMS\${PROGRAM_NAME}"
+  Delete  "$SMSTARTUP\Leash Kerberos Ticket Manager.lnk"
+
+   IfSilent SkipAsk
+;  IfFileExists "$WINDIR\krb5.ini" CellExists SkipDelAsk
+;  RealmExists:
+  MessageBox MB_YESNO "Would you like to keep your configuration files?" IDYES SkipDel
+  SkipAsk:
+  Delete "$WINDIR\krb5.ini"
+  Delete "$WINDIR\krb.con"
+  Delete "$WINDIR\krbrealm.con"
+  
+  SkipDel:
+  Delete "$INSTDIR\Uninstall.exe"
+
+  ; Restore previous value of AllowTGTSessionKey 
+  ReadRegDWORD $R0 HKLM "${KFW_REGKEY_ROOT}\Client\${KFW_VERSION}" "AllowTGTSessionKeyBackup"
+  WriteRegDWORD HKLM "SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters" "AllowTGTSessionKey" $R0
+
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\Client\CurrentVersion"
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\Client"
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\Documentation\CurrentVersion"
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\Documentation"
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\SDK\CurrentVersion"
+  DeleteRegKey HKLM "${KFW_REGKEY_ROOT}\SDK"
+  DeleteRegKey /ifempty HKLM "${KFW_REGKEY_ROOT}"
+  DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PROGRAM_NAME}"
+  RMDir  "$INSTDIR"
+
+SectionEnd
+
+;--------------------------------
+;Uninstaller Functions
+
+Function un.onInit
+
+  ;Get language from registry
+  ReadRegStr $LANGUAGE ${MUI_LANGDLL_REGISTRY_ROOT} "${MUI_LANGDLL_REGISTRY_KEY}" "${MUI_LANGDLL_REGISTRY_VALUENAME}"
+                                                    
+FunctionEnd
+
+Function un.onUninstSuccess
+
+   MessageBox MB_OK "Please reboot your machine to complete uninstallation of the software"
+
+FunctionEnd
+
+;------------------------------
+; Get the Configurations files from the Internet
+
+Function kfw.GetConfigFiles
+
+;Check if we should download Config Files
+ReadINIStr $R0 $0 "Field 4" "State"
+StrCmp $R0 "1" DoDownload
+
+;Do nothing if we're keeping the existing file
+ReadINIStr $R0 $0 "Field 2" "State"
+StrCmp $R0 "1" done
+
+ReadINIStr $R0 $0 "Field 3" "State"
+StrCmp $R0 "1" UsePackaged
+
+; If none of these, grab file from other location
+goto CheckOther
+
+DoDownload:
+   ReadINIStr $R0 $0 "Field 5" "State"
+   NSISdl::download "$R0/krb5.ini" "$WINDIR\krb5.ini"
+   NSISdl::download "$R0/krb.con" "$WINDIR\krb.con"
+   NSISdl::download "$R0/krbrealm.con" "$WINDIR\krbrealm.con"
+   Pop $R0 ;Get the return value
+   StrCmp $R0 "success" done
+   MessageBox MB_OK|MB_ICONSTOP "Download failed: $R0"
+   goto done
+
+UsePackaged:
+   SetOutPath "$WINDIR"
+   File "${KFW_CONFIG_DIR}\krb5.ini"
+   File "${KFW_CONFIG_DIR}\krb.con"
+   File "${KFW_CONFIG_DIR}\krbrealm.con"
+   goto done
+   
+CheckOther:
+   ReadINIStr $R0 $0 "Field 7" "State"
+   StrCmp $R0 "" done
+   CopyFiles "$R0\krb5.ini" "$WINDIR\krb5.ini"
+   CopyFiles "$R0\krb.con" "$WINDIR\krb.con"
+   CopyFiles "$R0\krbrealm.con" "$WINDIR\krbrealm.con"
+   
+done:
+
+FunctionEnd
+
+
+
+;-------------------------------
+;Do the page to get the Config files
+
+Function KFWPageGetConfigFiles
+  ; Skip this page if we are not installing the client
+  SectionGetFlags ${secClient} $R0
+  IntOp $R0 $R0 & ${SF_SELECTED}
+  StrCmp $R0 "0" Skip
+  
+  ; Set the install options here
+  
+startOver:
+  WriteINIStr $0 "Field 2" "Flags" "DISABLED"
+  WriteINIStr $0 "Field 3" "State" "1"
+  WriteINIStr $0 "Field 4" "State" "0"
+  WriteINIStr $0 "Field 6" "State" "0"
+  WriteINIStr $0 "Field 3" "Text"  "Use packaged configuration files for the ${SAMPLE_CONFIG_REALM} realm."
+  WriteINIStr $0 "Field 5" "State"  "${HTTP_CONFIG_URL}"  
+
+  ; If there is an existing krb5.ini file, allow the user to choose it and make it default
+  IfFileExists "$WINDIR\krb5.ini" +1 notpresent
+  WriteINIStr $0 "Field 2" "Flags" "ENABLED"
+  WriteINIStr $0 "Field 2" "State" "1"
+  WriteINIStr $0 "Field 3" "State" "0"
+  
+  notpresent:
+  
+  !insertmacro MUI_HEADER_TEXT "Kerberos Configuration" "Please choose a method for installing the Kerberos Configuration files:" 
+  InstallOptions::dialog $0
+  Pop $R1
+  StrCmp $R1 "cancel" exit
+  StrCmp $R1 "back" done
+  StrCmp $R1 "success" done
+exit: Quit
+done:
+
+   ; Check that if a file is set, a valid filename is entered...
+   ReadINIStr $R0 $0 "Field 6" "State"
+   StrCmp $R0 "1" CheckFileName
+   
+   ;Check if a URL is specified, one *IS* specified
+   ReadINIStr $R0 $0 "Field 4" "State"
+   StrCmp $R0 "1" CheckURL Skip
+   
+   CheckURL:
+   ReadINIStr $R0 $0 "Field 5" "State"
+   StrCmp $R0 "" +1 Skip
+   MessageBox MB_OK|MB_ICONSTOP $(URLError)
+   WriteINIStr $0 "Field 4" "State" "0"
+   goto startOver
+   
+   CheckFileName:
+   ReadINIStr $R0 $0 "Field 7" "State"
+   IfFileExists "$R0\krb5.ini" Skip
+
+   MessageBox MB_OK|MB_ICONSTOP $(ConfigFileError)
+   WriteINIStr $0 "Field 6" "State" "0"
+   goto startOver
+   
+   Skip:
+   
+FunctionEnd
+
+
+;-------------------------------
+;Do the page to get the Startup Configuration
+
+Function KFWPageGetStartupConfig
+  ; Skip this page if we are not installing the client
+  SectionGetFlags ${secClient} $R0
+  IntOp $R0 $R0 & ${SF_SELECTED}
+  StrCmp $R0 "0" Skip
+  
+  ; Set the install options here
+  
+  !insertmacro MUI_HEADER_TEXT "Leash Ticket Manager Setup" "Please select Leash ticket manager setup options:" 
+  InstallOptions::dialog $1
+  Pop $R1
+  StrCmp $R1 "cancel" exit
+  StrCmp $R1 "back" done
+  StrCmp $R1 "success" done
+exit: 
+  Quit
+done:
+skip:
+   
+FunctionEnd
+
+
+;-------------
+; Common install routines for each module
+Function KFWCommon.Install
+
+  WriteRegStr HKLM "${KFW_REGKEY_ROOT}" "InstallDir" $INSTDIR
+
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PROGRAM_NAME}" "DisplayName" "${PROGRAM_NAME}"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PROGRAM_NAME}" "UninstallString" "$INSTDIR\uninstall.exe"
+!ifndef DEBUG
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PROGRAM_NAME}" "DisplayVersion" "${KFW_VERSION}"
+!else
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PROGRAM_NAME}" "DisplayVersion" "${KFW_VERSION} Checked/Debug"
+!endif
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PROGRAM_NAME}" "URLInfoAbout" "http://web.mit.edu/kerberos/"
+
+!ifdef DEBUG
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\CurrentVersion" "Debug" 1
+  WriteRegDWORD HKLM "${KFW_REGKEY_ROOT}\${KFW_VERSION}" "Debug" 1
+!else
+   ; Delete the DEBUG string
+   DeleteRegValue HKLM "${KFW_REGKEY_ROOT}\CurrentVersion" "Debug"
+   DeleteRegValue HKLM "${KFW_REGKEY_ROOT}\${KFW_VERSION}" "Debug"
+!endif
+
+  WriteUninstaller "$INSTDIR\Uninstall.exe"
+FunctionEnd
+
+
+;-------------------------------
+; Check if the client should be checked for default install
+Function ShouldClientInstall
+   Push $R0
+   StrCpy $R2 "Client"
+   Call GetInstalledVersion
+   Pop $R0
+   
+   StrCmp $R0 "" NotInstalled
+   ; Now we see if it's an older or newer version
+
+   Call GetInstalledVersionMajor
+   Pop $R0
+   IntCmpU $R0 ${KFW_MAJORVERSION} +1 Upgrade Downgrade
+
+   Call GetInstalledVersionMinor
+   Pop $R0
+   IntCmpU $R0 ${KFW_MINORVERSION} +1 Upgrade Downgrade
+   
+   Call GetInstalledVersionPatch
+   Pop $R0
+   IntCmpU $R0 ${KFW_PATCHLEVEL} Reinstall Upgrade Downgrade
+   
+Reinstall:
+   StrCpy $R0 "1"
+   Exch $R0
+   goto end
+   
+Upgrade:
+   StrCpy $R0 "2"
+   Exch $R0
+   goto end
+   
+Downgrade:
+   StrCpy $R0 "3"
+   Exch $R0
+   goto end
+   
+NotInstalled:
+   StrCpy $R0 "0"
+   Exch $R0
+end:   
+FunctionEnd
+
+;-------------------------------
+; Check how the Documentation options should be set
+Function ShouldDocumentationInstall
+   Push $R0
+   StrCpy $R2 "Documentation"
+   Call GetInstalledVersion
+   Pop $R0
+   
+   StrCmp $R0 "" NotInstalled
+   ; Now we see if it's an older or newer version
+
+   Call GetInstalledVersionMajor
+   Pop $R0
+   IntCmpU $R0 ${KFW_MAJORVERSION} +1 Upgrade Downgrade
+
+   Call GetInstalledVersionMinor
+   Pop $R0
+   IntCmpU $R0 ${KFW_MINORVERSION} +1 Upgrade Downgrade
+   
+   Call GetInstalledVersionPatch
+   Pop $R0
+   IntCmpU $R0 ${KFW_PATCHLEVEL} Reinstall Upgrade Downgrade
+   
+Reinstall:
+   StrCpy $R0 "1"
+   Exch $R0
+   goto end
+   
+Upgrade:
+   StrCpy $R0 "2"
+   Exch $R0
+   goto end
+   
+Downgrade:
+   StrCpy $R0 "3"
+   Exch $R0
+   goto end
+   
+   
+NotInstalled:
+   StrCpy $R0 "0"
+   Exch $R0
+end:   
+FunctionEnd
+
+
+;-------------------------------
+; Check how the SDK options should be set
+Function ShouldSDKInstall
+   Push $R0
+   StrCpy $R2 "SDK"
+   Call GetInstalledVersion
+   Pop $R0
+   
+   StrCmp $R0 "" NotInstalled
+   ; Now we see if it's an older or newer version
+
+   Call GetInstalledVersionMajor
+   Pop $R0
+   IntCmpU $R0 ${KFW_MAJORVERSION} +1 Upgrade Downgrade
+
+   Call GetInstalledVersionMinor
+   Pop $R0
+   IntCmpU $R0 ${KFW_MINORVERSION} +1 Upgrade Downgrade
+   
+   Call GetInstalledVersionPatch
+   Pop $R0
+   IntCmpU $R0 ${KFW_PATCHLEVEL} Reinstall Upgrade Downgrade
+   
+Reinstall:
+   StrCpy $R0 "1"
+   Exch $R0
+   goto end
+   
+Upgrade:
+   StrCpy $R0 "2"
+   Exch $R0
+   goto end
+   
+Downgrade:
+   StrCpy $R0 "3"
+   Exch $R0
+   goto end
+   
+   
+NotInstalled:
+   StrCpy $R0 "0"
+   Exch $R0
+end:   
+FunctionEnd
+
+; See if KfW SDK is installed
+; Returns: "1" if it is, 0 if it is not (on the stack)
+Function IsSDKInstalled
+   Push $R0
+   StrCpy $R2 "SDK"
+   Call GetInstalledVersion
+   Pop $R0
+   
+   StrCmp $R0 "" NotInstalled
