This commit was manufactured by cvs2svn to create tag krb5-1.2.2-final
authorno author <devnull@mit.edu>
Wed, 28 Feb 2001 21:55:26 +0000 (21:55 +0000)
committerno author <devnull@mit.edu>
Wed, 28 Feb 2001 21:55:26 +0000 (21:55 +0000)
'krb5-1-2-2-final'.

git-svn-id: svn://anonsvn.mit.edu/krb5/tags/krb5-1-2-2-final@13048 dc483132-0cff-0310-8789-dd5450dbe970

376 files changed:
README
doc/ChangeLog
doc/admin.texinfo
doc/api/ChangeLog
doc/api/Makefile
doc/build.texinfo
doc/copyright.texinfo
doc/definitions.texinfo
doc/install.texinfo
doc/krb425.texinfo
doc/send-pr.texinfo
src/ChangeLog
src/Makefile.in
src/acconfig.h
src/aclocal.m4
src/appl/bsd/ChangeLog
src/appl/bsd/Makefile.in
src/appl/bsd/configure.in
src/appl/bsd/defines.h
src/appl/bsd/forward.c
src/appl/bsd/kcmd.c
src/appl/bsd/krcp.c
src/appl/bsd/krlogin.c
src/appl/bsd/krlogind.c
src/appl/bsd/krsh.c
src/appl/bsd/krshd.c
src/appl/bsd/login.M
src/appl/bsd/login.c
src/appl/bsd/rcp.M
src/appl/bsd/rlogin.M
src/appl/bsd/rsh.M
src/appl/bsd/v4rcp.c
src/appl/gssftp/ChangeLog
src/appl/gssftp/configure.in
src/appl/gssftp/ftp/ChangeLog
src/appl/gssftp/ftp/cmds.c
src/appl/gssftp/ftp/domacro.c
src/appl/gssftp/ftp/ftp.c
src/appl/gssftp/ftp/glob.c
src/appl/gssftp/ftp/main.c
src/appl/gssftp/ftp/secure.c
src/appl/gssftp/ftpd/ChangeLog
src/appl/gssftp/ftpd/ftpcmd.y
src/appl/gssftp/ftpd/ftpd.c
src/appl/sample/sclient/ChangeLog
src/appl/sample/sclient/sclient.c
src/appl/telnet/libtelnet/ChangeLog
src/appl/telnet/libtelnet/configure.in
src/appl/telnet/libtelnet/gettytab.c
src/appl/telnet/libtelnet/kerberos.c
src/appl/telnet/libtelnet/kerberos5.c
src/appl/telnet/libtelnet/setenv.c
src/appl/telnet/libtelnet/spx.c
src/appl/telnet/telnet/ChangeLog
src/appl/telnet/telnet/commands.c
src/appl/telnet/telnet/externs.h
src/appl/telnet/telnet/main.c
src/appl/telnet/telnet/tn3270.c
src/appl/telnet/telnet/utilities.c
src/appl/telnet/telnetd/ChangeLog
src/appl/telnet/telnetd/state.c
src/appl/telnet/telnetd/sys_term.c
src/appl/telnet/telnetd/telnetd-ktd.c
src/appl/telnet/telnetd/telnetd.c
src/clients/ChangeLog
src/clients/configure.in
src/clients/klist/ChangeLog
src/clients/klist/Makefile.in
src/clients/klist/klist.c
src/clients/ksu/ChangeLog
src/clients/ksu/Makefile.in
src/clients/ksu/ccache.c
src/clients/ksu/ksu.M
src/clients/ksu/main.c
src/clients/ksu/setenv.c
src/config-files/ChangeLog
src/config-files/krb5.conf.M
src/config/ChangeLog
src/config/config.guess
src/config/config.sub
src/config/libobj.in
src/config/pre.in
src/config/win-pre.in
src/include/ChangeLog
src/include/k5-int.h
src/include/kerberosIV/ChangeLog
src/include/kerberosIV/krb.h
src/include/krb5.hin
src/include/krb5/ChangeLog
src/include/krb5/kdb.h
src/include/krb5/macsock.h
src/include/win-mac.h
src/kadmin/cli/ChangeLog
src/kadmin/cli/kadmin.M
src/kadmin/cli/kadmin.c
src/kadmin/cli/strftime.c
src/kadmin/dbutil/ChangeLog
src/kadmin/dbutil/dump.c
src/kadmin/dbutil/kdb5_util.M
src/kadmin/ktutil/ChangeLog
src/kadmin/ktutil/ktutil_funcs.c
src/kadmin/passwd/ChangeLog
src/kadmin/passwd/xm_kpasswd.c
src/kadmin/server/ChangeLog
src/kadmin/server/schpw.c
src/kadmin/server/server_stubs.c
src/kadmin/testing/proto/ChangeLog
src/kadmin/testing/proto/kdc.conf.proto
src/kadmin/testing/proto/krb5.conf.proto
src/kadmin/testing/util/ChangeLog
src/kadmin/testing/util/tcl_kadm5.c
src/kadmin/v4server/ChangeLog
src/kadmin/v4server/acl_files.c
src/kadmin/v4server/admin_server.c
src/kadmin/v4server/kadm_err.et
src/kadmin/v4server/kadm_ser_wrap.c
src/kadmin/v4server/kadm_server.c
src/kadmin/v5passwdd/ChangeLog
src/kadmin/v5passwdd/kadm5_defs.h
src/kadmin/v5passwdd/main.c
src/kadmin/v5passwdd/proto_serv.c
src/kdc/ChangeLog
src/kdc/kdc_util.c
src/kdc/kerberos_v4.c
src/kdc/network.c
src/krb524/ChangeLog
src/krb524/cnv_tkt_skey.c
src/lib/ChangeLog
src/lib/crypto/ChangeLog
src/lib/crypto/Makefile.in
src/lib/crypto/dk/ChangeLog
src/lib/crypto/dk/derive.c
src/lib/crypto/dk/dk_decrypt.c
src/lib/crypto/dk/dk_encrypt.c
src/lib/crypto/make_checksum.c
src/lib/crypto/old/ChangeLog
src/lib/crypto/old/old_decrypt.c
src/lib/crypto/old/old_encrypt.c
src/lib/crypto/prng.c
src/lib/gssapi/ChangeLog
src/lib/gssapi/Makefile.in
src/lib/gssapi/generic/ChangeLog
src/lib/gssapi/generic/gssapi_generic.h
src/lib/gssapi/krb5/3des.txt [new file with mode: 0644]
src/lib/gssapi/krb5/ChangeLog
src/lib/gssapi/krb5/accept_sec_context.c
src/lib/gssapi/krb5/acquire_cred.c
src/lib/gssapi/krb5/add_cred.c
src/lib/gssapi/krb5/gssapiP_krb5.h
src/lib/gssapi/krb5/import_sec_context.c
src/lib/gssapi/krb5/init_sec_context.c
src/lib/gssapi/krb5/inq_cred.c
src/lib/gssapi/krb5/k5seal.c
src/lib/gssapi/krb5/k5unseal.c
src/lib/gssapi/krb5/ser_sctx.c
src/lib/gssapi/krb5/util_cksum.c
src/lib/gssapi/krb5/util_crypt.c
src/lib/gssapi/krb5/util_seed.c
src/lib/gssapi/krb5/util_seqnum.c
src/lib/gssapi/krb5/wrap_size_limit.c
src/lib/kadm5/ChangeLog
src/lib/kadm5/admin.h
src/lib/kadm5/admin_internal.h
src/lib/kadm5/alt_prof.c
src/lib/kadm5/chpass_util.c
src/lib/kadm5/clnt/ChangeLog
src/lib/kadm5/clnt/client_init.c
src/lib/kadm5/clnt/clnt_chpass_util.c
src/lib/kadm5/logger.c
src/lib/kadm5/ovsec_glue.c
src/lib/kadm5/srv/ChangeLog
src/lib/kadm5/srv/adb_openclose.c
src/lib/kadm5/srv/svr_chpass_util.c
src/lib/kadm5/unit-test/ChangeLog
src/lib/kadm5/unit-test/api.2/chpass-principal-v2.exp
src/lib/kadm5/unit-test/api.2/get-principal-v2.exp
src/lib/kadm5/unit-test/api.2/randkey-principal-v2.exp
src/lib/kdb/ChangeLog
src/lib/kdb/fetch_mkey.c
src/lib/kdb/setup_mkey.c
src/lib/kdb/store_mkey.c
src/lib/kdb/t_kdb.c
src/lib/krb4/ChangeLog
src/lib/krb4/Password.c
src/lib/krb4/configure.in
src/lib/krb4/cr_auth_repl.c
src/lib/krb4/cr_ciph.c
src/lib/krb4/cr_death_pkt.c
src/lib/krb4/cr_err_repl.c
src/lib/krb4/cr_tkt.c
src/lib/krb4/decomp_tkt.c
src/lib/krb4/dest_tkt.c
src/lib/krb4/g_ad_tkt.c
src/lib/krb4/g_in_tkt.c
src/lib/krb4/g_krbhst.c
src/lib/krb4/g_krbrlm.c
src/lib/krb4/g_pw_in_tkt.c
src/lib/krb4/in_tkt.c
src/lib/krb4/kntoln.c
src/lib/krb4/kparse.c
src/lib/krb4/kuserok.c
src/lib/krb4/mk_auth.c
src/lib/krb4/mk_err.c
src/lib/krb4/mk_req.c
src/lib/krb4/rd_req.c
src/lib/krb4/realmofhost.c
src/lib/krb4/recvauth.c
src/lib/krb4/send_to_kdc.c
src/lib/krb4/sendauth.c
src/lib/krb4/tf_util.c
src/lib/krb4/win_store.c
src/lib/krb5/ChangeLog
src/lib/krb5/Makefile.in
src/lib/krb5/asn.1/ChangeLog
src/lib/krb5/asn.1/asn1_encode.c
src/lib/krb5/asn.1/asn1_get.c
src/lib/krb5/asn.1/asn1_k_decode.c
src/lib/krb5/asn.1/asn1buf.c
src/lib/krb5/asn.1/asn1buf.h
src/lib/krb5/asn.1/krb5_decode.c
src/lib/krb5/ccache/ChangeLog
src/lib/krb5/ccache/ccapi/ChangeLog
src/lib/krb5/ccache/ccapi/stdcc.c
src/lib/krb5/ccache/ccapi/stdcc.h
src/lib/krb5/ccache/ccapi/stdcc_util.c
src/lib/krb5/ccache/ccapi/stdcc_util.h
src/lib/krb5/ccache/ccapi/winccld.c
src/lib/krb5/ccache/ccapi/winccld.h
src/lib/krb5/ccache/ccdefault.c
src/lib/krb5/ccache/ccdefops.c
src/lib/krb5/error_tables/ChangeLog
src/lib/krb5/error_tables/asn1_err.et
src/lib/krb5/krb/ChangeLog
src/lib/krb5/krb/Makefile.in
src/lib/krb5/krb/appdefault.c [new file with mode: 0644]
src/lib/krb5/krb/chk_trans.c
src/lib/krb5/krb/conv_princ.c
src/lib/krb5/krb/fwd_tgt.c
src/lib/krb5/krb/get_creds.c
src/lib/krb5/krb/get_in_tkt.c
src/lib/krb5/krb/gic_keytab.c
src/lib/krb5/krb/gic_pwd.c
src/lib/krb5/krb/init_ctx.c
src/lib/krb5/krb/kfree.c
src/lib/krb5/krb/mk_priv.c
src/lib/krb5/krb/mk_req_ext.c
src/lib/krb5/krb/mk_safe.c
src/lib/krb5/krb/preauth.c
src/lib/krb5/krb/preauth2.c
src/lib/krb5/krb/rd_priv.c
src/lib/krb5/krb/rd_req_dec.c
src/lib/krb5/krb/recvauth.c
src/lib/krb5/krb/sendauth.c
src/lib/krb5/krb/t_kerb.c
src/lib/krb5/krb/t_krb5.conf
src/lib/krb5/krb/t_ref_kerb.out
src/lib/krb5/krb/vfy_increds.c
src/lib/krb5/krb5_libinit.c
src/lib/krb5/os/ChangeLog
src/lib/krb5/os/an_to_ln.c
src/lib/krb5/os/c_ustime.c
src/lib/krb5/os/ccdefname.c
src/lib/krb5/os/changepw.c
src/lib/krb5/os/def_realm.c
src/lib/krb5/os/hst_realm.c
src/lib/krb5/os/init_os_ctx.c
src/lib/krb5/os/kuserok.c
src/lib/krb5/os/localaddr.c
src/lib/krb5/os/locate_kdc.c
src/lib/krb5/os/os-proto.h
src/lib/krb5/os/prompter.c
src/lib/krb5/os/promptusr.c
src/lib/krb5/os/read_pwd.c
src/lib/krb5/os/sendto_kdc.c
src/lib/krb5/os/t_std_conf.c
src/lib/krb5/os/timeofday.c
src/lib/krb5/posix/ChangeLog
src/lib/krb5/posix/syslog.c
src/lib/krb5/rcache/ChangeLog
src/lib/krb5/rcache/rc_io.c
src/lib/krb5_32.def
src/lib/krb5util/ChangeLog
src/lib/krb5util/compat_recv.c
src/lib/rpc/ChangeLog
src/lib/rpc/auth_gssapi_misc.c
src/lib/rpc/clnt_perror.c
src/lib/rpc/clnt_simple.c
src/lib/rpc/clnt_tcp.c
src/lib/rpc/clnt_udp.c
src/lib/rpc/get_myaddress.c
src/lib/rpc/pmap_rmt.c
src/lib/rpc/svc_auth_gssapi.c
src/lib/rpc/unit-test/ChangeLog
src/lib/rpc/unit-test/lib/helpers.exp
src/lib/rpc/unit-test/server.c
src/lib/win_glue.c
src/mac/CFMGlue.pl
src/mac/DylibStub.c [new file with mode: 0644]
src/mac/ErrorTables.jam [new file with mode: 0644]
src/mac/GSS.CFM.c
src/mac/GSSKerberos5.pbproj/project.pbxproj [new file with mode: 0644]
src/mac/GSSKerberosPrefix.h [new file with mode: 0644]
src/mac/GSSLibrary.pbexp [new file with mode: 0644]
src/mac/GenerateErrorTables.sh [new file with mode: 0644]
src/mac/GenerateHeaderFiles.sh [new file with mode: 0644]
src/mac/HeaderFiles.jam [new file with mode: 0644]
src/mac/K5.CFM.c
src/mac/K5.CFMglue.proto.h
src/mac/K5Library.exp
src/mac/Kerberos5Lib.exp [new file with mode: 0644]
src/mac/Kerberos5Lib.pbexp [new file with mode: 0644]
src/mac/Makefile
src/mac/PrivateKerberos5Lib.exp [new file with mode: 0644]
src/mac/ProfileLib.CFM.c
src/mac/Release notes
src/mac/libraries/KerberosHeaders.9.pch [new file with mode: 0644]
src/mac/libraries/KerberosHeaders.CB.pch [new file with mode: 0644]
src/mac/libraries/KerberosHeaders.h
src/mac/macfile_gen.pl
src/slave/ChangeLog
src/slave/kprop.c
src/tests/asn.1/ChangeLog
src/tests/asn.1/krb5_decode_test.c
src/tests/asn.1/utility.c
src/tests/create/ChangeLog
src/tests/create/kdb5_mkdums.c
src/tests/dejagnu/config/ChangeLog
src/tests/dejagnu/config/default.exp
src/tests/dejagnu/krb-root/ChangeLog
src/tests/dejagnu/krb-root/rlogin.exp
src/tests/dejagnu/krb-standalone/ChangeLog
src/tests/dejagnu/krb-standalone/gssapi.exp
src/tests/dejagnu/krb-standalone/rsh.exp
src/tests/hammer/ChangeLog
src/tests/hammer/kdc5_hammer.c
src/tests/verify/ChangeLog
src/tests/verify/kdb5_verify.c
src/util/ChangeLog
src/util/Makefile.in
src/util/db2/ChangeLog
src/util/db2/hash/dbm.c
src/util/et/ChangeLog
src/util/et/com_err.c
src/util/et/com_err.h
src/util/et/error_message.c
src/util/et/et.pbexp [new file with mode: 0644]
src/util/et/et_c.awk
src/util/et/et_c.pl [moved from src/util/et/et_c.perl with 97% similarity]
src/util/et/et_h.awk
src/util/et/et_h.pl [moved from src/util/et/et_h.perl with 95% similarity]
src/util/makeshlib.sh
src/util/mkrel
src/util/profile/ChangeLog
src/util/profile/krb5.conf
src/util/profile/prof_parse.c
src/util/profile/profile.pbexp [new file with mode: 0644]
src/util/pty/ChangeLog
src/util/pty/configure.in
src/util/ss/ChangeLog
src/util/ss/help.c
src/util/ss/list_rqs.c
src/util/ss/mk_cmds.c
src/util/ss/utils.c
src/wconfig.c
src/windows/ChangeLog
src/windows/README
src/windows/cns/ChangeLog
src/windows/cns/cns.c
src/windows/cns/cns_reg.c
src/windows/cns/tktlist.c
src/windows/lib/ChangeLog
src/windows/lib/cacheapi.h
src/windows/version.rc
src/windows/wintel/ChangeLog
src/windows/wintel/auth.c
src/windows/wintel/encrypt.c

diff --git a/README b/README
index 19b193ec614a3da3df52ddfc94eaa6f977b8ab59..05d7ac064c7a30f9356d94a08034199b16478f3e 100644 (file)
--- a/README
+++ b/README
@@ -1,43 +1,33 @@
-these were the
-                  Kerberos Version 5, Release 1.1
+
+                 Kerberos Version 5, Release 1.2.2
 
                            Release Notes
-which will be updated before the next release by
+
                        The MIT Kerberos Team
 
 Unpacking the Source Distribution
 ---------------------------------
 
-The source distribution of Kerberos 5 comes in three gzipped tarfiles,
-krb5-1.1.src.tar.gz, krb5-1.1.doc.tar.gz, and krb5-1.1.crypto.tar.gz.
-The krb5-1.1.doc.tar.gz contains the doc/ directory and this README
-file.  The krb5-1.1.src.tar.gz contains the src/ directory and this
-README file, except for the crypto library sources, which are in
-krb5-1.1.crypto.tar.gz.
-
-Instruction on how to extract the entire distribution follow.  These
-directions assume that you want to extract into a directory called
-DIST.
+The source distribution of Kerberos 5 comes in a gzipped tarfile,
+krb5-1.2.2.tar.gz.  Instruction on how to extract the entire
+distribution follow.  These directions assume that you want to extract
+into a directory called DIST.
 
 If you have the GNU tar program and gzip installed, you can simply do:
 
        mkdir DIST
        cd DIST
-       gtar zxpf krb5-1.1.src.tar.gz
-       gtar zxpf krb5-1.1.crypto.tar.gz
-       gtar zxpf krb5-1.1.doc.tar.gz
+       gtar zxpf krb5-1.2.2.tar.gz
 
 If you don't have GNU tar, you will need to get the FSF gzip
 distribution and use gzcat:
 
        mkdir DIST
        cd DIST
-       gzcat krb5-1.1.src.tar.gz | tar xpf -
-       gzcat krb5-1.1.crypto.tar.gz | tar xpf -
-       gzcat krb5-1.1.doc.tar.gz | tar xpf -
+       gzcat krb5-1.2.2.tar.gz | tar xpf -
 
-Both of these methods will extract the sources into DIST/krb5-1.1/src
-and the documentation into DIST/krb5-1.1/doc.
+Both of these methods will extract the sources into DIST/krb5-1.2.2/src
+and the documentation into DIST/krb5-1.2.2/doc.
 
 Building and Installing Kerberos 5
 ----------------------------------
@@ -70,53 +60,236 @@ If you are not able to use krb5-send-pr because you haven't been able
 compile and install Kerberos V5 on any platform, you may send mail to
 krb5-bugs@mit.edu.
 
-Notes, Major Changes, and Known Bugs
-------------------------------------
-
-* Triple DES support is included; however, it is only usable for
-  service keys at the moment, due to a large number of compatibility
-  issues.  For example, the GSSAPI library has some (buggy) support
-  for a triple DES session key, but it is intentionally disabled.
-  ** Do not use triple-DES in your config files except as described in
-  ** the documentation.
-
-* The principal database now uses the btree backend of Berkeley DB.
-  This should result in improved KDC performance.
-
-* The lib/rpc tests do not appear to work under NetBSD-1.4, for
-  reasons that are not completely clear at the moment, but probably
-  have something to do with portmapper interfacing.  This should not
-  affect other operations, such as kadmind operation.
-
-* Shared library builds are under a new framework; at this point only
-  Solaris (2.x), Irix (6.5), NetBSD (1.4 i386), and possibly Linux are
-  known to work.  All other working shared library builds may be
-  figments of your imagination.
-
-* Many existing databases, especially those converted from krb4
-  original databases, may contain expiration dates in 1999.  You
-  should make sure to update these expiration dates, and also change
-  any config file entries that have two-digit years.
-
-* Hardware preauthentication is known to be broken; this will be fixed
-  in an upcoming release.
-
-* krb524d now defaults to forking into the background; use
-  "krb524d -nofork" to avoid forking.
-
-* Not all reported bugs have been fixed in this release, due to time
-  constraints.  We are planning to make another release in the near
-  future with more complete triple DES support, and additional
-  bugfixes.  Many of the bugs in our database are reported against
-  what is now quite old code, or require hardware that we do not have,
-  which make them difficult to reproduce and debug.  We will work on
-  these older bugs and some externally submitted patches for the
-  following release.
+Notes, Major Changes, and Known Bugs for 1.2.2
+----------------------------------------------
+
+Notes:
+
+* This release is a patch release; some non-critical bugs and feature
+  requests have not been incorporated.
+
+Major Changes:
+
+* The KDC dump format has been updated to include per-principal policy
+  information.  This will require updating your slave KDCs before your
+  master if you want things to still work.
+
+* A library bug that prevented kprop from working properly with DES3
+  keys has been fixed.
+
+* kpasswd should no longer coredump when there is no kadmin_server
+  line in krb5.conf.
+
+* ASN.1 parsing has been improved to deal with indefinite encodings,
+  such as those emitted by DCE-1.0 derived systems.
+
+* Preauthentication handling code in the initial ticket APIs has been
+  fixed to handle zero-length ETYPE_INFO sequences without causing a
+  NULL pointer dereference.
+
+* The replay cache should no longer leak temporary files.  Related
+  hard-to-analyze filename bugs in the rcache code should also be
+  fixed.
+
+* Library builds should now work on AIX.
+
+* KDC local address search code should now work on AIX.
+
+* The yacc grammar for the ftp daemon has been modified to be
+  compilable on HP/UX with Bison; namespace pollution from system
+  headers was causing trouble before.
+
+Known Bugs:
+
+* The gss-sample test application suite is known to not communicate
+  with the gss-sample suite in 1.1.x and earlier releases.  This is
+  the result of changes to increase functionality; fixes to allow for
+  backwards compatibility will occur in a later release.
+
+* Handling of utmp and utmpx updates is known to be broken on some
+  systems, such as Solaris 8.  We are investigating possible solutions
+  to this problem.
+
+* Tru64 Unix 5.0 (aka OSF/1 5.0), at least, has some problems with
+  revoke() returning ENOTTY in open_slave in the pty library.  One
+  possible workaround is to insert
+
+       vfs:
+               revoke_tty_only = 0
+
+  in /etc/sysconfigtab.  It is not known whether this workaround will
+  cause other problems.
+
+* BSD/OS 4.x may have some problems compiling.  These are being
+  investigated.
+
+Notes, Major Changes, and Known Bugs for 1.2.1 and 1.2
+------------------------------------------------------
+
+* Triple DES support, for session keys as well as user or service
+  keys, should be nearly complete in this release.  Much of the work
+  that has been needed is generic multiple-cryptosystem support, so
+  the addition of another cryptosystem should be much easier.
+
+  * GSSAPI support for 3DES has been added.  An Internet Draft is
+    being worked on that will describe how this works; it is not
+    currently standardized.  Some backwards-compatibility issues in
+    this area mean that enabling 3DES support must be done with
+    caution; service keys that are used for GSSAPI must not be updated
+    to 3DES until the services themselves are upgraded to support 3DES
+    under GSSAPI.
+
+* DNS support for locating KDCs is enabled by default.  DNS support
+  for looking up the realm of a host is compiled in but disabled by
+  default (due to some concerns with DNS spoofing).
+
+  We recommend that you publish your KDC information through DNS even
+  if you intend to rely on config files at your own site; otherwise,
+  sites that wish to communicate with you will have to keep their
+  config files updated with your information.  One of the goals of
+  this code is to reduce the client-side configuration maintenance
+  requirements as much as is possible, without compromising security.
+
+  See the administrator's guide for information on setting up DNS
+  information for your realm.
+
+  One important effect of this for developers is that on many systems,
+  "-lresolv" must be added to the compiler command line when linking
+  Kerberos programs.
+
+  Configure-time options are available to control the inclusion of the
+  DNS code and the setting of the defaults.  Entries in krb5.conf will
+  also modify the behavior if the code has been compiled in.
+
+* Numerous buffer-overrun problems have been found and fixed.  Many of
+  these were in locations we don't expect can be exploited in any
+  useful way (for example, overrunning a buffer of MAXPATHLEN bytes if
+  a compiled-in pathname is too long, in a program that has no special
+  privileges).  It may be possible to exploit a few of these to
+  compromise system security.
+
+* Partial support for IPv6 addresses has been added.  It can be
+  enabled or disabled at configure time with --enable-ipv6 or
+  --disable-ipv6; by default, the configure script will search for
+  certain types and macros, and enable the IPv6 code if they're found.
+  The IPv6 support at this time mostly consists of including the
+  addresses in credentials.
+
+* A protocol change has been made to the "rcmd" suite (rlogin, rsh,
+  rcp) to address several security problems described in Kris
+  Hildrum's paper presented at NDSS 2000.  New command-line options
+  have been added to control the selection of protocol, since the
+  revised protocol is not compatible with the old one.
+
+* A security problem in login.krb5 has been fixed.  This problem was
+  only present if the krb4 compatibility code was not compiled in.
+
+* A security problem with ftpd has been fixed.  An error in the in the
+  yacc grammar permitted potential root access.
+
+* The client programs kinit, klist and kdestroy have been changed to
+  incorporate krb4 support.  New command-line options control whether
+  krb4 behavior, krb5 behavior, or both are used.
+
+* Patches from Frank Cusack for much better hardware preauth support
+  have been incorporated.
+
+* Patches from Matt Crawford extend the kadmin ACL syntax so that
+  restrictions can be imposed on what certain administrators may do to
+  certain accounts.
+
+* A KDC on a host with multiple network addresses will now respond to
+  a client from the address that the client used to contact it.  The
+  means used to implement this will however cause the KDC not to
+  listen on network addresses configured after the KDC has started.
+
+Minor changes
+-------------
+
+* The shell code for searching for the Tcl package at configure time
+  has been modified.  If a tclConfig.sh can be found, the information
+  it contains is used, otherwise the old searching method is tried.
+  Let us know if this new scheme causes any problems.
+
+* Shared library builds may work on HPUX, Rhapsody/MacOS X, and newer
+  Alpha systems now.
+
+* The Windows build will now include kvno and gss-sample.
+
+* The routine krb5_secure_config_files has been disabled.  A new
+  routine, krb5_init_secure_context, has been added in its place.
+
+* The routine decode_krb5_ticket is now being exported as
+  krb5_decode_ticket.  Any programs that used the old name (which
+  should be few) should be changed to use the new name; we will
+  probably eliminate the old name in the future.
+
+* The CCAPI-based credentials cache code has been changed to store the
+  local-clock time of issue and expiration rather than the KDC-clock
+  times.
+
+* On systems with large numbers of IP addresses, "kinit" should do a
+  better job of acquiring those addresses to put in the user's
+  credentials.
+
+* Several memory leaks in error cases in the gssrpc code have been
+  fixed.
+
+* A bug with login clobbering some internal static storage on AIX has
+  been fixed.
+
+* Per-library initialization and cleanup functions have been added,
+  for use in configurations that dynamically load and unload these
+  libraries.
+
+* Many compile-time warnings have been fixed.
+
+* The GSS sample programs have been updated to exercise more of the
+  API.
+
+* The telnet server should produce a more meaningful error message if
+  authentication is required but not provided.
+
+* Changes have been made to ksu to make it more difficult to use it to
+  leak information the user does not have access to.
+
+* The sample config file information for the CYGNUS.COM realm has been
+  updated, and the GNU.ORG realm has been added.
+
+* A configure-time option has been added to enable a replay cache in
+  the KDC.  We recommend its use when hardware preauthentication is
+  being used.  It is enabled by default, and can be disabled if
+  desired with the configure-time option --disable-kdc-replay-cache.
+
+* Some new routines have been added to the library and krb5.h.
+
+* A new routine has been added to the prompter interface to allow the
+  application to determine which of the strings prompted for is the
+  user's password, in case it is needed for other purposes.
+
+* The remote kadmin interface has been enhanced to support the
+  specification of key/salt types for a principal.
+
+* New keytab entries' key values can now be specified manually with a
+  new command in the ktutil program.
+
+* A longstanding bug where certain krb4 exchanges using the
+  compatibility library between systems with different byte orders
+  would fail half the time has been fixed.
+
+* A source file under the GPL has been replaced with an equivalent
+  under the BSD license.  The file, strftime.c, was part of one of the
+  OpenVision admin system applications, and was only used on systems
+  that don't have strftime() in their C libraries.
+
+* Many bug reports are still outstanding in our database.  We are
+  continuing to work on this backlog.
+
 
 Copyright Notice and Legal Administrivia
 ----------------------------------------
 
-Copyright (C) 1985-1999 by the Massachusetts Institute of Technology.
+Copyright (C) 1985-2001 by the Massachusetts Institute of Technology.
 
 All rights reserved.
 
@@ -156,6 +329,8 @@ manner.  It does NOT prevent a commercial firm from referring to the
 MIT trademarks in order to convey information (although in doing so,
 recognition of their trademark status should be given).
 
+----
+
 The following copyright and permission notice applies to the
 OpenVision Kerberos Administration system located in kadmin/create,
 kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
@@ -194,6 +369,13 @@ of lib/rpc:
    and our gratitude for the valuable work which has been 
    performed by MIT and the Kerberos community.
 
+----
+
+    Portions contributed by Matt Crawford <crawdad@fnal.gov> were
+    work performed at Fermi National Accelerator Laboratory, which is
+    operated by Universities Research Association, Inc., under
+    contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
+
 Acknowledgements
 ----------------
 
@@ -222,13 +404,22 @@ as testing to ensure DCE interoperability.
 Thanks to Ken Hornstein at NRL for providing many bug fixes and
 suggestions.
 
+Thanks to Matt Crawford at FNAL for bugfixes and enhancements.
+
 Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for
 their many suggestions and bug fixes.
 
+Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and
+providing patches for numerous buffer overruns.
+
+Thanks to Christopher Thompson and Marcus Watts for discovering the
+ftpd security bug.
+
 Thanks to the members of the Kerberos V5 development team at MIT, both
-past and present: Danillo Almeida, Jay Berkenbilt, Richard Basch, John
+past and present: Danilo Almeida, Jay Berkenbilt, Richard Basch, John
 Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam
-Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Barry Jaspan, Geoffrey
-King, John Kohl, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul
-Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
-Schiller, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.
+Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic,
+Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott McGuire,
+Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris
+Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Brad Thompson,
+Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.
index 38af2b8887a860405c885435b301dd57e4323e5c..5f79b98ec90fa4bf8689cdc1d22288ff1db0e83b 100644 (file)
@@ -1,3 +1,81 @@
+2001-02-22  Tom Yu  <tlyu@mit.edu>
+
+       * admin.texinfo: Remove references to "rename_princpal".
+
+2001-02-16  Tom Yu  <tlyu@mit.edu>
+
+       * admin.texinfo (Dumping a Kerberos Database to a File): 
+       (Restoring a Kerberos Database from a Dump File): Update to
+       reflect new dump file format and new flags to force beta7 dump
+       format.
+
+       * install.texinfo (Switching Master and Slave KDCs):
+       (Upgrading Existing Kerberos V5 Installations): Update to reflect
+       new dump file format that includes principal policy information.
+
+2000-06-22  Tom Yu  <tlyu@mit.edu>
+
+       * build.texinfo (HPUX): Update note for HPUX compiler flags.
+       (Shared Library Support): Update shared lib support info.
+
+2000-06-16  Ken Raeburn  <raeburn@mit.edu>
+
+       * admin.texinfo: Update descriptions to indicate full support for
+       des3.  Describe new DNS-related libdefaults tags for krb5.conf.
+
+       * build.texinfo (Options to Configure): Fix @item labels.
+
+       * install.texinfo: Update descriptions to indicate full support
+       for des3, and describe "v4" salt as being useful only with
+       des-cbc-crc.
+
+2000-06-15  Tom Yu  <tlyu@mit.edu>
+
+       * admin.texinfo: Note in multiple places that the current default
+       dump format doesn't include the per-principal policy information,
+       and some means of working around this problem.
+
+       * install.texinfo (Switching Master and Slave KDCs): Note that
+       in the process of swapping KDCs, it is necessary to do a ov format
+       dump in order to preserve per-principal policy information.
+
+2000-06-13  Tom Yu  <tlyu@mit.edu>
+
+       * install.texinfo (Upgrading Existing Kerberos V5 Installations):
+       Add info describing how to preserve policy information while
+       upgrading.  Also needs to go into other sections, possibly.
+
+2000-06-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * build.texinfo: Enter correct xref info for DNS data
+       descriptions.  Fix up text around some xrefs.
+       * install.texinfo: Describe SRV and TXT DNS records.  Fix up text
+       around some xrefs.
+
+2000-06-09  Tom Yu  <tlyu@mit.edu>
+
+       * admin.texinfo: Add descriptions of the kadmin {ank,cpw,ktadd} -e
+       flag.
+
+2000-06-06  Ken Raeburn  <raeburn@mit.edu>
+
+       * install.texinfo: Describe new DNS support, and 3DES upgrade
+       path.  Update "enctypes" config file sample lines.
+
+       * build.texinfo: No kpasswd directory.  Describe new configure
+       options.
+
+       * send-pr.texinfo: Suggest caution regarding tab expansion for
+       patches.
+
+2000-06-02  Ken Raeburn  <raeburn@mit.edu>
+
+       * definitions.texinfo: Update for 1.2 release.
+
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb425.texinfo (libdefaults): Add description of v4_realm.
+
 1999-09-22  Tom Yu  <tlyu@mit.edu>
 
        * copyright.texinfo: Update copyright again.
index 2ea716b25ae53e047a6b5d621851f8462e25e28f..93ae773d9fb7db0cd488ba81bf9d7c29a2e3a446 100644 (file)
@@ -16,7 +16,7 @@
 
 @include definitions.texinfo
 @set EDITION 1.0
-@set UPDATED November 27, 1996
+@set UPDATED June 16, 2000
 
 @finalout                               @c don't print black warning boxes
 
@@ -429,7 +429,8 @@ your Kerberos realm.
 @itemx default_tgs_enctypes
 Identifies the supported list of session key encryption types that
 should be returned by the KDC.  The list may be delimited with commas or
-whitespace.  Currently, the only supported encryption type is
+whitespace.  Currently, the supported encryption types are
+"des3-hmac-sha1" and
 "des-cbc-crc".  Support for other encryption types is planned in the
 future.
 
@@ -437,7 +438,7 @@ future.
 Identifies the supported list of session key encryption
 types that should be requested by the client.  The format is the same as
 for @emph{default_tkt_enctypes}.  Again, the only supported encryption
-type is "des-cbc-crc".
+types are "des3-hmac-sha1" and "des-cbc-crc".
 
 @itemx clockskew
 Sets the maximum allowable amount of clockskew in seconds that the
@@ -456,6 +457,50 @@ of cache to be created by kinit, or when forwarded tickets are received.
 DCE and Kerberos can share the cache, but some versions of DCE do not
 support the default cache as created by this version of Kerberos.  Use a
 value of 1 on DCE 1.0.3a systems, and a value of 2 on DCE 1.1 systems.
+
+@itemx dns_lookup_kdc
+Indicate whether DNS SRV records should be used to locate the KDCs and
+other servers for a realm, if they are not listed in the information for
+the realm.  (Note that the @samp{admin_server} entry must be in the
+file, because the DNS implementation for it is incomplete.)
+
+Enabling this option does open up a type of denial-of-service attack, if
+someone spoofs the DNS records and redirects you to another server.
+However, it's no worse than a denial of service, because that fake KDC
+will be unable to decode anything you send it (besides the initial
+ticket request, which has no encrypted data), and anything the fake KDC
+sends will not be trusted without verification using some secret that it
+won't know.
+
+If this option is not specified but @samp{dns_fallback} is, that value
+will be used instead.  If neither option is specified, the behavior
+depends on configure-time options; if none were given, the default is to
+enable this option.  If the DNS support is not compiled in, this entry
+has no effect.
+
+@itemx dns_lookup_realm
+Indicate whether DNS TXT records should be used to determine the
+Kerberos realm of a host.
+
+Enabling this option may permit a redirection attack, where spoofed DNS
+replies persuade a client to authenticate to the wrong realm, when
+talking to the wrong host (either by spoofing yet more DNS records or by
+intercepting the net traffic).  Depending on how the client software
+manages hostnames, however, it could already be vulnerable to such
+attacks.  We are looking at possible ways to minimize or eliminate this
+exposure.  For now, we encourage more adventurous sites to try using
+Secure DNS.
+
+If this option is not specified but @samp{dns_fallback} is, that value
+will be used instead.  If neither option is specified, the behavior
+depends on configure-time options; if none were given, the default is to
+disable this option.  If the DNS support is not compiled in, this entry
+has no effect.
+
+@itemx dns_fallback
+General flag controlling the use of DNS for Kerberos information.  If
+both of the preceding options are specified, this option has no effect.
+
 @end table
 
 @node appdefaults, realms (krb5.conf), libdefaults, krb5.conf
@@ -724,8 +769,8 @@ Here is an example of a generic @code{krb5.conf} file:
 [libdefaults]
     ticket_lifetime = 600
     default_realm = @value{PRIMARYREALM}
-    default_tkt_enctypes = des-cbc-crc
-    default_tgs_enctypes = des-cbc-crc
+    default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
+    default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
 
 [realms]
     @value{PRIMARYREALM} = @{
@@ -858,8 +903,9 @@ this realm.  By default, the value of kdc_ports as specified in the
 (String.)  Specifies the name of the master key.
 
 @itemx master_key_type
-(Key type string.)  Specifies the master key's key type.  Only
-"des-cbc-crc" is supported at this time.
+(Key type string.)  Specifies the master key's key type.  Either
+"des3-hmac-sha1" or
+"des-cbc-crc" may be used at this time.
 
 @itemx max_life
 (Delta time string.)  Specifes the maximum time period for which a
@@ -872,23 +918,15 @@ valid ticket may be renewed in this realm.
 @itemx supported_enctypes
 List of key:salt strings.  Specifies the default key/salt combinations
 of principals for this realm.  Any principals created through
-@code{kadmin} will have keys of these types.  Since only the encryption
-type "des-cbc-crc" is supported, you should set this tag to
-@samp{des-cbc-crc:normal des-cbc-crc:v4}.
+@code{kadmin} will have keys of these types.  If you do not yet wish to
+enable triple-DES support, you should set this tag to
+@samp{des-cbc-crc:normal des-cbc-crc:v4}; otherwise, put
+@samp{des3-hmac-sha1:normal} at the beginning of the list.
 
 @itemx kdc_supported_enctypes
 List of key:salt strings.  Specifies the permitted key/salt combinations
 of principals for this realm.  You should set this tag to
-@samp{des-cbc-crc:normal des-cbc-crc:v4}.
-
-@b{Note:} You may also use @samp{des3-cbc-sha1:normal} before
-@samp{des-cbc-crc:normal} if you wish to support triple-DES service keys
-in addition to DES service keys.  In order to create such service keys,
-you must use the @code{-e} option to @code{kadmin.local}, running on the
-KDC system itself; the remote @code{kadmin} client does not allow this
-option.  We do not currently support the use of triple-DES keys anywhere
-other than for service keys.
-
+@samp{des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4}.
 
 @end table
 
@@ -907,9 +945,9 @@ Here's an example of a @code{kdc.conf} file:
         kadmind_port = 749
         max_life = 10h 0m 0s
         max_renewable_life = 7d 0h 0m 0s
-        master_key_type = des-cbc-crc
-        supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4
-        kdc_supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4
+        master_key_type = des3-hmac-sha1
+        supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
+        kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
     @}
 
 [logging]
@@ -1011,11 +1049,8 @@ scripts that pass specific queries to @code{kadmin}.
 @b{(For @code{kadmin.local} only.)}
 Sets the list of cryptosystem and salt types to be used for any new keys
 created.  Available types include @samp{des3-cbc-sha1:normal},
-@samp{des-cbc-crc:normal}, and @samp{des-cbc-crc:v4}.  In this release,
-the @samp{des3-cbc-sha1:normal} type should only be used when
-registering service principals; for any services that may request
-tickets themselves to initiate some action, it should be combined with
-one or more of the other types.
+@samp{des-cbc-crc:normal}, and @samp{des-cbc-crc:v4}.
+
 @end table
 
 @node Date Format, Principals, Kadmin Options, Administrating Kerberos Database Entries
@@ -1092,7 +1127,6 @@ that principal.
 * Adding or Modifying Principals::  
 * Deleting Principals::         
 * Changing Passwords::          
-* Renaming Principals::         
 @end menu
 
 @node Retrieving Information About a Principal, Privileges, Principals, Principals
@@ -1280,7 +1314,7 @@ administrative privilege.  The syntax is:
 @code{add_principal} has the aliases @code{addprinc} and
 @code{ank}@footnote{@code{ank} was the short form of the equivalent
 command using the deprecated @code{kadmin5} database administrative
-tool.  It has been kept}.  @code{modify_principal} has the alias @code{modprinc}.
+tool.  It has been kept.  @code{modify_principal} has the alias @code{modprinc}.}
 
 The @code{add_principal} and @code{modify_principal} commands take the
 following switches:
@@ -1408,16 +1442,18 @@ Removes the policy @i{policyname} from the principal
 
 @item -randkey
 Sets the key for the principal to a random value (@code{add_principal}
-only).  @value{COMPANY} recommends using this option for host keys.  You
-may also wish to use the @b{kadmin.local} command-line options @b{-e
-"des3-cbc-sha1:normal des-cbc-crc:normal"}@xref{Kadmin Options} on the
-KDC machine itself for host keys and other service keys that are
-security-critical.
+only).  @value{COMPANY} recommends using this option for host keys.
 
 @item -pw @i{password}
 Sets the key of the principal to the specified string and does not
 prompt for a password (@code{add_principal} only).  @value{COMPANY} does
 not recommend using this option.
+
+@item -e @i{enc:salt...}
+Uses the specified list of enctype-salttype pairs for setting the key of
+the principal.  The quotes are necessary if there are multiple
+enctype-salttype pairs.  This will not function against kadmin daemons
+earlier than krb5-1.2.
 @end table
 
 If you want to just use the default values, all you need to do is:
@@ -1503,7 +1539,7 @@ kadmin:}
 @end group
 @end smallexample
 
-@node Changing Passwords, Renaming Principals, Deleting Principals, Principals
+@node Changing Passwords,  , Deleting Principals, Principals
 @subsection Changing Passwords
 
 To change a principal's password use the kadmin @code{change_password}
@@ -1529,6 +1565,12 @@ Sets the key of the principal to a random value.
 @item @b{-pw} @i{password}
 Sets the password to the string @i{password}.  @value{COMPANY} does not
 recommend using this option.
+
+@item @b{-e} @i{"enc:salt..."}
+Uses the specified list of enctype-salttype pairs for setting the key of
+the principal.  The quotes are necessary if there are multiple
+enctype-salttype pairs.  This will not function against kadmin daemons
+earlier than krb5-1.2.
 @end table
 
 For example:
@@ -1552,35 +1594,6 @@ kadmin:}
 Note that @code{change_password} will not let you change the password to
 one that is in the principal's password history.
 
-@node Renaming Principals,  , Changing Passwords, Principals
-@subsection Renaming Principals
-
-To rename a principal, use the kadmin @code{rename_principal} command,
-which requires both the ``add'' and ``delete'' administrative
-privileges.  The syntax is:
-
-@smallexample
-@b{rename_principal} [@b{-force}] @i{old_principal} @i{new_principal}
-@end smallexample
-
-@noindent The @code{rename_principal} command has the alias @code{renprinc}.
-
-For example:
-
-@smallexample
-@group
-@b{kadmin:} renprinc test test0
-@b{Are you sure you want to rename the principal
-"test@@@value{PRIMARYREALM}" to
-"test0@@@value{PRIMARYREALM}"? (yes/no):} yes
-@b{Principal "test@@@value{PRIMARYREALM}" renamed to
-"test0@@@value{PRIMARYREALM}".
-Make sure that you have removed "test@@@value{PRIMARYREALM}" from
-all ACLs before reusing.
-kadmin:}
-@end group
-@end smallexample
-
 @node Policies, Dumping a Kerberos Database to a File, Principals, Administrating Kerberos Database Entries
 @section Policies
 
@@ -1745,8 +1758,8 @@ To dump a Kerberos database into a file, use the @code{kdb5_util}
 @code{dump} command on one of the KDCs.  The syntax is:
 
 @smallexample
-@b{kdb5_util dump} [@b{-old}] [@b{-b6}] [@b{-ov}] [@b{-verbose}] [@i{filename}
-[@i{principals...}]]
+@b{kdb5_util dump} [@b{-old}] [@b{-b6}] [@b{-b7}] [@b{-ov}] [@b{-verbose}]
+[@i{filename} [@i{principals...}]]
 @end smallexample
 
 The @code{kdb5_util dump} command takes the following options:
@@ -1758,6 +1771,10 @@ causes the dump to be in the Kerberos 5 Beta 5 and earlier dump format
 @itemx -b6
 causes the dump to be in the Kerberos 5 Beta 6 format (``kdb5_edit
 load_dump version 3.0'').
+@itemx -b7
+causes the dump to be in the Kerberos 5 Beta 7 format (``kdb5_util
+load_dump version 4'').  This was the dump format produced on releases
+prior to 1.2.2.
 @itemx -ov
 causes the dump to be in ovsec_adm_export format.
 @itemx -verbose
@@ -1824,8 +1841,8 @@ To restore a Kerberos database dump from a file, use the
 is:
 
 @smallexample
-@b{kdb5_util load} [@b{-old}] [@b{-b6}] [@b{-ov}] [@b{-verbose}] [@b{-update}]
-@i{dumpfilename} @i{dbname} [@i{admin_dbname}]
+@b{kdb5_util load} [@b{-old}] [@b{-b6}] [@b{-b7}] [@b{-ov}] [@b{-verbose}]
+[@b{-update}] @i{dumpfilename} @i{dbname} [@i{admin_dbname}]
 @end smallexample
 
 The @code{kdb5_util load} command takes the following options:
@@ -1837,6 +1854,9 @@ requires the dump to be in the Kerberos 5 Beta 5 and earlier dump format
 @itemx -b6
 requires the dump to be in the Kerberos 5 Beta 6 format (``kdb5_edit
 load_dump version 3.0'').
+@itemx -b7
+requires the dump to be in the Kerberos 5 Beta 7 format (``kdb5_util
+load_dump version 4'').
 @itemx -ov
 requires the dump to be in ovsec_adm_export format.
 @itemx -verbose
@@ -2001,6 +2021,12 @@ The @code{ktadd} command takes the following switches:
 use @i{keytab} as the keytab file.  Otherwise, @code{ktadd} will use the
 default keytab file (@code{/etc/krb5.keytab}).
 
+@item @b{-e} @i{"enc:salt..."}
+Uses the specified list of enctype-salttype pairs for setting the key of
+the principal.  The quotes are necessary if there are multiple
+enctype-salttype pairs.  This will not function against kadmin daemons
+earlier than krb5-1.2.
+
 @item -q
 run in quiet mode.  This causes @code{ktadd} to display less verbose
 information.
@@ -2012,8 +2038,9 @@ for the kadmin @code{list_principals} (@pxref{Retrieving a List of
 Principals}) command.
 @end table
 
-For example (The line beginning with @result{} is a continuation of the
-previous line.):
+Here is a sample session, using configuration files that enable only
+@samp{des-cbc-crc} encryption. (The line beginning with @result{} is a
+continuation of the previous line.)
 
 @smallexample
 @group
@@ -2551,7 +2578,6 @@ KRB5PLACEHOLD_110:  KRB5 error code 110
 @item
 KRB5PLACEHOLD_111:  KRB5 error code 111
 @item
-+
 KRB5PLACEHOLD_112:  KRB5 error code 112
 @item
 KRB5PLACEHOLD_113:  KRB5 error code 113
index b1145f18f2c9e0944f1f2fefb401575e2e857df2..accc0c6ea281cf1499d76518b6040ca50f78e9d6 100644 (file)
@@ -1,3 +1,7 @@
+2000-06-22  Ken Raeburn  <raeburn@mit.edu>
+
+       * Makefile (lib1.stamp): Use texindex instead of index.
+
 1999-08-30  Ken Raeburn  <raeburn@mit.edu>
 
        * libdes.tex: Don't use ncs style; it's availability is dependent
index 3fd23f925aa21a2544129e57d7bc11f3db3f694a..dbb2f03ab2d4a511d276294665b5ecd48d1f1953 100644 (file)
@@ -28,7 +28,7 @@ library.dvi:  lib1.stamp $(LIBTEX) $(STYLES)
 lib1.stamp: $(LIBTEX) $(STYLES)
        touch library.ind
        latex library
-       index library.idx
+       texindex library.idx
        date > lib1.stamp
 
 .tex.dvi:
index 78aa8b45016f6f5ee1ba63d443018ad816761f4d..18e51011a8db6c1c88a9cfa602102ab98cd7dc58 100644 (file)
@@ -59,8 +59,8 @@ only need to build Kerberos for one platform, using a single directory
 tree which contains both the source files and the object files is the
 simplest.  However, if you need to maintain Kerberos for a large number
 of platforms, you will probably want to use separate build trees for
-each platform. We recommend that you look at see @ref{OS
-Incompatibilities} for notes that we have on particular operating
+each platform. We recommend that you look at @ref{OS
+Incompatibilities}, for notes that we have on particular operating
 systems. 
 
 @menu
@@ -200,7 +200,7 @@ libraries to be available during compilation and some of the tests also
 require Perl in order to operate.  If all of these resources are not
 available during configuration, the KADM5 tests will not run.  The TCL
 installation directory can be specified with the @code{--with-tcl}
-configure option (see @xref{Options to Configure}).  The runtest and
+configure option.  (See @xref{Options to Configure}.)  The runtest and
 perl programs must be in the current execution path.
 
 If you install DejaGnu, TCL, or Perl after configuring and building
@@ -208,7 +208,7 @@ Kerberos and then want to run the KADM5 tests, you will need to
 re-configure the tree and run @code{make} at the top level again to make
 sure all the proper programs are built.  To save time, you actually only
 need to reconfigure and build in the directories src/kadmin/testing,
-src/lib/rpc, src/lib/kadm5, and src/kpasswd.
+src/lib/rpc, src/lib/kadm5.
 
 @node Options to Configure, osconf.h, Testing the Build, Building Kerberos V5
 @section Options to Configure 
@@ -301,12 +301,6 @@ default, Kerberos V5 configuration will look for @code{-lnsl} and
 (see @ref{Solaris versions 2.0 through 2.3}) or fails to pass the tests in
 @file{src/tests/resolv} you will need to use this option.
 
-@item --enable-shared
-
-This option will turn on the building and use of shared library objects
-in the Kerberos build. This option is only supported on certain
-platforms. 
-
 @item --with-vague-errors
 
 If enabled, gives vague and unhelpful error messages to the client... er,
@@ -329,10 +323,33 @@ Tcl. The directory specified by @code{TCLPATH} specifies where the Tcl
 header file (@file{TCLPATH/include/tcl.h} as well as where the Tcl
 library should be found (@file{TCLPATH/lib}).
 
+@item --enable-shared
+
+This option will turn on the building and use of shared library objects
+in the Kerberos build. This option is only supported on certain
+platforms. 
+
+@item --enable-dns
+@item --enable-dns-for-kdc
+@item --enable-dns-for-realm
+
+Enable the use of DNS to look up a host's Kerberos realm, or a realm's
+KDCs, if the information is not provided in krb5.conf.  See
+@xref{Hostnames for the Master and Slave KDCs}, and @xref{Mapping
+Hostnames onto Kerberos Realms}.  By default, DNS lookups are enabled
+for the latter but not for the former.
+
+@item --enable-kdc-replay-cache
+
+Enable a cache in the KDC to detect retransmitted messages, and resend
+the previous responses to them.  This protects against certain types of
+attempts to extract information from the KDC through some of the
+hardware preauthentication systems.
+
 @end table
 
 For example, in order to configure Kerberos on a Solaris machine using
-the @samp{suncc} with the optimizer turned on, run the configure
+the @samp{suncc} compiler with the optimizer turned on, run the configure
 script with the following options:
 
 @example
@@ -397,10 +414,15 @@ variables when using the programs. Except where noted, multiple versions
 of the libraries may be installed on the same system and continue to
 work.
 
-Currently the supported platforms are
-@comment NetBSD 1.0A, AIX 3.2.5, AIX 4.1,
-Solaris 2.6 (aka SunOS 5.6) and Irix 6.5.
-@comment Alpha OSF/1 >= 2.1, HP-UX >= 9.X.
+Currently the supported platforms are Solaris 2.6 (aka SunOS 5.6) and Irix 6.5.
+
+Shared library support has been tested on the following platforms but
+not exhaustively (they have been built but not necessarily tested in an
+installed state): Tru64 (aka Alpha OSF/1 or Digital Unix) 4.0, NetBSD
+1.4.x (i386), and HP/UX 10.20.
+
+Platforms for which there is shared library support but not significant
+testing include FreeBSD, OpenBSD, MacOS 10, AIX, Linux, and SunOS 4.x.
 
 To enable shared libraries on the above platforms, run the configure
 script with the option @samp{--enable-shared}.
@@ -465,6 +487,10 @@ was never a problem in using GCC version 2.6.3.
 In version 3.2 and beyond of the operating system, we have not seen any
 problems with the native compiler. 
 
+@c @node Alpha Tru64 UNIX 5.0
+@c @subsection Alpha Tru64 UNIX 5.0
+@c ... login.krb5 problems
+
 @node BSDI, HPUX, Alpha OSF/1 (Digital Unix) V2.0++, OS Incompatibilities
 @subsection BSDI
 
@@ -479,9 +505,9 @@ NetBSD and FreeBSD.)
 
 The native (bundled) compiler for HPUX currently will not work, because
 it is not a full ANSI C compiler.  The optional compiler (c89) should
-work as long as you give it the @samp{+Olibcalls -D_HPUX_SOURCE} (this
-has only been tested for HPUX 9.0).  At this point, using GCC is
-probably your best bet.
+work as long as you give it the @samp{-D_HPUX_SOURCE} flag
+(i.e. @samp{./configure --with-cc='c89 -D_HPUX_SOURCE'}).  This has only
+been tested recently for HPUX 10.20.
 
 @node Solaris versions 2.0 through 2.3, Solaris 2.X, HPUX, OS Incompatibilities
 @subsection Solaris versions 2.0 through 2.3
index 7ea4758e264f587797610fc1354f8ba0bfc3aa10..83fe7ef65075f7ade77f72b1a365c8bc5673d9e6 100644 (file)
@@ -1,4 +1,4 @@
-Copyright @copyright{} 1985-1999 by the Massachusetts Institute of Technology. 
+Copyright @copyright{} 1985-2000 by the Massachusetts Institute of Technology. 
 
 @quotation  
 Export of software employing encryption from the United States of
index 079809d2cc95e189ab581e1266a65698c31c6987..5a5b37cbf1444a1623d7a3d791a3ebea87b3bd4f 100644 (file)
@@ -19,8 +19,8 @@
 @set RANDOMUSER johndoe
 @set RANDOMUSER1 jennifer
 @set RANDOMUSER2 david
-@set RELEASE 1.1
-@set PREVRELEASE 1.0
+@set RELEASE 1.2
+@set PREVRELEASE 1.1
 @set INSTALLDIR /usr/@value{LCPRODUCT}
 @set PREVINSTALLDIR @value{INSTALLDIR}
 @set ROOTDIR /usr/local
index 8744b0f004b0878d27b1936ae5d3451e081a995e..2ecd8bde96a2b1bffc259d6f21269e4fcd5118e3 100644 (file)
@@ -229,7 +229,10 @@ BOSTON.@value{SECONDREALM} and HOUSTON.@value{SECONDREALM}.
 @node Mapping Hostnames onto Kerberos Realms, Ports for the KDC and Admin Services, Kerberos Realms, Realm Configuration Decisions
 @section Mapping Hostnames onto Kerberos Realms
 
-Mapping hostnames onto Kerberos realms is done through a set of rules in
+Mapping hostnames onto Kerberos realms is done in one of two ways.
+
+The first mechanism, which has been in use for years in MIT-based
+Kerberos distributions, works through a set of rules in
 the @code{krb5.conf} configuration file.  (@xref{krb5.conf}.)  You can
 specify mappings for an entire domain or subdomain, and/or on a
 hostname-by-hostname basis.  Since greater specificity takes precedence,
@@ -240,7 +243,35 @@ The @value{PRODUCT} System Administrator's Guide contains a thorough
 description of the parts of the @code{krb5.conf} file and what may be
 specified in each.  A sample @code{krb5.conf} file appears in
 @ref{krb5.conf}.  You should be able to use this file, substituting the
-relevant information for your Kerberos instllation for the samples.
+relevant information for your Kerberos installation for the samples.
+
+The second mechanism, recently introduced into the MIT code base but not
+currently used by default, works by looking up the information in
+special @code{TXT} records in the Domain Name Service.  If this
+mechanism is enabled on the client, it will try to look up a @code{TXT}
+record for the DNS name formed by putting the prefix @code{_kerberos} in
+front of the hostname in question.  If that record is not found, it will
+try using @code{_kerberos} and the host's domain name, then its parent
+domain, and so forth.  So for the hostname
+BOSTON.ENGINEERING.FOOBAR.COM, the names looked up would be:
+
+@smallexample
+_kerberos.boston.engineering.foobar.com
+_kerberos.engineering.foobar.com
+_kerberos.foobar.com
+_kerberos.com
+@end smallexample
+
+The value of the first TXT record found is taken as the realm name.
+(Obviously, this doesn't work all that well if a host and a subdomain
+have the same name, and different realms.  For example, if all the hosts
+in the ENGINEERING.FOOBAR.COM domain are in the ENGINEERING.FOOBAR.COM
+realm, but a host named ENGINEERING.FOOBAR.COM is for some reason in
+another realm.  In that case, you would set up TXT records for all
+hosts, rather than relying on the fallback to the domain name.)
+
+Even if you do not choose to use this mechanism within your site, you
+may wish to set up anyways, for use when interacting with other sites.
 
 @node Ports for the KDC and Admin Services, Slave KDCs, Mapping Hostnames onto Kerberos Realms, Realm Configuration Decisions
 @section Ports for the KDC and Admin Services
@@ -293,11 +324,86 @@ disasters.
 @section Hostnames for the Master and Slave KDCs
 
 @value{COMPANY} recommends that your KDCs have a predefined set of
-CNAMEs, such as @code{@value{KDCSERVER}} for the master KDC and
+CNAME records (DNS hostname aliases), such as @code{@value{KDCSERVER}}
+for the master KDC and
 @code{@value{KDCSLAVE1}}, @code{@value{KDCSLAVE2}}, @dots{} for the
 slave KDCs.  This way, if you need to swap a machine, you only need to
 change a DNS entry, rather than having to change hostnames.
 
+A new mechanism for locating KDCs of a realm through DNS has been added
+to the @value{COMPANY} @value{PRODUCT} distribution.  A relatively new
+record type called @code{SRV} has been added to DNS.  Looked up by a
+service name and a domain name, these records indicate the hostname and
+port number to contact for that service, optionally with weighting and
+prioritization.  (See RFC 2782 if you want more information.  You can
+follow the example below for straightforward cases.)
+
+The use with Kerberos is fairly straightforward.  The domain name used
+in the SRV record name is the domain-style Kerberos realm name.  (It is
+possible to have Kerberos realm names that are not DNS-style names, but
+we don't recommend it for Internet use, and our code does not support it
+well.)  Several different Kerberos-related service names are used:
+
+@table @code
+@item _kerberos._udp
+This is for contacting any KDC.  This entry will be used the most often.
+Normally you should list ports 88 and 750 on each of your KDCs.
+
+@item _kerberos-master._udp
+This entry should refer to those KDCs, if any, that will immediately see
+password changes to the Kerberos database.  This entry is used only in
+one case, when the user is logging in and the password appears to be
+incorrect; the master KDC is then contacted, and the same password used
+to try to decrypt the response, in case the user's password had recently
+been changed and the first KDC contacted hadn't been updated.  Only if
+that fails is an ``incorrect password'' error given.
+
+If you have only one KDC, or for whatever reason there is no accessible
+KDC that would get database changes faster than the others, you do not
+need to define this entry.
+
+@item _kerberos-adm._tcp
+This should list port 749 on your master KDC.  Support for it is not
+complete at this time, but it will eventually be used by the
+@code{kadmin} program and related utilities.  For now, you will also
+need the @code{admin_server} entry in @code{krb5.conf}.
+
+@item _kpasswd._udp
+This should list port 464 on your master KDC.  It is used when a user
+changes her password.
+
+@end table
+
+Be aware, however, that the DNS SRV specification requires that the
+hostnames listed be the canonical names, not aliases.  So, for example,
+you might include the following records in your (BIND-style) zone file:
+
+@smallexample
+$ORIGIN foobar.com.
+_kerberos               TXT       "FOOBAR.COM"
+kerberos                CNAME     daisy
+kerberos-1              CNAME     use-the-force-luke
+kerberos-2              CNAME     bunny-rabbit
+_kerberos._udp          SRV       0 0 88 daisy
+                        SRV       0 0 88 use-the-force-luke
+                        SRV       0 0 88 bunny-rabbit
+_kerberos-master._udp   SRV       0 0 88 daisy
+_kerberos-adm._tcp      SRV       0 0 749 daisy
+_kpasswd._udp           SRV       0 0 464 daisy
+@end smallexample
+
+As with the DNS-based mechanism for determining the Kerberos realm of a
+host, we recommend distributing the information this way for use by
+other sites that may want to interact with yours using Kerberos, even if
+you don't immediately make use of it within your own site.  If you
+anticipate installing a very large number of machines on which it will
+be hard to update the Kerberos configuration files, you may wish to do
+all of your Kerberos service lookups via DNS and not put the information
+(except for @code{admin_server} as noted above) in future versions of
+your @code{krb5.conf} files at all.  Eventually, we hope to phase out
+the listing of server hostnames in the client-side configuration files;
+making preparations now will make the transition easier in the future.
+
 @node Database Propagation,  , Hostnames for the Master and Slave KDCs, Realm Configuration Decisions
 @section Database Propagation
 
@@ -421,7 +527,8 @@ encrypted form on the KDC's local disk.  The stash file is used to
 authenticate the KDC to itself automatically before starting the
 @code{kadmind} and @code{krb5kdc} daemons (@i{e.g.,} as part of the
 machine's boot sequence).  The stash file, like the keytab file
-(@xref{The Keytab File}) is a potential point-of-entry for a break-in,
+(see @xref{The Keytab File}, for more information) is a potential
+point-of-entry for a break-in,
 and if compromised, would allow unrestricted access to the Kerberos
 database.  If you choose to install a stash file, it should be readable
 only by root, and should exist only on the KDC's local disk.  The file
@@ -560,8 +667,8 @@ instance ``root'', you would add the following line to the acl file:
 Next you need to add administrative principals to the Kerberos database.
 (You must add at least one now.)  To do this, use @code{kadmin.local}
 @emph{on the master KDC}.  The administrative principals you create
-should be the ones you added to the ACL file (see @xref{Add
-Administrators to the Acl File}).  In the following example, the
+should be the ones you added to the ACL file.  (See @xref{Add
+Administrators to the Acl File}.)  In the following example, the
 administration principal @code{admin/admin} is created:
 
 @smallexample
@@ -639,8 +746,8 @@ to the KDC's @code{/etc/rc} or @code{/etc/inittab} file.  You need to
 have a stash file in order to do this.
 
 You can verify that they started properly by checking for their startup
-messages in the logging locations you defined in @code{/etc/krb5.conf}
-(see @xref{Edit the Configuration Files}).  For example:
+messages in the logging locations you defined in @code{/etc/krb5.conf}.
+(See @xref{Edit the Configuration Files}.)  For example:
 
 @smallexample
 @b{shell%} tail /var/log/krb5kdc.log
@@ -909,7 +1016,7 @@ Once your KDCs are set up and running, you are ready to use
 @code{kadmin} to load principals for your users, hosts, and other
 services into the Kerberos database.  This procedure is described fully in the
 ``Adding or Modifying Principals'' section of the @value{PRODUCT} System
-Administrator's Guide.  (@xref{Create Host Keys for the Slave KDCs} for a
+Administrator's Guide.  (@xref{Create Host Keys for the Slave KDCs}, for a
 brief description.)  The keytab is generated by running @code{kadmin}
 and issuing the @code{ktadd} command.
 
@@ -987,7 +1094,11 @@ Disable the cron job that propagates the database.
 @item
 Run your database propagation script manually, to ensure that the slaves
 all have the latest copy of the database.  (@xref{Propagate the Database
-to Each Slave KDC}.)
+to Each Slave KDC}.)  As of the 1.2.2 release, it is no longer necessary
+to use ``kdb5_util dump -ov'' in order to preserve per-principal policy
+information, as the default dump format now supports it.  Note you
+should update your slaves prior to your master, so that they will
+understand the new dump format.  (This is a good policy anyway.)
 @end enumerate
 
 On the @emph{new} master KDC:
@@ -1007,6 +1118,7 @@ Database to Each Slave KDC}.)
 Switch the CNAMEs of the old and new master KDCs.  (If you don't do
 this, you'll need to change the @code{krb5.conf} file on every client
 machine in your Kerberos realm.)
+
 @end enumerate
 
 @node Installing and Configuring UNIX Client Machines, UNIX Application Servers, Installing KDCs, Installing Kerberos V5
@@ -1050,7 +1162,7 @@ counterparts
 @c @code{from}
 @code{su}, @code{passwd}, and @code{rdist}.
 
-@node Client Machine Configuration Files, Mac OS X Configuration, Client Programs, Installing and Configuring UNIX Client Machines
+@node Client Machine Configuration Files,  , Client Programs, Installing and Configuring UNIX Client Machines
 @subsection Client Machine Configuration Files
 
 Each machine running Kerberos must have a @code{/etc/krb5.conf} file.
@@ -1357,27 +1469,29 @@ should be readable only by root.
 
 If you already have an existing Kerberos database that you created with
 a prior release of Kerberos 5, you can upgrade it to work with the
-current release with the @code{kdb5_util} command.  The process for
-upgrading a Master KDC involves the following steps (the lines beginning
-with => indicate a continuation of the previous line):
+current release with the @code{kdb5_util} command.  It is only necessary
+to perform this dump/undump procedure if you were running a krb5-1.0.x
+KDC and are migrating to a krb5-1.1.x or newer KDC.  The process for
+upgrading a Master KDC involves the following steps:
 
 @enumerate
 
-@item Stopping your current KDC and administration
+@item Stop your current KDC and administration
 server processes, if any.
 
-@item Dumping your existing Kerberos database to an ASCII file with 
+@item Dump your existing Kerberos database to an ASCII file with 
 @code{kdb5_util}'s ``dump'' command:
 
 @smallexample
 @group
-@b{shell%} kdb5_util -r @value{PRIMARYREALM} dump
-@result{} @value{ROOTDIR}/var/krb5kdc/old-kdb-dump
+@b{shell%} cd @value{ROOTDIR}/var/krb5kdc
+@b{shell%} kdb5_util dump old-kdb-dump
+@b{shell%} kdb5_util dump -ov old-kdb-dump.ov
 @b{shell%}
 @end group
 @end smallexample
 
-@item Creating a new Master KDC installation (@xref{Install the Master
+@item Create a new Master KDC installation (@xref{Install the Master
 KDC}).  If you have a stash file for your current database, choose any
 new master password but then copy your existing stash file to the
 location specified by your kdc.conf; if you do not have a stash file for
@@ -1388,17 +1502,64 @@ your current database, you must choose the same master password.
 
 @smallexample
 @group
-@b{shell%} kdb5_util load @value{ROOTDIR}/var/krb5kdc/old-kdb-dump
+@b{shell%} cd @value{ROOTDIR}/var/krb5kdc
+@b{shell%} kdb5_util load old-kdb-dump
+@b{shell%} kdb5_util load -update old-kdb-dump.ov
 @b{shell%}
 @end group
 @end smallexample
 
 @end enumerate
 
+The ``dump -ov'' and ``load -update'' commands are necessary in order to
+preserve per-principal policy information, since the dump format in
+releases prior to 1.2.2 filters out that information.  If you omit those
+steps, the loaded database database will lose the policy information for
+each principal that has a policy.
+
 To update a Slave KDC, you must stop the old server processes on the
 Slave KDC, install the new server binaries, reload the most recent slave
 dump file, and re-start the server processes.
 