+   
+   StrCpy $R0 "1"
+   Exch $R0
+   goto end
+   
+NotInstalled:
+   StrCpy $R0 "0"
+   Exch $R0
+end:   
+FunctionEnd
+
+
+; See if KfW Client is installed
+; Returns: "1" if it is, 0 if it is not (on the stack)
+Function IsClientInstalled
+   Push $R0
+   StrCpy $R2 "Client"
+   Call GetInstalledVersion
+   Pop $R0
+   
+   StrCmp $R0 "" NotInstalled
+   
+   StrCpy $R0 "1"
+   Exch $R0
+   goto end
+   
+NotInstalled:
+   StrCpy $R0 "0"
+   Exch $R0
+end:   
+FunctionEnd
+
+
+
+; See if KfW Documentation is installed
+; Returns: "1" if it is, 0 if it is not (on the stack)
+Function IsDocumentationInstalled
+   Push $R0
+   StrCpy $R2 "Documentation"
+   Call GetInstalledVersion
+   Pop $R0
+   
+   StrCmp $R0 "" NotInstalled
+   
+   StrCpy $R0 "1"
+   Exch $R0
+   goto end
+   
+NotInstalled:
+   StrCpy $R0 "0"
+   Exch $R0
+end:   
+FunctionEnd
+
+
+
+;Check to see if any KfW component is installed
+;Returns: Value on stack: "1" if it is, "0" if it is not
+Function IsAnyKfWInstalled
+   Push $R0
+   Push $R1
+   Push $R2
+   Call IsClientInstalled
+   Pop $R0
+   Call IsSDKInstalled
+   Pop $R1
+   Call IsDocumentationInstalled
+   Pop $R2
+   ; Now we must see if ANY of the $Rn values are 1
+   StrCmp $R0 "1" SomethingInstalled
+   StrCmp $R1 "1" SomethingInstalled
+   StrCmp $R2 "1" SomethingInstalled
+   ;Nothing installed
+   StrCpy $R0 "0"
+   goto end
+SomethingInstalled:
+   StrCpy $R0 "1"
+end:
+   Pop $R2
+   Pop $R1
+   Exch $R0
+FunctionEnd
+
+;--------------------------------
+;Handle what must and what must not be installed
+Function .onSelChange
+   ; If they install the SDK, they MUST install the client
+   SectionGetFlags ${secSDK} $R0
+   IntOp $R0 $R0 & ${SF_SELECTED}
+   StrCmp $R0 "1" MakeClientSelected
+   goto end
+   
+MakeClientSelected:
+   SectionGetFlags ${secClient} $R0
+   IntOp $R0 $R0 | ${SF_SELECTED}
+   SectionSetFlags ${secClient} $R0
+   
+end:
+FunctionEnd
+
diff --git a/src/windows/installer/nsis/kfw.ico b/src/windows/installer/nsis/kfw.ico
new file mode 100644 (file)
index 0000000..9ef4f96
Binary files /dev/null and b/src/windows/installer/nsis/kfw.ico differ
diff --git a/src/windows/installer/nsis/kfw.nsi b/src/windows/installer/nsis/kfw.nsi
new file mode 100644 (file)
index 0000000..a6f2733
--- /dev/null
@@ -0,0 +1,16 @@
+;KfW Install Script for NSIS
+;
+; Written by Jeffrey Altman <jaltman@mit.edu>
+; based on the OpenAFS installer written by Rob Murawski <rsm4@ieee.org>
+;
+;Based on:
+;NSIS Modern User Interface version 1.63
+;MultiLanguage Example Script
+;Written by Joost Verburg
+;
+; This version compiles with NSIS v2.0b4
+
+!include site-local.nsi
+!include "MUI.nsh"
+!include Sections.nsh
+!include "kfw-fixed.nsi"
diff --git a/src/windows/installer/nsis/killer.cpp b/src/windows/installer/nsis/killer.cpp
new file mode 100644 (file)
index 0000000..7ba27fc
--- /dev/null
@@ -0,0 +1,380 @@
+/*
+      Process Killer for NSIS script
+      
+      Rob Murawski
+      
+      Released under terms of IBM Open Source agreement for OpenAFS
+      
+      */
+
+
+#include <windows.h>
+#include <stdio.h>
+#include <tlhelp32.h>
+#include <vdmdbg.h>
+
+char strProcessName[256];
+
+typedef BOOL (CALLBACK *PROCENUMPROC)(DWORD, WORD, LPSTR, LPARAM);
+
+typedef struct {
+   DWORD          dwPID;
+   PROCENUMPROC   lpProc;
+   DWORD          lParam;
+   BOOL           bEnd;
+} EnumInfoStruct;
+
+BOOL WINAPI EnumProcs(PROCENUMPROC lpProc, LPARAM lParam);
+
+BOOL WINAPI Enum16(DWORD dwThreadId, WORD hMod16, WORD hTask16,
+      PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined);
+
+// 
+// The EnumProcs function takes a pointer to a callback function
+// that will be called once per process with the process filename 
+// and process ID.
+// 
+// lpProc -- Address of callback routine.
+// 
+// lParam -- A user-defined LPARAM value to be passed to
+//           the callback routine.
+// 
+// Callback function definition:
+// BOOL CALLBACK Proc(DWORD dw, WORD w, LPCSTR lpstr, LPARAM lParam);
+// 
+BOOL WINAPI EnumProcs(PROCENUMPROC lpProc, LPARAM lParam) {
+
+   OSVERSIONINFO  osver;
+   HINSTANCE      hInstLib  = NULL;
+   HINSTANCE      hInstLib2 = NULL;
+   HANDLE         hSnapShot = NULL;
+   LPDWORD        lpdwPIDs  = NULL;
+   PROCESSENTRY32 procentry;
+   BOOL           bFlag;
+   DWORD          dwSize;
+   DWORD          dwSize2;
+   DWORD          dwIndex;
+   HMODULE        hMod;
+   HANDLE         hProcess;
+   char           szFileName[MAX_PATH];
+   EnumInfoStruct sInfo;
+
+   // ToolHelp Function Pointers.
+   HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD, DWORD);
+   BOOL (WINAPI *lpfProcess32First)(HANDLE, LPPROCESSENTRY32);
+   BOOL (WINAPI *lpfProcess32Next)(HANDLE, LPPROCESSENTRY32);
+
+   // PSAPI Function Pointers.
+   BOOL (WINAPI *lpfEnumProcesses)(DWORD *, DWORD, DWORD *);
+   BOOL (WINAPI *lpfEnumProcessModules)(HANDLE, HMODULE *, DWORD, 
+         LPDWORD);
+   DWORD (WINAPI *lpfGetModuleBaseName)(HANDLE, HMODULE, LPTSTR, DWORD);
+
+   // VDMDBG Function Pointers.
+   INT (WINAPI *lpfVDMEnumTaskWOWEx)(DWORD, TASKENUMPROCEX, LPARAM);
+
+   // Retrieve the OS version
+   osver.dwOSVersionInfoSize = sizeof(osver);
+   if (!GetVersionEx(&osver))
+      return FALSE;
+   
+   // If Windows NT 4.0
+   if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT
+         && osver.dwMajorVersion == 4) {
+
+      __try {
+
+         // Get the procedure addresses explicitly. We do
+         // this so we don't have to worry about modules
+         // failing to load under OSes other than Windows NT 4.0 
+         // because references to PSAPI.DLL can't be resolved.
+         hInstLib = LoadLibraryA("PSAPI.DLL");
+         if (hInstLib == NULL)
+            __leave;
+
+         hInstLib2 = LoadLibraryA("VDMDBG.DLL");
+         if (hInstLib2 == NULL)
+            __leave;
+
+         // Get procedure addresses.
+         lpfEnumProcesses = (BOOL (WINAPI *)(DWORD *, DWORD, DWORD*))
+               GetProcAddress(hInstLib, "EnumProcesses");
+
+         lpfEnumProcessModules = (BOOL (WINAPI *)(HANDLE, HMODULE *,
+               DWORD, LPDWORD)) GetProcAddress(hInstLib,
+               "EnumProcessModules");
+
+         lpfGetModuleBaseName = (DWORD (WINAPI *)(HANDLE, HMODULE,
+               LPTSTR, DWORD)) GetProcAddress(hInstLib,
+               "GetModuleBaseNameA");
+
+         lpfVDMEnumTaskWOWEx = (INT (WINAPI *)(DWORD, TASKENUMPROCEX,
+               LPARAM)) GetProcAddress(hInstLib2, "VDMEnumTaskWOWEx");
+         
+         if (lpfEnumProcesses == NULL 
+               || lpfEnumProcessModules == NULL 
+               || lpfGetModuleBaseName == NULL 
+               || lpfVDMEnumTaskWOWEx == NULL)
+            __leave;
+
+         // 
+         // Call the PSAPI function EnumProcesses to get all of the
+         // ProcID's currently in the system.
+         // 
+         // NOTE: In the documentation, the third parameter of
+         // EnumProcesses is named cbNeeded, which implies that you
+         // can call the function once to find out how much space to
+         // allocate for a buffer and again to fill the buffer.
+         // This is not the case. The cbNeeded parameter returns
+         // the number of PIDs returned, so if your buffer size is
+         // zero cbNeeded returns zero.
+         // 
+         // NOTE: The "HeapAlloc" loop here ensures that we
+         // actually allocate a buffer large enough for all the
+         // PIDs in the system.
+         // 
+         dwSize2 = 256 * sizeof(DWORD);
+         do {
+
+            if (lpdwPIDs) {
+               HeapFree(GetProcessHeap(), 0, lpdwPIDs);
+               dwSize2 *= 2;
+            }
+
+            lpdwPIDs = (LPDWORD) HeapAlloc(GetProcessHeap(), 0, 
+                  dwSize2);
+            if (lpdwPIDs == NULL)
+               __leave;
+            
+            if (!lpfEnumProcesses(lpdwPIDs, dwSize2, &dwSize))
+               __leave;
+
+         } while (dwSize == dwSize2);
+
+         // How many ProcID's did we get?
+         dwSize /= sizeof(DWORD);
+
+         // Loop through each ProcID.
+         for (dwIndex = 0; dwIndex < dwSize; dwIndex++) {
+
+            szFileName[0] = 0;
+            
+            // Open the process (if we can... security does not
+            // permit every process in the system to be opened).
+            hProcess = OpenProcess(
+                  PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
+                  FALSE, lpdwPIDs[dwIndex]);
+            if (hProcess != NULL) {
+
+               // Here we call EnumProcessModules to get only the
+               // first module in the process. This will be the 
+               // EXE module for which we will retrieve the name.
+               if (lpfEnumProcessModules(hProcess, &hMod,
+                     sizeof(hMod), &dwSize2)) {
+
+                  // Get the module name
+                  if (!lpfGetModuleBaseName(hProcess, hMod,
+                        szFileName, sizeof(szFileName)))
+                     szFileName[0] = 0;
+               }
+               CloseHandle(hProcess);
+            }
+            // Regardless of OpenProcess success or failure, we
+            // still call the enum func with the ProcID.
+            if (!lpProc(lpdwPIDs[dwIndex], 0, szFileName, lParam))
+               break;
+
+            // Did we just bump into an NTVDM?
+            if (_stricmp(szFileName, "NTVDM.EXE") == 0) {