+@menu
+* Upgrading to Triple-DES Encryption Keys::  
+@end menu
+
+@node Upgrading to Triple-DES Encryption Keys,  , Upgrading Existing Kerberos V5 Installations, Upgrading Existing Kerberos V5 Installations
+@section Upgrading to Triple-DES Encryption Keys
+
+Beginning with the 1.2 release from MIT, Kerberos includes a stronger
+encryption algorithm called ``triple DES'' -- essentially, three
+applications of the basic DES encryption algorithm, greatly increasing
+the resistance to a brute-force search for the key by an attacker.  This
+algorithm is more secure, but encryption is much slower.  We expect to
+add other, faster encryption algorithms at some point in the future.
+
+Release 1.1 had some support for triple-DES service keys, but with
+release 1.2 we have added support for user keys and session keys as
+well.  Release 1.0 had very little support for multiple cryptosystems,
+and some of that software may not function properly in an environment
+using triple-DES as well as plain DES.
+
+Because of the way the MIT Kerberos database is structured, the KDC will
+assume that a service supports only those encryption types for which
+keys are found in the database.  Thus, if a service has only a
+single-DES key in the database, the KDC will not issue tickets for that
+service that use triple-DES session keys; it will instead issue only
+single-DES session keys, even if other services are already capable of
+using triple-DES.  So if you make sure your application server software
+is updated before adding a triple-DES key for the service, clients
+should be able to talk to services at all times during the updating
+process.
+
+Normally, the listed @code{supported_enctypes} in @code{kdc.conf} are
+all used when a new key is generated.  You can control this with
+command-line flags to @code{kadmin} and @code{kadmin.local}.  You may
+want to exclude triple-DES by default until you have updated a lot of
+your application servers, and then change the default to include
+triple-DES.  We recommend that you always include @code{des-cbc-crc} in
+the default list.
+
 @node Bug Reports for Kerberos V5, Files, Upgrading Existing Kerberos V5 Installations, Top
 @chapter Bug Reports for @value{PRODUCT}
 
@@ -1422,8 +1583,8 @@ Here is an example @code{krb5.conf} file:
 [libdefaults]
     ticket_lifetime = 600
     default_realm = @value{PRIMARYREALM}
-    default_tkt_enctypes = des-cbc-crc
-    default_tgs_enctypes = des-cbc-crc
+    default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
+    default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
 
 [realms]
     @value{PRIMARYREALM} = @{
@@ -1478,17 +1639,14 @@ Here's an example of a kdc.conf file:
         kadmind_port = 749
         max_life = 10h 0m 0s
         max_renewable_life = 7d 0h 0m 0s
-        master_key_type = des-cbc-crc
-        supported_enctypes = des-cbc-crc:normal
+        master_key_type = des3-hmac-sha1
+        supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
     @}
 @end group
 @end smallexample
 
-To add Kerberos V4 support, change the @code{supported_enctypes} line to:
-
-@smallexample
-        supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4
-@end smallexample
+To add Kerberos V4 support, add @code{des-cbc-crc:v4} to the
+@code{supported_enctypes} line.
 
 @menu
 * Encryption Types and Salt Types::  
@@ -1497,9 +1655,8 @@ To add Kerberos V4 support, change the @code{supported_enctypes} line to:
 @node Encryption Types and Salt Types,  , kdc.conf, kdc.conf
 @appendixsubsec Encryption Types and Salt Types
 
-Currently, @value{PRODUCT} supports only DES and triple-DES encryption;
-however, triple-DES is currently supported only for service keys, not
-for user keys or session keys.  The encoding types include
+Currently, @value{PRODUCT} supports only DES and triple-DES encryption.
+The encoding types include
 @code{des-cbc-crc} and @code{des3-cbc-sha1}.  The @dfn{salt} is
 additional information encoded within the key that tells what kind of
 key it is.  The only salts that you will be likely to encounter are:
@@ -1509,6 +1666,8 @@ key it is.  The only salts that you will be likely to encounter are:
 your @value{PRODUCT} keys
 
 @item @dfn{v4}, which is necessary only for compatibility with a v4 KDC
+or a v4 version of @code{kinit}, and then only with @code{des-cbc-crc}
+encryption
 
 @item @dfn{afs}, which you will never need to generate, and which you will
 encounter only if you dump an AFS database into a Kerberos database
index e78d4e6ac7d7fca426b435c57259d6d307f4809b..12572e5cbe9e2fbf4f590a6e63714916d1b5a580 100644 (file)
@@ -140,6 +140,14 @@ This subsection allows the administrator to configure exceptions to the
 default_domain mapping rule.  It contains V4 instances (tag name) which
 should be translated to some specific hostname (tag value) as the second
 component in a Kerberos V5 principal name.
+
+@itemx v4_realm
+This relation allows the administrator to configure a different
+realm name to be used when converting V5 principals to V4
+ones.  This should only be used when running separate V4 and V5
+realms, with some external means of password sychronization
+between the realms.
+
 @end table
 
 @node kdc.conf,  , krb5.conf, Configuration Files
index 9209ffd56b96118e090a711ecd9a04696576da78..7cf9b70ce054ea67d275f9c2015e9712ac145c3e 100644 (file)
@@ -4,7 +4,11 @@ built and installed @value{PRODUCT}, please use the
 
 Bug reports that include proposed fixes are especially welcome.  If you
 do include fixes, please send them using either context diffs or unified
-diffs (using @samp{diff -c} or @samp{diff -u}, respectively).
+diffs (using @samp{diff -c} or @samp{diff -u}, respectively).  Please be
+careful when using ``cut and paste'' or other such means to copy a patch
+into a bug report; depending on the system being used, that can result
+in converting TAB characters into spaces, which makes applying the
+patches more difficult.
 
 The @code{krb5-send-pr} program is installed in the directory
 @code{@value{ROOTDIR}/sbin}.
index 25737d449ca9a374396cd5c1e1737994a9c1d469..2772c361d79105f386c34a5ffe248c34f6bc2c3c 100644 (file)
@@ -1,3 +1,83 @@
+2001-01-31  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4 (KRB5_LIB_PARAMS): Fix up previous patch to avoid
+       ordering issues when calling sed, as well as some quoting
+       nastiness due to bugs in kadmin/testing/scripts/env_setup.shin.
+
+2001-01-31  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4 (KRB5_LIB_PARAMS): Fix up Irix RUN_ENV to work around
+       LD_LIBRARY*_PATH's inability to override rpaths.
+
+2001-01-28  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4 (KRB5_LIB_AUX): Smash some shared lib file extensions
+       so that AIX doesn't break, since static and shared libs are
+       mutually exclusive on AIX.
+
+2000-06-22  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4 (CC_LINK_STATIC): Another fix for freebsd shared libs
+       from David Cross.
+
+2000-06-21  Ken Raeburn  <raeburn@mit.edu>
+
+       * aclocal.m4 (KRB5_AC_ENABLE_DNS): Rewrite to fix logic.  Now
+       --enable-dns-for-XX really will be heeded for setting default
+       behavior.  Also, DNS support can now be compiled in while still
+       turned off by default.  Print out whether the DNS support will be
+       compiled in.
+
+2000-06-21  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4: Fix freebsd CC_LINK_SHARED to have correct rpath
+       flags.  Thanks to David Cross.
+
+2000-06-08  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4 (CC_LINK_STATIC): Fix to use old library search
+       order; otherwise if there are shared libraries with the same name
+       elsewhere in the search path, they'll take precedence over the
+       static ones in the tree.
+
+2000-05-08  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * wconfig.c (main): Warn if copying command-line option string
+       will overflow internal buffer.
+
+2000-05-03  Tom Yu  <tlyu@mit.edu>
+
+       * aclocal.m4 (AC_KRB5_TCL_TRYOLD): Search by appending stuff to
+       CPPFLAGS and LDFLAGS to notice if there may be problems with stuff
+       earlier along in either variable overriding.
+
+2000-04-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * aclocal.m4 (KRB5_AC_ENABLE_DNS): Set RESOLV_LIB, and substitute
+       it into the Makefile.
+       (AC_LIBRARY_NET): Set RESOLV_LIB.
+
+2000-04-18  Danilo Almeida  <dalmeida@mit.edu>
+
+       * Makefile.in (clean-windows): Actually clean gss-sample on Windows.
+
+2000-04-11  Danilo Almeida  <dalmeida@mit.edu>
+
+       * Makefile.in (clean-windows): Clean gss-sample on Windows.
+
+2000-04-04  Ken Raeburn  <raeburn@mit.edu>
+
+       * aclocal.m4 (KRB5_AC_ENABLE_DNS): Check for dns, dns-for-kdc, and
+       dns-for-realm separately.  Define KRB5_DNS_LOOKUP if either mode
+       is enabled.  Define KRB5_DNS_LOOKUP_KDC and KRB5_DNS_LOOKUP_REALM
+       if the appropriate modes are enabled.
+       * acconfig.h (KRB5_DNS_LOOKUP_KDC, KRB5_DNS_LOOKUP_REALM): Undef.
+
+2000-03-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * aclocal.m4 (KRB5_LIB_PARAMS): Check for alpha*-dec-osf* instead
+       of alpha-dec-osf*.
+
 2000-03-15  Ken Raeburn  <raeburn@mit.edu>
 
        * aclocal.m4 (KRB5_AC_ENABLE_DNS): Fix typo that caused the DNS
index 57efe5e7a4e62e3a210a12704d1161ad90c6485d..771be6af003db3837b36fcfeca4f7d53ddeeefc6 100644 (file)
@@ -290,7 +290,10 @@ clean-windows:: Makefile-windows
        @echo Making clean in clients
        cd ..\clients
        $(MAKE) -$(MFLAGS) clean
-       cd ..
+       @echo Making in appl\gss-sample
+       cd ..\appl\gss-sample
+       $(MAKE) -$(MFLAGS) clean
+       cd ..\..
        @echo Making clean in root
 
 #
index e6f00c77d4e89d1e2d7670b22d5a54f699021cc9..7ac14f02cd567421c7d12ea43227bb06d7cb962c 100644 (file)
@@ -32,6 +32,8 @@
 /* Define if DNS support for finding realms and KDC locations should
    be compiled in.  */
 #undef KRB5_DNS_LOOKUP
+#undef KRB5_DNS_LOOKUP_KDC
+#undef KRB5_DNS_LOOKUP_REALM
 
 /* Define to `long' if <sys/types.h> doesn't define. */
 #undef time_t
index 3228610bf03bde505832560ac04288fd09bd3be7..a6de3f906a9a207ae505ca3982c39128c2d498ac 100644 (file)
@@ -783,8 +783,8 @@ if test "$with_tcl" != no ; then
        AC_CHECK_LIB(ld, main, DL_LIB=-lld)
        krb5_save_CPPFLAGS="$CPPFLAGS"
        krb5_save_LDFLAGS="$LDFLAGS"
-       CPPFLAGS="$TCL_INCLUDES $CPPFLAGS"
-       LDFLAGS="$TCL_LIBPATH $LDFLAGS"
+       CPPFLAGS="$CPPFLAGS $TCL_INCLUDES"
+       LDFLAGS="$LDFLAGS $TCL_LIBPATH"
        tcl_header=no
        AC_CHECK_HEADER(tcl.h,AC_DEFINE(HAVE_TCL_H) tcl_header=yes)
        if test $tcl_header=no; then
@@ -1030,8 +1030,18 @@ AC_ARG_ENABLE([shared],
                        AC_MSG_RESULT([Forcing static libraries.])
                        # avoid duplicate rules generation for AIX and such
                        SHLIBEXT=.so-nobuild
+                       SHLIBVEXT=.so.v-nobuild
+                       SHLIBSEXT=.so.s-nobuild
                else
                        AC_MSG_RESULT([Enabling shared libraries.])
+                       # Clear some stuff in case of AIX, etc.
+                       if test "$STLIBEXT" = "$SHLIBEXT" ; then
+                               STLIBEXT=.a-nobuild
+                               LIBLIST=
+                               LIBLINKS=
+                               OBJLISTS=
+                               LIBINSTLIST=
+                       fi
                        LIBLIST="$LIBLIST "'lib$(LIB)$(SHLIBEXT)'
                        LIBLINKS="$LIBLINKS "'$(TOPLIBD)/lib$(LIB)$(SHLIBEXT) $(TOPLIBD)/lib$(LIB)$(SHLIBVEXT)'
                        case "$SHLIBSEXT" in
@@ -1060,9 +1070,11 @@ else
        SHLIBVEXT=.so.v-nobuild
        SHLIBSEXT=.so.s-nobuild
 fi],
-       RUN_ENV=
+[      RUN_ENV=
        CC_LINK="$CC_LINK_STATIC"
-)dnl
+       SHLIBEXT=.so-nobuild
+       SHLIBVEXT=.so.v-nobuild
+       SHLIBSEXT=.so.s-nobuild])dnl
 
 if test -z "$LIBLIST"; then
        AC_MSG_ERROR([must enable one of shared or static libraries])
@@ -1119,7 +1131,7 @@ CC_LINK_STATIC='$(CC) $(PROG_LIBPATH)'
 
 # Set up architecture-specific variables.
 case $krb5_cv_host in
-alpha-dec-osf*)
+alpha*-dec-osf*)
        SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
        SHLIBSEXT='.so.$(LIBMAJOR)'
        SHLIBEXT=.so
@@ -1129,7 +1141,11 @@ alpha-dec-osf*)
        SHLIB_EXPFLAGS='-rpath $(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
        PROFFLAGS=-pg
        CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -Wl,-rpath -Wl,$(PROG_RPATH)'
-       CC_LINK_STATIC='$(CC) $(PROG_LIBPATH)'
+       # Need -oldstyle_liblookup to avoid picking up shared libs from
+       # other builds.  OSF/1 / Tru64 ld programs look through the entire
+       # library path for shared libs prior to looking through the
+       # entire library path for static libs.
+       CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) -Wl,-oldstyle_liblookup'
        # $(PROG_RPATH) is here to handle things like a shared tcl library
        RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`:$(PROG_RPATH):/usr/shlib:/usr/ccs/lib:/usr/lib/cmplrs/cc:/usr/lib:/usr/local/lib; export LD_LIBRARY_PATH; _RLD_ROOT=/dev/dummy/d; export _RLD_ROOT;'
        ;;
@@ -1173,7 +1189,15 @@ mips-sgi-irix6.3)        # This is a Kludge; see below
        PROFFLAGS=-p
        CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -Wl,-rpath -Wl,$(PROG_RPATH)'
        CC_LINK_STATIC='$(CC) $(PROG_LIBPATH)'
-       RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;'
+       # This grossness is necessary due to the presence of *three*
+       # supported ABIs on Irix, and the precedence of the rpath over
+       # LD_LIBRARY*_PATH.  Like OSF/1, _RLD*_ROOT needs to be set to
+       # work around this lossage.
+       add='`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+       dummy=/dev/dummmy/d
+       # Set the N32 and 64 variables first because the unqualified
+       # variables affect all three and can cause the sed command to fail.
+       RUN_ENV="LD_LIBRARYN32_PATH=$add:/usr/lib32:/usr/lib32/internal:/lib32:/opt/lib32; export LD_LIBRARYN32_PATH; _RLDN32_ROOT=$dummy; export _RLDN32_ROOT; LD_LIBRARY64_PATH=$add:/usr/lib64:/usr/lib64/internal:/lib64:/opt/lib64; export LD_LIBRARY64_PATH; _RLD64_ROOT=$dummy; export _RLD64_ROOT; LD_LIBRARY_PATH=$add:/usr/lib:/usr/lib/internal:/lib:/lib/cmplrs/cc:/usr/lib/cmplrs/cc:/opt/lib; export LD_LIBRARY_PATH; _RLD_ROOT=$dummy; export _RLD_ROOT;"
        ;;
 
 mips-sgi-irix*)
@@ -1187,7 +1211,15 @@ mips-sgi-irix*)
        PROFFLAGS=-p
        CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -Wl,-rpath -Wl,$(PROG_RPATH)'
        CC_LINK_STATIC='$(CC) $(PROG_LIBPATH)'
-       RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;'
+       # This grossness is necessary due to the presence of *three*
+       # supported ABIs on Irix, and the precedence of the rpath over
+       # LD_LIBRARY*_PATH.  Like OSF/1, _RLD*_ROOT needs to be set to
+       # work around this lossage.
+       add='`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+       dummy=/dev/dummmy/d
+       # Set the N32 and 64 variables first because the unqualified
+       # variables affect all three and can cause the sed command to fail.
+       RUN_ENV="LD_LIBRARYN32_PATH=$add:/usr/lib32:/usr/lib32/internal:/lib32:/opt/lib32; export LD_LIBRARYN32_PATH; _RLDN32_ROOT=$dummy; export _RLDN32_ROOT; LD_LIBRARY64_PATH=$add:/usr/lib64:/usr/lib64/internal:/lib64:/opt/lib64; export LD_LIBRARY64_PATH; _RLD64_ROOT=$dummy; export _RLD64_ROOT; LD_LIBRARY_PATH=$add:/usr/lib:/usr/lib/internal:/lib:/lib/cmplrs/cc:/usr/lib/cmplrs/cc:/opt/lib; export LD_LIBRARY_PATH; _RLD_ROOT=$dummy; export _RLD_ROOT;"
        ;;
 
 # untested...
@@ -1243,7 +1275,7 @@ mips-*-netbsd*)
        PICFLAGS=-fpic
        if test "x$objformat" = "xelf" ; then
                SHLIBVEXT='.so.$(LIBMAJOR)'
-               CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -Wl,-rpath -Wl,-R$(PROG_RPATH)'
+               CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -Wl,-rpath -Wl,$(PROG_RPATH)'
        else
                SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
                CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -R$(PROG_RPATH)'
@@ -1396,7 +1428,8 @@ AC_DEFUN(AC_LIBRARY_NET, [
           # ugliness is necessary:
           AC_CHECK_LIB(socket, gethostbyname,
              LIBS="-lsocket -lnsl $LIBS",
-               AC_CHECK_LIB(resolv, gethostbyname),
+               AC_CHECK_LIB(resolv, gethostbyname,
+                           LIBS="-lresolv $LIBS" ; RESOLV_LIB=-lresolv),
              -lnsl)
        )
      )
@@ -1406,20 +1439,61 @@ AC_DEFUN(AC_LIBRARY_NET, [
   KRB5_AC_ENABLE_DNS
   if test "$enable_dns" = yes ; then
     AC_CHECK_FUNC(res_search, , AC_CHECK_LIB(resolv, res_search,
-       LIBS="$LIBS -lresolv",
+       LIBS="$LIBS -lresolv" ; RESOLV_LIB=-lresolv,
        AC_ERROR(Cannot find resolver support routine res_search in -lresolv.)
     ))
   fi
+  AC_SUBST(RESOLV_LIB)
   ])
 dnl
 dnl
 dnl KRB5_AC_ENABLE_DNS
 dnl
 AC_DEFUN(KRB5_AC_ENABLE_DNS, [
+AC_MSG_CHECKING(if DNS Kerberos lookup support should be compiled in)
+
   AC_ARG_ENABLE([dns],
-[  --enable-dns            enable DNS lookups of Kerberos realm and servers], ,
-[enable_dns=no])
-  if test "$enable_dns" = yes; then
+[  --enable-dns            build in support for Kerberos-related DNS lookups], ,
+[enable_dns=default])
+
+  AC_ARG_ENABLE([dns-for-kdc],
+[  --enable-dns-for-kdc    enable DNS lookups of Kerberos KDCs (default=YES)], ,
+[case "$enable_dns" in
+  yes | no) enable_dns_for_kdc=$enable_dns ;;
+  *) enable_dns_for_kdc=yes ;;
+esac])
+  if test "$enable_dns_for_kdc" = yes; then
+    AC_DEFINE(KRB5_DNS_LOOKUP_KDC)
+  fi
+
+  AC_ARG_ENABLE([dns-for-realm],
+[  --enable-dns-for-realm  enable DNS lookups of Kerberos realm names], ,
+[case "$enable_dns" in
+  yes | no) enable_dns_for_realm=$enable_dns ;;
+  *) enable_dns_for_realm=no ;;
+esac])
+  if test "$enable_dns_for_realm" = yes; then
+    AC_DEFINE(KRB5_DNS_LOOKUP_REALM)
+  fi
+
+  if test "$enable_dns_for_kdc,$enable_dns_for_realm" != no,no
+  then
+    # must compile in the support code
+    if test "$enable_dns" = no ; then
+      AC_MSG_ERROR(cannot both enable some DNS options and disable DNS support)
+    fi
+    enable_dns=yes
+  fi
+  if test "$enable_dns" = yes ; then
     AC_DEFINE(KRB5_DNS_LOOKUP)
+  else
+    enable_dns=no
   fi
+
+AC_MSG_RESULT($enable_dns)
+dnl AC_MSG_CHECKING(if DNS should be used to find KDCs by default)
+dnl AC_MSG_RESULT($enable_dns_for_kdc)
+dnl AC_MSG_CHECKING(if DNS should be used to find realm name by default)
+dnl AC_MSG_RESULT($enable_dns_for_realm)
+
 ])
index d3314b08daa29defeebe235b3a848651e527caed..6bded9b328bbe854491f7e865812d2ebf7197ea2 100644 (file)
@@ -1,3 +1,186 @@
+2001-02-16  Tom Yu  <tlyu@mit.edu>
+
+       * login.M: Don't include "= 0" as part of the "accept_passwd"
+       config option.
+
+2001-01-26  Tom Yu  <tlyu@mit.edu>
+
+       * krshd.c: Get path for NOLOGIN file from paths.h if present,
+       mirroring logic in login.c.  [patch from David MacKenzie
+       krb5-appl/913, pulled up from trunk]
+
+2001-01-26  Tom Yu  <tlyu@mit.edu>
+
+       * krlogin.c (read_wrapper): Copy from the current point and not
+       the start of the cached buffer. [pullup from trunk]
+
+2001-01-23  Tom Yu  <tlyu@mit.edu>
+
+       * forward.c (rd_and_store_for_creds): Overwrite any existing value
+       of the KRB5CCNAME environment variable.
+
+2000-07-19  Peter S Litwack  <plitwack@mit.edu>
+
+       * krlogin.c (writer): Improved bandwith efficiency by reading 
+       and sending more than one character at a time if multiple 
+       characters are available to be read from the terminal.
+       * krlogin.c (read_wrapper): Added this function as a helper
+       to writer.  It facilitates checking for escape sequences 
+       (~^Z etc.) when reading mulitple characters at a time.
+
+2000-06-29  Ken Raeburn  <raeburn@mit.edu>
+
+       Patch from Donn Cave and Leonard Peirce from 1.1 release cycle:
+       * login.c (k_init): Call krb5_cc_set_default_name right after
+       setting the environment variable.
+       (main): Likewise.
+
+2000-06-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * rcp.M, rsh.M, rlogin.M: Add description of new -PO, -PN
+       options.
+
+2000-06-19  Tom Yu  <tlyu@mit.edu>
+
+       * krshd.c (recvauth): Call krb5_recvauth_version() rather than
+       calling krb5_recvauth() with arguments intended for
+       krb5_recvauth_version().
+
+       * kcmd.c: Conditionalize krb_sendauth prototype based on sense of
+       KRB5_KRB4_COMPAT.
+
+2000-06-15  Tom Yu  <tlyu@mit.edu>
+
+       * login.c (try_convert524): Add use_ccache argument.  Handle case
+       where we have gotten v5 creds via password being entered and don't
+       crash in that case, since previous code was assuming that v5 creds
+       were always being provided.  Adapted from patch by Bob Basch.
+
+2000-06-10  Ken Raeburn  <raeburn@mit.edu>
+
+       * krcp.c (main): Fix logic again, this time in the "success"
+       case.  If there's a problem retrieving the new-protocol subkey,
+       print a message and exit, don't fall back.
+       * krsh.c (main): Ditto; don't look at enctype to try to guess
+       protocol version.  Delete unused variable "similar".
+
+2000-06-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * krlogin.c (main): Rework fallback logic.  Fall back to k4cmd
+       unless encryption and the new protocol were both requested.
+
+       * krsh.c (main): Rework fallback logic.  Fall back to k4cmd if new
+       protocol wasn't requested.
+
+       * krcp.c (main): Revert setting of AP_OPTS_MUTUAL_REQUIRED
+       unconditionally, which was added by mistake with last set of
+       patches.  If kcmd fails and the new protocol is requested, don't
+       fall back to v4.
+
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * Makefile.in (kcmd.o, krcp.o, krlogin.o, krlogind.o, krsh.o,
+       krshd.o): Depend on defines.h.
+       * krlogind.c: Include defines.h.
+       * krcp.c: Ditto.
+
+       * defines.h (enum kcmd_proto): New type.
+       (rcmd_stream_read, rcmd_stream_write, getport,
+       rcmd_stream_init_krb5): Add prototypes.
+
+       * kcmd.c (use_ivecs): New variable.
+       (encivec_i, encivec_o): Each is now an array of two elements.
+       (input, output, twrite, krb5_write_message, krb5_net_read,
+       krb5_net_write, krb_sendauth): Add prototypes.
+       (kcmd): New argument PROTONUMP points to enum kcmd_proto.  If
+       value is KCMD_PROTOCOL_COMPAT_HACK, set it to KCMD_NEW_PROTOCOL or
+       KCMD_OLD_PROTOCOL depending on session key type.  Use subkeys for
+       new protocol.  Callers updated.
+       (normal_read, v5_des_read, v4_des_read, twrite, v5_des_write,
+       v4_des_write, rcmd_stream_write, rcmd_stream_read): Take
+       additional argument indicating whether the fd is for the secondary
+       channel; ignored except in some v5 cases.  Callers updated.
+       (rcmd_stream_init_krb5): New argument, kcmd protocol version.  Set
+       up ivecs for secondary channel in each direction with values 0x2
+       ior primary channel value.  Callers updated.
+       (v5_des_read, v5_des_write): For new protocol, plaintext now has
+       its length prepended but not counted.
+
+       * krcp.c (main): Set kcmd protocol version based on command line,
+       not on encryption type.  Default to COMPAT_HACK.
+       * krsh.c (main): Ditto.
+       * krlogin.c (main): Ditto.
+
+       * krlogind.c (recvauth): Use new krb5_compat_recvauth_version
+       routine.  Determine client's kcmd protocol version and initialize
+       based on it.
+       * krshd.c (recvauth): Ditto.
+
+2000-05-19  Nalin Dahyabhai  <nalin@redhat.com>
+           Ken Raeburn  <raeburn@mit.edu>
+
+       * krcp.c (sink): bail if the target directory/file name is too long
+       * krlogind.c (recvauth, krb4 compat): truncate user name if the
+       principal's root would be too long to be valid
+       * v4rcp.c (sink): bail if the target directory/file name is too long
+
+2000-05-18  Tom Yu  <tlyu@mit.edu>
+
+       * krshd.c: Shuffle inclusion of defines.h so that some krb5
+       structures are declared prior to the kcmd() prototype.
+
+2000-05-16  Ken Raeburn  <raeburn@mit.edu>
+
+       * defines.h (kcmd): Add prototype.
+       * krcp.c (main): Add extra arg to a kcmd call I missed yesterday.
+
+2000-05-15  Ken Raeburn  <raeburn@mit.edu>
+
+       * krcp.c (main): Fix some conditionalizations to make proper
+       indentation easier.
+
+       * kcmd.c (encivec_i, encivec_o): New variables replace old single
+       variable encivec.
+       (rcmd_stream_init_krb5): New argument am_client, used to
+       initialize both ivec values.
+       * krcp.c (main, answer_auth): Pass new argument.
+       * krlogin.c (main): Ditto.
+       * krlogind.c (recvauth): Ditto.
+       * krsh.c (main): Ditto.
+       * krshd.c (recvauth): Ditto.
+
+       * defines.h (OPTS_FORWARD_CREDS, OPTS_FORWARDABLE_CREDS): Change
+       numbers so they don't conflict with AP_OPTS_USE_SUBKEY.
+       * kcmd.c (kcmd): New argument authconp, used to return the auth
+       context to the caller if desired.
+       * krlogin.c (auth_context): New variable.
+       (main): Request a subkey from sendauth.  Get the auth context from
+       kcmd so we can retrieve the subkey.  If non-DES session key is
+       being used, pass the subkey to rcmd_stream_init_krb5 instead of
+       the session key; fail if no subkey is found and encryption is
+       required.
+       * krlogind.c (recvauth): If a non-DES session key is being used,
+       pass the client-provided subkey to rcmd_stream_init_krb5.
+       * krcp.c (main): Set up and use subkey as above.
+       * krsh.c (main): Set up and use subkey as above.
+       * krshd.c (recvauth): Accept and use subkey as above.
+
+2000-05-08  Ken Raeburn  <raeburn@mit.edu>
+
+       * v4rcp.c (main, case 'k'): Make sure krb_realm is
+       null-terminated.
+
+2000-04-27  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * krlogin.c (main): Don't overflow buffer "term".
+       * krshd.c (doit): Don't overflow buffer "cmdbuf".
+       * login.c (afs_login): Don't overflow buffer "aklog_path".
+
+2000-03-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * configure.in: Check for alpha*-dec-osf* instead of
+       alpha-dec-osf*.
+
 2000-03-15  Ken Raeburn  <raeburn@mit.edu>
            Mark D. Roth  <roth@uiuc.edu>
 
index eee13ca90f56e378cb1d3fe92fcabf21aa2bab6d..93a6cba2e998706ee287fbfe3a68e9c43bd7b866 100644 (file)
@@ -90,3 +90,4 @@ install::
 
 getdtablesize.o: $(srcdir)/getdtablesize.c
 
+kcmd.o krcp.o krlogin.o krlogind.o krsh.o krshd.o : defines.h
index 6d31f489c01f886b183b63a4558de17013cc4d33..cf6547679ebf3b526f48caaaeaa44a9d815e4a47 100644 (file)
@@ -25,11 +25,12 @@ dnl Make our operating system-specific security checks and definitions for
 dnl login.
 dnl
 case $krb5_cv_host in
-*-*-aix3*) # AIX has streams include files but not streams TTY
-# Moreover, strops.h trashes sys/ioctl.h
-krb5_cv_has_streams=no
-;;
-alpha-dec-osf*)
+*-*-aix3*)
+       # AIX has streams include files but not streams TTY
+       # Moreover, strops.h trashes sys/ioctl.h
+       krb5_cv_has_streams=no
+       ;;
+alpha*-dec-osf*)
        AC_CHECK_LIB(security,setluid,
                AC_DEFINE(HAVE_SETLUID)
                LOGINLIBS="$LOGINLIBS -lsecurity"
index fd9c3e14c8ed00e0b1f2392db9d0a3ad9220b2c3..6365d2cbed6aee25589f9603e7c51d663c587ddc 100644 (file)
@@ -1,3 +1,43 @@
-#define OPTS_FORWARD_CREDS           0x00000002
-#define OPTS_FORWARDABLE_CREDS       0x00000001
+#define OPTS_FORWARD_CREDS           0x00000020
+#define OPTS_FORWARDABLE_CREDS       0x00000010
 #define RCMD_BUFSIZ    5120
+
+enum kcmd_proto {
+  /* Old protocol: DES encryption only.  No subkeys.  No protection
+     for cleartext length.  No ivec supplied.  OOB hacks used for
+     rlogin.  Checksum may be omitted at connection startup.  */
+  KCMD_OLD_PROTOCOL = 1,
+  /* New protocol: Any encryption scheme.  Client-generated subkey
+     required.  Prepend cleartext-length to cleartext data (but don't
+     include it in count).  Starting ivec defined, chained.  In-band
+     signalling.  Checksum required.  */
+  KCMD_NEW_PROTOCOL,
+  /* Hack: Get credentials, and use the old protocol iff the session
+     key type is single-DES.  */
+  KCMD_PROTOCOL_COMPAT_HACK,
+  /* Using Kerberos version 4.  */
+  KCMD_V4_PROTOCOL,
+  /* ??? */
+  KCMD_UNKNOWN_PROTOCOL
+};
+
+extern int kcmd (int *sock, char **ahost, int /* u_short */ rport,
+                char *locuser, char *remuser, char *cmd,
+                int *fd2p, char *service, char *realm,
+                krb5_creds **cred,
+                krb5_int32 *seqno, krb5_int32 *server_seqno,
+                struct sockaddr_in *laddr,
+                struct sockaddr_in *faddr,
+                krb5_auth_context *authconp,
+                krb5_flags authopts,
+                int anyport, int suppress_err,
+                enum kcmd_proto *protonum /* input and output */
+                );
+
+extern int rcmd_stream_read (int fd, char *buf, int len, int secondary);
+extern int rcmd_stream_write (int fd, char *buf, int len, int secondary);
+extern int getport (int *);
+
+extern void rcmd_stream_init_krb5 (krb5_keyblock *in_keyblock,
+                                  int encrypt_flag, int lencheck,
+                                  int am_client, enum kcmd_proto protonum);
index e22fc1d98392735a0d36417625a491a7720ee3e3..e47b8ff163334b8f3b2f3f23e0dd1374423e03f2 100644 (file)
@@ -51,7 +51,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, ticket, ccache)
      */
   
     sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
-    setenv("KRB5CCNAME", ccname, 0);
+    setenv("KRB5CCNAME", ccname, 1);
   
     if (retval = krb5_cc_resolve(context, ccname, ccache)) 
        goto cleanup;
index 0e68f88e7c0503967783e73befb61f003c4601cf..3e401ccedb243b6018e538b74f36c1ece0622b28 100644 (file)
@@ -117,14 +117,18 @@ static char des_inbuf[2*RCMD_BUFSIZ];      /* needs to be > largest read size */
 static char des_outpkt[2*RCMD_BUFSIZ+4]; /* needs to be > largest write size */
 static krb5_data desinbuf;
 static krb5_data desoutbuf;
-static krb5_data encivec;
+
+/* XXX Overloaded: use_ivecs!=0 -> new protocol, inband signalling, etc.  */
+static int use_ivecs;
+static krb5_data encivec_i[2], encivec_o[2];
+
 static krb5_keyblock *keyblock;                 /* key for encrypt/decrypt */
-static int (*input)();
-static int (*output)();
+static int (*input)(int, char *, int, int);
+static int (*output)(int, char *, int, int);
 static char storage[2*RCMD_BUFSIZ];     /* storage for the decryption */
 static int nstored = 0;
 static char *store_ptr = storage;
-static int twrite();
+static int twrite(int, char *, int, int);
 static int v5_des_read(), v5_des_write();
 #ifdef KRB5_KRB4_COMPAT
 static int v4_des_read(), v4_des_write();
@@ -133,8 +137,29 @@ static int right_justify;
 #endif
 static int do_lencheck;
 
+/* XXX: These should be internal to krb5 library, or declared in krb5.h.  */
+extern krb5_error_code krb5_write_message (krb5_context, krb5_pointer,
+                                          krb5_data *);
+extern int krb5_net_read (krb5_context, int , char *, int);
+extern int krb5_net_write (krb5_context, int , const char *, int);
+/* XXX: And these should be declared in krb.h, or private.  */
+#ifdef KRB5_KRB4_COMPAT
+extern int
+krb_sendauth(long options, int fd, KTEXT ticket,
+            char *service, char *inst, char *realm,
+            unsigned KRB4_32 checksum,
+            MSG_DAT *msg_data,
+            CREDENTIALS *cred,
+            Key_schedule schedule,
+            struct sockaddr_in *laddr,
+            struct sockaddr_in *faddr,
+            char *version);
+#endif
+
+int
 kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
-     cred, seqno, server_seqno, laddr, faddr, authopts, anyport, suppress_err)
+     cred, seqno, server_seqno, laddr, faddr, authconp, authopts, anyport,
+     suppress_err, protonump)
      int *sock;
      char **ahost;
      u_short rport;
@@ -142,15 +167,17 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
      int *fd2p;
      char *service;
      char *realm;
-     krb5_creds **cred;
+     krb5_creds **cred; /* output only */
      krb5_int32 *seqno;
      krb5_int32 *server_seqno;
      struct sockaddr_in *laddr, *faddr;
+     krb5_auth_context *authconp;
      krb5_flags authopts;
      int anyport;
      int suppress_err;         /* Don't print if authentication fails */
+     enum kcmd_proto *protonump;
 {
-    int i, s, timo = 1, pid;
+    int s, pid;
 #ifdef POSIX_SIGNALS
     sigset_t oldmask, urgmask;
 #else
@@ -164,7 +191,6 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     int rc;
     char *host_save;
     krb5_error_code status;
-    krb5_error *err_ret;
     krb5_ap_rep_enc_part *rep_ret;
     krb5_error *error = 0;
     int sin_len;
@@ -174,6 +200,8 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     krb5_auth_context auth_context = NULL;
     char *cksumbuf;
     krb5_data cksumdat;
+    char *kcmd_version;
+    enum kcmd_proto protonum = *protonump;
 
     if ((cksumbuf = malloc(strlen(cmd)+strlen(remuser)+64)) == 0 ) {
        fprintf(stderr, "Unable to allocate memory for checksum buffer.\n");
@@ -361,12 +389,35 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
                        KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR))
        goto bad2;
 
-   /* call Kerberos library routine to obtain an authenticator,
+    if (protonum == KCMD_PROTOCOL_COMPAT_HACK) {
+       krb5_boolean is_des;
+       status = krb5_c_enctype_compare (bsd_context, ENCTYPE_DES_CBC_CRC,
+                                        ret_cred->keyblock.enctype, &is_des);
+       if (status)
+           goto bad2;
+       protonum = is_des ? KCMD_OLD_PROTOCOL : KCMD_NEW_PROTOCOL;
+    }
+
+    switch (protonum) {
+    case KCMD_NEW_PROTOCOL:
+       authopts |= AP_OPTS_USE_SUBKEY;
+       kcmd_version = "KCMDV0.2";
+       break;
+    case KCMD_OLD_PROTOCOL:
+       kcmd_version = "KCMDV0.1";
+       break;
+    default:
+       status = EINVAL;
+       goto bad2;
+    }
+
+    /* Call Kerberos library routine to obtain an authenticator,
        pass it over the socket to the server, and obtain mutual
-       authentication. */
+       authentication.  */
     status = krb5_sendauth(bsd_context, &auth_context, (krb5_pointer) &s,
-                           "KCMDV0.1", ret_cred->client, ret_cred->server,
-                          authopts, &cksumdat, ret_cred, 0,    &error, &rep_ret, NULL);
+                          kcmd_version, ret_cred->client, ret_cred->server,
+                          authopts, &cksumdat, ret_cred, 0,
+                          &error, &rep_ret, NULL);
     free(cksumbuf);
     if (status) {
        if (!suppress_err)
@@ -440,10 +491,13 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     sigsetmask(oldmask);
 #endif /* POSIX_SIGNALS */
     *sock = s;
+    *protonump = protonum;
     
     /* pass back credentials if wanted */
     if (cred) krb5_copy_creds(bsd_context, ret_cred, cred);
     krb5_free_creds(bsd_context, ret_cred);
+    if (authconp)
+       *authconp = auth_context;
     
     return (0);
   bad2:
@@ -464,6 +518,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
 
 
 #ifdef KRB5_KRB4_COMPAT
+int
 k4cmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, ticket, service, realm,
       cred, schedule, msg_data, laddr, faddr, authopts, anyport)
      int *sock;
@@ -701,7 +756,7 @@ reread:
 #endif /* KRB5_KRB4_COMPAT */
 
 
-
+int
 getport(alport)
      int *alport;
 {
@@ -733,16 +788,25 @@ getport(alport)
     return -1;
 }
 
+static int
+normal_read (int fd, char *buf, int len, int secondary)
+{
+    return read (fd, buf, len);
+}
+
 void rcmd_stream_init_normal()
 {
-    input = read;
+    input = normal_read;
     output = twrite;
 }
 
-void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck)
+void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck, am_client,
+                          protonum)
      krb5_keyblock *in_keyblock;
      int encrypt_flag;
      int lencheck;
+     int am_client;
+     enum kcmd_proto protonum;
 {
     krb5_error_code status;
     size_t blocksize;
@@ -760,33 +824,35 @@ void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck)
     input = v5_des_read;
     output = v5_des_write;
 
-    if (status = krb5_c_enctype_compare(bsd_context, ENCTYPE_DES_CBC_CRC,
-                                       keyblock->enctype,
-                                       &similar)) {
-       /* XXX what do I do? */
-       abort();
-    }
-
-    if (similar) {
-       encivec.length = 0;
+    if (protonum == KCMD_OLD_PROTOCOL) {
+       use_ivecs = 0;
        return;
     }
 
+    use_ivecs = 1;
+
     if (status = krb5_c_block_size(bsd_context, keyblock->enctype,
                                   &blocksize)) {
        /* XXX what do I do? */
        abort();
     }
 
-    encivec.length = blocksize;
+    encivec_i[0].length = encivec_i[1].length = encivec_o[0].length
+       = encivec_o[1].length = blocksize;
 
-    if ((encivec.data = malloc(encivec.length)) == NULL) {
+    if ((encivec_i[0].data = malloc(encivec_i[0].length * 4)) == NULL) {
        /* XXX what do I do? */
        abort();
     }
+    encivec_i[1].data = encivec_i[0].data + encivec_i[0].length;
+    encivec_o[0].data = encivec_i[1].data + encivec_i[0].length;
+    encivec_o[1].data = encivec_o[0].data + encivec_i[0].length;
 
     /* is there a better way to initialize this? */
-    memset(encivec.data, '\0', blocksize);
+    memset(encivec_i[0].data, am_client, blocksize);
+    memset(encivec_o[0].data, 1 - am_client, blocksize);
+    memset(encivec_i[1].data, 2 | am_client, blocksize);
+    memset(encivec_o[1].data, 2 | (1 - am_client), blocksize);
 }
 
 #ifdef KRB5_KRB4_COMPAT
@@ -808,35 +874,39 @@ void rcmd_stream_init_krb4(session, encrypt_flag, lencheck, justify)
 }
 #endif
 
-int rcmd_stream_read(fd, buf, len)
+int rcmd_stream_read(fd, buf, len, sec)
      int fd;
      register char *buf;
      int len;
+     int sec;
 {
-    return (*input)(fd, buf, len);
+    return (*input)(fd, buf, len, sec);
 }
 
-int rcmd_stream_write(fd, buf, len)
+int rcmd_stream_write(fd, buf, len, sec)
      int fd;
      register char *buf;
      int len;
+     int sec;
 {
-    return (*output)(fd, buf, len);
+    return (*output)(fd, buf, len, sec);
 }
 
 /* Because of rcp lossage, translate fd 0 to 1 when writing. */
-static int twrite(fd, buf, len)
+static int twrite(fd, buf, len, secondary)
      int fd;
      char *buf;
      int len;
+     int secondary;
 {
     return write((fd == 0) ? 1 : fd, buf, len);
 }
 
-static int v5_des_read(fd, buf, len)
+static int v5_des_read(fd, buf, len, secondary)
      int fd;
      char *buf;
      int len;
+     int secondary;
 {
     int nreturned = 0;
     size_t net_len,rd_len;
@@ -879,7 +949,8 @@ static int v5_des_read(fd, buf, len)
     rd_len = (rd_len << 8) | c;
 
     if (ret = krb5_c_encrypt_length(bsd_context, keyblock->enctype,
-                                 rd_len, &net_len)) {
+                                   use_ivecs ? rd_len + 4 : rd_len,
+                                   &net_len)) {
        errno = ret;
        return(-1);
     }
@@ -902,8 +973,8 @@ static int v5_des_read(fd, buf, len)
     plain.data = storage;
 
     /* decrypt info */
-    if (krb5_c_decrypt(bsd_context, keyblock, KCMD_KEYUSAGE,
-                      encivec.length?&encivec:0,
+    if (ret = krb5_c_decrypt(bsd_context, keyblock, KCMD_KEYUSAGE,
+                      use_ivecs ? encivec_i + secondary : 0,
                       &cipher, &plain)) {
        /* probably out of sync */
        errno = EIO;
@@ -911,6 +982,19 @@ static int v5_des_read(fd, buf, len)
     }
     store_ptr = storage;
     nstored = rd_len;
+    if (use_ivecs) {
+       int rd_len2;
+       rd_len2 = storage[0] & 0xff;
+       rd_len2 <<= 8; rd_len2 |= storage[1] & 0xff;
+       rd_len2 <<= 8; rd_len2 |= storage[2] & 0xff;
+       rd_len2 <<= 8; rd_len2 |= storage[3] & 0xff;
+       if (rd_len2 != rd_len) {
+           /* cleartext length trashed? */
+           errno = EIO;
+           return -1;
+       }
+       store_ptr += 4;
+    }
     if (nstored > len) {
        memcpy(buf, store_ptr, len);
        nreturned += len;
@@ -927,23 +1011,39 @@ static int v5_des_read(fd, buf, len)
 
 
 
-static int v5_des_write(fd, buf, len)
+static int v5_des_write(fd, buf, len, secondary)
      int fd;
      char *buf;
      int len;
+     int secondary;
 {
-    unsigned char *len_buf = (unsigned char *) des_outpkt;
     krb5_data plain;
     krb5_enc_data cipher;
-
-    plain.data = buf;
-    plain.length = len;
+    char tmpbuf[2*RCMD_BUFSIZ+8];
+    unsigned char *len_buf = (unsigned char *) tmpbuf;
+
+    if (use_ivecs) {
+       unsigned char *lenbuf2 = (unsigned char *) tmpbuf;
+       if (len + 4 > sizeof(tmpbuf))
+           abort ();
+       lenbuf2[0] = (len & 0xff000000) >> 24;
+       lenbuf2[1] = (len & 0xff0000) >> 16;
+       lenbuf2[2] = (len & 0xff00) >> 8;
+       lenbuf2[3] = (len & 0xff);
+       memcpy (tmpbuf + 4, buf, len);
+
+       plain.data = tmpbuf;
+       plain.length = len + 4;
+    } else {
+       plain.data = buf;
+       plain.length = len;
+    }
 
     cipher.ciphertext.length = sizeof(des_outpkt)-4;
     cipher.ciphertext.data = desoutbuf.data;
 
     if (krb5_c_encrypt(bsd_context, keyblock, KCMD_KEYUSAGE,
-                      encivec.length?&encivec:0,
+                      use_ivecs ? encivec_o + secondary : 0,
                       &plain, &cipher)) {
        errno = EIO;
        return(-1);
@@ -951,6 +1051,7 @@ static int v5_des_write(fd, buf, len)
 
     desoutbuf.length = cipher.ciphertext.length;
 
+    len_buf = (unsigned char *) des_outpkt;
     len_buf[0] = (len & 0xff000000) >> 24;
     len_buf[1] = (len & 0xff0000) >> 16;
     len_buf[2] = (len & 0xff00) >> 8;
@@ -1032,11 +1133,11 @@ int len;
                errno = EIO;
                return(-1);
        }
-       (void) pcbc_encrypt(des_inbuf,
-                           storage,
+       (void) pcbc_encrypt((des_cblock *) des_inbuf,
+                           (des_cblock *) storage,
                            (net_len < 8) ? 8 : net_len,
                            v4_schedule,
-                           v4_session,
+                           &v4_session,
                            DECRYPT);
        /* 
         * when the cleartext block is < 8 bytes, it is "right-justified"
@@ -1092,11 +1193,11 @@ int len;
                /* this "right-justifies" the data in the buffer */
                (void) memcpy(garbage_buf + 8 - len, buf, len);
        }
-       (void) pcbc_encrypt((len < 8) ? garbage_buf : buf,
-                           des_outpkt+4,
+       (void) pcbc_encrypt((des_cblock *) ((len < 8) ? garbage_buf : buf),
+                           (des_cblock *) (des_outpkt+4),
                            (len < 8) ? 8 : len,
                            v4_schedule,
-                           v4_session,
+                           &v4_session,
                            ENCRYPT);
 
        /* tell the other end the real amount, but send an 8-byte padded
index 967014579f74ad41cbd821fb3d7c49b270ff078b..7292e72fefddc1464c054b7d38dfdf20a24e173a 100644 (file)
@@ -71,6 +71,8 @@ char copyright[] =
 #include <k5-util.h>
 #include <com_err.h>
 
+#include "defines.h"
+
 #define RCP_BUFSIZ 4096
      
 int sock;
@@ -131,7 +133,7 @@ void        error KRB5_STDARG_P((char *fmt, ...));
 void   error KRB5_STDARG_P((char *, va_list));
 #endif
 
-#define        ga()            (void) rcmd_stream_write(rem, "", 1)
+#define        ga()            (void) rcmd_stream_write(rem, "", 1, 0)
 
 int main(argc, argv)
      int argc;
@@ -153,6 +155,8 @@ int main(argc, argv)
     krb5_error_code status;    
     int euid;
     char **orig_argv = save_argv(argc, argv);
+    krb5_auth_context auth_context;
+    enum kcmd_proto kcmd_proto = KCMD_PROTOCOL_COMPAT_HACK;
 
     status = krb5_init_context(&bsd_context);
     if (status) {
@@ -224,6 +228,14 @@ int main(argc, argv)
            }
            strcpy(krb_config, *argv);  
            goto next_arg;
+         case 'P':
+           if (!strcmp (*argv, "O"))
+               kcmd_proto = KCMD_OLD_PROTOCOL;
+           else if (!strcmp (*argv, "N"))
+               kcmd_proto = KCMD_NEW_PROTOCOL;
+           else
+               usage ();
+           goto next_arg;
 #endif /* KERBEROS */
            /* The rest of these are not for users. */
          case 'd':
@@ -376,20 +388,22 @@ int main(argc, argv)
                      suser = pwd->pw_name;
                    else if (!okname(suser))
                      continue;
+                   (void) sprintf(buf,
 #if defined(hpux) || defined(__hpux)
-                   (void) sprintf(buf, "remsh %s -l %s -n %s %s '%s%s%s:%s'",
+                                  "remsh %s -l %s -n %s %s '%s%s%s:%s'",
 #else
-                   (void) sprintf(buf, "rsh %s -l %s -n %s %s '%s%s%s:%s'",
+                                  "rsh %s -l %s -n %s %s '%s%s%s:%s'",
 #endif
                                   host, suser, cmd, src,
                                   tuser ? tuser : "",
                                   tuser ? "@" : "",
                                   thost, targ);
               } else
+                  (void) sprintf(buf,
 #if defined(hpux) || defined(__hpux)
-                  (void) sprintf(buf, "remsh %s -n %s %s '%s%s%s:%s'",
+                                 "remsh %s -n %s %s '%s%s%s:%s'",
 #else
-                   (void) sprintf(buf, "rsh %s -n %s %s '%s%s%s:%s'",
+                                 "rsh %s -n %s %s '%s%s%s:%s'",
 #endif
                                   argv[i], cmd, src,
                                   tuser ? tuser : "",
@@ -397,7 +411,7 @@ int main(argc, argv)
                                   thost, targ);
                (void) susystem(buf);
            } else {            /* local to remote */
-krb5_creds *cred;
+               krb5_creds *cred;
                if (rem == -1) {
                    (void) sprintf(buf, "%s -t %s",
                                   cmd, targ);
@@ -418,10 +432,14 @@ krb5_creds *cred;
                                  0,  /* No server seq # */
                                  &local,
                                  &foreign,
-                                 authopts,
+                                 &auth_context, authopts,
                                  0, /* Not any port # */
-                                 0);
+                                 0,
+                                 &kcmd_proto);
                    if (status) {
+                       if (kcmd_proto == KCMD_NEW_PROTOCOL)
+                           /* Don't fall back to less safe methods.  */
+                           exit (1);
 #ifdef KRB5_KRB4_COMPAT
                        fprintf(stderr, "Trying krb4 rcp...\n");
                        if (strncmp(buf, "-x rcp", 6) == 0)
@@ -442,8 +460,29 @@ krb5_creds *cred;
                        try_normal(orig_argv);
 #endif
                    }
-                   else
-                       rcmd_stream_init_krb5(&cred->keyblock, encryptflag, 0);
+                   else {
+                       krb5_boolean similar;
+                       krb5_keyblock *key = &cred->keyblock;
+
+                       if (status = krb5_c_enctype_compare(bsd_context,
+                                                           ENCTYPE_DES_CBC_CRC,
+                                                           cred->keyblock.enctype,
+                                                           &similar))
+                           try_normal(orig_argv); /* doesn't return */
+
+                       if (!similar) {
+                           status = krb5_auth_con_getlocalsubkey (bsd_context,
+                                                                  auth_context,
+                                                                  &key);
+                           if ((status || !key) && encryptflag)
+                               try_normal(orig_argv);
+                       }
+                       if (key == 0)
+                           key = &cred->keyblock;
+
+                       rcmd_stream_init_krb5(key, encryptflag, 0, 1,
+                                             kcmd_proto);
+                   }
                    rem = sock;
 #else
                    rem = rcmd(&host, port, pwd->pw_name,
@@ -521,10 +560,14 @@ krb5_creds *cred;
                              0,  /* No server seq # */
                              (struct sockaddr_in *) 0,
                              &foreign,
-                             authopts,
+                             &auth_context, authopts,
                              0, /* Not any port # */
-                             0);
+                             0,
+                             &kcmd_proto);
                if (status) {
+                       if (kcmd_proto == KCMD_NEW_PROTOCOL)
+                           /* Don't fall back to less safe methods.  */
+                           exit (1);
 #ifdef KRB5_KRB4_COMPAT
                        fprintf(stderr, "Trying krb4 rcp...\n");
                        if (strncmp(buf, "-x rcp", 6) == 0)
@@ -543,8 +586,27 @@ krb5_creds *cred;
 #else
                        try_normal(orig_argv);
 #endif
-               } else
-                   rcmd_stream_init_krb5(&cred->keyblock, encryptflag, 0);
+               } else {
+                   krb5_keyblock *key = &cred->keyblock;
+
+                   if (kcmd_proto == KCMD_NEW_PROTOCOL) {
+                       status = krb5_auth_con_getlocalsubkey (bsd_context,
+                                                              auth_context,
+                                                              &key);
+                       if (status) {
+                           com_err (argv[0], status,
+                                    "determining subkey for session");
+                           exit (1);
+                       }
+                       if (!key) {
+                           com_err (argv[0], 0,
+                                    "no subkey negotiated for connection");
+                           exit (1);
+                       }
+                   }
+
+                   rcmd_stream_init_krb5(key, encryptflag, 0, 1, kcmd_proto);
+               }
                rem = sock; 
                                   
                euid = geteuid();
@@ -741,7 +803,7 @@ void source(argc, argv)
             */
            (void) sprintf(buf, "T%ld 0 %ld 0\n",
                           stb.st_mtime, stb.st_atime);
-           (void) rcmd_stream_write(rem, buf, strlen(buf));
+           (void) rcmd_stream_write(rem, buf, strlen(buf), 0);
            if (response() < 0) {
                (void) close(f);
                continue;
@@ -749,7 +811,7 @@ void source(argc, argv)
        }
        (void) sprintf(buf, "C%04o %ld %s\n",
                       (int) stb.st_mode&07777, (long ) stb.st_size, last);
-       (void) rcmd_stream_write(rem, buf, strlen(buf));
+       (void) rcmd_stream_write(rem, buf, strlen(buf), 0);
        if (response() < 0) {
            (void) close(f);
            continue;
@@ -765,7 +827,7 @@ void source(argc, argv)
              amt = stb.st_size - i;
            if (readerr == 0 && read(f, bp->buf, amt) != amt)
              readerr = errno;
-           (void) rcmd_stream_write(rem, bp->buf, amt);
+           (void) rcmd_stream_write(rem, bp->buf, amt, 0);
        }
        (void) close(f);
        if (readerr == 0)
@@ -810,14 +872,14 @@ void rsource(name, statp)
     if (pflag) {
        (void) sprintf(buf, "T%ld 0 %ld 0\n",
                       statp->st_mtime, statp->st_atime);
-       (void) rcmd_stream_write(rem, buf, strlen(buf));
+       (void) rcmd_stream_write(rem, buf, strlen(buf), 0);
        if (response() < 0) {
            closedir(d);
            return;
        }
     }
     (void) sprintf(buf, "D%04o %d %s\n", statp->st_mode&07777, 0, last);
-    (void) rcmd_stream_write(rem, buf, strlen(buf));
+    (void) rcmd_stream_write(rem, buf, strlen(buf), 0);
     if (response() < 0) {
        closedir(d);
        return;
@@ -836,7 +898,7 @@ void rsource(name, statp)
        source(1, bufv);
     }
     closedir(d);
-    (void) rcmd_stream_write(rem, "E\n", 2);
+    (void) rcmd_stream_write(rem, "E\n", 2, 0);
     (void) response();
 }
 
@@ -845,7 +907,7 @@ void rsource(name, statp)
 int response()
 {
     char resp, c, rbuf[RCP_BUFSIZ], *cp = rbuf;
-    if (rcmd_stream_read(rem, &resp, 1) != 1)
+    if (rcmd_stream_read(rem, &resp, 1, 0) != 1)
       lostconn();
     switch (resp) {
        
@@ -858,7 +920,7 @@ int response()
       case 1:                          /* error, followed by err msg */
       case 2:                          /* fatal error, "" */
        do {
-           if (rcmd_stream_read(rem, &c, 1) != 1)
+           if (rcmd_stream_read(rem, &c, 1, 0) != 1)
              lostconn();
            *cp++ = c;
        } while (cp < &rbuf[RCP_BUFSIZ] && c != '\n');
@@ -941,12 +1003,12 @@ void sink(argc, argv)
       targisdir = 1;
     for (first = 1; ; first = 0) {
        cp = cmdbuf;
-       if (rcmd_stream_read(rem, cp, 1) <= 0)
+       if (rcmd_stream_read(rem, cp, 1, 0) <= 0)
          return;
        if (*cp++ == '\n')
          SCREWUP("unexpected '\\n'");
        do {
-           if (rcmd_stream_read(rem, cp, 1) != 1)
+           if (rcmd_stream_read(rem, cp, 1, 0) != 1)
              SCREWUP("lost connection");
        } while (*cp++ != '\n');
        *cp = 0;
@@ -1012,11 +1074,17 @@ void sink(argc, argv)
          size = size * 10 + (*cp++ - '0');
        if (*cp++ != ' ')
          SCREWUP("size not delimited");
-       if (targisdir)
+       if (targisdir) {
+          if(strlen(targ) + strlen(cp) + 2 >= sizeof(nambuf))
+           SCREWUP("target name too long");
          (void) sprintf(nambuf, "%s%s%s", targ,
                         *targ ? "/" : "", cp);
-       else
-         (void) strcpy(nambuf, targ);
+       } else {
+         if (strlen(targ) + 1 >= sizeof (nambuf))
+           SCREWUP("target name too long");
+         (void) strncpy(nambuf, targ, sizeof(nambuf) - 1);
+       }
+       nambuf[sizeof(nambuf) - 1] = '\0';
        exists = stat(nambuf, &stb) == 0;
        if (cmdbuf[0] == 'D') {
            if (exists) {
@@ -1064,7 +1132,7 @@ void sink(argc, argv)
              amt = size - i;
            count += amt;
            do {
-               j = rcmd_stream_read(rem, cp, amt);
+               j = rcmd_stream_read(rem, cp, amt, 0);
                if (j <= 0) {
                    if (j == 0)
                      error("rcp: dropped connection");
@@ -1159,7 +1227,7 @@ error(fmt, va_alist)
     va_end(ap);
 
     if (iamremote)
-      (void) rcmd_stream_write(rem, buf, strlen(buf));
+      (void) rcmd_stream_write(rem, buf, strlen(buf), 0);
     else
       (void) write(2, buf+1, strlen(buf+1));
 }
@@ -1170,7 +1238,7 @@ void usage()
 {
 #ifdef KERBEROS
     fprintf(stderr,
-           "Usage: \trcp [-p] [-x] [-k realm] f1 f2; or:\n\trcp [-r] [-p] [-x] [-k realm] f1 ... fn d2\n");
+           "Usage: \trcp [-PN | -PO] [-p] [-x] [-k realm] f1 f2; or:\n\trcp [-PN | -PO] [-r] [-p] [-x] [-k realm] f1 ... fn d2\n");
 #else
     fputs("usage: rcp [-p] f1 f2; or: rcp [-rp] f1 ... fn d2\n", stderr);
 #endif
@@ -1315,7 +1383,8 @@ void
        exit(1);
     }
     
-    rcmd_stream_init_krb5(&new_creds->keyblock, encryptflag, 0);
+    rcmd_stream_init_krb5(&new_creds->keyblock, encryptflag, 0, 0,
+                         KCMD_OLD_PROTOCOL);
     
     /* cleanup */
     krb5_free_cred_contents(bsd_context, &creds);
index da4a8898057a0161068335a5070f4359a6176b08..b05f95599823a52aa5745d2a9f2dfbb6b954f95d 100644 (file)
@@ -177,6 +177,7 @@ int fflag = 0, Fflag = 0;
 krb5_creds *cred;
 struct sockaddr_in local, foreign;
 krb5_context bsd_context;
+krb5_auth_context auth_context;
 
 #ifdef KRB5_KRB4_COMPAT
 Key_schedule v4_schedule;
@@ -377,7 +378,8 @@ main(argc, argv)
 #endif
 #endif
     int port, debug_port = 0;
-   
+    enum kcmd_proto kcmd_proto = KCMD_PROTOCOL_COMPAT_HACK;
+
     memset(&defaultservent, 0, sizeof(struct servent));
     if (strrchr(argv[0], '/'))
       argv[0] = strrchr(argv[0], '/')+1;
@@ -502,6 +504,16 @@ main(argc, argv)
        argv++, argc--;
        goto another;
     }
+    if (argc > 0 && !strcmp(*argv, "-PO")) {
+       kcmd_proto = KCMD_OLD_PROTOCOL;
+       argv++, argc--;
+       goto another;
+    }
+    if (argc > 0 && !strcmp(*argv, "-PN")) {
+       kcmd_proto = KCMD_NEW_PROTOCOL;
+       argv++, argc--;
+       goto another;
+    }
 #endif /* KERBEROS */
     if (host == 0)
       goto usage;
@@ -559,7 +571,8 @@ main(argc, argv)
        if (tcgetattr(0, &ttyb) == 0) {
                int ospeed = cfgetospeed (&ttyb);
 
-               (void) strcat(term, "/");
+                term[sizeof(term) - 1] = '\0';
+               (void) strncat(term, "/", sizeof(term) - 1 - strlen(term));
                if (ospeed >= 50)
                        /* On some systems, ospeed is the baud rate itself,
                           not a table index.  */
@@ -567,15 +580,16 @@ main(argc, argv)
                else if (ospeed >= sizeof(speeds)/sizeof(char*))
                        /* Past end of table, but not high enough to
                           look like a real speed.  */
-                       (void) strcat (term, speeds[sizeof(speeds)/sizeof(char*) - 1]);
+                       (void) strncat (term, speeds[sizeof(speeds)/sizeof(char*) - 1], sizeof(term) - 1 - strlen(term));
                else {
-                       (void) strcat(term, speeds[ospeed]);
+                       (void) strncat(term, speeds[ospeed], sizeof(term) - 1 - strlen(term));
                }
+                term[sizeof (term) - 1] = '\0';
        }
 #else
     if (ioctl(0, TIOCGETP, &ttyb) == 0) {
-       (void) strcat(term, "/");
-       (void) strcat(term, speeds[ttyb.sg_ospeed]);
+       (void) strncat(term, "/", sizeof(term) - 1 - strlen(term));
+       (void) strncat(term, speeds[ttyb.sg_ospeed], sizeof(term) - 1 - strlen(term));
     }
 #endif
     (void) get_window_size(0, &winsize);
@@ -631,10 +645,14 @@ main(argc, argv)
                  0,            /* No need for sequence number */
                  0,            /* No need for server seq # */
                  &local, &foreign,
-                 authopts,
+                 &auth_context, authopts,
                  0,            /* Not any port # */
-                 0);
+                 0,
+                 &kcmd_proto);
     if (status) {
+       if (kcmd_proto == KCMD_NEW_PROTOCOL && encrypt_flag)
+           /* Don't fall back to something less secure.  */
+           exit (1);
 #ifdef KRB5_KRB4_COMPAT
        fprintf(stderr, "Trying krb4 rlogin...\n");
        status = k4cmd(&sock, &host, port,
@@ -650,19 +668,20 @@ main(argc, argv)
        try_normal(orig_argv);
 #endif
     } else {
-       krb5_boolean similar;
+       krb5_keyblock *key = 0;
 
-       rcmd_stream_init_krb5(&cred->keyblock, encrypt_flag, 1);
-
-       if (status = krb5_c_enctype_compare(bsd_context, ENCTYPE_DES_CBC_CRC,
-                                           cred->keyblock.enctype, &similar))
-           try_normal(orig_argv); /* doesn't return */
-
-       if (!similar) {
+       if (kcmd_proto == KCMD_NEW_PROTOCOL) {
            do_inband = 1;
-           if (debug_port)
-               fprintf(stderr, "DEBUG: setting do_inband\n");
+
+           status = krb5_auth_con_getlocalsubkey (bsd_context, auth_context,
+                                                  &key);
+           if ((status || !key) && encrypt_flag)
+               try_normal(orig_argv);
        }
+       if (key == 0)
+           key = &cred->keyblock;
+
+       rcmd_stream_init_krb5(key, encrypt_flag, 1, 1, kcmd_proto);
     }
        
     rem = sock;
@@ -1035,13 +1054,15 @@ int signo;
  */
 writer()
 {
-    unsigned char c;
-    register n;
-    register bol = 1;               /* beginning of line */
-    register local = 0;
-    
+    int n_read;
+    char buf[1024];
+    int got_esc; /* set to true by read_wrapper if an escape char
+                   was encountered */
+    char c;
+
 #ifdef ultrix             
     fd_set waitread;
+    register n;
     
     /* we need to wait until the reader() has set up the terminal, else
        the read() below may block and not unblock when the terminal
@@ -1062,90 +1083,173 @@ writer()
          }
     }
 #endif /* ultrix */
+
+    /* This loop works as follows.  Call read_wrapper to get data until
+       we would block or until we read a cmdchar at the beginning of a line.
+       If got_esc is false, we just send everything we got back.  If got_esc 
+       is true, we send everything except the cmdchar at the end and look at 
+       the next char.  If its a "." we break out of the loop and terminate.
+       If its ^Z or ^Y we call stop with the value of the char and continue.
+       If its none of those, we send the cmdchar and then send the char we 
+       just read, unless that char is also the cmdchar (in which case we are
+       only supposed to send one of them).  When this loop ends, so does the
+       program.
+    */
+
     for (;;) {
-       n = read(0, &c, 1);
-       if (n <= 0) {
-           if (n < 0 && errno == EINTR)
-             continue;
+
+      /* read until we would block or we get a cmdchar */
+      n_read = read_wrapper(0,buf,sizeof(buf),&got_esc);
+  
+      /* if read returns an error or 0 bytes, just quit */
+      if (n_read <= 0) {
+       break;
+      }
+      
+      if (!got_esc) {
+       if (rcmd_stream_write(rem, buf, n_read, 0) == 0) {
+         prf("line gone");
+         break;
+       }
+       continue;
+      }
+      else {
+       /* This next test is necessary to avoid sending 0 bytes of data
+          in the event that we got just a cmdchar */
+       if (n_read > 1) {
+         if (rcmd_stream_write(rem, buf, n_read-1, 0) == 0) {
+           prf("line gone");
            break;
+         }
        }
-       /*
-        * If we're at the beginning of the line
-        * and recognize a command character, then
-        * we echo locally.  Otherwise, characters
-        * are echo'd remotely.  If the command
-        * character is doubled, this acts as a 
-        * force and local echo is suppressed.
-        */
-       if (bol) {
-           bol = 0;
-           if (c == cmdchar) {
-               bol = 0;
-               local = 1;
-               continue;
-           }
-       } else if (local) {
-           local = 0;
+       if (read_wrapper(0,&c,1,&got_esc) <= 0) {
+         break;
+       }
+
 #ifdef POSIX_TERMIOS
-           if (c == '.' || c == deftty.c_cc[VEOF]) {
+       if (c == '.' || c == deftty.c_cc[VEOF]) 
 #else
-           if (c == '.' || c == deftc.t_eofc) {
+         if (c == '.' || c == deftc.t_eofc) 
 #endif
-               if (confirm_death()) {
-                   echo(c);
-                   break;
-               }
-           }
-#ifdef TIOCGLTC
-           if ((c == defltc.t_suspc || c == defltc.t_dsuspc)
-               && !no_local_escape) {
-               bol = 1;
+           {
+             if (confirm_death()) {
                echo(c);
-               stop(c);
-               continue;
+               break; 
+             }
            }
+
+#ifdef TIOCGLTC
+       if ((c == defltc.t_suspc || c == defltc.t_dsuspc)
+           && !no_local_escape) {
+         echo(c);
+         stop(c);
+         continue;
+       }
 #else
 #ifdef POSIX_TERMIOS
-           if ( (
-                 (c == deftty.c_cc[VSUSP]) 
+       if ( (
+             (c == deftty.c_cc[VSUSP]) 
 #ifdef VDSUSP
-                 || (c == deftty.c_cc[VDSUSP]) 
+             || (c == deftty.c_cc[VDSUSP]) 
 #endif
-                 )
-               && !no_local_escape) {
-             bol = 1;
-             echo(c);
-             stop(c);
-             continue;
-           }
+             )
+            && !no_local_escape) {
+         echo(c);
+         stop(c);
+         continue;
+       }
 #endif
 #endif
-
-           if (c != cmdchar)
-             (void) rcmd_stream_write(rem, &cmdchar, 1);
+      
+       if (c != cmdchar) {
+         rcmd_stream_write(rem, &cmdchar, 1, 0);
        }
-       if (rcmd_stream_write(rem, &c, 1) == 0) {
-           prf("line gone");
-           break;
+
+       if (rcmd_stream_write(rem,&c,1,0) == 0) {
+         prf("line gone");
+         break;
        }
+      }
+    }
+}
+
+/* This function reads up to size bytes from file desciptor fd into buf.
+   It will copy as much data as it can without blocking, but will never
+   copy more than size bytes.  In addition, if it encounters a cmdchar
+   at the beginning of a line, it will copy everything up to and including
+   the cmdchar, but nothing after that.  In this instance *esc_char is set
+   to true and any remaining data is buffered and copied on a subsequent 
+   call.  Otherwise, *esc_char will be set to false and the minimum of size,
+   1024, and the number of bytes that can be read without blocking will
+   be copied.  In all cases, a non-negative return value indicates the number 
+   of bytes actually copied and a return value of -1 indicates that there
+   was a read error (other than EINTR) and errno is set appropriately. 
+*/
+
+int read_wrapper(fd,buf,size,got_esc) 
+     int fd;
+     char *buf;
+     int size;
+     int *got_esc;
+{
+  static char tbuf[1024];
+  static char *data_start = tbuf;
+  static char *data_end = tbuf;
+  static int bol = 1;
+  int return_length = 0;
+  char c;
+
+  /* if we have no data buffered, get more */
+  if (data_start == data_end) {
+    int n_read;
+    while ((n_read = read(fd, tbuf, sizeof(tbuf))) <= 0) {
+      if (n_read < 0 && errno == EINTR)
+       continue;
+      return n_read;
+    }
+    data_start = tbuf;
+    data_end = tbuf+n_read;
+  }
+
+  *got_esc = 0;
+
+  /* We stop when we've fully checked the buffer or have checked size
+     bytes.  We break out and set *got_esc if we encounter a cmdchar
+     at the beginning of a line.
+  */
+
+  while (data_start+return_length < data_end && return_length < size) {
+    
+    c = *(data_start+return_length);
+    return_length++;
+
+    if (bol == 1 && c == cmdchar) {
+      bol = 0;
+      *got_esc = 1;
+      break;
+    }
+
 #ifdef POSIX_TERMIOS
-       bol = (c == deftty.c_cc[VKILL] ||
-              c == deftty.c_cc[VINTR] ||
-              c == '\r' || c == '\n');
+    bol = (c == deftty.c_cc[VKILL] ||
+          c == deftty.c_cc[VINTR] ||
+          c == '\r' || c == '\n');
 #ifdef TIOCGLTC
-       if (!bol)
-         bol = (c == defltc.t_suspc);
+    if (!bol)
+      bol = (c == defltc.t_suspc);
 #endif
+       
 #else /* !POSIX_TERMIOS */
-       bol = c == defkill || c == deftc.t_eofc ||
-         c == deftc.t_intrc || c == defltc.t_suspc ||
-           c == '\r' || c == '\n';
+    bol = c == defkill || c == deftc.t_eofc ||
+      c == deftc.t_intrc || c == defltc.t_suspc ||
+      c == '\r' || c == '\n';
 #endif
-    }
+  }
+   
+  memcpy(buf, data_start, return_length);
+  data_start = data_start + return_length;
+  return return_length;
 }
 