+
+               // Fill in some info for the 16-bit enum proc.
+               sInfo.dwPID = lpdwPIDs[dwIndex];
+               sInfo.lpProc = lpProc;
+               sInfo.lParam = (DWORD) lParam;
+               sInfo.bEnd = FALSE;
+
+               // Enum the 16-bit stuff.
+               lpfVDMEnumTaskWOWEx(lpdwPIDs[dwIndex],
+                  (TASKENUMPROCEX) Enum16, (LPARAM) &sInfo);
+
+               // Did our main enum func say quit?
+               if (sInfo.bEnd)
+                  break;
+            }
+         }
+
+      } __finally {
+
+         if (hInstLib)
+            FreeLibrary(hInstLib);
+
+         if (hInstLib2)
+            FreeLibrary(hInstLib2);
+
+         if (lpdwPIDs)
+            HeapFree(GetProcessHeap(), 0, lpdwPIDs);
+      }
+
+   // If any OS other than Windows NT 4.0.
+   } else if (osver.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS
+         || (osver.dwPlatformId == VER_PLATFORM_WIN32_NT
+         && osver.dwMajorVersion > 4)) {
+
+      __try {
+
+         hInstLib = LoadLibraryA("Kernel32.DLL");
+         if (hInstLib == NULL)
+            __leave;
+
+         // If NT-based OS, load VDMDBG.DLL.
+         if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT) {
+            hInstLib2 = LoadLibraryA("VDMDBG.DLL");
+            if (hInstLib2 == NULL)
+               __leave;
+         }
+
+         // Get procedure addresses. We are linking to 
+         // these functions explicitly, because a module using
+         // this code would fail to load under Windows NT,
+         // which does not have the Toolhelp32
+         // functions in KERNEL32.DLL.
+         lpfCreateToolhelp32Snapshot =
+               (HANDLE (WINAPI *)(DWORD,DWORD))
+               GetProcAddress(hInstLib, "CreateToolhelp32Snapshot");
+
+         lpfProcess32First =
+               (BOOL (WINAPI *)(HANDLE,LPPROCESSENTRY32))
+               GetProcAddress(hInstLib, "Process32First");
+
+         lpfProcess32Next =
+               (BOOL (WINAPI *)(HANDLE,LPPROCESSENTRY32))
+               GetProcAddress(hInstLib, "Process32Next");
+
+         if (lpfProcess32Next == NULL
+               || lpfProcess32First == NULL
+               || lpfCreateToolhelp32Snapshot == NULL)
+            __leave;
+
+         if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT) {
+            lpfVDMEnumTaskWOWEx = (INT (WINAPI *)(DWORD, TASKENUMPROCEX,
+                  LPARAM)) GetProcAddress(hInstLib2, "VDMEnumTaskWOWEx");
+            if (lpfVDMEnumTaskWOWEx == NULL)
+               __leave;
+         }
+
+         // Get a handle to a Toolhelp snapshot of all processes.
+         hSnapShot = lpfCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+         if (hSnapShot == INVALID_HANDLE_VALUE) {
+            FreeLibrary(hInstLib);
+            return FALSE;
+         }
+
+         // Get the first process' information.
+         procentry.dwSize = sizeof(PROCESSENTRY32);
+         bFlag = lpfProcess32First(hSnapShot, &procentry);
+
+         // While there are processes, keep looping.
+         while (bFlag) {
+            
+            // Call the enum func with the filename and ProcID.
+            if (lpProc(procentry.th32ProcessID, 0,
+                  procentry.szExeFile, lParam)) {
+
+               // Did we just bump into an NTVDM?
+               if (_stricmp(procentry.szExeFile, "NTVDM.EXE") == 0) {
+
+                  // Fill in some info for the 16-bit enum proc.
+                  sInfo.dwPID = procentry.th32ProcessID;
+                  sInfo.lpProc = lpProc;
+                  sInfo.lParam = (DWORD) lParam;
+                  sInfo.bEnd = FALSE;
+
+                  // Enum the 16-bit stuff.
+                  lpfVDMEnumTaskWOWEx(procentry.th32ProcessID,
+                     (TASKENUMPROCEX) Enum16, (LPARAM) &sInfo);
+
+                  // Did our main enum func say quit?
+                  if (sInfo.bEnd)
+                     break;
+               }
+
+               procentry.dwSize = sizeof(PROCESSENTRY32);
+               bFlag = lpfProcess32Next(hSnapShot, &procentry);
+
+            } else
+               bFlag = FALSE;
+         }
+
+      } __finally {
+
+         if (hInstLib)
+            FreeLibrary(hInstLib);
+
+         if (hInstLib2)
+            FreeLibrary(hInstLib2);
+      }
+
+   } else
+      return FALSE;
+
+   // Free the library.
+   FreeLibrary(hInstLib);
+
+   return TRUE;
+}
+
+
+BOOL WINAPI Enum16(DWORD dwThreadId, WORD hMod16, WORD hTask16,
+      PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined) {
+
+   BOOL bRet;
+
+   EnumInfoStruct *psInfo = (EnumInfoStruct *)lpUserDefined;
+
+   bRet = psInfo->lpProc(psInfo->dwPID, hTask16, pszFileName,
+      psInfo->lParam);
+
+   if (!bRet) 
+      psInfo->bEnd = TRUE;
+
+   return !bRet;
+} 
+
+
+BOOL CALLBACK MyProcessEnumerator(DWORD dwPID, WORD wTask, 
+      LPCSTR szProcess, LPARAM lParam) {
+
+   /*if (wTask == 0)
+      printf("%5u   %s\n", dwPID, szProcess);
+   else
+      printf("  %5u %s\n", wTask, szProcess);*/
+   
+   if(stricmp(szProcess,strProcessName)==0)
+   {
+      HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID);
+      if(hProcess!=NULL)
+         TerminateProcess(hProcess,0);
+      CloseHandle(hProcess);
+   }
+
+   return TRUE;
+}
+
+
+void main(int argc, char *argv[])
+{
+   if(argc<2)
+   {
+      printf("Please specify the process name to kill\n");
+      
+      return;
+   }
+
+   if(strlen((argv[1]))<255)
+      strcpy(strProcessName,(argv[1]));
+   else
+      return;
+  
+   EnumProcs((PROCENUMPROC) MyProcessEnumerator, 0);
+  
+}
diff --git a/src/windows/installer/nsis/licenses.rtf b/src/windows/installer/nsis/licenses.rtf
new file mode 100644 (file)
index 0000000..d5c43e2
--- /dev/null
@@ -0,0 +1,98 @@
+{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fmodern\fprq1\fcharset0 Courier New;}{\f1\froman\fprq2\fcharset0 Times New Roman;}}
+{\*\generator Msftedit 5.41.15.1503;}\viewkind4\uc1\pard\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\f0\fs20 Copyright Notice and Legal Administrivia\par
+----------------------------------------\par
+\par
+Copyright (C) 1985-2004 by the Massachusetts Institute of Technology.\par
+\par
+All rights reserved.\par
+\par
+Export of this software from the United States of America may require a specific license from the United States Government.  It is the responsibility of any person or organization contemplating export to obtain such a license before exporting.\par
+\par
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and\par
+this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.  Furthermore if you modify this software you must label your software as modified software and not distribute it in such a fashion that it might be confused with the original MIT software. M.I.T. makes no representations about the suitability of this software for any purpose.  It is provided "as is" without express or implied warranty.\par
+\par
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.\par
+\par
+Individual source code files are copyright MIT, Cygnus Support, OpenVision, Oracle, Sun Soft, FundsXpress, and others.\par
+\par
+Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and Zephyr are trademarks of the Massachusetts Institute of Technology (MIT).  No commercial use of these trademarks may be made without prior written permission of MIT.\par
+\par
+"Commercial use" means use of a name in a product or other for-profit manner.  It does NOT prevent a commercial firm from referring to the MIT trademarks in order to convey information (although in doing so, recognition of their trademark status should be given).\par
+\par
+----\par
+\par
+The following copyright and permission notice applies to the OpenVision Kerberos Administration system located in kadmin/create, kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions of lib/rpc:\par
+\par
+Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved\par
+\par
+WARNING: Retrieving the OpenVision Kerberos Administration system source code, as described below, indicates your acceptance of the following terms.  If you do not agree to the following terms, do not retrieve the OpenVision Kerberos administration system.\par
+\par
+You may freely use and distribute the Source Code and Object Code compiled from it, with or without modification, but this Source Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED.  IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY OTHER REASON.\par
+\par
+OpenVision retains all copyrights in the donated Source Code. OpenVision also retains copyright to derivative works of the Source Code, whether created by OpenVision or by a third party. The OpenVision copyright notice must be preserved if derivative works are made based on the donated Source Code.\par
+\par
+OpenVision Technologies, Inc. has donated this Kerberos Administration system to MIT for inclusion in the standard Kerberos 5 distribution.  This donation underscores our commitment to continuing Kerberos technology development and our gratitude for the valuable work which has been performed by MIT and the Kerberos community.\par
+\par
+----\par
+\par
+Portions contributed by Matt Crawford <crawdad@fnal.gov> were work performed at Fermi National Accelerator Laboratory, which is operated by Universities Research Association, Inc., under contract DE-AC02-76CHO3000 with the U.S. Department of Energy.\par