-
-
 echo(c)
      register char c;
 {
@@ -1239,7 +1343,7 @@ sendwindow()
     wp->ws_col = htons(winsize.ws_col);
     wp->ws_xpixel = htons(winsize.ws_xpixel);
     wp->ws_ypixel = htons(winsize.ws_ypixel);
-    (void) rcmd_stream_write(rem, obuf, sizeof(obuf));
+    (void) rcmd_stream_write(rem, obuf, sizeof(obuf), 0);
 }
 
 
@@ -1458,7 +1562,7 @@ fd_set readset, excset, writeset;
                bufp += n;
            }
            if (FD_ISSET(rem, &readset)) {
-               rcvcnt = rcmd_stream_read(rem, rcvbuf, sizeof (rcvbuf));
+               rcvcnt = rcmd_stream_read(rem, rcvbuf, sizeof (rcvbuf), 0);
                if (rcvcnt == 0)
                    return (0);
                if (rcvcnt < 0)
index e37b84cc894c306a3d7f7915be6420d060c39cdb..d2748849919840c9febab71cfaa604f0818d7226 100644 (file)
@@ -250,6 +250,7 @@ AUTH_DAT    *v4_kdata;
 Key_schedule v4_schedule;
 
 #include "com_err.h"
+#include "defines.h"
      
 #define SECURE_MESSAGE  "This rlogin session is using DES encryption for all data transmissions.\r\n"
 
@@ -815,7 +816,7 @@ void doit(f, fromp)
                                    stripdomain, always_ip,
                                    &rhost_sane);
     if (retval)
-        fatalperror(2, "failed make_sane_hostname");
+        fatalperror(f, "failed make_sane_hostname");
     if (passwd_req)
         execl(login_program, "login", "-p", "-h", rhost_sane,
           lusername, 0);
@@ -825,8 +826,9 @@ void doit(f, fromp)
 #else /* USE_LOGIN_F */
        execl(login_program, "login", "-r", rhost_sane, 0);
 #endif /* USE_LOGIN_F */
-       
-       fatalperror(2, login_program);
+       syslog(LOG_ERR, "failed exec of %s: %s",
+              login_program, error_message(errno));
+       fatalperror(f, login_program);
        /*NOTREACHED*/
     } /* if (pid == 0) */
 
@@ -850,7 +852,7 @@ void doit(f, fromp)
     
 #if defined(KERBEROS) 
     if (do_encrypt) {
-       if (rcmd_stream_write(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE)) < 0){
+       if (rcmd_stream_write(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE), 0) < 0){
            sprintf(buferror, "Cannot encrypt-write network.");
            fatal(p,buferror);
        }
@@ -918,11 +920,11 @@ int sendoob(fd, byte)
        message[3] = 'o';
        message[4] = *byte;
 
-       cc = rcmd_stream_write(fd, message, sizeof(message));
+       cc = rcmd_stream_write(fd, message, sizeof(message), 0);
        while (cc < 0 && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
            /* also shouldn't happen */
            sleep(5);
-           cc = rcmd_stream_write(fd, message, sizeof(message));
+           cc = rcmd_stream_write(fd, message, sizeof(message), 0);
        }
     } else {
        send(fd, byte, 1, MSG_OOB);
@@ -1033,7 +1035,7 @@ void protocol(f, p)
        }
 #define        pkcontrol(c)    ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
        if (FD_ISSET(f, &ibits)) {
-           fcc = rcmd_stream_read(f, fibuf, sizeof (fibuf));
+           fcc = rcmd_stream_read(f, fibuf, sizeof (fibuf), 0);
            if (fcc < 0 && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
                fcc = 0;
            } else {
@@ -1121,7 +1123,7 @@ void protocol(f, p)
        }
 
        if (FD_ISSET(f, &obits) && pcc > 0) {
-           cc = rcmd_stream_write(f, pbp, pcc);
+           cc = rcmd_stream_write(f, pbp, pcc, 0);
            if (cc < 0 && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
                /* also shouldn't happen */
                sleep(5);
@@ -1160,7 +1162,7 @@ void fatal(f, msg)
     buf[0] = '\01';            /* error indicator */
     (void) sprintf(buf + 1, "%s: %s.\r\n",progname, msg);
     if ((f == netf) && (pid > 0))
-      (void) rcmd_stream_write(f, buf, strlen(buf));
+      (void) rcmd_stream_write(f, buf, strlen(buf), 0);
     else
       (void) write(f, buf, strlen(buf));
     syslog(LOG_ERR,"%s\n",msg);
@@ -1377,9 +1379,11 @@ recvauth(valid_checksum)
     int len;
     krb5_data inbuf;
     char v4_instance[INST_SZ]; /* V4 Instance */
-    char v4_version[9];
+    krb5_data version;
     krb5_authenticator *authenticator;
     krb5_rcache rcache;
+    enum kcmd_proto kcmd_proto;
+    krb5_keyblock *key;
 
     *valid_checksum = 0;
     len = sizeof(laddr);
@@ -1423,8 +1427,8 @@ recvauth(valid_checksum)
        if (status) return status;
     }
 
-    if ((status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
-                                 "KCMDV0.1",
+    if ((status = krb5_compat_recvauth_version(bsd_context, &auth_context,
+                                              &netf,
                                  NULL,         /* Specify daemon principal */
                                  0,            /* no flags */
                                  keytab, /* normally NULL to use v5srvtab */
@@ -1438,8 +1442,8 @@ recvauth(valid_checksum)
 
                                  &ticket,      /* return ticket */
                                  &auth_sys,    /* which authentication system*/
-                                 &v4_kdata, v4_schedule, v4_version))) {
-
+                                 &v4_kdata, v4_schedule,
+                                              &version))) {
        if (auth_sys == KRB5_RECVAUTH_V5) {
            /*
             * clean up before exiting
@@ -1453,7 +1457,25 @@ recvauth(valid_checksum)
 
     getstr(netf, lusername, sizeof (lusername), "locuser");
     getstr(netf, term, sizeof(term), "Terminal type");
-    if ((auth_sys == KRB5_RECVAUTH_V5) && !checksum_ignored) {
+
+    kcmd_proto = KCMD_UNKNOWN_PROTOCOL;
+    if (auth_sys == KRB5_RECVAUTH_V5) {
+       if (version.length != 9) {
+           fatal (netf, "bad application version length");
+       }
+       if (!memcmp (version.data, "KCMDV0.1", 9))
+           kcmd_proto = KCMD_OLD_PROTOCOL;
+       else if (!memcmp (version.data, "KCMDV0.2", 9))
+           kcmd_proto = KCMD_NEW_PROTOCOL;
+    }
+#ifdef KRB5_KRB4_COMPAT
+    if (auth_sys == KRB5_RECVAUTH_V4)
+       kcmd_proto = KCMD_V4_PROTOCOL;
+#endif
+
+    if ((auth_sys == KRB5_RECVAUTH_V5)
+       && !(checksum_ignored
+            && kcmd_proto == KCMD_OLD_PROTOCOL)) {
       
       if ((status = krb5_auth_con_getauthenticator(bsd_context, auth_context,
                                                   &authenticator)))
@@ -1500,7 +1522,8 @@ recvauth(valid_checksum)
          * Assume it to be the same as the first component of the
         * principal's name. 
          */
-       strcpy(rusername, v4_kdata->pname);
+       strncpy(rusername, v4_kdata->pname, sizeof(rusername) - 1);
+       rusername[sizeof(rusername) - 1] = '\0';
 
        status = krb5_425_conv_principal(bsd_context, v4_kdata->pname,
                                         v4_kdata->pinst, v4_kdata->prealm,
@@ -1519,22 +1542,20 @@ recvauth(valid_checksum)
                                      &client)))
        return status;
 
-    rcmd_stream_init_krb5(ticket->enc_part2->session, do_encrypt, 1);
-
-    {
-       krb5_boolean similar;
-
-       if (status = krb5_c_enctype_compare(bsd_context, ENCTYPE_DES_CBC_CRC,
-                                          ticket->enc_part2->session->enctype,
-                                          &similar))
-         return(status);
+    key = 0;
+    status = krb5_auth_con_getremotesubkey (bsd_context, auth_context, &key);
+    if (status)
+       fatal (netf, "Server can't get session subkey");
+    if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL)
+       fatal (netf, "No session subkey sent");
+    if (key && kcmd_proto == KCMD_OLD_PROTOCOL)
+       fatal (netf, "Session subkey not permitted under old kcmd protocol");
+    if (key == 0)
+       key = ticket->enc_part2->session;
 
-       if (!similar) {
-         do_inband = 1;
-         syslog(LOG_DEBUG, "setting do_inband");
-       }
-    }
+    rcmd_stream_init_krb5 (key, do_encrypt, 1, 0, kcmd_proto);
 
+    do_inband = (kcmd_proto == KCMD_NEW_PROTOCOL);
 
     getstr(netf, rusername, sizeof(rusername), "remuser");
 
index 9d602b22ac85e368571bc87565cbcc8f549f9267..c1741d85620600433de0ec38fd3b3d4ddea6dc3d 100644 (file)
@@ -93,8 +93,6 @@ krb5_sigtype  sendsig();
 #define UCB_RSH "/usr/ucb/rsh"
 #endif
 
-
-
 krb5_context bsd_context;
 krb5_creds *cred;
 
@@ -137,7 +135,7 @@ main(argc, argv0)
     struct servent *sp;
     struct servent defaultservent;
     struct sockaddr_in local, foreign;
-    int suppress;
+    int suppress = 0;
 
 #ifdef POSIX_SIGNALS
     sigset_t omask, igmask;
@@ -148,6 +146,7 @@ main(argc, argv0)
 #ifdef KERBEROS
     krb5_flags authopts;
     krb5_error_code status;
+    krb5_auth_context auth_context;
     int fflag = 0, Fflag = 0;
 #ifdef KRB5_KRB4_COMPAT
     KTEXT_ST v4_ticket;
@@ -155,6 +154,7 @@ main(argc, argv0)
 #endif
 #endif  /* KERBEROS */
     int debug_port = 0;
+    enum kcmd_proto kcmd_proto = KCMD_PROTOCOL_COMPAT_HACK;
 
     memset(&defaultservent, 0, sizeof(struct servent));
     if (strrchr(argv[0], '/'))
@@ -239,6 +239,16 @@ main(argc, argv0)
        argv++, argc--;
        goto another;
     }
+    if (argc > 0 && !strcmp(*argv, "-PO")) {
+       argv++, argc--;
+       kcmd_proto = KCMD_OLD_PROTOCOL;
+       goto another;
+    }
+    if (argc > 0 && !strcmp(*argv, "-PN")) {
+       argv++, argc--;
+       kcmd_proto = KCMD_NEW_PROTOCOL;
+       goto another;
+    }
 #endif  /* KERBEROS */
     /*
      * Ignore the -L, -w, -e and -8 flags to allow aliases with rlogin
@@ -367,10 +377,15 @@ main(argc, argv0)
                  0,           /* No need for sequence number */
                  0,           /* No need for server seq # */
                  &local, &foreign,
-                 authopts,
+                 &auth_context, authopts,
                  1,    /* Always set anyport, there is no need not to. --proven */
-                 suppress);
+                 suppress,
+                 &kcmd_proto);
     if (status) {
+       /* If new protocol requested, don't fall back to less secure
+          ones.  */
+       if (kcmd_proto == KCMD_NEW_PROTOCOL)
+           exit (1);
 #ifdef KRB5_KRB4_COMPAT
        /* No encrypted Kerberos 4 rsh. */
        if (encrypt_flag)
@@ -391,8 +406,24 @@ main(argc, argv0)
 #else
        try_normal(argv0);
 #endif
-    } else
-       rcmd_stream_init_krb5(&cred->keyblock, encrypt_flag, 0);
+    } else {
+       krb5_keyblock *key = &cred->keyblock;
+
+       if (kcmd_proto == KCMD_NEW_PROTOCOL) {
+           status = krb5_auth_con_getlocalsubkey (bsd_context, auth_context,
+                                                  &key);
+           if (status) {
+               com_err (argv[0], status, "determining subkey for session");
+               exit (1);
+           }
+           if (!key) {
+               com_err (argv[0], 0, "no subkey negotiated for connection");
+               exit (1);
+           }
+       }
+
+       rcmd_stream_init_krb5(key, encrypt_flag, 0, 1, kcmd_proto);
+    }
 
 #ifdef HAVE_ISATTY
     if(encrypt_flag&&isatty(2)) {
@@ -489,7 +520,7 @@ main(argc, argv0)
        }
        if (FD_ISSET(rem, &rembits) == 0)
          goto rewrite;
-       wc = rcmd_stream_write(rem, bp, cc);
+       wc = rcmd_stream_write(rem, bp, cc, 0);
        if (wc < 0) {
            if ((errno == EWOULDBLOCK) || (errno == EAGAIN))
              goto rewrite;
@@ -524,7 +555,7 @@ main(argc, argv0)
        }
        if (FD_ISSET(rfd2, &ready)) {
            errno = 0;
-           cc = rcmd_stream_read(rfd2, buf, sizeof buf);
+           cc = rcmd_stream_read(rfd2, buf, sizeof buf, 1);
            if (cc <= 0) {
                if ((errno != EWOULDBLOCK) && (errno != EAGAIN))
                    FD_CLR(rfd2, &readfrom);
@@ -533,7 +564,7 @@ main(argc, argv0)
        }
        if (FD_ISSET(rem, &ready)) {
            errno = 0;
-           cc = rcmd_stream_read(rem, buf, sizeof buf);
+           cc = rcmd_stream_read(rem, buf, sizeof buf, 0);
            if (cc <= 0) {
                if ((errno != EWOULDBLOCK) && (errno != EAGAIN))
                    FD_CLR(rem, &readfrom);
@@ -546,9 +577,9 @@ main(argc, argv0)
     exit(0);
   usage:
     fprintf(stderr,
-           "usage: \trsh host [ -l login ] [ -n ] [ -x ] [ -f / -F] command\n");
+           "usage: \trsh host [ -PN / -PO ] [ -l login ] [ -n ] [ -x ] [ -f / -F] command\n");
     fprintf(stderr,
-           "OR \trsh [ -l login ] [-n ] [ -x ] [ -f / -F ] host command\n");
+           "OR \trsh [ -PN / -PO ] [ -l login ] [-n ] [ -x ] [ -f / -F ] host command\n");
     exit(1);
 }
 
@@ -557,7 +588,7 @@ main(argc, argv0)
 krb5_sigtype sendsig(signo)
      char signo;
 {
-    (void) rcmd_stream_write(rfd2, &signo, 1);
+    (void) rcmd_stream_write(rfd2, &signo, 1, 1);
 }
 
 
index 3844087bb533b36fafef64974d4eda14a67807c8..7bd8dbf8f41ee9ecdb842c66e3bbb889ff31cedc 100644 (file)
@@ -48,8 +48,8 @@ char copyright[] =
  * or by the name of the daemon. If command-line arguments are present, they 
  * take priority. The options are:
  * -k means trust krb4 or krb5
-* -5 means trust krb5
-* -4 means trust krb4 (using .klogin)
+ * -5 means trust krb5
+ * -4 means trust krb4 (using .klogin)
  * 
  */
      
@@ -73,9 +73,7 @@ char copyright[] =
 #define SERVE_NON_KRB     
 #define LOG_REMOTE_REALM
 #define LOG_CMD
-#include "defines.h"
    
-  
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -162,6 +160,18 @@ char copyright[] =
 Key_schedule v4_schedule;
 #endif
 
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#if defined(_PATH_NOLOGIN)
+#define NOLOGIN                _PATH_NOLOGIN
+#else
+#define NOLOGIN                "/etc/nologin"
+#endif
+
+#include "defines.h"
+
 #if HAVE_ARPA_NAMESER_H
 #include <arpa/nameser.h>
 #endif
@@ -1119,7 +1129,7 @@ void doit(f, fromp)
        goto signout_please;
     }
     
-    if (pwd->pw_uid && !access("/etc/nologin", F_OK)) {
+    if (pwd->pw_uid && !access(NOLOGIN, F_OK)) {
        error("Logins currently disabled.\n");
        goto signout_please;
     }
@@ -1245,7 +1255,7 @@ if(port)
                        shutdown(s, 1+1);
                        FD_CLR(pv[0], &readfrom);
                    } else {
-                       (void) rcmd_stream_write(s, buf, cc);
+                       (void) rcmd_stream_write(s, buf, cc, 1);
                    }
                }
                if (FD_ISSET(pw[0], &ready)) {
@@ -1256,12 +1266,12 @@ if(port)
                        shutdown(f, 1+1);
                        FD_CLR(pw[0], &readfrom);
                    } else {
-                       (void) rcmd_stream_write(f, buf, cc);
+                       (void) rcmd_stream_write(f, buf, cc, 0);
                    }
                }
                if (port&&FD_ISSET(s, &ready)) {
                    /* read from the alternate channel, signal the child */
-                   if (rcmd_stream_read(s, &sig, 1) <= 0) {
+                   if (rcmd_stream_read(s, &sig, 1, 1) <= 0) {
                        FD_CLR(s, &readfrom);
                    } else {
 #ifdef POSIX_SIGNALS
@@ -1277,7 +1287,7 @@ if(port)
                if (FD_ISSET(f, &ready)) {
                    /* read from the net, write to child stdin */
                    errno = 0;
-                   cc = rcmd_stream_read(f, buf, sizeof(buf));
+                   cc = rcmd_stream_read(f, buf, sizeof(buf), 0);
                    if (cc <= 0) {
                        (void) close(px[1]);
                        FD_CLR(f, &readfrom);
@@ -1468,15 +1478,16 @@ if(port)
         strcpy((char *) cmdbuf + offst, kprogdir);
        cp = copy + 3 + offst;
 
+       cmdbuf[sizeof(cmdbuf) - 1] = '\0';
        if (auth_sys == KRB5_RECVAUTH_V4) {
-         strcat(cmdbuf, "/v4rcp");
+         strncat(cmdbuf, "/v4rcp", sizeof(cmdbuf) - 1 - strlen(cmdbuf));
        } else {
-         strcat(cmdbuf, "/rcp");
+         strncat(cmdbuf, "/rcp", sizeof(cmdbuf) - 1 - strlen(cmdbuf));
        }
        if (stat((char *)cmdbuf + offst, &s) >= 0)
-         strcat(cmdbuf, cp);
+         strncat(cmdbuf, cp, sizeof(cmdbuf) - 1 - strlen(cmdbuf));
        else
-         strcpy(cmdbuf, copy);
+         strncpy(cmdbuf, copy, sizeof(cmdbuf) - 1 - strlen(cmdbuf));
        free(copy);
     }
 #endif
@@ -1775,7 +1786,6 @@ recvauth(netf, peersin, valid_checksum)
     krb5_data inbuf;
 #ifdef KRB5_KRB4_COMPAT
     char v4_instance[INST_SZ]; /* V4 Instance */
-    char v4_version[9];
 #endif
     krb5_authenticator *authenticator;
     krb5_ticket        *ticket;
@@ -1783,6 +1793,8 @@ recvauth(netf, peersin, valid_checksum)
     struct passwd *pwd;
     uid_t uid;
     gid_t gid;
+    enum kcmd_proto kcmd_proto;
+    krb5_data version;
 
     *valid_checksum = 0;
     len = sizeof(laddr);
@@ -1828,8 +1840,7 @@ recvauth(netf, peersin, valid_checksum)
     }
 
 #ifdef KRB5_KRB4_COMPAT
-    status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
-                                 "KCMDV0.1",
+    status = krb5_compat_recvauth_version(bsd_context, &auth_context, &netf,
                                  NULL,         /* Specify daemon principal */
                                  0,            /* no flags */
                                  keytab, /* normally NULL to use v5srvtab */
@@ -1842,14 +1853,14 @@ recvauth(netf, peersin, valid_checksum)
 
                                  &ticket,      /* return ticket */
                                  &auth_sys,    /* which authentication system*/
-                                 &v4_kdata, 0, v4_version);
+                                 &v4_kdata, 0, &version);
 #else
-    status = krb5_recvauth(bsd_context, &auth_context, &netf,
-                           "KCMDV0.1",
-                           NULL,        /* daemon principal */
-                           0,           /* no flags */
-                          keytab,      /* normally NULL to use v5srvtab */
-                          &ticket);    /* return ticket */
+    status = krb5_recvauth_version(bsd_context, &auth_context, &netf,
+                                  NULL,        /* daemon principal */
+                                  0,           /* no flags */
+                                  keytab,      /* normally NULL to use v5srvtab */
+                                  &ticket,    /* return ticket */
+                                  &version); /* application version string */
     auth_sys = KRB5_RECVAUTH_V5;
 #endif
 
@@ -1891,6 +1902,14 @@ recvauth(netf, peersin, valid_checksum)
 
     /* Must be V5  */
        
+    kcmd_proto = KCMD_UNKNOWN_PROTOCOL;
+    if (version.length != 9)
+       fatal (netf, "bad application version length");
+    if (!memcmp (version.data, "KCMDV0.1", 9))
+       kcmd_proto = KCMD_OLD_PROTOCOL;
+    if (!memcmp (version.data, "KCMDV0.2", 9))
+       kcmd_proto = KCMD_NEW_PROTOCOL;
+
     getstr(netf, remuser, sizeof(locuser), "remuser");
 
     if ((status = krb5_unparse_name(bsd_context, ticket->enc_part2->client, 
@@ -1939,7 +1958,21 @@ recvauth(netf, peersin, valid_checksum)
 
     if (!strncmp(cmdbuf, "-x ", 3))
        do_encrypt = 1;
-    rcmd_stream_init_krb5(ticket->enc_part2->session, do_encrypt, 0);
+
+    {
+       krb5_keyblock *key;
+       status = krb5_auth_con_getremotesubkey (bsd_context, auth_context,
+                                               &key);
+       if (status)
+           fatal (netf, "Server can't get session subkey");
+       if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL)
+           fatal (netf, "No session subkey sent");
+       if (key && kcmd_proto == KCMD_OLD_PROTOCOL)
+           fatal (netf, "Session subkey not allowed in old kcmd protocol");
+       if (key == 0)
+           key = ticket->enc_part2->session;
+       rcmd_stream_init_krb5 (key, do_encrypt, 0, 0, kcmd_proto);
+    }
 
     /* Null out the "session" because kcmd.c references the session
      * key here, and we do not want krb5_free_ticket() to destroy it. */
@@ -1990,7 +2023,7 @@ void fatal(f, msg)
     buf[0] = '\01';             /* error indicator */
     (void) sprintf(buf + 1, "%s: %s.\r\n",progname, msg);
     if ((f == netf) && (pid > 0))
-      (void) rcmd_stream_write(f, buf, strlen(buf));
+      (void) rcmd_stream_write(f, buf, strlen(buf), 0);
     else
       (void) write(f, buf, strlen(buf));
     syslog(LOG_ERR,"%s\n",msg);
index f48fd0c40b608308f1e746b6549b891962b6e938..bcbddab38eea5f91ead2b1e1d1e3665674d1bcf5 100644 (file)
@@ -74,7 +74,7 @@ Attempt to run aklog. Default value true.
 .IP aklog_path
 Where to find it [not yet implemented.] Default value 
 .I $(prefix)/bin/aklog.
-.IP accept_passwd = 0
+.IP accept_passwd
 Don't accept plaintext passwords [not yet implemented]. Default value false.
 
 .SH DIAGNOSTICS
index 40af3ce60d3b9486df9fd81c19cb7289e33ec598..826ea8a182f5d7d334e9779fbedc8dec6ba705d5 100644 (file)
@@ -517,6 +517,7 @@ void k_init (ttyn)
     if (!getenv(KRB5_ENV_CCNAME)) {
        sprintf(ccfile, "FILE:/tmp/krb5cc_p%d", getpid());
        setenv(KRB5_ENV_CCNAME, ccfile, 1);
+       krb5_cc_set_default_name(kcontext, ccfile);
        unlink(ccfile+strlen("FILE:"));
     } else {
        /* note it correctly */
@@ -619,9 +620,10 @@ int have_v5_tickets (me)
 #endif /* KRB5_GET_TICKETS */
 
 #ifdef KRB4_CONVERT
-try_convert524 (kcontext, me)
-     krb5_context kcontext;
-     krb5_principal me;
+try_convert524(kcontext, me, use_ccache)
+    krb5_context kcontext;
+    krb5_principal me;
+    int use_ccache;
 {
     krb5_principal kpcserver;
     krb5_error_code kpccode;
@@ -632,38 +634,45 @@ try_convert524 (kcontext, me)
 
     /* or do this directly with krb524_convert_creds_kdc */
     krb524_init_ets(kcontext);
-    /* cc->ccache, already set up */
-    /* client->me, already set up */
-    if ((kpccode = krb5_build_principal(kcontext,
-                                       &kpcserver, 
-                                       krb5_princ_realm(kcontext, me)->length,
-                                       krb5_princ_realm(kcontext, me)->data,
-                                       "krbtgt",
-                                       krb5_princ_realm(kcontext, me)->data,
-                                       NULL))) {
-      com_err("login/v4", kpccode,
-             "while creating service principal name");
-      return 0;
-    }
 
-    memset((char *) &increds, 0, sizeof(increds));
-    increds.client = me;
-    increds.server = kpcserver;
-    increds.times.endtime = 0;
-    increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
-    if ((kpccode = krb5_get_credentials(kcontext, 0, 
-                                       ccache,
-                                       &increds, 
-                                       &v5creds))) {
-       com_err("login/v4", kpccode,
-               "getting V5 credentials");
-       return 0;
-    }
-    if ((kpccode = krb524_convert_creds_kdc(kcontext, 
-                                           v5creds,
-                                           &v4creds))) {
-       com_err("login/v4", kpccode, 
-               "converting to V4 credentials");
+    /* If we have forwarded v5 tickets, retrieve the credentials from
+     * the cache; otherwise, the v5 credentials are in my_creds.
+     */
+    if (use_ccache) {
+       /* cc->ccache, already set up */
+       /* client->me, already set up */
+       kpccode = krb5_build_principal(kcontext, &kpcserver, 
+                                      krb5_princ_realm(kcontext, me)->length,
+                                      krb5_princ_realm(kcontext, me)->data,
+                                      "krbtgt",
+                                      krb5_princ_realm(kcontext, me)->data,
+                                      NULL);
+       if (kpccode) {
+           com_err("login/v4", kpccode,
+                   "while creating service principal name");
+           return 0;
+       }
+
+       memset((char *) &increds, 0, sizeof(increds));
+       increds.client = me;
+       increds.server = kpcserver;
+       increds.times.endtime = 0;
+       increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+       kpccode = krb5_get_credentials(kcontext, 0, ccache,
+                                      &increds, &v5creds);
+       krb5_free_principal(kcontext, kpcserver);
+       increds.server = NULL;
+       if (kpccode) {
+           com_err("login/v4", kpccode, "getting V5 credentials");
+           return 0;
+       }
+
+       kpccode = krb524_convert_creds_kdc(kcontext, v5creds, &v4creds);
+       krb5_free_creds(kcontext, v5creds);
+    } else
+       kpccode = krb524_convert_creds_kdc(kcontext, &my_creds, &v4creds);
+    if (kpccode) {
+       com_err("login/v4", kpccode, "converting to V4 credentials");
        return 0;
     }
     /* this is stolen from the v4 kinit */
@@ -913,8 +922,9 @@ afs_login ()
        struct stat st;
        /* construct the name */
        /* get this from profile later */
-       strcpy (aklog_path, KPROGDIR);
-       strcat (aklog_path, "/aklog");
+       aklog_path[sizeof(aklog_path) - 1] = '\0';
+       strncpy (aklog_path, KPROGDIR, sizeof(aklog_path) - 1);
+       strncat (aklog_path, "/aklog", sizeof(aklog_path) - 1 - strlen(aklog_path));
        /* only run it if we can find it */
        if (stat (aklog_path, &st) == 0) {
            system(aklog_path);
@@ -1448,7 +1458,7 @@ int main(argc, argv)
 #if defined(KRB5_GET_TICKETS) && defined(KRB4_CONVERT)
     if (login_krb4_convert && !got_v4_tickets) {
        if (got_v5_tickets||forwarded_v5_tickets)
-           try_convert524 (kcontext, me);
+           try_convert524(kcontext, me, forwarded_v5_tickets);
     }
 #endif
 
@@ -1746,8 +1756,10 @@ int main(argc, argv)
 
 #ifdef KRB5_GET_TICKETS
     /* ccfile[0] is only set if we got tickets above */
-    if (login_krb5_get_tickets && ccfile[0])
+    if (login_krb5_get_tickets && ccfile[0]) {
        (void) setenv(KRB5_ENV_CCNAME, ccfile, 1);
+       krb5_cc_set_default_name(kcontext, ccfile);
+    }
 #endif /* KRB5_GET_TICKETS */
 
     if (tty[sizeof("tty")-1] == 'd')
index 46267a5dd6b6b3224825740bf2ce4a174f73d62a..e047db5d653add11e4b17ecfce091998208f7780 100644 (file)
@@ -24,11 +24,13 @@ rcp \- remote file copy
 .B rcp
 [\fB\-p\fP] [\fB\-x\fP] [\fB\-k\fP \fIrealm\fP ] [\fB\-D\fP \fIport\fP]
 [\fB\-N\fP]
+[\fB\-PN | \-PO\fP]
 .I file1 file2
 .sp
 .B rcp
 [\fB\-p\fB] [\fB\-x\fP] [\fP\-k\fP \fIrealm\fP] [\fB\-r\fP] [\fB\-D\fP
 \fIport\fP] [\fB\-N\fP]
+[\fB\-PN | \-PO\fP]
 .I file ... directory
 .SH DESCRIPTION
 .B Rcp
@@ -93,6 +95,16 @@ instead of the remote host's realm as determined by
 if any of the source files are directories, copy each subtree rooted at
 that name; in this case the destination must be a directory.
 .TP
+\fB-PN\fP
+.TP
+\fB-PO\fP
+Explicitly request new or old version of the Kerberos ``rcmd''
+protocol.  The new protocol avoids many security problems found in the
+old one, but is not interoperable with older servers.  (An
+"input/output error" and a closed connection is the most likely result
+of attempting this combination.)  If neither option is specified, some
+simple heuristics are used to guess which to try.
+.TP
 \fB\-D\fP \fIport\fP
 connect to port
 .I port
index 79ac327b148a1b6a965a24fd9678d7cede92382a..601fe460b41ba41bd8cf2ca3ac88f33f38bac81e 100644 (file)
@@ -25,6 +25,7 @@ rlogin \- remote login
 .I rhost
 [\fB\-e\fP\fI\|c\fP] [\fB\-8\fP] [\fB\-c\fP] [ \fB\-a\fP] [\fB\-f\fP]
 [\fB\-F\fP] [\fB\-t\fP \fItermtype\fP] [\fB\-n\fP] [\fB\-7\fP]
+[\fB\-PN | \-PO\fP]
 [\fB\-d\fP] [\fB\-k\fP \fIrealm\fP] [\fB\-x\fP] [\fB\-L\fP] [\fB\-l\fP
 \fIusername\fP]
 .PP
@@ -133,6 +134,16 @@ instead of the remote host's realm as determined by
 turn on DES encryption for all data passed via the rlogin session.  This
 significantly reduces response time and significantly increases CPU
 utilization.
+.TP
+\fB-PN\fP
+.TP
+\fB-PO\fP
+Explicitly request new or old version of the Kerberos ``rcmd''
+protocol.  The new protocol avoids many security problems found in the
+old one, but is not interoperable with older servers.  (An
+"input/output error" and a closed connection is the most likely result
+of attempting this combination.)  If neither option is specified, some
+simple heuristics are used to guess which to try.
 .SH SEE ALSO
 rsh(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3), rlogin(1) [UCB
 version]
index 2b342c3d2ab6876f590e3da4e29f04a2b41e8820..11a7290f5ecd726deb457b068441982b8b6679c5 100644 (file)
@@ -25,6 +25,7 @@ rsh \- remote shell
 .I host
 [\fB\-l\fP \fIusername\fP] [\fB\-n\fP] [\fB\-d\fP] [\fB\-k\fP
 \fIrealm\fP] [\fB\-f\fP | \fB\-F\fP] [\fB\-x\fP]
+[\fB\-PN | \-PO\fP]
 .I command
 .SH DESCRIPTION
 .B Rsh
@@ -101,6 +102,16 @@ on the TCP sockets used for communication with the remote host.
 redirects input from the special device
 .I /dev/null
 (see the BUGS section below).
+.TP
+\fB-PN\fP
+.TP
+\fB-PO\fP
+Explicitly request new or old version of the Kerberos ``rcmd''
+protocol.  The new protocol avoids many security problems found in the
+old one, but is not interoperable with older servers.  (An
+"input/output error" and a closed connection is the most likely result
+of attempting this combination.)  If neither option is specified, some
+simple heuristics are used to guess which to try.
 .PP
 If you omit
 .IR command ,
index 36754deadcb6c88e4b3b7dc74527f093277dcca4..32677835050770414c061221c62b4a8de58d6d3a 100644 (file)
@@ -208,7 +208,7 @@ int kstream_read(krem, buf, len)
       /* decrypt it */
       des_pcbc_encrypt ((des_cblock *)krem->retbuf, 
                        (des_cblock *)krem->retbuf, 
-                       sz, *krem->sched, *krem->ivec, 
+                       sz, *krem->sched, krem->ivec, 
                        DECRYPT);
 