+\par
+---- The implementation of the Yarrow pseudo-random number generator in src/lib/crypto/yarrow has the following copyright:\par
+\par
+Copyright 2000 by Zero-Knowledge Systems, Inc.\par
+\par
+Permission to use, copy, modify, distribute, and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Zero-Knowledge Systems, Inc. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.  Zero-Knowledge Systems, Inc. makes no representations about the suitability of this software for any purpose.  It is provided "as is" without express or implied warranty.\par
+\par
+ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN\par
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.\par
+\par
+---- The implementation of the AES encryption algorithm in src/lib/crypto/aes has the following copyright:\par
+\par
+Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.\par
+All rights reserved.\par
+\par
+LICENSE TERMS\par
+\par
+The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that:\par
+\par
+1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer;\par
+\par
+2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials;\par
+\par
+3. the copyright holder's name is not used to endorse products built using this software without specific written permission. \par
+\par
+DISCLAIMER\par
+\par
+This software is provided 'as is' with no explcit or implied warranties in respect of any properties, including, but not limited to, correctness and fitness for purpose.\par
+\par
+\par
+\par
+Acknowledgements\par
+----------------\par
+\par
+Appreciation Time!!!!  There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5.  This is only a partial listing....\par
+\par
+Thanks to Paul Vixie and the Internet Software Consortium for funding the work of Barry Jaspan.  This funding was invaluable for the OV administration server integration, as well as the 1.0 release preparation process.\par
+\par
+Thanks to John Linn, Scott Foote, and all of the folks at OpenVision Technologies, Inc., who donated their administration server for use in the MIT release of Kerberos.\par
+\par
+Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken Raeburn, and all of the folks at Cygnus Support, who provided innumerable bug fixes and portability enhancements to the Kerberos V5 tree.  Thanks especially to Jeff Bigler, for the new user and system administrator's documentation.\par
+\par
+Thanks to Doug Engert from ANL for providing many bug fixes, as well as testing to ensure DCE interoperability.\par
+\par
+Thanks to Ken Hornstein at NRL for providing many bug fixes and suggestions, and for working on SAM preauthentication.\par
+\par
+Thanks to Matt Crawford at FNAL for bugfixes and enhancements.\par
+\par
+Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for their many suggestions and bug fixes.\par
+\par
+Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and providing patches for numerous buffer overruns.\par
+\par
+Thanks to Christopher Thompson and Marcus Watts for discovering the ftpd security bug.\par
+\par
+Thanks to Paul Nelson of Thursby Software Systems for implementing the Microsoft set password protocol.\par
+\par
+Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt, Richard Basch, Mitch Berger, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic, Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.\par
+\pard\f1\fs24\par
+}
+\0
\ No newline at end of file
diff --git a/src/windows/installer/nsis/nsi-includes.nsi b/src/windows/installer/nsis/nsi-includes.nsi
new file mode 100644 (file)
index 0000000..4bec5ae
--- /dev/null
@@ -0,0 +1,8 @@
+!define KFW_TARGETDIR c:\temp\kfw\kfw-2.6.1
+!define KFW_EXTRADIR  c:\temp\kfw\kfw-2.6-extra
+!define KFW_VERSION 2.6.1
+!define KFW_MAJORVERSION 2
+!define KFW_MINORVERSION 6
+!define KFW_PATCHLEVEL 1000
+!define CL_1310
+
diff --git a/src/windows/installer/nsis/site-local.nsi b/src/windows/installer/nsis/site-local.nsi
new file mode 100644 (file)
index 0000000..5c59778
--- /dev/null
@@ -0,0 +1,10 @@
+!define KFW_TARGETDIR c:\temp\kfw\kfw-2.6-final
+!define KFW_CONFIG_DIR "c:\temp\kfw\kfw-2.5-extra\sample-config"
+!define KFW_MAJORVERSION 2
+!define KFW_MINORVERSION 6
+!define KFW_PATCHLEVEL 0000
+!define CL_1310
+
+!define SAMPLE_CONFIG_REALM "ATHENA.MIT.EDU"
+!define HTTP_CONFIG_URL     "[Obtain a URL from your Kerberos administrator]"
+
diff --git a/src/windows/installer/nsis/utils.nsi b/src/windows/installer/nsis/utils.nsi
new file mode 100644 (file)
index 0000000..685b966
--- /dev/null
@@ -0,0 +1,815 @@
+;-----------------------------------------------
+; Common Utility functions not specific to KFW
+
+;-------------------
+; Get the currently installed version and place it on the stack
+; Modifies: Nothing
+Function GetInstalledVersion
+   Push $R0
+   Push $R1
+   Push $R4
+   ReadRegStr $R0 HKLM "${KFW_REGKEY_ROOT}\$R2\CurrentVersion" "VersionString"
+   StrCmp $R0 "" done
+   
+done:
+   Pop $R4
+   Pop $R1
+   Exch $R0
+FunctionEnd
+
+; Functions to get each component of the version number
+Function GetInstalledVersionMajor
+   Push $R0
+   Push $R1
+   Push $R4
+   ReadRegDWORD $R0 HKLM "${KFW_REGKEY_ROOT}\$R2\CurrentVersion" "MajorVersion"
+   StrCmp $R0 "" done
+   
+done:
+   Pop $R4
+   Pop $R1
+   Exch $R0
+FunctionEnd
+
+Function GetInstalledVersionMinor
+   Push $R0
+   Push $R1
+   Push $R4
+   ReadRegDWORD $R0 HKLM "${KFW_REGKEY_ROOT}\$R2\CurrentVersion" "MinorVersion"
+   StrCmp $R0 "" done
+   
+done:
+   Pop $R4
+   Pop $R1
+   Exch $R0
+FunctionEnd
+
+Function GetInstalledVersionPatch
+   Push $R0
+   Push $R1
+   Push $R4
+   ReadRegDWORD $R0 HKLM "${KFW_REGKEY_ROOT}\$R2\CurrentVersion" "PatchLevel"
+   StrCmp $R0 "" done
+   
+done:
+   Pop $R4
+   Pop $R1
+   Exch $R0
+FunctionEnd
+
+
+;--------------------------------
+; Macros
+
+;--------------------------------
+; Macros
+; Macro - Upgrade DLL File
+; Written by Joost Verburg
+; ------------------------
+;
+; Parameters:
+; LOCALFILE   - Location of the new DLL file (on the compiler system)
+; DESTFILE    - Location of the DLL file that should be upgraded
+;              (on the user's system)
+; TEMPBASEDIR - Directory on the user's system to store a temporary file
+;               when the system has to be rebooted.
+;               For Win9x support, this should be on the same volume as the
+;               DESTFILE!
+;               The Windows temp directory could be located on any volume,
+;               so you cannot use  this directory.
+;
+; Define REPLACEDLL_NOREGISTER if you want to upgrade a DLL that does not
+; have to be registered.
+;
+; Note: If you want to support Win9x, you can only use
+;       short filenames (8.3).
+;
+; Example of usage:
+; !insertmacro ReplaceDLL "dllname.dll" "$SYSDIR\dllname.dll" "$SYSDIR"
+;
+
+!macro ReplaceDLL LOCALFILE DESTFILE TEMPBASEDIR
+
+  Push $R0
+  Push $R1
+  Push $R2
+  Push $R3
+  Push $R4
+  Push $R5
+
+  ;------------------------
+  ;Unique number for labels
+
+  !define REPLACEDLL_UNIQUE ${__LINE__}
+
+  ;------------------------
+  ;Copy the parameters used on run-time to a variable
+  ;This allows the usage of variables as paramter
+
+  StrCpy $R4 "${DESTFILE}"
+  StrCpy $R5 "${TEMPBASEDIR}"
+
+  ;------------------------
+  ;Check file and version
+  ;
+  IfFileExists $R4 0 replacedll.copy_${REPLACEDLL_UNIQUE}
+  
+  ;ClearErrors
+  ;  GetDLLVersionLocal "${LOCALFILE}" $R0 $R1
+  ;  GetDLLVersion $R4 $R2 $R3
+  ;IfErrors replacedll.upgrade_${REPLACEDLL_UNIQUE}
+  ;
+  ;IntCmpU $R0 $R2 0 replacedll.done_${REPLACEDLL_UNIQUE} \
+  ;  replacedll.upgrade_${REPLACEDLL_UNIQUE}
+  ;IntCmpU $R1 $R3 replacedll.done_${REPLACEDLL_UNIQUE} \
+  ;  replacedll.done_${REPLACEDLL_UNIQUE} \
+  ;  replacedll.upgrade_${REPLACEDLL_UNIQUE}
+
+  ;------------------------
+  ;Let's replace the DLL!
+
+  SetOverwrite try
+
+  ;replacedll.upgrade_${REPLACEDLL_UNIQUE}:
+    !ifndef REPLACEDLL_NOREGISTER
+      ;Unregister the DLL
+      UnRegDLL $R4
+    !endif
+
+  ;------------------------
+  ;Try to copy the DLL directly
+
+  ClearErrors
+    StrCpy $R0 $R4
+    Call :replacedll.file_${REPLACEDLL_UNIQUE}
+  IfErrors 0 replacedll.noreboot_${REPLACEDLL_UNIQUE}
+
+  ;------------------------
+  ;DLL is in use. Copy it to a temp file and Rename it on reboot.
+
+  GetTempFileName $R0 $R5
+    Call :replacedll.file_${REPLACEDLL_UNIQUE}
+  Rename /REBOOTOK $R0 $R4
+
+  ;------------------------
+  ;Register the DLL on reboot
+
+  !ifndef REPLACEDLL_NOREGISTER
+    WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\RunOnce" \
+      "Register $R4" 'rundll32.exe "$R4",DllRegisterServer'
+  !endif
+
+  Goto replacedll.done_${REPLACEDLL_UNIQUE}
+
+  ;------------------------
+  ;DLL does not exist - just extract
+
+  replacedll.copy_${REPLACEDLL_UNIQUE}:
+    StrCpy $R0 $R4
+    Call :replacedll.file_${REPLACEDLL_UNIQUE}
+
+  ;------------------------
+  ;Register the DLL
+
+  replacedll.noreboot_${REPLACEDLL_UNIQUE}:
+    !ifndef REPLACEDLL_NOREGISTER
+      RegDLL $R4
+    !endif
+
+  ;------------------------
+  ;Done
+
+  replacedll.done_${REPLACEDLL_UNIQUE}:
+
+  Pop $R5
+  Pop $R4
+  Pop $R3
+  Pop $R2
+  Pop $R1
+  Pop $R0
+
+  ;------------------------
+  ;End
+
+  Goto replacedll.end_${REPLACEDLL_UNIQUE}
+
+  ;------------------------
+  ;Called to extract the DLL
+
+  replacedll.file_${REPLACEDLL_UNIQUE}:
+    File /oname=$R0 "${LOCALFILE}"
+    Return
+
+  replacedll.end_${REPLACEDLL_UNIQUE}:
+
+ ;------------------------
+ ;Restore settings
+
+ SetOverwrite lastused
+ !undef REPLACEDLL_UNIQUE
+
+!macroend
+
+
+; GetParameters
+; input, none
+; output, top of stack (replaces, with e.g. whatever)
+; modifies no other variables.
+
+Function GetParameters
+  Push $R0
+  Push $R1
+  Push $R2
+  StrCpy $R0 $CMDLINE 1
+  StrCpy $R1 '"'
+  StrCpy $R2 1
+  StrCmp $R0 '"' loop
+    StrCpy $R1 ' ' ; we're scanning for a space instead of a quote
+  loop:
+    StrCpy $R0 $CMDLINE 1 $R2
+    StrCmp $R0 $R1 loop2
+    StrCmp $R0 "" loop2
+    IntOp $R2 $R2 + 1
+    Goto loop
+  loop2:
+    IntOp $R2 $R2 + 1
+    StrCpy $R0 $CMDLINE 1 $R2
+    StrCmp $R0 " " loop2
+  StrCpy $R0 $CMDLINE "" $R2
+  Pop $R2
+  Pop $R1
+  Exch $R0
+FunctionEnd
+
+
+!verbose 3
+!include "WinMessages.NSH"
+!verbose 4
+
+Function GetSystemPath
+    Push $0
+
+    Call IsNT
+    Pop $0
+    StrCmp $0 1 GetPath_NT
+    ReadEnvStr $0 PATH
+    goto HavePath
+GetPath_NT:
+    ReadRegStr $0 HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment" "PATH"
+HavePath:
+    
+    Exch $0
+FunctionEnd
+
+;====================================================
+; AddToSystemPath - Adds the given dir to the search path.
+;        Input - head of the stack
+;        Note - Win9x systems requires reboot
+;====================================================
+Function AddToSystemPath
+  Exch $0
+  Push $1
+  Push $2
+  Push $3
+
+  # don't add if the path doesn't exist
+  IfFileExists $0 "" AddToPath_done
+
+  Call GetSystemPath
+  Pop $1
+  Push "$1;"
+  Push "$0;"
+  Call StrStr
+  Pop $2
+  StrCmp $2 "" "" AddToPath_done
+  Push "$1;"
+  Push "$0\;"
+  Call StrStr
+  Pop $2
+  StrCmp $2 "" "" AddToPath_done
+  GetFullPathName /SHORT $3 $0
+  Push "$1;"
+  Push "$3;"
+  Call StrStr
+  Pop $2
+  StrCmp $2 "" "" AddToPath_done
+  Push "$1;"
+  Push "$3\;"
+  Call StrStr
+  Pop $2
+  StrCmp $2 "" "" AddToPath_done
+
+  Call IsNT
+  Pop $1
+  StrCmp $1 1 AddToPath_NT
+    ; Not on NT
+    StrCpy $1 $WINDIR 2
+    FileOpen $1 "$1\autoexec.bat" a
+    FileSeek $1 -1 END
+    FileReadByte $1 $2
+    IntCmp $2 26 0 +2 +2 # DOS EOF
+      FileSeek $1 -1 END # write over EOF
+    FileWrite $1 "$\r$\nSET PATH=%PATH%;$3$\r$\n"
+    FileClose $1
+    SetRebootFlag true
+    Goto AddToPath_done
+
+  AddToPath_NT:
+    ReadRegStr $1 HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment" "PATH"
+    StrCpy $2 $1 1 -1 # copy last char
+    StrCmp $2 ";" 0 +2 # if last char == ;
+      StrCpy $1 $1 -1 # remove last char
+    StrCmp $1 "" AddToPath_NTdoIt
+      StrCpy $0 "$1;$0"
+    AddToPath_NTdoIt:
+      WriteRegExpandStr HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment" "PATH" $0
+      SendMessage ${HWND_BROADCAST} ${WM_WININICHANGE} 0 "STR:Environment" /TIMEOUT=5000
+
+  AddToPath_done:
+    Pop $3
+    Pop $2
+    Pop $1
+    Pop $0
+FunctionEnd
+
+;====================================================
+; RemoveFromPath - Remove a given dir from the path
+;     Input: head of the stack
+;====================================================
+Function un.RemoveFromSystemPath
+  Exch $0
+  Push $1
+  Push $2
+  Push $3
+  Push $4
+  Push $5
+  Push $6
+
+  IntFmt $6 "%c" 26 # DOS EOF
+
+  Call un.IsNT
+  Pop $1
+  StrCmp $1 1 unRemoveFromPath_NT
+    ; Not on NT
+    StrCpy $1 $WINDIR 2
+    FileOpen $1 "$1\autoexec.bat" r
+    GetTempFileName $4
+    FileOpen $2 $4 w
+    GetFullPathName /SHORT $0 $0
+    StrCpy $0 "SET PATH=%PATH%;$0"
+    Goto unRemoveFromPath_dosLoop
+
+    unRemoveFromPath_dosLoop:
+      FileRead $1 $3
+      StrCpy $5 $3 1 -1 # read last char
+      StrCmp $5 $6 0 +2 # if DOS EOF
+        StrCpy $3 $3 -1 # remove DOS EOF so we can compare
+      StrCmp $3 "$0$\r$\n" unRemoveFromPath_dosLoopRemoveLine
+      StrCmp $3 "$0$\n" unRemoveFromPath_dosLoopRemoveLine
+      StrCmp $3 "$0" unRemoveFromPath_dosLoopRemoveLine
+      StrCmp $3 "" unRemoveFromPath_dosLoopEnd
+      FileWrite $2 $3
+      Goto unRemoveFromPath_dosLoop
+      unRemoveFromPath_dosLoopRemoveLine:
+        SetRebootFlag true
+        Goto unRemoveFromPath_dosLoop
+
+    unRemoveFromPath_dosLoopEnd:
+      FileClose $2
+      FileClose $1
+      StrCpy $1 $WINDIR 2
+      Delete "$1\autoexec.bat"
+      CopyFiles /SILENT $4 "$1\autoexec.bat"
+      Delete $4
+      Goto unRemoveFromPath_done
+
+  unRemoveFromPath_NT:
+    ReadRegStr $1 HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment" "PATH"
+    StrCpy $5 $1 1 -1 # copy last char
+    StrCmp $5 ";" +2 # if last char != ;
+      StrCpy $1 "$1;" # append ;
+    Push $1
+    Push "$0;"
+    Call un.StrStr ; Find `$0;` in $1
+    Pop $2 ; pos of our dir
+    StrCmp $2 "" unRemoveFromPath_done
+      ; else, it is in path
+      # $0 - path to add
+      # $1 - path var
+      StrLen $3 "$0;"
+      StrLen $4 $2
+      StrCpy $5 $1 -$4 # $5 is now the part before the path to remove
+      StrCpy $6 $2 "" $3 # $6 is now the part after the path to remove
+      StrCpy $3 $5$6
+
+      StrCpy $5 $3 1 -1 # copy last char
+      StrCmp $5 ";" 0 +2 # if last char == ;
+        StrCpy $3 $3 -1 # remove last char
+
+      WriteRegExpandStr HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment" "PATH" $3
+      SendMessage ${HWND_BROADCAST} ${WM_WININICHANGE} 0 "STR:Environment" /TIMEOUT=5000
+
+  unRemoveFromPath_done:
+    Pop $6
+    Pop $5
+    Pop $4
+    Pop $3
+    Pop $2
+    Pop $1
+    Pop $0
+FunctionEnd
+
+;====================================================
+; IsNT - Returns 1 if the current system is NT, 0
+;        otherwise.
+;     Output: head of the stack
+;====================================================
+!macro IsNT un
+Function ${un}IsNT
+  Push $0
+  ReadRegStr $0 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" CurrentVersion
+  StrCmp $0 "" 0 IsNT_yes
+  ; we are not NT.
+  Pop $0
+  Push 0
+  Return
+
+  IsNT_yes:
+    ; NT!!!
+    Pop $0
+    Push 1
+FunctionEnd
+!macroend
+!insertmacro IsNT ""
+!insertmacro IsNT "un."
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Uninstall stuff
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;====================================================
+; StrStr - Finds a given string in another given string.
+;               Returns -1 if not found and the pos if found.
+;          Input: head of the stack - string to find
+;                      second in the stack - string to find in
+;          Output: head of the stack
+;====================================================
+!macro StrStr un
+Function ${un}StrStr
+Exch $R1 ; st=haystack,old$R1, $R1=needle
+  Exch    ; st=old$R1,haystack
+  Exch $R2 ; st=old$R1,old$R2, $R2=haystack
+  Push $R3
+  Push $R4
+  Push $R5
+  StrLen $R3 $R1
+  StrCpy $R4 0
+  ; $R1=needle
+  ; $R2=haystack
+  ; $R3=len(needle)
+  ; $R4=cnt
+  ; $R5=tmp
+  loop:
+    StrCpy $R5 $R2 $R3 $R4
+    StrCmp $R5 $R1 done
+    StrCmp $R5 "" done
+    IntOp $R4 $R4 + 1
+    Goto loop
+done:
+  StrCpy $R1 $R2 "" $R4
+  Pop $R5
+  Pop $R4
+  Pop $R3
+  Pop $R2
+  Exch $R1
+FunctionEnd
+!macroend
+!insertmacro StrStr ""
+!insertmacro StrStr "un."
+
+
+!ifdef ADDSHAREDDLLUSED
+; AddSharedDLL
+ ;
+ ; Increments a shared DLLs reference count.
+ ; Use by passing one item on the stack (the full path of the DLL).
+ ;
+ ; Usage:
+ ;   Push $SYSDIR\myDll.dll
+ ;   Call AddSharedDLL
+ ;
+
+ Function AddSharedDLL
+   Exch $R1
+   Push $R0
+   ReadRegDword $R0 HKLM Software\Microsoft\Windows\CurrentVersion\SharedDLLs $R1
+   IntOp $R0 $R0 + 1
+   WriteRegDWORD HKLM Software\Microsoft\Windows\CurrentVersion\SharedDLLs $R1 $R0
+   Pop $R0
+   Pop $R1
+ FunctionEnd
+
+; un.RemoveSharedDLL
+ ;
+ ; Decrements a shared DLLs reference count, and removes if necessary.
+ ; Use by passing one item on the stack (the full path of the DLL).
+ ; Note: for use in the main installer (not the uninstaller), rename the
+ ; function to RemoveSharedDLL.
+ ;
+ ; Usage:
+ ;   Push $SYSDIR\myDll.dll
+ ;   Call un.RemoveSharedDLL
+ ;
+
+ Function un.RemoveSharedDLL
+   Exch $R1
+   Push $R0
+   ReadRegDword $R0 HKLM Software\Microsoft\Windows\CurrentVersion\SharedDLLs $R1
+   StrCmp $R0 "" remove
+     IntOp $R0 $R0 - 1
+     IntCmp $R0 0 rk rk uk
+     rk:
+       DeleteRegValue HKLM Software\Microsoft\Windows\CurrentVersion\SharedDLLs $R1
+     goto Remove
+     uk:
+       WriteRegDWORD HKLM Software\Microsoft\Windows\CurrentVersion\SharedDLLs $R1 $R0
+     Goto noremove
+   remove:
+     Delete /REBOOTOK $R1
+   noremove:
+   Pop $R0
+   Pop $R1
+ FunctionEnd
+!endif
+
+
+; GetWindowsVersion
+;
+; Based on Yazno's function, http://yazno.tripod.com/powerpimpit/
+; Updated by Joost Verburg
+;
+; Returns on top of stack
+;
+; Windows Version (95, 98, ME, NT x.x, 2000, XP, 2003)
+; or
+; '' (Unknown Windows Version)
+;
+; Usage:
+;   Call GetWindowsVersion
+;   Pop $R0
+;   ; at this point $R0 is "NT 4.0" or whatnot
+
+Function GetWindowsVersion
+
+  Push $R0
+  Push $R1
+
+  ClearErrors
+
+  ReadRegStr $R0 HKLM \
+  "SOFTWARE\Microsoft\Windows NT\CurrentVersion" CurrentVersion
+
+  IfErrors 0 lbl_winnt
+  
+  ; we are not NT
+  ReadRegStr $R0 HKLM \
+  "SOFTWARE\Microsoft\Windows\CurrentVersion" VersionNumber
+
+  StrCpy $R1 $R0 1
+  StrCmp $R1 '4' 0 lbl_error
+
+  StrCpy $R1 $R0 3
+
+  StrCmp $R1 '4.0' lbl_win32_95
+  StrCmp $R1 '4.9' lbl_win32_ME lbl_win32_98
+
+  lbl_win32_95:
+    StrCpy $R0 '95'
+  Goto lbl_done
+
+  lbl_win32_98:
+    StrCpy $R0 '98'
+  Goto lbl_done
+
+  lbl_win32_ME:
+    StrCpy $R0 'ME'