       /* now retbuf has sz bytes, return len or x of them to the user */
@@ -265,7 +265,7 @@ int kstream_write(krem, buf, len)
       abort ();
     /* memset(outbuf+4+4, 0x42, BUFSIZ); */
     st = des_pcbc_encrypt ((des_cblock *)buf, (des_cblock *)(krem->outbuf+4+4), outlen,
-                          *krem->sched, *krem->ivec, ENCRYPT);
+                          *krem->sched, krem->ivec, ENCRYPT);
 
     if (st) abort();
     return write(krem->write_fd, krem->outbuf+4, 4+outlen);
@@ -400,6 +400,7 @@ int main(argc, argv)
                        if (argc == 0) 
                          usage();
                        strncpy(krb_realm,*argv,REALM_SZ);
+                       krb_realm[REALM_SZ-1] = 0;
                        sprintf(realmarg, " -k %s", krb_realm);
                        goto next_arg;
 #endif /* KERBEROS */
@@ -782,11 +783,20 @@ void sink(argc, argv)
                        size = size * 10 + (*cp++ - '0');
                if (*cp++ != ' ')
                        SCREWUP("size not delimited");
-               if (targisdir)
-                       (void) sprintf(nambuf, "%s%s%s", targ,
-                           *targ ? "/" : "", cp);
-               else
-                       (void) strcpy(nambuf, targ);
+               if (targisdir) {
+                       if (strlen(targ) + strlen(cp) + 1 < sizeof(nambuf)) {
+                               (void) sprintf(nambuf, "%s%s%s", targ,
+                                   *targ ? "/" : "", cp);
+                       } else {
+                               SCREWUP("target directory name too long");
+                       }
+               } else {
+                   if (strlen(targ) + 1 < sizeof(nambuf))
+                       (void) strncpy(nambuf, targ, sizeof(nambuf)-1);
+                   else
+                       SCREWUP("target pathname too long");
+               }
+               nambuf[sizeof(nambuf)-1] = '\0';
                exists = stat(nambuf, &stb) == 0;
                if (cmdbuf[0] == 'D') {
                        if (exists) {
index 691a2e9cfd48bfb37cc9f1813c9662d2fff4b774..849c9621d500662e3cf09233c7d27e71cc714347 100644 (file)
@@ -1,3 +1,8 @@
+2000-03-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * configure.in: Check for alpha*-dec-osf* instead of
+       alpha-dec-osf*.
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index f0c2bff166425fe1d89eed3307687309f44309df..349cc0478efa2503b2de35cdfe3ad448b932ecd8 100644 (file)
@@ -67,7 +67,7 @@ else
        FTPD_LIBS="../../../krb524/libkrb524.a"
 fi
 case $krb5_cv_host in
-alpha-dec-osf*)
+alpha*-dec-osf*)
        AC_CHECK_LIB(security,setluid,
                AC_DEFINE(HAVE_SETLUID)
                FTPD_LIBS="$FTPD_LIBS -lsecurity"
index 411aff711809e30b827b1f683f931c97088603c4..b9db3588d1f40443fa209ecd2916e0b5b8ca22db 100644 (file)
@@ -1,3 +1,20 @@
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * domacro.c (domacro): Don't overflow "line2"
+       * ftp.c (getreply, krb4 compat): Bail if message data too big for buffer
+       (getreply, gssapi): Ditto.
+       (pswitch): Don't overflow "ntin", "ntout", "mapin", "mapout".
+       (do_auth, krb4 compat): Don't overflow "realm".
+
+2000-04-27  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * cmds.c (remglob): Don't overflow buffer "temp".
+       (shell): Don't overflow buffer "shellnam".
+       (quote1): "buf"
+       * glob.c (ftpglob): Fix boundary in buffer "agpath".
+       (expand): Don't overflow buffer pointed to by "gpath".
+       (execbrc): Don't overflow buffer "restbuf".
+
 2000-02-18  Ken Raeburn  <raeburn@mit.edu>
 
        * cmds.c (mls): Declare some variables volatile to protect against
index 2a8e7755002c0cf2826e3161042ad9976a1b99ca..0006e4fc5da0a4484897789446f9705b4943b95e 100644 (file)
@@ -1049,7 +1049,8 @@ remglob(argv,doswitch)
                return (cp);
        }
        if (ftemp == NULL) {
-               (void) strcpy(temp, _PATH_TMP);
+               (void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1);
+               temp[sizeof(temp) - 1] = '\0';
                (void) mktemp(temp);
                oldverbose = verbose, verbose = 0;
                oldhash = hash, hash = 0;
@@ -1510,7 +1511,8 @@ shell(argc, argv)
                if (namep == NULL)
                        namep = shell;
                (void) strcpy(shellnam,"-");
-               (void) strcat(shellnam, ++namep);
+               (void) strncat(shellnam, ++namep, sizeof(shellnam) - 1 - strlen(shellnam));
+               shellnam[sizeof(shellnam) - 1] = '\0';
                if (strcmp(namep, "sh") != 0)
                        shellnam[0] = '+';
                if (debug) {
@@ -1702,13 +1704,14 @@ quote1(initial, argc, argv)
        register int i, len;
        char buf[FTP_BUFSIZ];           /* must be >= sizeof(line) */
 
-       (void) strcpy(buf, initial);
+       (void) strncpy(buf, initial, sizeof(buf) - 1);
+       buf[sizeof(buf) - 1] = '\0';
        if (argc > 1) {
                len = strlen(buf);
-               len += strlen(strcpy(&buf[len], argv[1]));
+               len += strlen(strncpy(&buf[len], argv[1], sizeof(buf) - 1 - len));
                for (i = 2; i < argc; i++) {
                        buf[len++] = ' ';
-                       len += strlen(strcpy(&buf[len], argv[i]));
+                       len += strlen(strncpy(&buf[len], argv[i], sizeof(buf) - 1 - len));
                }
        }
        if (command(buf) == PRELIM) {
index 9bc277b0f8a87a7bb8a8581d06cf5ed390746ed6..ecfe9b4adfa70f6a90c6c2dd591461718a35c1b7 100644 (file)
@@ -71,7 +71,8 @@ domacro(argc, argv)
                code = -1;
                return;
        }
-       (void) strcpy(line2, line);
+       (void) strncpy(line2, line, sizeof(line2) - 1);
+       line2[sizeof(line2) - 1] = '\0';
 TOP:
        cp1 = macros[i].mac_start;
        while (cp1 != macros[i].mac_end) {
@@ -92,7 +93,11 @@ TOP:
                                    }
                                    cp1--;
                                    if (argc - 2 >= j) {
-                                       (void) strcpy(cp2, argv[j+1]);
+                                        if(cp2 + strlen(argv[j+1]) - line < sizeof(line))
+                                       (void) strncpy(cp2, argv[j+1],
+                                                      sizeof(line) - 1 -
+                                                      (cp2 - line));
+                                       line[sizeof(line) - 1] = '\0';
                                        cp2 += strlen(argv[j+1]);
                                    }
                                    break;
@@ -101,7 +106,11 @@ TOP:
                                        loopflg = 1;
                                        cp1++;
                                        if (count < argc) {
-                                          (void) strcpy(cp2, argv[count]);
+                                           if(cp2 + strlen(argv[j+1]) - line < sizeof(line))
+                                          (void) strncpy(cp2, argv[count],
+                                                         sizeof(line) - 1 -
+                                                         (cp2 - line));
+                                          line[sizeof(line) - 1] = '\0';
                                           cp2 += strlen(argv[count]);
                                        }
                                        break;
@@ -138,7 +147,8 @@ TOP:
                        if (bell && c->c_bell) {
                                (void) putchar('\007');
                        }
-                       (void) strcpy(line, line2);
+                       (void) strncpy(line, line2, sizeof(line) - 1);
+                       line[sizeof(line) - 1] = '\0';
                        makeargv();
                        argc = margc;
                        argv = margv;
index 11f583a6c893b6dc7b2451b15ae83827fe290000..a00850d95d9730571bc7b3d88efaeffa39f98c00 100644 (file)
@@ -680,9 +680,13 @@ getreply(expecteof)
                                  n = '5';
                                } else {
                                  if (debug) printf("%c:", safe ? 'S' : 'P');
-                                 memcpy(ibuf, msg_data.app_data,
-                                       msg_data.app_length);
-                                 strcpy(&ibuf[msg_data.app_length], "\r\n");
+                                 if(msg_data.app_length < sizeof(ibuf) - 2) {
+                                   memcpy(ibuf, msg_data.app_data,
+                                          msg_data.app_length);
+                                   strcpy(&ibuf[msg_data.app_length], "\r\n");
+                                 } else {
+                                   printf("Message too long!");
+                                 }
                                  continue;
                                }
 #endif
@@ -703,9 +707,14 @@ getreply(expecteof)
                                                 "failed unsealing reply");
                                  n = '5';
                                } else {
-                                 memcpy(ibuf, msg_buf.value, 
-                                        msg_buf.length);
-                                 strcpy(&ibuf[msg_buf.length], "\r\n");
+                                 if(msg_buf.length < sizeof(ibuf) - 2 - 1) {
+                                   memcpy(ibuf, msg_buf.value, 
+                                          msg_buf.length);
+                                   strcpy(&ibuf[msg_buf.length], "\r\n");
+                                 } else {
+                                   user_gss_error(maj_stat, min_stat, 
+                                                  "reply was too long");
+                                 }
                                  gss_release_buffer(&min_stat,&msg_buf);
                                  continue;
                                }
@@ -1636,20 +1645,24 @@ pswitch(flag)
        mcase = op->mcse;
        ip->ntflg = ntflag;
        ntflag = op->ntflg;
-       (void) strncpy(ip->nti, ntin, 16);
+       (void) strncpy(ip->nti, ntin, sizeof(ip->nti) - 1);
        (ip->nti)[strlen(ip->nti)] = '\0';
-       (void) strcpy(ntin, op->nti);
-       (void) strncpy(ip->nto, ntout, 16);
+       (void) strncpy(ntin, op->nti, sizeof(ntin) - 1);
+       ntin[sizeof(ntin) - 1] = '\0';
+       (void) strncpy(ip->nto, ntout, sizeof(ip->nto) - 1);
        (ip->nto)[strlen(ip->nto)] = '\0';
-       (void) strcpy(ntout, op->nto);
+       (void) strncpy(ntout, op->nto, sizeof(ntout) - 1);
+       ntout[sizeof(ntout) - 1] = '\0';
        ip->mapflg = mapflag;
        mapflag = op->mapflg;
        (void) strncpy(ip->mi, mapin, MAXPATHLEN - 1);
        (ip->mi)[strlen(ip->mi)] = '\0';
-       (void) strcpy(mapin, op->mi);
+       (void) strncpy(mapin, op->mi, sizeof(mapin) - 1);
+       mapin[sizeof(mapin) - 1] = '\0';
        (void) strncpy(ip->mo, mapout, MAXPATHLEN - 1);
        (ip->mo)[strlen(ip->mo)] = '\0';
-       (void) strcpy(mapout, op->mo);
+       (void) strncpy(mapout, op->mo, sizeof(mapout) - 1);
+       mapout[sizeof(mapout) - 1] = '\0';
        ip->authtype = auth_type;
        auth_type = op->authtype;
        ip->clvl = clevel;
@@ -1846,7 +1859,8 @@ gunique(local)
                fprintf(stderr, "local: %s: %s\n", local, strerror(errno));
                return((char *) 0);
        }
-       (void) strcpy(new, local);
+       (void) strncpy(new, local, sizeof(new) - 3);
+       new[sizeof(new) - 1] = '\0';
        cp = new + strlen(new);
        *cp++ = '.';
        while (!d) {
@@ -2054,9 +2068,11 @@ do_auth()
            if (verbose)
                printf("%s accepted as authentication type\n", "KERBEROS_V4");
 
-           strcpy(inst, (char *) krb_get_phost(hostname));
+           strncpy(inst, (char *) krb_get_phost(hostname), sizeof(inst) - 1);
+           inst[sizeof(inst) - 1] = '\0';
            if (realm[0] == '\0')
-               strcpy(realm, (char *) krb_realmofhost(hostname));
+               strncpy(realm, (char *) krb_realmofhost(hostname), sizeof(realm) - 1);
+           realm[sizeof(realm) - 1] = '\0';
            if ((kerror = krb_mk_req(&ticket, service = "ftp",
                                        inst, realm, checksum))
                && (kerror != KDC_PR_UNKNOWN ||
index f92ee5e079785ed36eb631e9fcf3a9a00e8da77d..a5a6bf746d91c40fba817245fcd7ad5da9c598d4 100644 (file)
@@ -118,7 +118,7 @@ ftpglob(v)
 
        globerr = 0;
        gpath = agpath; gpathp = gpath; *gpathp = 0;
-       lastgpathp = &gpath[sizeof agpath - 2];
+       lastgpathp = &gpath[sizeof(agpath) - 1];
        ginit(agargv); globcnt = 0;
        collect(v);
        if (globcnt == 0 && (gflag&1)) {
@@ -198,7 +198,8 @@ expand(as)
                                        globerr = "Unknown user name after ~";
                                (void) strcpy(gpath, gpath + 1);
                        } else
-                               (void) strcpy(gpath, home);
+                               (void) strncpy(gpath, home, FTP_BUFSIZ - 1);
+                       gpath[FTP_BUFSIZ - 1] = '\0';
                        gpathp = strend(gpath);
                }
        }
@@ -324,8 +325,9 @@ pend:
 doit:
                savec = *pm;
                *pm = 0;
-               (void) strcpy(lm, pl);
-               (void) strcat(restbuf, pe + 1);
+               (void) strncpy(lm, pl, sizeof(restbuf) - 1 - (lm - restbuf));
+               restbuf[sizeof(restbuf) - 1] = '\0';
+               (void) strncat(restbuf, pe + 1, sizeof(restbuf) - 1 - strlen(restbuf));
                *pm = savec;
                if (s == 0) {
                        sgpathp = gpathp;
@@ -700,7 +702,7 @@ gethdir(home)
 {
        register struct passwd *pp = getpwnam(home);
 
-       if (!pp || home + strlen(pp->pw_dir) >= lastgpathp)
+       if (!pp || ((home + strlen(pp->pw_dir)) >= lastgpathp))
                return (1);
        (void) strcpy(home, pp->pw_dir);
        return (0);
index 9c1e43a863aa0e887bb2cbdede0112b628052e26..6c7e1e91b077e3d6275b7ee8de384f598b21590a 100644 (file)
@@ -193,7 +193,8 @@ main(argc, argv)
                pw = getpwuid(getuid());
        if (pw != NULL) {
                home = homedir;
-               (void) strcpy(home, pw->pw_dir);
+               (void) strncpy(home, pw->pw_dir, sizeof(homedir) - 1);
+               homedir[sizeof(homedir) - 1] = '\0';
        }
        if (argc > 0) {
                if (setjmp(toplevel))
index 48f57f93f94fecb5d77a64a4d8e07af38d15d6c9..e1f69b084abb37e95d4557d15fea00f0675d5f45 100644 (file)
@@ -52,6 +52,11 @@ extern struct        sockaddr_in myaddr;
 extern int     dlevel;
 extern char    *auth_type;
 
+/* Some libc's (GNU libc, at least) define MAX as a macro. Forget that. */
+#ifdef MAX
+#undef MAX
+#endif
+
 #define MAX maxbuf
 extern unsigned int maxbuf;    /* maximum output buffer size */
 extern unsigned char *ucbuf;   /* cleartext buffer */
index a459d308ba55365547ca995672da610826dbd071..12a9107f311f409b81d41bc08c6f6bb1c98e5cc8 100644 (file)
@@ -1,3 +1,22 @@
+2000-08-25  Tom Yu  <tlyu@mit.edu>
+
+       * ftpcmd.y: Fix up grammar so that single character token names
+       are no longer used; this was breaking the build using bison on
+       HP/UX because some system headers declare structures with members
+       having all-uppercase field names and bison puts the token name
+       #define statements in front of the C declarations section in the
+       output, causing them to be in force while those headers get
+       #included.  There doesn't seem to be much purpose in not just
+       using character constants, anyway.
+
+2000-06-14  Tom Yu  <tlyu@mit.edu>
+
+       * ftpcmd.y (nonguest): Return $1, not 1, if (!guest).
+
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * ftpd.c (gunique): Make sure that path stored in "new" isn't too long.
+
 2000-02-18  Ken Raeburn  <raeburn@mit.edu>
 
        * ftpd.c (reply, lreply): Declare with format attribute under
index acd187112e729be7eabdc6c847afd5a7cc54e41c..197815a6f562e14e979c2f6c4e43d4272a556cd8 100644 (file)
@@ -172,9 +172,6 @@ struct tab sitetab[];
 %union { int num; char *str; }
 
 %token
-       A       B       C       E       F       I
-       L       N       P       R       S       T
-
        SP      CRLF    COMMA   STRING  NUMBER
 
        USER    PASS    ACCT    REIN    QUIT    PORT
@@ -353,7 +350,7 @@ cmd:                USER SP username CRLF
                = {
                        reply(202, "ALLO command ignored.");
                }
-       |       ALLO SP NUMBER SP R SP NUMBER CRLF
+       |       ALLO SP NUMBER SP 'R' SP NUMBER CRLF
                = {
                        reply(202, "ALLO command ignored.");
                }
@@ -698,103 +695,103 @@ host_port:      NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
                }
        ;
 
-form_code:     N
+form_code:     'N'
        = {
                $$ = FORM_N;
        }
-       |       T
+       |       'T'
        = {
                $$ = FORM_T;
        }
-       |       C
+       |       'C'
        = {
                $$ = FORM_C;
        }
        ;
 
-prot_code:     C
+prot_code:     'C'
        = {
                $$ = PROT_C;
        }
-       |       S
+       |       'S'
        = {
                $$ = PROT_S;
        }
-       |       P
+       |       'P'
        = {
                $$ = PROT_P;
        }
-       |       E
+       |       'E'
        = {
                $$ = PROT_E;
        }
        ;
 
-type_code:     A
+type_code:     'A'
        = {
                cmd_type = TYPE_A;
                cmd_form = FORM_N;
        }
-       |       A SP form_code
+       |       'A' SP form_code
        = {
                cmd_type = TYPE_A;
                cmd_form = $3;
        }
-       |       E
+       |       'E'
        = {
                cmd_type = TYPE_E;
                cmd_form = FORM_N;
        }
-       |       E SP form_code
+       |       'E' SP form_code
        = {
                cmd_type = TYPE_E;
                cmd_form = $3;
        }
-       |       I
+       |       'I'
        = {
                cmd_type = TYPE_I;
        }
-       |       L
+       |       'L'
        = {
                cmd_type = TYPE_L;
                cmd_bytesz = NBBY;
        }
-       |       L SP byte_size
+       |       'L' SP byte_size
        = {
                cmd_type = TYPE_L;
                cmd_bytesz = $3;
        }
        /* this is for a bug in the BBN ftp */
-       |       L byte_size
+       |       'L' byte_size
        = {
                cmd_type = TYPE_L;
                cmd_bytesz = $2;
        }
        ;
 
-struct_code:   F
+struct_code:   'F'
        = {
                $$ = STRU_F;
        }
-       |       R
+       |       'R'
        = {
                $$ = STRU_R;
        }
-       |       P
+       |       'P'
        = {
                $$ = STRU_P;
        }
        ;
 
-mode_code:     S
+mode_code:     'S'
        = {
                $$ = MODE_S;
        }
-       |       B
+       |       'B'
        = {
                $$ = MODE_B;
        }
-       |       C
+       |       'C'
        = {
                $$ = MODE_C;
        }
@@ -865,7 +862,7 @@ nonguest: check_login
                        $$ = 0;
                }
                else
-                       $$ = 1;
+                       $$ = $1;
        }
        ;
 %%
@@ -1349,51 +1346,51 @@ yylex()
 
                        case 'A':
                        case 'a':
-                               return (A);
+                               return ('A');
 
                        case 'B':
                        case 'b':
-                               return (B);
+                               return ('B');
 
                        case 'C':
                        case 'c':
-                               return (C);
+                               return ('C');
 
                        case 'E':
                        case 'e':
-                               return (E);
+                               return ('E');
 
                        case 'F':
                        case 'f':
-                               return (F);
+                               return ('F');
 
                        case 'I':
                        case 'i':
-                               return (I);
+                               return ('I');
 
                        case 'L':
                        case 'l':
-                               return (L);
+                               return ('L');
 
                        case 'N':
                        case 'n':
-                               return (N);
+                               return ('N');
 
                        case 'P':
                        case 'p':
-                               return (P);
+                               return ('P');
 
                        case 'R':
                        case 'r':
-                               return (R);
+                               return ('R');
 
                        case 'S':
                        case 's':
-                               return (S);
+                               return ('S');
 
                        case 'T':
                        case 't':
-                               return (T);
+                               return ('T');
 
                        }
                        break;
index c7dfc8ad2766b5634810854be28ef8c6056e56aa..047be3562dfc64406a0de4de71360eec130e9a76 100644 (file)
@@ -2123,7 +2123,8 @@ gunique(local)
        }
        if (cp)
                *cp = '/';
-       (void) strcpy(new, local);
+       (void) strncpy(new, local, sizeof(new) - 1);
+       new[sizeof(new) - 1] = '\0';
        cp = new + strlen(new);
        *cp++ = '.';
        for (count = 1; count < 100; count++) {
@@ -2287,7 +2288,8 @@ char *data;
                        syslog(LOG_ERR, "Couldn't canonicalize local hostname");
                        return 0;
                }
-               strcpy(localname, hp->h_name);
+               strncpy(localname, hp->h_name, sizeof(localname) - 1);
+               localname[sizeof(localname) - 1] = '\0';
 
                for (service = gss_services; *service; service++) {
                        sprintf(service_name, "%s@%s", *service, localname);
index 76035060ce34f4034bff067f78f99f11621d6d8c..7e9c4f4f5de9f1099639cb8d329a6eb84d2f8e67 100644 (file)
@@ -1,3 +1,9 @@
+2001-01-30  Ezra Peisach  <epeisach@mit.edu>
+
+       * sclient.c (main): Do not free auth_context unless
+       set. (krb5-appl/895 from tim.mann@compaq.com)
+
+
 2000-02-25  Ezra Peisach  <epeisach@mit.edu>
 
        * sclient.c (main): Return type of main should by int, not void.
index d2097b9eb8062ab7ce8340aea80a9a8ac53241a3..242092b44c5afc4dba04d42ba1540bebb656a0c1 100644 (file)
@@ -175,7 +175,7 @@ char *argv[];
     krb5_free_principal(context, server);      /* finished using it */
     krb5_free_principal(context, client);      
     krb5_cc_close(context, ccdef);
-    krb5_auth_con_free(context, auth_context);
+    if (auth_context) krb5_auth_con_free(context, auth_context);
 
     if (retval && retval != KRB5_SENDAUTH_REJECTED) {
        com_err(argv[0], retval, "while using sendauth");
index 67877b1b8ac0d98c89ff03a9637340019038bf29..fb1560f1ad62566bc31e6614b84050c5084a3378 100644 (file)
@@ -1,3 +1,31 @@
+2001-02-21  Tom Yu  <tlyu@mit.edu>
+
+       * configure.in: Check for setenv, unsetenv, and getenv.  Compile
+       setenv.c if at least of these is undefined.
+
+       * setenv.c: Add conditionals for compilation of setenv, unsetenv,
+       and getenv such that they only get compiled if they don't already
+       exist.
+
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * gettytab.c (nchktc): Don't overflow tcname if tty type name is too
+       long
+       * kerberos.c (kerberos4_status): Make sure "UserNameRequested" is
+       always properly terminated.
+       * kerberos5.c (kerberos5_is): If bad principal name is too long to fit
+       in "errbuf", don't print it.
+       (kerberos5_status): Make sure "UserNameRequested" is always properly
+       terminated.
+       * spx.c (spx_status): Ditto.
+
+2000-04-28  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kerberos5.c (kerberos5_is): Don't overflow buffer "errbuf".
+       * spx.c (spx_init, spx_send, spx_is): Don't overflow buffer
+       "targ_printable".
+       (spx_status): Don't overflow buffer "acl_file".
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 3bae866457a08e980f0de8eea1944961e7660e89..9040a988c492dc158dc6162d252356dbce665b94 100644 (file)
@@ -3,10 +3,14 @@ CONFIG_RULES
 AC_PROG_ARCHIVE
 AC_PROG_ARCHIVE_ADD
 AC_PROG_RANLIB
-AC_REPLACE_FUNCS([strcasecmp strdup setenv setsid strerror strftime getopt herror parsetos])
-AC_CHECK_FUNCS(gettosbyname cgetent)
+AC_REPLACE_FUNCS([strcasecmp strdup setsid strerror strftime getopt herror parsetos])
+AC_CHECK_FUNCS(setenv unsetenv getenv gettosbyname cgetent)
 AC_CHECK_HEADERS(stdlib.h string.h)
 LIBOBJS="$LIBOBJS getent.o"
+if test $ac_cv_func_setenv = no || test $ac_cv_func_unsetenv = no \
+  || test $ac_cv_func_getenv = no; then
+  LIBOBJS="$LIBOBJS setenv.o"
+fi
 AC_CONST
 if test "$KRB4_LIB" = ''; then
        AC_MSG_RESULT(No Kerberos 4 authentication)
index f6ffb7c591ce7c359daf5c42218a97a5091a6a7f..aaad43aad7b8a7634493e1cddedda9338c3b3770 100644 (file)
@@ -98,9 +98,10 @@ nchktc()
        /* p now points to beginning of last field */
        if (p[0] != 't' || p[1] != 'c')
                return(1);
-       strcpy(tcname,p+3);
+       strncpy(tcname, p + 3, sizeof(tcname) - 1);
+       tcname[sizeof(tcname) - 1] = '\0';
        q = tcname;
-       while (q && *q != ':')
+       while (*q && *q != ':')
                q++;
        *q = 0;
        if (++hopcount > MAXHOP) {
index 734466e86c296f1198a4a56389c2f6854cec908d..eb657aee6135fe1634a830974dddd0e25b8fb0ad 100644 (file)
@@ -602,7 +602,9 @@ kerberos4_status(ap, name, level)
                return(level);
 
        if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
-               strcpy(name, UserNameRequested);
+               /* the name buffer comes from telnetd/telnetd{-ktd}.c */
+               strncpy(name, UserNameRequested, 255);
+               name[255] = '\0';
                return(AUTH_VALID);
        } else
                return(AUTH_USER);
index 6a62f36a3d826143607e554cc890e39a3f96d95d..b4c73980b48135924754c655e92b9c7e92ff9d31 100644 (file)
@@ -423,7 +423,8 @@ kerberos5_is(ap, data, cnt)
                                    NULL, keytabid, NULL, &ticket);
                if (r) {
                        (void) strcpy(errbuf, "krb5_rd_req failed: ");
-                       (void) strcat(errbuf, error_message(r));
+                       errbuf[sizeof(errbuf) - 1] = '\0';
+                       (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf));
                        goto errout;
                }
 
@@ -440,8 +441,12 @@ kerberos5_is(ap, data, cnt)
                    princ[krb5_princ_component(telnet_context, 
                                               ticket->server,0)->length] = '\0';
                    if (strcmp("host", princ)) {
-                       (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"%s\"",
-                                      princ, "host");
+                        if(strlen(princ) < sizeof(errbuf) - 39) {
+                            (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"host\"",
+                                           princ);
+                        } else {
+                            (void) sprintf(errbuf, "incorrect service name: principal != \"host\"");
+                        }
                        goto errout;
                    }
                } else {
@@ -455,7 +460,8 @@ kerberos5_is(ap, data, cnt)
                if (r) {
                    (void) strcpy(errbuf,
                                  "krb5_auth_con_getauthenticator failed: ");
-                   (void) strcat(errbuf, error_message(r));
+                   errbuf[sizeof(errbuf) - 1] = '\0';
+                   (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf));
                    goto errout;
                }
                if ((ap->way & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON &&
@@ -476,7 +482,8 @@ kerberos5_is(ap, data, cnt)
                                             &key);
                    if (r) {
                        (void) strcpy(errbuf, "krb5_auth_con_getkey failed: ");
-                       (void) strcat(errbuf, error_message(r));
+                       errbuf[sizeof(errbuf) - 1] = '\0';
+                       (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf));
                        goto errout;
                    }
                    r = krb5_verify_checksum(telnet_context,
@@ -495,7 +502,8 @@ kerberos5_is(ap, data, cnt)
                    if (r) {
                        (void) strcpy(errbuf,
                                      "checksum verification failed: ");
-                       (void) strcat(errbuf, error_message(r));
+                       errbuf[sizeof(errbuf) - 1] = '\0';
+                       (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf));
                        goto errout;
                    }
                    krb5_free_keyblock(telnet_context, key);
@@ -506,7 +514,8 @@ kerberos5_is(ap, data, cnt)
                    if ((r = krb5_mk_rep(telnet_context, auth_context,
                                         &outbuf))) {
                        (void) strcpy(errbuf, "Make reply failed: ");
-                       (void) strcat(errbuf, error_message(r));
+                       errbuf[sizeof(errbuf) - 1] = '\0';
+                       (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf));
                        goto errout;
                    }
 
@@ -560,7 +569,8 @@ kerberos5_is(ap, data, cnt)
                    char errbuf[128];
                    
                    (void) strcpy(errbuf, "Read forwarded creds failed: ");
-                   (void) strcat(errbuf, error_message(r));
+                   errbuf[sizeof(errbuf) - 1] = '\0';
+                   (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf));
                    Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
                    if (auth_debug_mode)
                      printf(
@@ -586,7 +596,8 @@ kerberos5_is(ap, data, cnt)
            char eerrbuf[329];
 
            strcpy(eerrbuf, "telnetd: ");
-           strcat(eerrbuf, errbuf);
+           eerrbuf[sizeof(eerrbuf) - 1] = '\0';
+           strncat(eerrbuf, errbuf, sizeof(eerrbuf) - 1 - strlen(eerrbuf));
            Data(ap, KRB_REJECT, eerrbuf, -1);
        }
        if (auth_debug_mode)
@@ -706,7 +717,9 @@ kerberos5_status(ap, name, level)
            krb5_kuserok(telnet_context, ticket->enc_part2->client, 
                         UserNameRequested))
        {
-               strcpy(name, UserNameRequested);
+               /* the name buffer comes from telnetd/telnetd{-ktd}.c */
+               strncpy(name, UserNameRequested, 255);
+               name[255] = '\0';
                return(AUTH_VALID);
        } else
                return(AUTH_USER);
index 70695a361d6a9840bd083a4bd74471d76502e8e5..bc4f22da901d58b21279235c31024ff296fa93cb 100644 (file)
@@ -52,6 +52,7 @@ static char *__findenv __P((const char *, int *));
  *     Set the value of the environmental variable "name" to be
  *     "value".  If rewrite is set, replace any current value.
  */
+#ifndef HAVE_SETENV
 setenv(name, value, rewrite)
        register const char *name;
        register const char *value;
@@ -102,11 +103,13 @@ setenv(name, value, rewrite)
        for (*c++ = '='; *c++ = *value++;);
        return (0);
 }
+#endif
 
 /*
  * unsetenv(name) --
  *     Delete environmental variable "name".
  */
+#ifndef HAVE_UNSETENV
 void
 unsetenv(name)
        const char *name;
@@ -120,11 +123,13 @@ unsetenv(name)
                        if (!(*p = *(p + 1)))
                                break;
 }
+#endif
 
 /*
  * getenv --
  *     Returns ptr to value associated with name, if any, else NULL.
  */
+#ifndef HAVE_GETENV
 char *
 getenv(name)
        const char *name;
@@ -133,6 +138,7 @@ getenv(name)
 
        return (__findenv(name, &offset));
 }
+#endif
 
 /*
  * __findenv --
index f23490f962695d29a6d7aef8ae5fb3f47c912467..7285d0dd39d1071a7154e58ff52f9c58a25fee60 100644 (file)
@@ -173,7 +173,8 @@ spx_init(ap, server)
                str_data[3] = TELQUAL_REPLY;
                gethostname(lhostname, sizeof(lhostname));
                strcpy(targ_printable, "SERVICE:rcmd@");
-               strcat(targ_printable, lhostname);
+               strncat(targ_printable, lhostname, sizeof(targ_printable) - 1 - 13);
+               targ_printable[sizeof(targ_printable) - 1] = '\0';
                input_name_buffer.length = strlen(targ_printable);
                input_name_buffer.value = targ_printable;
                major_status = gss_import_name(&status,
@@ -216,7 +217,8 @@ spx_send(ap)
 
        printf("[ Trying SPX ... ]\n");
        strcpy(targ_printable, "SERVICE:rcmd@");
-       strcat(targ_printable, RemoteHostName);
+       strncat(targ_printable, RemoteHostName, sizeof(targ_printable) - 1 - 13);
+       targ_printable[sizeof(targ_printable) - 1] = '\0';
 
        input_name_buffer.length = strlen(targ_printable);
        input_name_buffer.value = targ_printable;
@@ -324,7 +326,8 @@ spx_is(ap, data, cnt)
                gethostname(lhostname, sizeof(lhostname));
 
                strcpy(targ_printable, "SERVICE:rcmd@");
-               strcat(targ_printable, lhostname);
+               strncat(targ_printable, lhostname, sizeof(targ_printable) - 1 - 13);
+               targ_printable[sizeof(targ_printable) - 1] = '\0';
 
                input_name_buffer.length = strlen(targ_printable);
                input_name_buffer.value = targ_printable;
@@ -479,7 +482,7 @@ spx_status(ap, name, level)
 
        gss_buffer_desc  fullname_buffer, acl_file_buffer;
        gss_OID          fullname_type;
-        char acl_file[160], fullname[160];
+        char acl_file[MAXPATHLEN], fullname[160];
         int major_status, status = 0;
        struct passwd  *pwd;
 
@@ -494,8 +497,9 @@ spx_status(ap, name, level)
           return(AUTH_USER);   /*  not authenticated  */
         }
 
-       strcpy(acl_file, pwd->pw_dir);
-       strcat(acl_file, "/.sphinx");
+       acl_file[sizeof(acl_file) - 1] = '\0';
+       strncpy(acl_file, pwd->pw_dir, sizeof(acl_file) - 1);
+       strncat(acl_file, "/.sphinx", sizeof(acl_file) - 1 - strlen(acl_file));
         acl_file_buffer.value = acl_file;
         acl_file_buffer.length = strlen(acl_file);
 
@@ -511,7 +515,9 @@ spx_status(ap, name, level)
                                       &acl_file_buffer);
 
         if (major_status == GSS_S_COMPLETE) {
-         strcpy(name, UserNameRequested);
+          /* the name buffer comes from telnetd/telnetd{-ktd}.c */
+         strncpy(name, UserNameRequested, 255);
+         name[255] = '\0';
          return(AUTH_VALID);
         } else {
            return(AUTH_USER);
index e3cfb63c6107618dc6220e32391b9ae34a8d6e6f..fb7cc9394423a39ef014bae4d2c09086813ba41e 100644 (file)
@@ -1,3 +1,18 @@
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * commands.c (makeargv): Don't overflow buffer "saveline".
+       (tn): Don't overflow buffer "_hostname".
+       (cmdrc): Don't overflow buffer "m1save".
+       * externs.h: Include the size of "tline", so that we can check for
+       overflows elsewhere.
+       * main.c(main, tn370): Don't overflow buffer "tline".
+       * utilities.c (SetNetTrace): Don't overflow buffer "NetTraceFile".
+
+2000-04-28  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * commands.c (cmdrc): Don't overflow buffer "rcbuf".
+       * tn3270.c (settranscom): Don't overflow buffer "transcom".
+
 2000-02-24  Ezra Peisach  <epeisach@mit.edu>
 
        * configure.in: Remove dependency on libdes425 when krb4 support
index 2c80b0b25dea3aa577c641915ee4efdec867f180..8ffba2e32239e78770c2d352e9bc7b4d3ba621e2 100644 (file)
@@ -138,7 +138,9 @@ makeargv()
     margc = 0;
     cp = line;
     if (*cp == '!') {          /* Special case shell escape */
-       strcpy(saveline, line); /* save for shell command */
+       strncpy(saveline, line, sizeof(saveline) - 1);
+                               /* save for shell command */
+       saveline[sizeof(saveline)  - 1] = '\0';
        *argp++ = "!";          /* No room in string to get this */
        margc++;
        cp++;
@@ -2450,7 +2452,8 @@ tn(argc, argv)
        if (temp & 0xffffffff != INADDR_NONE) {
            sin.sin_addr.s_addr = temp;
            sin.sin_family = AF_INET;
-           (void) strcpy(_hostname, hostp);  
+           (void) strncpy(_hostname, hostp, sizeof(_hostname) - 1);  
+           _hostname[sizeof(_hostname) - 1] = '\0';
            hostname = _hostname;
        } else {
            host = gethostbyname(hostp);
@@ -2855,16 +2858,18 @@ cmdrc(m1, m2)
     if (skiprc)
        return;
 
-    strcpy(m1save, m1);
+    strncpy(m1save, m1, sizeof(m1save) - 1);
+    m1save[sizeof(m1save) - 1] = '\0';
     m1 = m1save;
 
     if (rcname == 0) {
        rcname = getenv("HOME");
        if (rcname)
-           strcpy(rcbuf, rcname);
+           strncpy(rcbuf, rcname, sizeof(rcbuf) - 1);
        else
            rcbuf[0] = '\0';
-       strcat(rcbuf, "/.telnetrc");
+       rcbuf[sizeof(rcbuf) - 1] = '\0';
+       strncat(rcbuf, "/.telnetrc", sizeof(rcbuf) - 1 - strlen(rcbuf));
        rcname = rcbuf;
     }
 
index e9939865ef24ea9497e106aa84c9e49b6455f946..f35cdedaf837701f0d29ac126a9a9b99176c552c 100644 (file)
@@ -486,7 +486,7 @@ extern char
     *Ibackp,           /* Oldest byte of 3270 data */
     Ibuf[],            /* 3270 buffer */
     *Ifrontp,          /* Where next 3270 byte goes */
-    tline[],
+    tline[200],
     *transcom;         /* Transparent command */
 
 extern int
index da98ae6df825835809cc977779c6e0e2f1e15ea7..7696857c7bfeb82901c9706d54ea5005e99cae0b 100644 (file)
@@ -274,7 +274,8 @@ main(argc, argv)
                case 't':
 #if defined(TN3270) && defined(unix)
                        transcom = tline;
-                       (void)strcpy(transcom, optarg);
+                       (void)strncpy(transcom, optarg, sizeof(tline) - 1);
+                       tline[sizeof(tline) - 1] = '\0';
 #else
                        fprintf(stderr,
                           "%s: Warning: -t ignored, no TN3270 support.\n",
index 77aedaf8993f5018634e7b8af2b08f8c7d183cba..c46ae7eb8a7310d11a5d5c4c9af9caa878f36761 100644 (file)
@@ -397,10 +397,11 @@ settranscom(argc, argv)
           return 1;
        }
        transcom = tline;
-       (void) strcpy(transcom, argv[1]);
+       (void) strncpy(transcom, argv[1], sizeof(tline) - 1);
+       tline[sizeof(tline) - 1] = '\0';
        for (i = 2; i < argc; ++i) {
-           (void) strcat(transcom, " ");
-           (void) strcat(transcom, argv[i]);
+           (void) strncat(transcom, " ", sizeof(tline) - 1 - (transcom - tline));
+           (void) strncat(transcom, argv[i], sizeof(tline) - 1 - (transcom - tline));
        }
        return 1;
 }
index 19f503bd44146a58b085f3056116f93cdc429467..82ad8417821ff0db70c55f20d13c5ecac93af1d8 100644 (file)
@@ -113,13 +113,15 @@ SetNetTrace(file)
     if (file  && (strcmp(file, "-") != 0)) {
        NetTrace = fopen(file, "w");
        if (NetTrace) {
-           strcpy((char *)NetTraceFile, file);
+           strncpy((char *)NetTraceFile, file, sizeof(NetTraceFile) - 1);
+           NetTraceFile[sizeof(NetTraceFile) - 1] = '\0';
            return;
        }
        fprintf(stderr, "Cannot open %s.\n", file);
     }
     NetTrace = stdout;
-    strcpy((char *)NetTraceFile, "(standard output)");
+    strncpy((char *)NetTraceFile, "(standard output)", sizeof(NetTraceFile) - 1);
+    NetTraceFile[sizeof(NetTraceFile) - 1] = '\0';
 }
 
     void
index 040a9affe180b79392e636111a6c9837315cbd64..2e58bf5376a4e9a95b490bdf9a79ee7b49dbf5f7 100644 (file)
@@ -1,3 +1,26 @@
+2001-01-25  Tom Yu  <tlyu@mit.edu>
+
+       * state.c (envvarok): Disallow LC_* and NLSPATH.
+
+2000-06-19  Tom Yu  <tlyu@mit.edu>
+
+       * telnetd.c (doit): Change test for "no authentication" as per
+       Jeffrey Altman's patch.
+
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * sys_term.c (start_login, Solaris): forcefully terminate "termbuf"
+       in case the "TERM" environment variable isn't.
+       * telnet-ktd.c (getterminaltype): Don't overflow buffers "first" and
+       "netobuf".
+       (recv_ayt): Forcibly terminate buffer "netobuf".
+
+2000-03-20  Ken Raeburn  <raeburn@mit.edu>
+           Jeffrey Altman  <jaltman@watsun.cc.columbia.edu>
+
+       * state.c (telrcv): Fix off-by-one error dealing with full
+       buffer.
+
 2000-02-24  Ezra Peisach  <epeisach@mit.edu>
 
        * configure.in: Remove dependency on libdes425 when krb4 support
index 0f3b161f2e67ea6938e22b959eeaaee093fd6845..33743e43ed8b74cb08a01f003e17f65b1b4e526b 100644 (file)
@@ -102,7 +102,7 @@ telrcv()
 #endif
 
        while (ncc > 0) {
-               if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
+               if ((&ptyobuf[BUFSIZ] - pfrontp) < 1)
                        break;
                c = *netip++ & 0377, ncc--;
 #ifdef ENCRYPTION
@@ -1663,6 +1663,8 @@ static int envvarok(varp)
            strcmp(varp, "KRB_REALMS") &&  /* cns v4 */
            strcmp(varp, "LIBPATH") &&     /* AIX */
            strcmp(varp, "RESOLV_HOST_CONF") && /* linux */
+           strcmp(varp, "NLSPATH") && /* locale stuff */
+           strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */
            strcmp(varp, "IFS")) {
                return 1;
        } else {
index ee8d53d4695d1a6a98f92fab716f8750dd5e838f..b79209d57a07b909930691b60d103b82f4a4584f 100644 (file)
@@ -1257,6 +1257,7 @@ start_login(host, autologin, name)
                } else {
                        strcpy(termbuf, "TERM=");
                        strncat(termbuf, term, sizeof(termbuf) - 6);
+                       termbuf[sizeof(termbuf) - 1] = '\0';
                        term = termbuf;
                }
                argv = addarg(argv, term);
index 9ec608fcdb8c239961fa6a9bac73bbd7ed12c27a..5936e3b5aef619fa066c7b20af94610d8d457103 100644 (file)
@@ -360,7 +360,7 @@ main(argc, argv)
            }
            (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
                                (char *)&on, sizeof(on));
-           if (bind(s, (struct sockaddr *)&sin, sizeof sin) < 0) {
+           if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
                perror("bind");
                exit(1);
            }
@@ -368,7 +368,7 @@ main(argc, argv)
                perror("listen");
                exit(1);
            }
-           foo = sizeof sin;
+           foo = sizeof(sin);
            ns = accept(s, (struct sockaddr *)&sin, &foo);
            if (ns < 0) {
                perror("accept");
@@ -548,25 +548,33 @@ getterminaltype(name)
     if (his_state_is_will(TELOPT_TSPEED)) {
        static char sbbuf[] = { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
 
-       memcpy(nfrontp, sbbuf, sizeof sbbuf);
-       nfrontp += sizeof sbbuf;
+       if(nfrontp - netobuf + sizeof(sbbuf) < sizeof(netobuf)) {
+               memcpy(nfrontp, sbbuf, sizeof(sbbuf));
+               nfrontp += sizeof(sbbuf);
+       }
     }
     if (his_state_is_will(TELOPT_XDISPLOC)) {
        static char sbbuf[] = { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
 
-       memcpy(nfrontp, sbbuf, sizeof sbbuf);
-       nfrontp += sizeof sbbuf;
+       if(nfrontp - netobuf + sizeof(sbbuf) < sizeof(netobuf)) {
+               memcpy(nfrontp, sbbuf, sizeof(sbbuf));
+               nfrontp += sizeof(sbbuf);
+       }
     }
     if (his_state_is_will(TELOPT_ENVIRON)) {
        static char sbbuf[] = { IAC, SB, TELOPT_ENVIRON, TELQUAL_SEND, IAC, SE };
 
-       memcpy(nfrontp, sbbuf, sizeof sbbuf);
-       nfrontp += sizeof sbbuf;
+       if(nfrontp - netobuf + sizeof(sbbuf) < sizeof(netobuf)) {
+               memcpy(nfrontp, sbbuf, sizeof(sbbuf));
+               nfrontp += sizeof(sbbuf);
+       }
     }
     if (his_state_is_will(TELOPT_TTYPE)) {
 
-       memcpy(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
-       nfrontp += sizeof ttytype_sbbuf;
+       if(nfrontp - netobuf + sizeof(ttytype_sbbuf) < sizeof(netobuf)) {
+               memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf));
+               nfrontp += sizeof(ttytype_sbbuf);
+       }
     }
     if (his_state_is_will(TELOPT_TSPEED)) {
        while (sequenceIs(tspeedsubopt, baseline))
@@ -591,12 +599,14 @@ getterminaltype(name)
         * we have to just go with what we (might) have already gotten.
         */
        if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
-           (void) strncpy(first, terminaltype, sizeof(first));
+           (void) strncpy(first, terminaltype, sizeof(first) - 1);
+           first[sizeof(first) - 1] = '\0';
            for(;;) {
                /*
                 * Save the unknown name, and request the next name.
                 */
-               (void) strncpy(last, terminaltype, sizeof(last));
+               (void) strncpy(last, terminaltype, sizeof(last) - 1);
+               last[sizeof(last) - 1] = '\0';
                _gettermname();
                if (terminaltypeok(terminaltype))
                    break;
@@ -615,7 +625,8 @@ getterminaltype(name)
                     */
                     _gettermname();
                    if (strncmp(first, terminaltype, sizeof(first)) != 0)
-                       (void) strncpy(terminaltype, first, sizeof(first));
+                       (void) strncpy(terminaltype, first, sizeof(terminaltype) - 1);
+                   terminaltype[sizeof(terminaltype) - 1] = '\0';
                    break;
                }
            }
@@ -635,8 +646,8 @@ _gettermname()
     if (his_state_is_wont(TELOPT_TTYPE))
        return;
     settimer(baseline);
-    memcpy(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
-    nfrontp += sizeof ttytype_sbbuf;
+    memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf));
+    nfrontp += sizeof(ttytype_sbbuf);
     while (sequenceIs(ttypesubopt, baseline))
        ttloop();
 }
@@ -922,7 +933,7 @@ telnet(f, p, host)
 
 #if    defined(SO_OOBINLINE)
        (void) setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
-                               (char *)&on, sizeof on);
+                               (char *)&on, sizeof(on));
 #endif /* defined(SO_OOBINLINE) */
 
 #ifdef SIGTSTP
@@ -989,8 +1000,10 @@ telnet(f, p, host)
                HE = getstr("he", &cp);
                HN = getstr("hn", &cp);
                IM = getstr("im", &cp);
-               if (HN && *HN)
-                       (void) strcpy(host_name, HN);
+               if (HN && *HN) {
+                       (void) strncpy(host_name, HN, sizeof(host_name) - 1);
+                       host_name[sizeof(host_name) - 1] = '\0';
+               }
                if (IM == 0)
                        IM = "";
        } else {
@@ -1426,8 +1439,10 @@ recv_ayt()
                return;
        }
 #endif
-       (void) strcpy(nfrontp, "\r\n[Yes]\r\n");
+       (void) strncpy(nfrontp, "\r\n[Yes]\r\n",
+                      sizeof(netobuf) - 1 - (nfrontp - netobuf));
        nfrontp += 9;
+       *nfrontp = '\0';
 }
 
        void
index 726746967bf76fe79f36e62cf32f89be7d629364..f103488cb82a3bd22df654a1c425017500b19ccc 100644 (file)
@@ -522,7 +522,7 @@ main(argc, argv)
            }
            (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
                                (char *)&on, sizeof(on));
-           if (bind(s, (struct sockaddr *)&sin, sizeof sin) < 0) {
+           if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
                perror("bind");
                exit(1);
            }
@@ -530,7 +530,7 @@ main(argc, argv)
                perror("listen");
                exit(1);
            }
-           foo = sizeof sin;
+           foo = sizeof(sin);
            ns = accept(s, (struct sockaddr *)&sin, &foo);
            if (ns < 0) {
                perror("accept");
@@ -781,34 +781,49 @@ getterminaltype(name)
        static unsigned char sb[] =
                        { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
 
-       memcpy(nfrontp, sb, sizeof sb);
-       nfrontp += sizeof sb;
+       if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) {
+           memcpy(nfrontp, sb, sizeof(sb));
+           nfrontp += sizeof(sb);
+           *nfrontp = '\0';
+       }
     }
     if (his_state_is_will(TELOPT_XDISPLOC)) {
        static unsigned char sb[] =
                        { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
 
-       memcpy(nfrontp, sb, sizeof sb);
-       nfrontp += sizeof sb;
+       if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) {
+           memcpy(nfrontp, sb, sizeof(sb));
+           nfrontp += sizeof(sb);
+           *nfrontp = '\0';
+       }
     }
     if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
        static unsigned char sb[] =
                        { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
 
-       memcpy(nfrontp, sb, sizeof sb);
-       nfrontp += sizeof sb;
+       if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) {
+           memcpy(nfrontp, sb, sizeof(sb));
+           nfrontp += sizeof(sb);
+           *nfrontp = '\0';
+       }
     }
     else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
        static unsigned char sb[] =
                        { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
 
-       memcpy(nfrontp, sb, sizeof sb);
-       nfrontp += sizeof sb;
+       if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) {
+           memcpy(nfrontp, sb, sizeof(sb));
+           nfrontp += sizeof(sb);
+           *nfrontp = '\0';
+       }
     }
     if (his_state_is_will(TELOPT_TTYPE)) {
 
-       memcpy(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
-       nfrontp += sizeof ttytype_sbbuf;
+       if(nfrontp - netobuf + sizeof(ttytype_sbbuf) < sizeof(netobuf)) {
+           memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf));
+           nfrontp += sizeof(ttytype_sbbuf);
+           *nfrontp = '\0';
+       }
     }
     if (his_state_is_will(TELOPT_TSPEED)) {
        while (sequenceIs(tspeedsubopt, baseline))
@@ -886,8 +901,11 @@ _gettermname()
     if (his_state_is_wont(TELOPT_TTYPE))
        return;
     settimer(baseline);
-    memcpy(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
-    nfrontp += sizeof ttytype_sbbuf;
+    if(nfrontp - netobuf + sizeof(ttytype_sbbuf)) {
+       memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf));
+       nfrontp += sizeof(ttytype_sbbuf);
+       *nfrontp = '\0';
+    }
     while (sequenceIs(ttypesubopt, baseline))
        ttloop();
 }
@@ -1009,7 +1027,7 @@ pty_init();
        setenv("TERM", *terminaltype ? terminaltype : "network", 1);
 
 #if defined (AUTHENTICATION)
-       if (user_name[0] == '\0') {
+       if (level < 0 && auth_level > 0) {
                fatal (net, "No authentication provided");
                exit (-1);
        }
@@ -1205,7 +1223,7 @@ telnet(f, p, host)
 
 #if    defined(SO_OOBINLINE)
        (void) setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
-                               (char *)&on, sizeof on);
+                               (char *)&on, sizeof(on));
 #endif /* defined(SO_OOBINLINE) */
 
 #ifdef SIGTSTP
@@ -1266,7 +1284,8 @@ telnet(f, p, host)
                HN = getstr("hn", &cp);
                IM = getstr("im", &cp);
                if (HN && *HN)
-                       (void) strcpy(host_name, HN);
+                       (void) strncpy(host_name, HN, sizeof(host_name) - 1);
+               host_name[sizeof(host_name) - 1] = '\0';
                if (IM == 0)
                        IM = "";
        } else {
@@ -1688,8 +1707,10 @@ recv_ayt()
                return;
        }
 #endif
-       (void) strcpy(nfrontp, "\r\n[Yes]\r\n");
+       (void) strncpy(nfrontp, "\r\n[Yes]\r\n",
+                      sizeof(netobuf) - 1 - (nfrontp - netobuf));
        nfrontp += 9;
+       *nfrontp = '\0';
 }
 
        void
index 2ab67bdaa0d02ea1d3f91dd33d3b065a833bf5c4..de83ed9af1badf17b11d58486392be241b980fa2 100644 (file)
@@ -1,3 +1,13 @@
+2001-02-21  Tom Yu  <tlyu@mit.edu>
+
+       * configure.in: Add checks for unsetenv and getenv.  Compile
+       setenv.o if any of setenv, unsetenv, or getenv are missing.
+
+2000-03-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * configure.in: Check for alpha*-dec-osf* instead of
+       alpha-dec-osf*.
+
 2000-02-24  Ezra Peisach  <epeisach@mit.edu>
 
        * configure.in: Test for <arpa/inet.h> include file for inet_ntop
index bd2046d2c83320a583edb169690109dfe49f90e4..5617168a31e58b9b649a2a21b649126589ef7f30 100644 (file)
@@ -3,8 +3,9 @@ CONFIG_RULES
 AC_PROG_INSTALL
 KRB5_BUILD_PROGRAM
 AC_HEADER_STDARG
-AC_CHECK_FUNCS(getusershell lstat setenv inet_ntop getipnodebyaddr)
-if test $ac_cv_func_setenv = no ; then
+AC_CHECK_FUNCS(getusershell lstat setenv unsetenv getenv inet_ntop getipnodebyaddr)
+if test $ac_cv_func_setenv = no || test $ac_cv_func_unsetenv = no \
+  || test $ac_cv_func_getenv = no; then
   SETENVOBJ=setenv.o
 else
   SETENVOBJ=
@@ -12,7 +13,7 @@ fi
 AC_SUBST(SETENVOBJ)
 AC_CHECK_HEADERS(unistd.h pwd.h arpa/inet.h)
 case $krb5_cv_host in
-alpha-dec-osf*)
+alpha*-dec-osf*)
        AC_CHECK_LIB(security,setluid,
                AC_DEFINE(HAVE_SETLUID)
                KSU_LIBS="$KSU_LIBS -lsecurity"
index 86686bbde7281d05184370e167000382419e60c9..31afc389c4445a9a7700bf628284d53fb8ab6198 100644 (file)
@@ -1,3 +1,10 @@
+2000-04-19  Danilo Almeida  <dalmeida@mit.edu>
+
+       * Makefile.in: Link in getopt library on Windows.
+
+       * klist.c: Use getopt so that we can parse combined options (e.g.,
+       -an or -45).
+
 2000-03-07  Danilo Almeida  <dalmeida@mit.edu>
 
        * klist.M: Get man page up-to-date.
index c33a4d0120c64959da631d576bd577a233df90c6..4e067eaa84ba5a65426fa752cd725e5b3b35b8c5 100644 (file)
@@ -14,7 +14,7 @@ all-mac::
 klist: klist.o $(KRB4COMPAT_DEPLIBS)
        $(CC_LINK) -o $@ klist.o $(KRB4COMPAT_LIBS)
 
-$(OUTPRE)klist.exe: $(OUTPRE)klist.obj $(KLIB) $(CLIB)
+$(OUTPRE)klist.exe: $(OUTPRE)klist.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(KLIB) $(CLIB)
        link $(EXE_LINKOPTS) -out:$@ $** wsock32.lib
 
 clean-unix::
index de435c46c38c9fe1683ca94fd4066c5c51837c41..ecf0be6692e8486f4e1809651e16b1994d42055a 100644 (file)
@@ -53,6 +53,8 @@
 #include <netdb.h>
 #endif
 
+extern int optind;
+
 int show_flags = 0, show_time = 0, status_only = 0, show_keys = 0;
 int show_etype = 0, show_addresses = 0, no_resolve = 0;
 char *defname;
@@ -130,6 +132,7 @@ main(argc, argv)
     int argc;
     char **argv;
 {
+    int c;
     char *name;
     int mode;
     int use_k5 = 0, use_k4 = 0;
@@ -141,14 +144,10 @@ main(argc, argv)
 
     progname = GET_PROGNAME(argv[0]);
 
-    argv++;
     name = NULL;
     mode = DEFAULT;
-    while (*argv) {
-       if ((*argv)[0] != '-') {
-           if (name) usage();
-           name = *argv;
-       } else switch ((*argv)[1]) {
+    while ((c = getopt(argc, argv, "fetKsnack45")) != -1) {
+       switch (c) {
        case 'f':
            show_flags = 1;
            break;
@@ -202,7 +201,6 @@ main(argc, argv)
            usage();
            break;
        }
-       argv++;
     }
 
     if (no_resolve && !show_addresses) {
@@ -217,6 +215,14 @@ main(argc, argv)
            usage();
     }
 
+    if (argc - optind > 1) {
+       fprintf(stderr, "Extra arguments (starting with \"%s\").\n",
+               argv[optind+1]);
+       usage();
+    }
+
+    name = (optind == argc-1) ? argv[optind] : 0;
+
     if (!use_k5 && !use_k4)
     {
        use_k5 = default_k5;
index f486004d2c9bb87347ac4f3f24ef71fbca8b0d99..d2c17f532d250aeba6f61e55e62572443b00442f 100644 (file)
@@ -1,3 +1,37 @@
+2001-02-21  Tom Yu  <tlyu@mit.edu>
+
+       * setenv.c: Add conditionals for compilation of setenv, unsetenv,
+       and getenv such that they only get compiled if they don't already
+       exist.
+
+2000-05-22  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in (OBJS): Put @SETENVOBJ@ on same line as xmalloc.o to
+       avoid trailing backslash on the end of the variable.
+
+2000-05-15  Ken Raeburn  <raeburn@mit.edu>
+
+       * ccache.c (krb5_ccache_copy): Modify conditionalized code block
+       slightly to make automatic indentation work better.
+
+       * main.c (main): Complain and quit if prog_name is longer than 50
+       characters.
+
+2000-04-26  Ken Raeburn  <raeburn@mit.edu>
+           Nalin Dahyabhai  <nalin@redhat.com>
+
+       * main.c (DEBUG): Don't define.
+       (usage): Remove -C option from description.
+       (sweep_up): Deleted second argument; all callers changed.
+       (main): Support -D option only if DEBUG is defined.  Initialize
+       ruid on entry.  Set effective uid to ruid before processing
+       argument list.  Removed -C option from -z/-Z conflict messages.
+       Report errors trying to stat source ccache using com_err.  Verify
+       that getpwuid's returned data for source user has correct uid.
+       Eliminate use_source_cache variable.
+
+       * ksu.M: Updates for removal of -C option.
+
 2000-01-27  Ken Raeburn  <raeburn@mit.edu>
 
        * main.c (print_status): Now static.  Add format attribute if
index c96de375e883d4a3377b1a97e3328fc24296df1b..915d4b29a1d90269940d05bac55d23bd5ae484b9 100644 (file)
@@ -23,8 +23,7 @@ OBJS = \
        authorization.o \
        main.o \
        heuristic.o \
-       xmalloc.o \
-       @SETENVOBJ@
+       xmalloc.o @SETENVOBJ@
 
 all:: ksu
 
index be77456f5a8f57837751ca6eaa2cc281e76c1988..97a208422e96ce77a6145966bd482be59221e969 100644 (file)
@@ -75,7 +75,6 @@ struct stat st_temp;
     cc_def_name = krb5_cc_get_name(context, cc_def);    
     cc_other_name = krb5_cc_get_name(context, *cc_other);    
 
-
     if ( ! stat(cc_def_name, &st_temp)){
        if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
                return retval;
@@ -86,12 +85,11 @@ struct stat st_temp;
                                           primary_principal);
 
 #ifdef HAVE_LSTAT
-    if (!lstat( cc_other_name, &st_temp)) {
+    if (!lstat( cc_other_name, &st_temp))
 #else /*HAVE_LSTAT*/
-    if (!stat( cc_other_name, &st_temp)) {
+    if (!stat( cc_other_name, &st_temp))
 #endif
       return EINVAL;
-    }
     
       if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
        return errno;
index 2eea2a094094e0e81761c73d29c669120eba7a10..325d2e8ca4f246aa8970c15f41918c9f83f27568 100644 (file)
@@ -37,9 +37,6 @@ ksu \- Kerberized super-user
 .B \-c
 .I source_cache_name
 ] [
-.B \-C
-.I target_cache_name
-] [
 .B \-k
 ] [
 .B \-D
@@ -169,10 +166,8 @@ The real and effective user ID are changed to that of the
 target user.  The target user's shell is then invoked
 (the shell name is specified in the password file).
 Upon termination of the shell, ksu deletes the target cache (unless
-ksu is invoked with
-.B \-k
- or '
-.B \-C .' options).
+ksu is invoked with the
+.B \-k option).
 This is implemented by first doing a fork and then an exec, instead
 of just exec, as done by su.
 .br
@@ -287,19 +282,7 @@ option is not used then the
 name is obtained from KRB5CCNAME environment variable.
 If KRB5CCNAME is not defined the source cache name
 is set to krb5cc_<source uid>.
-.TP 10
-\fB\-C \fItarget_cache_name
-Specify the target cache name (e.g.
-.B \-C
-FILE:/tmp/target_cache).
-If '.' is specified (e.g. ksu
-\-C .) ksu uses the source
-cache and does not create a new target cache. Note:
-this case requires both source and target user
-to have read and write permissions for the source cache.
-If
-.B \-C
-option is not used, the default target cache name is
+The target cache name is automatically
 set to krb5cc_<target uid>.(gen_sym()),
 where gen_sym generates a new number such that
 the resulting cache does not already exist.
@@ -313,8 +296,7 @@ target shell or a command (
 command).
 Without
 .B \-k,
-ksu deletes the target cache
-(unless ksu was invoked with '-C .' option).
+ksu deletes the target cache.
 .TP 10
 \fB\-D
 turn on debug mode.
@@ -359,7 +341,7 @@ if you want the tickets for other then the default
 principal. Note that the
 .B \-z 
 option is mutually
-exclusive with '-C .' and -Z options.
+exclusive with the -Z option.
 .TP 10
 \fB\-Z
 Don't copy any tickets from the source cache to the
@@ -368,7 +350,7 @@ where the default principal name of the cache is
 initialized to the target principal name.  Note that
 .B \-Z
 option is mutually
-exclusive with '-C .' and -z options.
+exclusive with the -z option.
 .TP 10
 \fB\-q
 suppress the printing of status messages.
index 77a499690867a60bc83feeda1fccf73e764d093e..58d30313db154f83519ffbd916ad13f86c21833c 100644 (file)
@@ -42,7 +42,7 @@ int quiet = 0;
 
 #define _DEF_CSH "/bin/csh" 
 static int set_env_var PROTOTYPE((char *, char *));
-static void sweep_up PROTOTYPE((krb5_context, int, krb5_ccache));
+static void sweep_up PROTOTYPE((krb5_context, krb5_ccache));
 static char * ontty PROTOTYPE((void));
 #ifdef HAVE_STDARG_H
 static void print_status( const char *fmt, ...)
@@ -61,7 +61,6 @@ char * get_dir_of_file();
 
 void usage (){
        fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
-
 }
 
 /* for Ultrix and friends ... */
@@ -69,8 +68,6 @@ void usage (){
 #define MAXHOSTNAMELEN 64
 #endif
 
-#define DEBUG
-
 /* These are file static so sweep_up can get to them*/
 static uid_t source_uid, target_uid;
 
@@ -86,7 +83,6 @@ char *localhostname = NULL;
 opt_info options;
 int option=0;
 int statusp=0;
-int use_source_cache = 0; 
 krb5_error_code retval = 0; 
 krb5_principal client = NULL;
 krb5_ccache cc_target = NULL;
@@ -106,7 +102,7 @@ krb5_boolean auth_val;
 krb5_boolean authorization_val = FALSE; 
 int path_passwd = 0;
 int done =0,i,j;
-uid_t ruid;
+uid_t ruid = getuid ();
 struct passwd *pwd=NULL,  *target_pwd ;
 char * shell;
 char ** params;
@@ -142,6 +138,11 @@ char * dir_of_cc_source;
     if (strrchr(argv[0], '/'))
        argv[0] = strrchr(argv[0], '/')+1;
     prog_name = argv[0];
+    if (strlen (prog_name) > 50) {
+       /* this many chars *after* last / ?? */
+       com_err(prog_name, 0, "program name too long - quitting to avoid triggering system logging bugs");
+       exit (1);
+    }
 
 
 #ifndef LOG_NDELAY
@@ -176,7 +177,10 @@ char * dir_of_cc_source;
                 }
         }
 
-
+    if (krb5_seteuid (ruid)) {
+       com_err (prog_name, errno, "while setting euid to source user");
+       exit (1);
+    }
     while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){
        switch (option) {
        case 'r':
@@ -232,22 +236,24 @@ char * dir_of_cc_source;
            options.princ = 1;
                
            break;
+#ifdef DEBUG
        case 'D':
            auth_debug = 1;     
-           break;      
+           break;
+#endif
        case 'z':
            some_rest_copy = 1; 
-           if(all_rest_copy || use_source_cache){      
+           if(all_rest_copy) {         
                fprintf(stderr, 
-                       "-z option is mutually exclusive with -Z and -C .\n"); 
+                       "-z option is mutually exclusive with -Z.\n"); 
                errflg++;
            }   
            break;      
        case 'Z':
            all_rest_copy = 1;  
-           if(some_rest_copy || use_source_cache){     
+           if(some_rest_copy) {        
                fprintf(stderr, 
-                       "-Z option is mutually exclusive with -z and -C .\n"); 
+                       "-Z option is mutually exclusive with -z.\n"); 
                errflg++;
            }   
            break;      
@@ -258,10 +264,10 @@ char * dir_of_cc_source;
                        cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
 
                        if( stat( cc_source_tag_tmp, &st_temp)){
-                               fprintf(stderr,"File %s does not exist\n",
-                                       cc_source_tag_tmp);     
-                               errflg++;
-
+                           com_err (prog_name, errno,
+                                    "while looking for credentials file %s",
+                                    cc_source_tag_tmp);
+                           exit (1);
                        }
                }
                else { 
@@ -313,10 +319,9 @@ char * dir_of_cc_source;
     }  
 
        /***********************************/
-       ruid = getuid();
        source_user = getlogin(); /*checks for the the login name in /etc/utmp*/
 
-       /* verify that that the user exists and get his passwd structure */      
+       /* verify that that the user exists and get his passwd structure */
 
        if (source_user == NULL ||(pwd = getpwnam(source_user)) == NULL ||
            pwd->pw_uid != ruid){
@@ -327,6 +332,12 @@ char * dir_of_cc_source;
                fprintf(stderr, "ksu: who are you?\n");
                exit(1);
        }
+       if (pwd->pw_uid != ruid) {
+           fprintf (stderr, "Your uid doesn't match your passwd entry?!\n");
+           exit (1);
+       }
+       /* Okay, now we have *some* passwd entry that matches the
+          current real uid.  */
 
        /* allocate space and copy the usernamane there */        
        source_user = xstrdup(pwd->pw_name);
@@ -357,23 +368,17 @@ char * dir_of_cc_source;
                else
                        cc_source_tag_tmp++;
        }
-       if (krb5_seteuid(source_uid)) {
-         com_err ( prog_name, errno, "while setting euid to source user");
-         exit(1);
-       }
-       
+
        /* get a handle for the cache */      
        if ((retval = krb5_cc_resolve(ksu_context, cc_source_tag, &cc_source))){
                com_err(prog_name, retval,"while getting source cache");    
                exit(1);
        }
 
-       if(!use_source_cache) {
-         if (((retval = krb5_cc_set_flags(ksu_context,  cc_source, 0x0)) != 0)
-             && (retval != KRB5_FCC_NOFILE)) {
+       if (((retval = krb5_cc_set_flags(ksu_context,  cc_source, 0x0)) != 0)
+           && (retval != KRB5_FCC_NOFILE)) {
            com_err(prog_name, retval, "while opening ccache");
            exit(1);
-         }
        }
        if ((retval = get_best_princ_for_target(ksu_context, source_uid,
                        target_uid, source_user, target_user, cc_source, 
@@ -409,29 +414,6 @@ char * dir_of_cc_source;
                exit(1);
        }
 
-       if (stat(cc_source_tag_tmp, &st_temp)){ 
-               if (use_source_cache){
-
-                       dir_of_cc_source = get_dir_of_file(cc_source_tag_tmp); 
-
-
-                       if (access(dir_of_cc_source, R_OK | W_OK )){
-                               fprintf(stderr,
-                               "%s does not have correct permissions for %s\n",
-                                                   source_user, cc_source_tag);
-                               exit(1);        
-                       }
-
-                       if ((retval = krb5_cc_initialize(ksu_context, cc_source, 
-                                                        client))){  
-                               com_err(prog_name, retval,
-                                       "while initializing source cache");    
-                               exit(1);
-                       }
-               }
-       }
-
-
        if (cc_target_tag == NULL) {
 
                cc_target_tag = (char *)xcalloc(KRB5_SEC_BUFFSIZE ,sizeof(char));
@@ -450,8 +432,7 @@ char * dir_of_cc_source;
        }
 