+  Goto lbl_done
+
+  lbl_winnt:
+
+  StrCpy $R1 $R0 1
+
+  StrCmp $R1 '3' lbl_winnt_x
+  StrCmp $R1 '4' lbl_winnt_x
+
+  StrCpy $R1 $R0 3
+
+  StrCmp $R1 '5.0' lbl_winnt_2000
+  StrCmp $R1 '5.1' lbl_winnt_XP
+  StrCmp $R1 '5.2' lbl_winnt_2003 lbl_error
+
+  lbl_winnt_x:
+    StrCpy $R0 "NT $R0" 6
+  Goto lbl_done
+
+  lbl_winnt_2000:
+    Strcpy $R0 '2000'
+  Goto lbl_done
+
+  lbl_winnt_XP:
+    Strcpy $R0 'XP'
+  Goto lbl_done
+
+  lbl_winnt_2003:
+    Strcpy $R0 '2003'
+  Goto lbl_done
+
+  lbl_error:
+    Strcpy $R0 ''
+  lbl_done:
+
+  Pop $R1
+  Exch $R0
+
+FunctionEnd
+
+
+; Author: Lilla (lilla@earthlink.net) 2003-06-13
+; function IsUserAdmin uses plugin \NSIS\PlusgIns\UserInfo.dll
+; This function is based upon code in \NSIS\Contrib\UserInfo\UserInfo.nsi
+; This function was tested under NSIS 2 beta 4 (latest CVS as of this writing).
+;
+; Usage:
+;   Call IsUserAdmin
+;   Pop $R0   ; at this point $R0 is "true" or "false"
+;
+Function IsUserAdmin
+Push $R0
+Push $R1
+Push $R2
+
+ClearErrors
+UserInfo::GetName
+IfErrors Win9x
+Pop $R1
+UserInfo::GetAccountType
+Pop $R2
+
+StrCmp $R2 "Admin" 0 Continue
+; Observation: I get here when running Win98SE. (Lilla)
+; The functions UserInfo.dll looks for are there on Win98 too, 
+; but just don't work. So UserInfo.dll, knowing that admin isn't required
+; on Win98, returns admin anyway. (per kichik)
+; MessageBox MB_OK 'User "$R1" is in the Administrators group'
+StrCpy $R0 "true"
+Goto Done
+
+Continue:
+; You should still check for an empty string because the functions
+; UserInfo.dll looks for may not be present on Windows 95. (per kichik)
+StrCmp $R2 "" Win9x
+StrCpy $R0 "false"
+;MessageBox MB_OK 'User "$R1" is in the "$R2" group'
+Goto Done
+
+Win9x:
+; comment/message below is by UserInfo.nsi author:
+; This one means you don't need to care about admin or
+; not admin because Windows 9x doesn't either
+;MessageBox MB_OK "Error! This DLL can't run under Windows 9x!"
+StrCpy $R0 "false"
+
+Done:
+;MessageBox MB_OK 'User= "$R1"  AccountType= "$R2"  IsUserAdmin= "$R0"'
+
+Pop $R2
+Pop $R1
+Exch $R0
+FunctionEnd
+
+Function RestartRequired
+Exch $R1 ;Original Variable
+Push $R2
+Push $R3 ;Counter Variable
+
+StrCpy $R1 "0" 1 ;initialize variable with 0
+StrCpy $R3 "0" 0 ;Counter Variable
+
+;First Check Current User RunOnce Key
+EnumRegValue $R2 HKCU "Software\Microsoft\Windows\CurrentVersion\RunOnce" $R3
+StrCmp $R2 "" 0 FoundRestart
+
+;Next Check Local Machine Key
+EnumRegValue $R2 HKLM "Software\Microsoft\Windows\CurrentVersion\RunOnce" $R3
+StrCmp $R2 "" ExitFunc 0
+
+FoundRestart:
+StrCpy $R1 "1" 1
+
+ExitFunc:
+Pop $R2
+Pop $R3
+Exch $R1
+FunctionEnd
+
+; GetParent
+ ; input, top of stack  (e.g. C:\Program Files\Poop)
+ ; output, top of stack (replaces, with e.g. C:\Program Files)
+ ; modifies no other variables.
+ ;
+ ; Usage:
+ ;   Push "C:\Program Files\Directory\Whatever"
+ ;   Call GetParent
+ ;   Pop $R0
+ ;   ; at this point $R0 will equal "C:\Program Files\Directory"
+
+Function GetParent
+
+  Exch $R0
+  Push $R1
+  Push $R2
+  Push $R3
+  
+  StrCpy $R1 0
+  StrLen $R2 $R0
+  
+  loop:
+    IntOp $R1 $R1 + 1
+    IntCmp $R1 $R2 get 0 get
+    StrCpy $R3 $R0 1 -$R1
+    StrCmp $R3 "\" get
+  Goto loop
+  
+  get:
+    StrCpy $R0 $R0 -$R1
+    
+    Pop $R3
+    Pop $R2
+    Pop $R1
+    Exch $R0
+    
+FunctionEnd
+
+; SearchPath  (path, filename)
+; input:
+;    top of stack is the filename
+;    top of stack minus one is the path
+; output:
+;    top of stack is a fully qualified path or the number "0" 
+;
+; Usage:
+;    Push "semicolon delimited path"
+;    Push "filename"
+;    Call SearchPath
+;    Pop  $R0 ; fqpn 
+;    StrCmp $R0 "" failed
+;   
+;
+Function SearchPath
+  Exch $R0  ; input - filename
+  Exch 
+  Exch $R1  ; input - semicolon delimited path
+  Push $R3  ; worker - index to current end character
+  Push $R4  ; worker - length of $R1
+  Push $R5  ; worker - copy of directory string/fqpn to search for
+  Push $R6  ; worker - single charcter copy or find handle
+  
+  StrCpy $R3 0        ; init character index
+  StrLen $R4 $R1      ; determine length of semicolon delimited path
+  StrCpy $R5 ""        ; init return value
+  
+  findDir:  ; find a semi-colon or end of string
+  IntCmp $R3 $R4 exit 0 exit   ; we are done if no unprocessed string left
+
+  loop:  
+    StrCpy $R6 $R1 1 $R3       ; get the next character
+    StrCmp $R6 ";" foundDir    ; if it is semi-colon, we have found a dir
+    IntOp $R3 $R3 + 1          ; increment index
+    IntCmp $R3 $R4 foundDir    ; if we are at end of string, we have a dir
+  Goto loop                    ; still more chars in this dir
+
+  foundDir:
+    StrCpy $R5 $R1 $R3     ; copy the dir to $R5
+    StrCpy $R5 "$R5\$R0"   ; construct fqpn
+    IfFileExists $R5 exit  ; if file exists we are done
+    StrCpy $R5 ""           ; reset return value to null string
+    IntOp $R4 $R4 - $R3    ; compute maxlen of new delimited path
+    IntCmp $R4 0 exit      ; no more path left, exit 
+    IntOp $R3 $R3 + 1      ; Increment $R3 past the semi-colon
+    StrCpy $R1 $R1 $R4 $R3 ; remove dir from the delimited path
+    StrCpy $R3 0           ; index back to start of new delimited path
+    goto findDir           ; get another directory to look in
+
+  exit:
+    Pop  $R6
+    Exch $R5 ; output - fully qualified pathname
+    Exch
+    Pop  $R4
+    Exch
+    Pop  $R3
+    Exch
+    Pop  $R1
+    Exch 
+    Pop  $R0
+FunctionEnd
index b68c646d3358195929f2908476e6c87d2ce95195..d7ac6af443aa9f542f30c1ca94b884f1f81fc94d 100644 (file)
@@ -1,14 +1,95 @@
+2004-01-31  Jeffrey Altman <jaltman@mit.edu>
+
+    * ms2mit.c: Do not allow ticket importing of the Initial TGT cannot
+      be obtained.  The MSLSA krb5_ccache will not export the Initial TGT
+      if the session key enctype is NULL.  
+
+2003-12-11  Jeffrey Altman <jaltman@mit.edu>
+
+    * ms2mit.c, Makefile.in:
+
+    Remove all of the code that manipulates the MS LSA cache.  Instead
+    of reading in the TGT directly we now take advantage of the new
+    "MSLSA:" krb5_ccache type.  We open the MS LSA cache as a read-only
+    ccache and copy it to the default ccache for the system.
+
+    This removes the dependency on secur32.dll from this file.
+
+2003-10-21  Jeffrey Altman <jaltman@mit.edu>
+
+    * ms2mit.c:
+
+    Because of the failure of Windows 2000 and Windows XP to perform 
+    proper ticket expiration time management, the MS Kerberos LSA will 
+    return tickets to a calling application with lifetimes as short as 
+    one second.  Tickets with lifetimes less than five minutes can cause 
+    problems for most apps.  Tickets with lifetimes less than 20 minutes 
+    will trigger the Leash ticket lifetime warnings.
+
+    Instead of accepting whatever tickets are returned by MS LSA from 
+    the cache, if the ticket lifetime is less than 20 minutes force a 
+    retrieval operation bypassing the LSA ticket cache.
+
+
+2003-07-16  Jeffrey Altman <jaltman@mit.edu>
+
+    * ms2mit.c: 
+
+    Functional changes:
+    (1) do not restrict ourselves to DES-CBC-CRC instead support any
+        ticket with an enctype we support.  as of this date (rev 1.3)
+        this includes all but RC4-MD4.
+    (2) do not accept invalid tickets
+    (3) when attempting to retrieve tickets do not specify either the
+        enctype or cache options (if possible).  doing so will force a 
+        TGS request and prevent the results from being stored into the 
+        cache.
+    (4) when the LSA cache contains a TGT which has expired Microsoft will 
+        not perform a new TGS request until the cache has been purged.
+        Instead the expired ticket continues to be used along with its
+        embedded authorization data.  When PURGE_ENABLED is defined, if the 
+        tickets are expired, the cache will be purged before requesting
+        new tickets, else we ignore the contents of the cache and force 
+        a new TGS request.
+    (5) when the LSA cache is empty do not abort.  On XP or 2003, use
+        the SecurityLogonSessionData to determine the Realm (UserDnsDomain
+        in MS-speak) and request an appropriate TGT.  On 2000, check the
+        Registry for the HKCU\"Volatile Environment":"USERDNSDOMAIN" 
+        instead.  This will allow ms2mit to be used to repopulate the
+        LSA cache.  If the current session is not Kerberos authenticated
+        an appropriate error message will be generated.
+
+    Code changes:
+    (1) several memory leaks plugged
+    (2) several support functions copied from the Leashw32.dll sources
+    (3) get_STRING_from_registry() uses the ANSI versions of the Registry
+        functions and should at a later date be converted to use the 
+        Unicode versions.
+
+    Notes: an ms2mit.exe based on the Leash_import() function
+    should be considered.  Leash_import() not only imports the TGT from
+    the LSA but also performs the krb524 conversion and AFS token retrieval.
+    Of course, that version of ms2mit.exe could not exist within the krb5
+    source tree.
+
+2003-06-20  Jeffrey Altman <jaltman@mit.edu>
+
+    * ms2mit.c: Windows Credentials are addressless. Do not store the
+       credentials in the MIT cache with addresses since they do not
+       contain addresses in the encrypted portion of the credential.
+       Instead generate a valid empty address list.
+
 2002-08-29  Ken Raeburn  <raeburn@mit.edu>
 
-       * Makefile.in: Revert $(S)=>/ change, for Windows support.
+    * Makefile.in: Revert $(S)=>/ change, for Windows support.
 
 2002-08-23  Ken Raeburn  <raeburn@mit.edu>
 
-       * Makefile.in: Change $(S)=>/ and $(U)=>.. globally.
+    * Makefile.in: Change $(S)=>/ and $(U)=>.. globally.
 
 2001-11-28  Danilo Almeida  <dalmeida@mit.edu>
 
-       * ms2mit.c: Make sure we get a des-cbc-crc session key instead of
+    * ms2mit.c: Make sure we get a des-cbc-crc session key instead of
        potentially getting whatever happens to be in the cache.  Remove
        unnecessary static variables.  Make function headers use a
        consistent format.  Rename ShowLastError() to ShowWinError() and
index a7c6c1ed961fc8b39c4f9e729cb0884be5a501bc..45004e14a44ebbcb5e9b9be35af1ef3e4ba43f5a 100644 (file)
@@ -13,7 +13,7 @@ PROG_LIBPATH=-L$(TOPLIBD) -L$(KRB5_LIBDIR)
 all-windows:: $(OUTPRE)ms2mit.exe
 
 $(OUTPRE)ms2mit.exe: $(OUTPRE)ms2mit.obj
-    link $(EXE_LINKOPTS) -out:$@ $(OUTPRE)ms2mit.obj user32.lib secur32.lib advapi32.lib $(KLIB) $(CLIB)
+    link $(EXE_LINKOPTS) -out:$@ $(OUTPRE)ms2mit.obj user32.lib advapi32.lib $(KLIB) $(CLIB)
 
 install::
        copy $(OUTPRE)ms2mit.exe $(DESTDIR)
index 4ec6941ad96b638b507ef7d4ca39fd6362320519..eba52e7937e3b9a029998fa54c120e08b08ce718 100644 (file)
  * ms2mit.c
  *
  */
-/***********************************************************
-        Copyright 2000 by Carnegie Mellon University
-
-                      All Rights Reserved
-
-Permission to use, copy, modify, and distribute this software and its
-documentation for any purpose and without fee is hereby granted,
-provided that the above copyright notice appear in all copies and that
-both that copyright notice and this permission notice appear in
-supporting documentation, and that the name of Carnegie Mellon
-University not be used in advertising or publicity pertaining to
-distribution of the software without specific, written prior
-permission.
-
-CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
-THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR
-ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
-OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-******************************************************************/
-
-
-#define UNICODE
-#define _UNICODE
+/*
+ * Copyright (C) 2003 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
 
-#include <windows.h>
+#include "krb5.h"
 #include <stdio.h>
-#include <stdlib.h>
-#include <conio.h>
-#include <time.h>
-#define SECURITY_WIN32
-#include <security.h>
-#include <ntsecapi.h>
-
-#include <krb5.h>
-#include <com_err.h>
-#include <assert.h>
-
-VOID
-ShowWinError(
-    LPSTR szAPI,
-    DWORD dwError
-    )
-{
-#define MAX_MSG_SIZE 256
-
-    // TODO - Write errors to event log so that scripts that don't
-    // check for errors will still get something in the event log
-
-    WCHAR szMsgBuf[MAX_MSG_SIZE];
-    DWORD dwRes;
-
-    printf("Error calling function %s: %lu\n", szAPI, dwError);
-
-    dwRes = FormatMessage (
-        FORMAT_MESSAGE_FROM_SYSTEM,
-        NULL,
-        dwError,
-        MAKELANGID (LANG_ENGLISH, SUBLANG_ENGLISH_US),
-        szMsgBuf,
-        MAX_MSG_SIZE,
-        NULL);
-    if (0 == dwRes) {
-        printf("FormatMessage failed with %d\n", GetLastError());
-        ExitProcess(EXIT_FAILURE);
-    }
-
-    printf("%S",szMsgBuf);
-}
-
-VOID
-ShowLsaError(
-    LPSTR szAPI,
-    NTSTATUS Status
-    )
-{
-    //
-    // Convert the NTSTATUS to Winerror. Then call ShowWinError().
-    //
-    ShowWinError(szAPI, LsaNtStatusToWinError(Status));
-}
-
-
-
-BOOL
-WINAPI
-UnicodeToANSI(
-    LPTSTR lpInputString,
-    LPSTR lpszOutputString,
-    int nOutStringLen
-    )
-{
-#ifndef WIN32S
-    CPINFO CodePageInfo;
-
-    GetCPInfo(CP_ACP, &CodePageInfo);
-
-    if (CodePageInfo.MaxCharSize > 1)
-        // Only supporting non-Unicode strings
-        return FALSE;
-    else if (((LPBYTE) lpInputString)[1] == '\0')
-    {
-        // Looks like unicode, better translate it
-        WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1,
-                            lpszOutputString, nOutStringLen, NULL, NULL);
-    }
-    else
-        lstrcpyA(lpszOutputString, (LPSTR) lpInputString);
-#else
-    lstrcpy(lpszOutputString, (LPSTR) lpInputString);
-#endif
-    return TRUE;
-}  // UnicodeToANSI
-
-VOID
-WINAPI
-ANSIToUnicode(
-    LPSTR  lpInputString,
-    LPTSTR lpszOutputString,
-    int nOutStringLen
-    )
-{
-
-#ifndef WIN32S
-    CPINFO CodePageInfo;
-
-    lstrcpy(lpszOutputString, (LPTSTR) lpInputString);
-
-    GetCPInfo(CP_ACP, &CodePageInfo);
-
-    if (CodePageInfo.MaxCharSize > 1)
-        // It must already be a Unicode string
-        return;
-    else if (((LPBYTE) lpInputString)[1] != '\0')
-    {
-        // Looks like ANSI, better translate it
-        MultiByteToWideChar(CP_ACP, 0, (LPCSTR) lpInputString, -1,
-                            (LPWSTR) lpszOutputString, nOutStringLen);
-    }
-    else
-        lstrcpy(lpszOutputString, (LPTSTR) lpInputString);
-#endif
-}  // ANSIToUnicode
-
 
 void
-MSPrincToMITPrinc(
-    KERB_EXTERNAL_NAME *msprinc,
-    WCHAR *realm,
-    krb5_context context,
-    krb5_principal *principal
-    )
-{
-    WCHAR princbuf[512],tmpbuf[128];
-    char aname[512];
-    USHORT i;
-    princbuf[0]=0;
-    for (i=0;i<msprinc->NameCount;i++) {
-        wcsncpy(tmpbuf, msprinc->Names[i].Buffer,
-                msprinc->Names[i].Length/sizeof(WCHAR));
-        tmpbuf[msprinc->Names[i].Length/sizeof(WCHAR)]=0;
-        if (princbuf[0])
-            wcscat(princbuf, L"/");
-        wcscat(princbuf, tmpbuf);
-    }
-    wcscat(princbuf, L"@");
-    wcscat(princbuf, realm);
-    UnicodeToANSI(princbuf, aname, sizeof(aname));
-    krb5_parse_name(context, aname, principal);
-}
-
-
-time_t
-FileTimeToUnixTime(
-    LARGE_INTEGER *ltime
-    )
-{
-    FILETIME filetime, localfiletime;
-    SYSTEMTIME systime;
-    struct tm utime;
-    filetime.dwLowDateTime=ltime->LowPart;
-    filetime.dwHighDateTime=ltime->HighPart;
-    FileTimeToLocalFileTime(&filetime, &localfiletime);
-    FileTimeToSystemTime(&localfiletime, &systime);
-    utime.tm_sec=systime.wSecond;
-    utime.tm_min=systime.wMinute;
-    utime.tm_hour=systime.wHour;
-    utime.tm_mday=systime.wDay;
-    utime.tm_mon=systime.wMonth-1;
-    utime.tm_year=systime.wYear-1900;
-    utime.tm_isdst=-1;
-    return(mktime(&utime));
-}
-
-void
-MSSessionKeyToMITKeyblock(
-    KERB_CRYPTO_KEY *mskey,
-    krb5_context context,
-    krb5_keyblock *keyblock
-    )
-{
-    krb5_keyblock tmpblock;
-    tmpblock.magic=KV5M_KEYBLOCK;
-    tmpblock.enctype=mskey->KeyType;
-    tmpblock.length=mskey->Length;
-    tmpblock.contents=mskey->Value;
-    krb5_copy_keyblock_contents(context, &tmpblock, keyblock);
-}
-
-
-void
-MSFlagsToMITFlags(
-    ULONG msflags,
-    ULONG *mitflags
-    )
-{
-    *mitflags=msflags;
-}
-
-void
-MSTicketToMITTicket(
-    KERB_EXTERNAL_TICKET *msticket,
-    krb5_context context,
-    krb5_data *ticket
-    )
-{
-    krb5_data tmpdata, *newdata;
-    tmpdata.magic=KV5M_DATA;
-    tmpdata.length=msticket->EncodedTicketSize;
-    tmpdata.data=msticket->EncodedTicket;
-    // todo: fix this up a little. this is ugly and will break krb_free_data()
-    krb5_copy_data(context, &tmpdata, &newdata);
-    memcpy(ticket, newdata, sizeof(krb5_data));
-}
-
-void
-MSCredToMITCred(
-    KERB_EXTERNAL_TICKET *msticket,
-    krb5_context context,
-    krb5_creds *creds
-    )
-{
-    WCHAR wtmp[128];
-    ZeroMemory(creds, sizeof(krb5_creds));
-    creds->magic=KV5M_CREDS;
-    wcsncpy(wtmp, msticket->TargetDomainName.Buffer,
-            msticket->TargetDomainName.Length/sizeof(WCHAR));
-    wtmp[msticket->TargetDomainName.Length/sizeof(WCHAR)]=0;
-    MSPrincToMITPrinc(msticket->ClientName, wtmp, context, &creds->client);
-    wcsncpy(wtmp, msticket->DomainName.Buffer,
-            msticket->DomainName.Length/sizeof(WCHAR));
-    wtmp[msticket->DomainName.Length/sizeof(WCHAR)]=0;
-    MSPrincToMITPrinc(msticket->ServiceName, wtmp, context, &creds->server);
-    MSSessionKeyToMITKeyblock(&msticket->SessionKey, context, 
-                              &creds->keyblock);
-    MSFlagsToMITFlags(msticket->TicketFlags, &creds->ticket_flags);
-    creds->times.starttime=FileTimeToUnixTime(&msticket->StartTime);
-    creds->times.endtime=FileTimeToUnixTime(&msticket->EndTime);
-    creds->times.renew_till=FileTimeToUnixTime(&msticket->RenewUntil);
-
-    // krb5_cc_store_cred crashes downstream if creds->addresses is NULL.
-    // unfortunately, the MS interface doesn't seem to return a list of
-    // addresses as part of the credentials information. for now i'll just
-    // use krb5_os_localaddr to mock up the address list. is this sufficient?
-    krb5_os_localaddr(context, &creds->addresses);
-
-    MSTicketToMITTicket(msticket, context, &creds->ticket);
-}
-
-BOOL
-PackageConnectLookup(
-    HANDLE *pLogonHandle,
-    ULONG *pPackageId
-    )
-{
-    LSA_STRING Name;
-    NTSTATUS Status;
-
-    Status = LsaConnectUntrusted(
-        pLogonHandle
-        );
-
-    if (FAILED(Status))
-    {
-        ShowLsaError("LsaConnectUntrusted", Status);
-        return FALSE;
-    }
-
-    Name.Buffer = MICROSOFT_KERBEROS_NAME_A;
-    Name.Length = strlen(Name.Buffer);
-    Name.MaximumLength = Name.Length + 1;
-
-    Status = LsaLookupAuthenticationPackage(
-        *pLogonHandle,
-        &Name,
-        pPackageId
-        );
-
-    if (FAILED(Status))
-    {
-        ShowLsaError("LsaLookupAuthenticationPackage", Status);
-        return FALSE;
-    }
-
-    return TRUE;
-
-}
-
-
-DWORD
-ConcatenateUnicodeStrings(
-    UNICODE_STRING *pTarget,
-    UNICODE_STRING Source1,
-    UNICODE_STRING Source2
-    )
-{
-    //
-    // The buffers for Source1 and Source2 cannot overlap pTarget's
-    // buffer.  Source1.Length + Source2.Length must be <= 0xFFFF,
-    // otherwise we overflow...
-    //
-
-    USHORT TotalSize = Source1.Length + Source2.Length;
-    PBYTE buffer = (PBYTE) pTarget->Buffer;
-
-    if (TotalSize > pTarget->MaximumLength)
-        return ERROR_INSUFFICIENT_BUFFER;
-
-    pTarget->Length = TotalSize;
-    memcpy(buffer, Source1.Buffer, Source1.Length);
-    memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length);
-    return ERROR_SUCCESS;
-}
-
-BOOL
-GetMSTGT(
-    HANDLE LogonHandle,
-    ULONG PackageId,
-    KERB_EXTERNAL_TICKET **ticket
+main(
+    int argc,
+    char *argv[]
     )
 {
-    //
-    // INVARIANTS:
-    //
-    //   (FAILED(Status) || FAILED(SubStatus)) ==> error
-    //   bIsLsaError ==> LsaCallAuthenticationPackage() error
-    //
-
-    //
-    // NOTE:
-    //
-    // The updated code leaks memory, but so does the old code.  The
-    // whole program is full of leaks.  Since it's short-lived
-    // process, it is ok.
-    //
-
-    BOOL bIsLsaError = FALSE;
-    NTSTATUS Status = 0;
-    NTSTATUS SubStatus = 0;
-
-    UNICODE_STRING TargetPrefix;
-
-    KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
-    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest;
-    PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
-    ULONG RequestSize;
-    ULONG ResponseSize;
-    USHORT TargetSize;
-
-    CacheRequest.MessageType = KerbRetrieveTicketMessage;
-    CacheRequest.LogonId.LowPart = 0;
-    CacheRequest.LogonId.HighPart = 0;
-
-    pTicketResponse = NULL;
-
-    Status = LsaCallAuthenticationPackage(
-        LogonHandle,
-        PackageId,
-        &CacheRequest,
-        sizeof(CacheRequest),
-        &pTicketResponse,
-        &ResponseSize,
-        &SubStatus
-        );
-
-    if (FAILED(Status) || FAILED(SubStatus))
-    {
-        bIsLsaError = TRUE;
-        goto cleanup;
-    }
+    krb5_context kcontext;
+    krb5_error_code code;
+    krb5_ccache ccache=NULL;
+    krb5_ccache mslsa_ccache=NULL;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+    krb5_principal princ;
+    int initial_ticket = 0;
 
-    if (pTicketResponse->Ticket.SessionKey.KeyType == KERB_ETYPE_DES_CBC_CRC)
-    {
-        // all done!
-        goto cleanup;
+    if (code = krb5_init_context(&kcontext)) {
+        com_err(argv[0], code, "while initializing kerberos library");
+        exit(1);
     }
-
-    //
-    // Set up the "krbtgt/" target prefix into a UNICODE_STRING so we
-    // can easily concatenate it later.
-    //
-
-    TargetPrefix.Buffer = L"krbtgt/";
-    TargetPrefix.Length = wcslen(TargetPrefix.Buffer) * sizeof(WCHAR);
-    TargetPrefix.MaximumLength = TargetPrefix.Length;
-
-    //
-    // We will need to concatenate the "krbtgt/" prefix and the previous
-    // response's target domain into our request's target name.
-    //
-    // Therefore, first compute the necessary buffer size for that.
-    //
-    // Note that we might theoretically have integer overflow.
-    //
-
-    TargetSize = TargetPrefix.Length +
-        pTicketResponse->Ticket.TargetDomainName.Length;
-
-    //
-    // The ticket request buffer needs to be a single buffer.  That buffer
-    // needs to include the buffer for the target name.
-    //
-
-    RequestSize = sizeof(*pTicketRequest) + TargetSize;
-
-    //
-    // Allocate the request buffer and make sure it's zero-filled.
-    //
-
-    pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST)
-        LocalAlloc(LMEM_ZEROINIT, RequestSize);
-    if (!pTicketRequest)
-    {
-        Status = GetLastError();
-        goto cleanup;
+  
+    if (code = krb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) {
+        com_err(argv[0], code, "while opening MS LSA ccache");
+        krb5_free_context(kcontext);
+        exit(1);
     }
 
-    //
-    // Concatenate the target prefix with the previous reponse's
-    // target domain.
-    //
-
-    pTicketRequest->TargetName.Length = 0;
-    pTicketRequest->TargetName.MaximumLength = TargetSize;
-    pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
-    Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName),
-                                       TargetPrefix,
-                                       pTicketResponse->Ticket.TargetDomainName);
-    assert(SUCCEEDED(Status));
-
-    //
-    // Intialize the requst of the request.
-    //
-
-    pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
-    pTicketRequest->LogonId.LowPart = 0;
-    pTicketRequest->LogonId.HighPart = 0;
-    // Note: pTicketRequest->TargetName set up above
-    pTicketRequest->CacheOptions = KERB_RETRIEVE_TICKET_DONT_USE_CACHE;
-    pTicketRequest->TicketFlags = 0L;
-    pTicketRequest->EncryptionType = ENCTYPE_DES_CBC_CRC;
-
-    //
-    // Free the previous response buffer so we can get the new response.
-    //
-
-    LsaFreeReturnBuffer(pTicketResponse);
-    pTicketResponse = NULL;
-
-    Status = LsaCallAuthenticationPackage(
-        LogonHandle,
-        PackageId,
-        pTicketRequest,
-        RequestSize,
-        &pTicketResponse,
-        &ResponseSize,
-        &SubStatus
-        );
-
-    if (FAILED(Status) || FAILED(SubStatus))
-    {
-        bIsLsaError = TRUE;
-        goto cleanup;
+    /* Enumerate tickets from cache looking for an initial ticket */
+    if ((code = krb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor))) {
+        com_err(argv[0], code, "while initiating the cred sequence of MS LSA ccache");
+        krb5_cc_close(kcontext, mslsa_ccache);
+        krb5_free_context(kcontext);
+        exit(1);
     }
 
- cleanup:
-    if (FAILED(Status) || FAILED(SubStatus))
+    while (!(code = krb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds))) 
     {
-        if (bIsLsaError)
-        {
-            // XXX - Will be fixed later
-            if (FAILED(Status))
-                ShowLsaError("LsaCallAuthenticationPackage", Status);
-            if (FAILED(SubStatus))
-                ShowLsaError("LsaCallAuthenticationPackage", SubStatus);
-        }
-        else
-        {
-            ShowWinError("GetMSTGT", Status);
+        if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
+            krb5_free_cred_contents(kcontext, &creds);
+            initial_ticket = 1;
+            break;
         }
-
-        if (pTicketResponse)
-            LsaFreeReturnBuffer(pTicketResponse);
-
-        return(FALSE);
+        krb5_free_cred_contents(kcontext, &creds);
     }
+    krb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor);
 
-    *ticket = &(pTicketResponse->Ticket);
-    return(TRUE);
-}
-
-void
-main(
-    int argc,
-    char *argv[]
-    )
-{
-    krb5_context kcontext;
-    krb5_error_code code;
-    krb5_creds creds;
-    krb5_ccache ccache=NULL;
-    krb5_get_init_creds_opt opts;
-    char *cache_name=NULL;
-    HANDLE LogonHandle=NULL;
-    ULONG PackageId;
-
-    KERB_EXTERNAL_TICKET *msticket;
-    if(!PackageConnectLookup(&LogonHandle, &PackageId))
+    if ( !initial_ticket ) {
+        fprintf(stderr, "%s: Initial Ticket Getting Tickets are not available from the MS LSA\n",
+                argv[0]);
+        krb5_cc_close(kcontext, mslsa_ccache);
+        krb5_free_context(kcontext);
         exit(1);
+    }
 
-    if (GetMSTGT(LogonHandle, PackageId, &msticket)==FALSE)
-        exit(1);
-    if (code = krb5_init_context(&kcontext)) {
-        com_err(argv[0], code, "while initializing kerberos library");
+    if (code = krb5_cc_get_principal(kcontext, mslsa_ccache, &princ)) {
+        com_err(argv[0], code, "while obtaining MS LSA principal");
+        krb5_cc_close(kcontext, mslsa_ccache);
+        krb5_free_context(kcontext);
         exit(1);
     }
-    krb5_get_init_creds_opt_init(&opts);
-    MSCredToMITCred(msticket, kcontext, &creds);
+
     if (code = krb5_cc_default(kcontext, &ccache)) {
         com_err(argv[0], code, "while getting default ccache");
+        krb5_free_principal(kcontext, princ);
+        krb5_cc_close(kcontext, mslsa_ccache);
+        krb5_free_context(kcontext);
         exit(1);
     }
-    if (code = krb5_cc_initialize(kcontext, ccache, creds.client)) {
-        com_err (argv[0], code, "when initializing cache %s",
-                 cache_name?cache_name:"");
+    if (code = krb5_cc_initialize(kcontext, ccache, princ)) {
+        com_err (argv[0], code, "when initializing ccache");
+        krb5_free_principal(kcontext, princ);
+        krb5_cc_close(kcontext, mslsa_ccache);
+        krb5_cc_close(kcontext, ccache);
+        krb5_free_context(kcontext);
         exit(1);
     }
-    if (code = krb5_cc_store_cred(kcontext, ccache, &creds)) {
-        com_err (argv[0], code, "while storing credentials");
+
+    if (code = krb5_cc_copy_creds(kcontext, mslsa_ccache, ccache)) {
+        com_err (argv[0], code, "while copying MS LSA ccache to default ccache");
+        krb5_free_principal(kcontext, princ);
+        krb5_cc_close(kcontext, ccache);
+        krb5_cc_close(kcontext, mslsa_ccache);
+        krb5_free_context(kcontext);
         exit(1);
     }
+
+    krb5_free_principal(kcontext, princ);
     krb5_cc_close(kcontext, ccache);
+    krb5_cc_close(kcontext, mslsa_ccache);
     krb5_free_context(kcontext);
+    return(0);
 }
index 1b8ca9d9fbea1c80e1fdbad3d04f2b5cdf85340e..6e6f7ba2af8b1c894a5b89273a0af9f2f31860b8 100644 (file)
@@ -5,10 +5,10 @@
  * BEGIN COMMON VERSION INFO for GSS and Kerberos version resources
  */
 
-#define PRE_RELEASE
+// #define PRE_RELEASE
 
 #ifdef PRE_RELEASE
-#define BETA_STR  " beta"
+#define BETA_STR  " beta 1"
 #define BETA_FLAG VS_FF_PRERELEASE
 #else
 #define BETA_STR  ""
 
 /* we're going to stamp all the DLLs with the same version number */
 
-#define K5_PRODUCT_VERSION_STRING "1.3 (TEST)" BETA_STR "\0"
-#define K5_PRODUCT_VERSION        1, 3, 0, 0
+#define K5_PRODUCT_VERSION_STRING "1.3.4" BETA_STR "\0"
+#define K5_PRODUCT_VERSION        1, 3, 4, 0
 
-#define K5_COPYRIGHT "Copyright (C) 1997-2000 by the Massachusetts Institute of Technology\0"
+#define K5_COPYRIGHT "Copyright (C) 1997-2004 by the Massachusetts Institute of Technology\0"
 #define K5_COMPANY_NAME "Massachusetts Institute of Technology.\0"
 
 /*