 
-       dir_of_cc_target = get_dir_of_file( use_source_cache ?
-                                        cc_source_tag_tmp: cc_target_tag_tmp);
+       dir_of_cc_target = get_dir_of_file(cc_target_tag_tmp);
 
        if (access(dir_of_cc_target, R_OK | W_OK )){
            fprintf(stderr,
@@ -475,48 +456,33 @@ char * dir_of_cc_source;
           The cache is owned by the target user.*/
        
        
-       if (! use_source_cache){
-                       
-               /* if root ksu's to a regular user, then      
-                  then only the credentials for that particular user 
-                  should be copied */            
+       /* if root ksu's to a regular user, then      
+          then only the credentials for that particular user 
+          should be copied */            
 
-               if ((source_uid == 0) && (target_uid != 0)) {
+       if ((source_uid == 0) && (target_uid != 0)) {
 
-                       if ((retval = krb5_ccache_copy_restricted(ksu_context,  cc_source,
-                               cc_target_tag, client, &cc_target, &stored, target_uid))){
-                               com_err (prog_name, retval, 
-                                    "while copying cache %s to %s",
-                                    krb5_cc_get_name(ksu_context, cc_source),cc_target_tag);
-                               exit(1);
-                       }
-
-               } else{
-                       if ((retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag,
-                                            client,&cc_target, &stored, target_uid))){
-                               com_err (prog_name, retval, 
-                                       "while copying cache %s to %s",
-                                       krb5_cc_get_name(ksu_context, cc_source),
-                                       cc_target_tag);
-                               exit(1);
-                       }
-                       
-               }
-
-       }
-       else{
-               cc_target = cc_source;
-               cc_target_tag = (char *) cc_source_tag;
-               cc_target_tag_tmp = (char *) cc_source_tag_tmp;
-
-               if ((retval=krb5_find_princ_in_cache(ksu_context, cc_target,client, &stored))){
-                               com_err (prog_name, retval, 
-                               "while searching for client in source ccache");
-                               exit(1);
-               }
+           if ((retval = krb5_ccache_copy_restricted(ksu_context,  cc_source,
+                                                     cc_target_tag, client, &cc_target, &stored, target_uid))){
+               com_err (prog_name, retval, 
+                        "while copying cache %s to %s",
+                        krb5_cc_get_name(ksu_context, cc_source),cc_target_tag);
+               exit(1);
+           }
 
+       } else {
+           if ((retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag,
+                                          client,&cc_target, &stored, target_uid))) {
+               com_err (prog_name, retval, 
+                        "while copying cache %s to %s",
+                        krb5_cc_get_name(ksu_context, cc_source),
+                        cc_target_tag);
+               exit(1);
+           }
+           
        }
-               /* Become root for authentication*/
+       
+       /* Become root for authentication*/
 
        if (krb5_seteuid(0)) {
        com_err(prog_name, errno, "while reclaiming root uid");
@@ -532,7 +498,7 @@ char * dir_of_cc_source;
                                                          &kdc_server))){
                                        com_err(prog_name, retval,
                                              "while creating tgt for local realm");
-                                             sweep_up(ksu_context, use_source_cache, cc_target);
+                                             sweep_up(ksu_context, cc_target);
                                        exit(1);
                                }
 
@@ -544,8 +510,7 @@ char * dir_of_cc_source;
 
                                        if (zero_password == FALSE){  
                                                fprintf(stderr,"Goodbye\n");
-                                               sweep_up(ksu_context, use_source_cache,
-                                                        cc_target);
+                                               sweep_up(ksu_context, cc_target);
                                                exit(1);
                                        }
 
@@ -574,7 +539,7 @@ char * dir_of_cc_source;
                         syslog(LOG_WARNING,
                                "'%s %s' authentication failed for %s%s",
                                prog_name,target_user,source_user,ontty());
-                       sweep_up(ksu_context, use_source_cache, cc_target);
+                       sweep_up(ksu_context, cc_target);
                        exit(1);
                }
 
@@ -585,7 +550,7 @@ char * dir_of_cc_source;
                   to properly handle races in chown if this code is ever re-enabled.
                   */
                /* cache the tickets if possible in the source cache */ 
-               if (!path_passwd && !use_source_cache){         
+               if (!path_passwd){      
 
                        if ((retval = krb5_ccache_overwrite(ksu_context, cc_target, cc_source,
                                      client))){
@@ -593,7 +558,7 @@ char * dir_of_cc_source;
                                        "while copying cache %s to %s",
                                        krb5_cc_get_name(ksu_context, cc_target),
                                        krb5_cc_get_name(ksu_context, cc_source));
-                               sweep_up(ksu_context, use_source_cache, cc_target);
+                               sweep_up(ksu_context, cc_target);
                                exit(1);
                        }
                        if (chown(cc_source_tag_tmp, source_uid, source_gid)){  
@@ -607,7 +572,7 @@ char * dir_of_cc_source;
 
                if ((retval = krb5_unparse_name(ksu_context, client, &client_name))) {
                                 com_err (prog_name, retval, "When unparsing name");
-                        sweep_up(ksu_context, use_source_cache, cc_target);
+                        sweep_up(ksu_context, cc_target);
                         exit(1);
                }     
                
@@ -619,7 +584,7 @@ char * dir_of_cc_source;
                /* Run authorization as target.*/
                if (krb5_seteuid(target_uid)) {
                  com_err(prog_name, errno, "while switching to target for authorization check");
-                   sweep_up(ksu_context, use_source_cache, cc_target);
+                   sweep_up(ksu_context, cc_target);
                  exit(1);
                }
                
@@ -627,13 +592,13 @@ char * dir_of_cc_source;
                         cmd, &authorization_val, &exec_cmd))){
                               com_err(prog_name,retval,"while checking authorization");
 krb5_seteuid(0); /*So we have some chance of sweeping up*/
-                      sweep_up(ksu_context, use_source_cache, cc_target);
+                      sweep_up(ksu_context, cc_target);
                       exit(1);
                }
 
                if (krb5_seteuid(0)) {
                  com_err(prog_name, errno, "while switching back from  target after authorization check");
-                   sweep_up(ksu_context, use_source_cache, cc_target);
+                   sweep_up(ksu_context, cc_target);
                  exit(1);
                }
                if (authorization_val == TRUE){
@@ -678,7 +643,7 @@ krb5_seteuid(0); /*So we have some chance of sweeping up*/
 
                    }
 
-                   sweep_up(ksu_context, use_source_cache, cc_target);
+                   sweep_up(ksu_context, cc_target);
                    exit(1);
                }
        }
@@ -686,7 +651,7 @@ krb5_seteuid(0); /*So we have some chance of sweeping up*/
        if( some_rest_copy){ 
                if ((retval = krb5_ccache_filter(ksu_context, cc_target, client))){     
                               com_err(prog_name,retval,"while calling cc_filter");
-                      sweep_up(ksu_context, use_source_cache, cc_target);
+                      sweep_up(ksu_context, cc_target);
                       exit(1);
                }
        }
@@ -715,7 +680,7 @@ krb5_seteuid(0); /*So we have some chance of sweeping up*/
 
        if (!standard_shell(target_pwd->pw_shell) && source_uid) {
               fprintf(stderr, "ksu: permission denied (shell).\n");
-              sweep_up(ksu_context, use_source_cache, cc_target);
+              sweep_up(ksu_context, cc_target);
               exit(1);
        }
 #endif /* HAVE_GETUSERSHELL */
@@ -724,20 +689,20 @@ krb5_seteuid(0); /*So we have some chance of sweeping up*/
        
              if(set_env_var("USER", target_pwd->pw_name)){
                fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-               sweep_up(ksu_context, use_source_cache, cc_target);
+               sweep_up(ksu_context, cc_target);
                exit(1);
              }                         
        }       
 
       if(set_env_var( "HOME", target_pwd->pw_dir)){
                fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-               sweep_up(ksu_context, use_source_cache, cc_target);
+               sweep_up(ksu_context, cc_target);
                exit(1);
       }                        
 
       if(set_env_var( "SHELL", shell)){
                fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-               sweep_up(ksu_context, use_source_cache, cc_target);
+               sweep_up(ksu_context, cc_target);
                exit(1);
       }                        
 
@@ -746,26 +711,21 @@ krb5_seteuid(0); /*So we have some chance of sweeping up*/
       if(set_env_var( KRB5_ENV_CCNAME, cc_target_tag)){
                fprintf(stderr,"ksu: couldn't set environment variable %s\n",
                        KRB5_ENV_CCNAME);
-               sweep_up(ksu_context, use_source_cache, cc_target);
+               sweep_up(ksu_context, cc_target);
                exit(1);
       }                        
 
-
-       if (!use_source_cache){ 
-
-       }
-       
        /* set permissions */
         if (setgid(target_pwd->pw_gid) < 0) {
                   perror("ksu: setgid");
-                  sweep_up(ksu_context, use_source_cache, cc_target);
+                  sweep_up(ksu_context, cc_target);
                   exit(1);
           }
 
 
        if (initgroups(target_user, target_pwd->pw_gid)) {
                fprintf(stderr, "ksu: initgroups failed.\n");
-               sweep_up(ksu_context, use_source_cache, cc_target);
+               sweep_up(ksu_context, cc_target);
                exit(1);
        }
 
@@ -785,14 +745,14 @@ krb5_seteuid(0); /*So we have some chance of sweeping up*/
         */
        if (setluid((uid_t) pwd->pw_uid) < 0) {
                perror("setluid");
-               sweep_up(ksu_context, use_source_cache, cc_target);
+               sweep_up(ksu_context, cc_target);
                exit(1);
        }
 #endif /* HAVE_SETLUID */
 
        if (setuid(target_pwd->pw_uid) < 0) {
                   perror("ksu: setuid");
-                  sweep_up(ksu_context, use_source_cache, cc_target);
+                  sweep_up(ksu_context, cc_target);
                   exit(1);
        }   
 
@@ -827,11 +787,11 @@ krb5_seteuid(0); /*So we have some chance of sweeping up*/
                 fprintf(stderr, "program to be execed %s\n",params[0]);
        }
 
-       if( keep_target_cache || use_source_cache ) {
+       if( keep_target_cache ) {
                 execv(params[0], params);
                 com_err(prog_name, errno, "while trying to execv %s",
                         params[0]);
-                sweep_up(ksu_context, use_source_cache, cc_target);
+                sweep_up(ksu_context, cc_target);
                 exit(1);
     }else{
        statusp = 1;
@@ -858,11 +818,11 @@ krb5_seteuid(0); /*So we have some chance of sweeping up*/
            if (ret_pid == -1) {
                com_err(prog_name, errno, "while calling waitpid");
            }
-           sweep_up(ksu_context, use_source_cache, cc_target);
+           sweep_up(ksu_context, cc_target);
            exit (statusp);
        case -1:
            com_err(prog_name, errno, "while trying to fork.");
-           sweep_up(ksu_context, use_source_cache, cc_target);
+           sweep_up(ksu_context, cc_target);
            exit (1);
        case 0:
            execv(params[0], params);
@@ -920,27 +880,24 @@ char * env_var_buf;
 
 }
 
-static void sweep_up(context, use_source_cache, cc)
+static void sweep_up(context, cc)
     krb5_context context;
-    int use_source_cache;
     krb5_ccache cc;
 {
-krb5_error_code retval; 
-char * cc_name;
-struct stat  st_temp;
+    krb5_error_code retval; 
+    char * cc_name;
+    struct stat  st_temp;
 
-krb5_seteuid(0);
-krb5_seteuid(target_uid);
+    krb5_seteuid(0);
+    krb5_seteuid(target_uid);
 
-if (! use_source_cache){
-               cc_name = krb5_cc_get_name(context, cc);
-               if ( ! stat(cc_name, &st_temp)){
-                       if ((retval = krb5_cc_destroy(context, cc))){
-                               com_err(prog_name, retval, 
-                                       "while destroying cache");   
-                       }
-               }
+    cc_name = krb5_cc_get_name(context, cc);
+    if ( ! stat(cc_name, &st_temp)){
+       if ((retval = krb5_cc_destroy(context, cc))){
+           com_err(prog_name, retval, 
+                   "while destroying cache");   
        }
+    }
 }
 /*****************************************************************
 get_params is to be called for the -a option or -e option to
index 96d4a1e9e640a69281776c596d2e827da5b31dbe..2633a9d11589fd14e7e598c15128c700c573db3f 100644 (file)
@@ -25,6 +25,7 @@
  *     Set the value of the environmental variable "name" to be
  *     "value".  If rewrite is set, replace any current value.
  */
+#ifndef HAVE_SETENV
 setenv(name, value, rewrite)
        register char *name, *value;
        int rewrite;
@@ -77,11 +78,13 @@ setenv(name, value, rewrite)
        for (*C++ = '='; *C++ = *value++;);
        return(0);
 }
+#endif
 
 /*
  * unsetenv(name) --
  *     Delete environmental variable "name".
  */
+#ifndef HAVE_UNSETENV
 void
 unsetenv(name)
        char    *name;
@@ -96,6 +99,7 @@ unsetenv(name)
                        if (!(*P = *(P + 1)))
                                break;
 }
+#endif
 /*
  * Copyright (c) 1987 Regents of the University of California.
  * All rights reserved.
@@ -119,6 +123,7 @@ unsetenv(name)
  * getenv --
  *     Returns ptr to value associated with name, if any, else NULL.
  */
+#ifndef HAVE_GETENV
 char *
 getenv(name)
        char *name;
@@ -128,6 +133,7 @@ getenv(name)
 
        return(_findenv(name, &offset));
 }
+#endif
 
 /*
  * _findenv --
@@ -136,9 +142,8 @@ getenv(name)
  *     environmental array, for use by setenv(3) and unsetenv(3).
  *     Explicitly removes '=' in argument name.
  *
- *     This routine *should* be a static; don't use it.
  */
-char *
+static char *
 _findenv(name, offset)
        register char *name;
        int *offset;
index 198614da49f1aca4aa8d3dd0c52a32c6e04a70c1..ef471290532ada402d66390dcfa7d0f9c2f90856 100644 (file)
@@ -1,3 +1,13 @@
+2001-01-30  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb5.conf.M: Update description of safe_checksum_type for recent
+       changes.
+
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb5.conf.M: Added description of v4_realm from Booker
+       C. Bense.
+
 2000-01-21  Ken Raeburn  <raeburn@mit.edu>
 
        * krb5.conf: Put primary KDC for Cygnus first.  Add GNU.ORG
index 143601e7a11679d2c97ca7f676d83535daf14877..3ca1a6adee7f33eca190987b2023c4770c7b66a3 100644 (file)
@@ -136,15 +136,18 @@ earlier.
 This allows you to set the checksum type used in the authenticator of
 KRB_AP_REQ messages.  The default value for this type is
 CKSUMTYPE_RSA_MD5.  For compatibility with applications linked against
-DCE Kerberos libraries, use a value of 2 to use the CKSUMTYPE_RSA_MD4
-instead. This applies to DCE 1.1 and earlier.
+DCE version 1.1 or earlier Kerberos libraries, use a value of 2 to use
+the CKSUMTYPE_RSA_MD4
+instead.
 
 .IP safe_checksum_type 
-This allows you to set the keyed-checksum type used in KRB_SAFE
+This allows you to set the preferred keyed-checksum type for use in KRB_SAFE
 messages.  The default value for this type is CKSUMTYPE_RSA_MD5_DES.
-For compatibility with applications linked against DCE Kerberos
+For compatibility with applications linked against DCE version 1.1 or
+earlier Kerberos
 libraries, use a value of 3 to use the CKSUMTYPE_RSA_MD4_DES
-instead. This applies to DCE 1.1 and earlier.
+instead.  This field is ignored when its value is incompatible with
+the session key type.
 
 .IP ccache_type
 User this parameter on systems which are DCE clients, to specify the
@@ -179,6 +182,7 @@ subsection define the properties of that particular realm.  For example:
                        mit = mit.edu
                        lithium = lithium.lcs.mit.edu
                }
+               v4_realm = LCS.MIT.EDU
        }
 .in -1i
 .fi
@@ -208,6 +212,13 @@ default_domain mapping rule.  It contains V4 instances (the tag name)
 which should be translated to some specific hostname (the tag value) as
 the second component in a Kerberos V5 principal name.
 
+.IP v4_realm
+This relation is used by the krb524 library routines when converting 
+a V5 principal name to a V4 principal name. It is used when V4 realm
+name and the V5 realm are not the same, but still share the same 
+principal names and passwords. The tag value is the Kerberos V4 realm 
+name. 
+
 .SH DOMAIN_REALM SECTION
 
 The [domain_realm] section provides a translation from a hostname to the
@@ -397,8 +408,6 @@ would look like this:
                NERSC.GOV = ANL.GOV
                NERSC.GOV = ES.NET
        }
-       
-       }
 .in -1i
 .fi
 .sp
index 97bce15ad1dfdf39cba49cfec5c8035f0a7edffe..c9c48b2f2ff777d543df5076d587e8d5b0527499 100644 (file)
@@ -1,3 +1,19 @@
+2000-06-21  Danilo Almeida  <dalmeida@mit.edu>
+
+       * win-pre.in: Fix up DNS build flags to correspond to new DNS
+       build flags.  Add support for not using wshelper.
+
+2000-06-08  Tom Yu  <tlyu@mit.edu>
+
+       * config.guess: Update to 2000-05-30 from FSF.
+
+       * config.sub: Update to 2000-05-30 from FSF.
+
+2000-05-03  Tom Yu  <tlyu@mit.edu>
+
+       * libobj.in, pre.in: Put $(LOCALINCLUDES) after $(CPPFLAGS) since
+       $(CPPFLAGS) should have its includes show up first.
+
 2000-03-01  Tom Yu  <tlyu@mit.edu>
 
        * pre.in (INSTALL_SHLIB): New variable.
index 98fea7b84bf43ec0005569c26068e960e3f3d70d..b4faaedca09e18d70bd66fdf2bed48bc798b91f7 100644 (file)
@@ -1,7 +1,10 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright (C) 1992, 93, 94, 95, 96, 97, 1998 Free Software Foundation, Inc.
-#
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
+#   Free Software Foundation, Inc.
+
+version='2000-05-30'
+
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
@@ -22,7 +25,7 @@
 # the same distribution terms that you use for the rest of that program.
 
 # Written by Per Bothner <bothner@cygnus.com>.
-# The master version of this file is at the FSF in /home/gd/gnu/lib.
+# Please send patches to <config-patches@gnu.org>.
 #
 # This script attempts to guess a canonical system name similar to
 # config.sub.  If it succeeds, it prints the system name on stdout, and
 # (but try to keep the structure clean).
 #
 
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of this system.
+
+Operation modes:
+  -h, --help               print this help, then exit
+  -V, --version            print version number, then exit"
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case "$1" in
+    --version | --vers* | -V )
+       echo "$version" ; exit 0 ;;
+    --help | --h* | -h )
+       echo "$usage"; exit 0 ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )        # Use stdin as input.
+       break ;;
+    -* )
+       exec >&2
+       echo "$me: invalid option $1"
+       echo "$help"
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+# Use $HOST_CC if defined. $CC may point to a cross-compiler
+if test x"$CC_FOR_BUILD" = x; then
+  if test x"$HOST_CC" != x; then
+    CC_FOR_BUILD="$HOST_CC"
+  else
+    if test x"$CC" != x; then
+      CC_FOR_BUILD="$CC"
+    else
+      CC_FOR_BUILD=cc
+    fi
+  fi
+fi
+
+
 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
 # (ghazi@noc.rutgers.edu 8/24/94.)
 if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
@@ -46,11 +103,49 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
 UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
 UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
 
-trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15
+dummy=dummy-$$
+trap 'rm -f $dummy.c $dummy.o $dummy; exit 1' 1 2 15
 
 # Note: order is significant - the case branches are not exclusive.
 
 case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+       # Netbsd (nbsd) targets should (where applicable) match one or
+       # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+       # *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+       # switched to ELF, *-*-netbsd* would select the old
+       # object file format.  This provides both forward
+       # compatibility and a consistent mechanism for selecting the
+       # object file format.
+       # Determine the machine/vendor (is the vendor relevant).
+       case "${UNAME_MACHINE}" in
+           amiga) machine=m68k-cbm ;;
+           arm32) machine=arm-unknown ;;
+           atari*) machine=m68k-atari ;;
+           sun3*) machine=m68k-sun ;;
+           mac68k) machine=m68k-apple ;;
+           macppc) machine=powerpc-apple ;;
+           hp3[0-9][05]) machine=m68k-hp ;;
+           ibmrt|romp-ibm) machine=romp-ibm ;;
+           *) machine=${UNAME_MACHINE}-unknown ;;
+       esac
+       # The Operating System including object format.
+       if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+               | grep __ELF__ >/dev/null
+       then
+           # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+           # Return netbsd for either.  FIX?
+           os=netbsd
+       else
+           os=netbsdelf
+       fi
+       # The OS release
+       release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+       # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+       # contains redundant information, the shorter form:
+       # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+       echo "${machine}-${os}${release}"
+       exit 0 ;;
     alpha:OSF1:*:*)
        if test $UNAME_RELEASE = "V4.0"; then
                UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
@@ -59,46 +154,62 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
        # A Tn.n version is a released field test version.
        # A Xn.n version is an unreleased experimental baselevel.
        # 1.2 uses "1.2" for uname -r.
-       cat <<EOF >dummy.s
+       cat <<EOF >$dummy.s
+       .data
+\$Lformat:
+       .byte 37,100,45,37,120,10,0     # "%d-%x\n"
+
+       .text
        .globl main
+       .align 4
        .ent main
 main:
-       .frame \$30,0,\$26,0
-       .prologue 0
-       .long 0x47e03d80 # implver $0
-       lda \$2,259
-       .long 0x47e20c21 # amask $2,$1
-       srl \$1,8,\$2
-       sll \$2,2,\$2
-       sll \$0,3,\$0
-       addl \$1,\$0,\$0
-       addl \$2,\$0,\$0
-       ret \$31,(\$26),1
+       .frame \$30,16,\$26,0
+       ldgp \$29,0(\$27)
+       .prologue 1
+       .long 0x47e03d80 # implver \$0
+       lda \$2,-1
+       .long 0x47e20c21 # amask \$2,\$1
+       lda \$16,\$Lformat
+       mov \$0,\$17
+       not \$1,\$18
+       jsr \$26,printf
+       ldgp \$29,0(\$26)
+       mov 0,\$16
+       jsr \$26,exit
        .end main
 EOF
-       ${CC-cc} dummy.s -o dummy 2>/dev/null
+       $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
        if test "$?" = 0 ; then
-               ./dummy
-               case "$?" in
-                       7)
+               case `./$dummy` in
+                       0-0)
                                UNAME_MACHINE="alpha"
                                ;;
-                       15)
+                       1-0)
                                UNAME_MACHINE="alphaev5"
                                ;;
-                       14)
+                       1-1)
                                UNAME_MACHINE="alphaev56"
                                ;;
-                       10)
+                       1-101)
                                UNAME_MACHINE="alphapca56"
                                ;;
-                       16)
+                       2-303)
                                UNAME_MACHINE="alphaev6"
                                ;;
+                       2-307)
+                               UNAME_MACHINE="alphaev67"
+                               ;;
                esac
        fi
-       rm -f dummy.s dummy
-       echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr [[A-Z]] [[a-z]]`
+       rm -f $dummy.s $dummy
+       echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+       exit 0 ;;
+    Alpha\ *:Windows_NT*:*)
+       # How do we know it's Interix rather than the generic POSIX subsystem?
+       # Should we change UNAME_MACHINE based on the output of uname instead
+       # of the specific Alpha model?
+       echo alpha-pc-interix
        exit 0 ;;
     21064:Windows_NT:50:3)
        echo alpha-dec-winnt3.5
@@ -106,9 +217,6 @@ EOF
     Amiga*:UNIX_System_V:4.0:*)
        echo m68k-cbm-sysv4
        exit 0;;
-    amiga:NetBSD:*:*)
-      echo m68k-cbm-netbsd${UNAME_RELEASE}
-      exit 0 ;;
     amiga:OpenBSD:*:*)
        echo m68k-unknown-openbsd${UNAME_RELEASE}
        exit 0 ;;
@@ -133,16 +241,16 @@ EOF
     wgrisc:OpenBSD:*:*)
        echo mipsel-unknown-openbsd${UNAME_RELEASE}
        exit 0 ;;
+    *:OS/390:*:*)
+       echo i370-ibm-openedition
+       exit 0 ;;
     arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
        echo arm-acorn-riscix${UNAME_RELEASE}
        exit 0;;
-    arm32:NetBSD:*:*)
-       echo arm-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
-       exit 0 ;;
     SR2?01:HI-UX/MPP:*:*)
        echo hppa1.1-hitachi-hiuxmpp
        exit 0;;
-    Pyramid*:OSx*:*:*|MIS*:OSx*:*:*|MIS*:SMP_DC-OSx*:*:*)
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
        # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
        if test "`(/bin/universe) 2>/dev/null`" = att ; then
                echo pyramid-pyramid-sysv3
@@ -150,7 +258,7 @@ EOF
                echo pyramid-pyramid-bsd
        fi
        exit 0 ;;
-    NILE:*:*:dcosx)
+    NILE*:*:*:dcosx)
        echo pyramid-pyramid-svr4
        exit 0 ;;
     sun4H:SunOS:5.*:*)
@@ -195,21 +303,38 @@ EOF
     aushp:SunOS:*:*)
        echo sparc-auspex-sunos${UNAME_RELEASE}
        exit 0 ;;
-    atari*:NetBSD:*:*)
-       echo m68k-atari-netbsd${UNAME_RELEASE}
-       exit 0 ;;
     atari*:OpenBSD:*:*)
        echo m68k-unknown-openbsd${UNAME_RELEASE}
        exit 0 ;;
-    sun3*:NetBSD:*:*)
-       echo m68k-sun-netbsd${UNAME_RELEASE}
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+       exit 0 ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+       echo m68k-atari-mint${UNAME_RELEASE}
+        exit 0 ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
        exit 0 ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit 0 ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit 0 ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit 0 ;;
     sun3*:OpenBSD:*:*)
        echo m68k-unknown-openbsd${UNAME_RELEASE}
        exit 0 ;;
-    mac68k:NetBSD:*:*)
-       echo m68k-apple-netbsd${UNAME_RELEASE}
-       exit 0 ;;
     mac68k:OpenBSD:*:*)
        echo m68k-unknown-openbsd${UNAME_RELEASE}
        exit 0 ;;
@@ -222,9 +347,6 @@ EOF
     powerpc:machten:*:*)
        echo powerpc-apple-machten${UNAME_RELEASE}
        exit 0 ;;
-    macppc:NetBSD:*:*)
-        echo powerpc-apple-netbsd${UNAME_RELEASE}
-        exit 0 ;;
     RISC*:Mach:*:*)
        echo mips-dec-mach_bsd4.3
        exit 0 ;;
@@ -234,12 +356,17 @@ EOF
     VAX*:ULTRIX*:*:*)
        echo vax-dec-ultrix${UNAME_RELEASE}
        exit 0 ;;
-    2020:CLIX:*:*)
+    2020:CLIX:*:* | 2430:CLIX:*:*)
        echo clipper-intergraph-clix${UNAME_RELEASE}
        exit 0 ;;
     mips:*:*:UMIPS | mips:*:*:RISCos)
-       sed 's/^        //' << EOF >dummy.c
-       int main (argc, argv) int argc; char **argv; {
+       sed 's/^        //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+       int main (int argc, char *argv[]) {
+#else
+       int main (argc, argv) int argc; char *argv[]; {
+#endif
        #if defined (host_mips) && defined (MIPSEB)
        #if defined (SYSTYPE_SYSV)
          printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
@@ -254,10 +381,10 @@ EOF
          exit (-1);
        }
 EOF
-       ${CC-cc} dummy.c -o dummy \
-         && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
-         && rm dummy.c dummy && exit 0
-       rm -f dummy.c dummy
+       $CC_FOR_BUILD $dummy.c -o $dummy \
+         && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
+         && rm $dummy.c $dummy && exit 0
+       rm -f $dummy.c $dummy
        echo mips-mips-riscos${UNAME_RELEASE}
        exit 0 ;;
     Night_Hawk:Power_UNIX:*:*)
@@ -275,15 +402,18 @@ EOF
     AViiON:dgux:*:*)
         # DG/UX returns AViiON for all architectures
         UNAME_PROCESSOR=`/usr/bin/uname -p`
-        if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then
-       if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \
-            -o ${TARGET_BINARY_INTERFACE}x = x ] ; then
+       if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+       then
+           if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+              [ ${TARGET_BINARY_INTERFACE}x = x ]
+           then
                echo m88k-dg-dgux${UNAME_RELEASE}
-       else
+           else
                echo m88k-dg-dguxbcs${UNAME_RELEASE}
+           fi
+       else
+           echo i586-dg-dgux${UNAME_RELEASE}
        fi
-        else echo i586-dg-dgux${UNAME_RELEASE}
-        fi
        exit 0 ;;
     M88*:DolphinOS:*:*)        # DolphinOS (SVR3)
        echo m88k-dolphin-sysv3
@@ -309,7 +439,7 @@ EOF
        exit 0 ;;
     *:AIX:2:3)
        if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
-               sed 's/^                //' << EOF >dummy.c
+               sed 's/^                //' << EOF >$dummy.c
                #include <sys/systemcfg.h>
 
                main()
@@ -320,8 +450,8 @@ EOF
                        exit(0);
                        }
 EOF
-               ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
-               rm -f dummy.c dummy
+               $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm $dummy.c $dummy && exit 0
+               rm -f $dummy.c $dummy
                echo rs6000-ibm-aix3.2.5
        elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
                echo rs6000-ibm-aix3.2.4
@@ -349,7 +479,7 @@ EOF
     ibmrt:4.4BSD:*|romp-ibm:BSD:*)
        echo romp-ibm-bsd4.4
        exit 0 ;;
-    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC NetBSD and
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
        echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
        exit 0 ;;                           # report: romp-ibm BSD 4.3
     *:BOSX:*:*)
@@ -368,25 +498,27 @@ EOF
        case "${UNAME_MACHINE}" in
            9000/31? )            HP_ARCH=m68000 ;;
            9000/[34]?? )         HP_ARCH=m68k ;;
-           9000/6?? | 9000/7?? | 9000/80[24] | 9000/8?[13679] | 9000/892 )
-              sed 's/^              //' << EOF >dummy.c
+           9000/[678][0-9][0-9])
+              sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
               #include <stdlib.h>
               #include <unistd.h>
-              
+
               int main ()
               {
               #if defined(_SC_KERNEL_BITS)
                   long bits = sysconf(_SC_KERNEL_BITS);
-              #endif 
+              #endif
                   long cpu  = sysconf (_SC_CPU_VERSION);
-              
-                  switch (cpu) 
+
+                  switch (cpu)
                {
                case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
                case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
-               case CPU_PA_RISC2_0: 
+               case CPU_PA_RISC2_0:
               #if defined(_SC_KERNEL_BITS)
-                   switch (bits) 
+                   switch (bits)
                        {
                        case 64: puts ("hppa2.0w"); break;
                        case 32: puts ("hppa2.0n"); break;
@@ -394,20 +526,20 @@ EOF
                        } break;
               #else  /* !defined(_SC_KERNEL_BITS) */
                    puts ("hppa2.0"); break;
-              #endif 
+              #endif
                default: puts ("hppa1.0"); break;
                }
                   exit (0);
               }
 EOF
-       (${CC-cc} dummy.c -o dummy 2>/dev/null ) && HP_ARCH=`./dummy`
-       rm -f dummy.c dummy
+       (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null ) && HP_ARCH=`./$dummy`
+       rm -f $dummy.c $dummy
        esac
        HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
        echo ${HP_ARCH}-hp-hpux${HPUX_REV}
        exit 0 ;;
     3050*:HI-UX:*:*)
-       sed 's/^        //' << EOF >dummy.c
+       sed 's/^        //' << EOF >$dummy.c
        #include <unistd.h>
        int
        main ()
@@ -432,8 +564,8 @@ EOF
          exit (0);
        }
 EOF
-       ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
-       rm -f dummy.c dummy
+       $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm $dummy.c $dummy && exit 0
+       rm -f $dummy.c $dummy
        echo unknown-hitachi-hiuxwe2
        exit 0 ;;
     9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
@@ -442,6 +574,9 @@ EOF
     9000/8??:4.3bsd:*:*)
        echo hppa1.0-hp-bsd
        exit 0 ;;
+    *9??*:MPE/iX:*:*)
+       echo hppa1.0-hp-mpeix
+       exit 0 ;;
     hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
        echo hppa1.1-hp-osf
        exit 0 ;;
@@ -458,6 +593,9 @@ EOF
     parisc*:Lites*:*:*)
        echo hppa1.1-hp-lites
        exit 0 ;;
+    hppa*:OpenBSD:*:*)
+       echo hppa-unknown-openbsd
+       exit 0 ;;
     C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
        echo c1-convex-bsd
         exit 0 ;;
@@ -488,37 +626,40 @@ EOF
              -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/
        exit 0 ;;
     CRAY*TS:*:*:*)
-       echo t90-cray-unicos${UNAME_RELEASE}
+       echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+       exit 0 ;;
+    CRAY*T3E:*:*:*)
+       echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+       exit 0 ;;
+    CRAY*SV1:*:*:*)
+       echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
        exit 0 ;;
     CRAY-2:*:*:*)
        echo cray2-cray-unicos
         exit 0 ;;
     F300:UNIX_System_V:*:*)
-        FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
         FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
         echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
         exit 0 ;;
     F301:UNIX_System_V:*:*)
        echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'`
        exit 0 ;;
-    hp3[0-9][05]:NetBSD:*:*)
-       echo m68k-hp-netbsd${UNAME_RELEASE}
-       exit 0 ;;
     hp300:OpenBSD:*:*)
        echo m68k-unknown-openbsd${UNAME_RELEASE}
        exit 0 ;;
+    i?86:BSD/386:*:* | i?86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+       echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+       exit 0 ;;
     sparc*:BSD/OS:*:*)
        echo sparc-unknown-bsdi${UNAME_RELEASE}
        exit 0 ;;
-    i?86:BSD/386:*:* | *:BSD/OS:*:*)
-       echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+    *:BSD/OS:*:*)
+       echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
        exit 0 ;;
     *:FreeBSD:*:*)
        echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
        exit 0 ;;
-    *:NetBSD:*:*)
-       echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
-       exit 0 ;;
     *:OpenBSD:*:*)
        echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
        exit 0 ;;
@@ -528,6 +669,15 @@ EOF
     i*:MINGW*:*)
        echo ${UNAME_MACHINE}-pc-mingw32
        exit 0 ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+       # How do we know it's Interix rather than the generic POSIX subsystem?
+       # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+       # UNAME_MACHINE based on the output of uname instead of i386?
+       echo i386-pc-interix
+       exit 0 ;;
+    i*:UWIN*:*)
+       echo ${UNAME_MACHINE}-pc-uwin
+       exit 0 ;;
     p*:CYGWIN*:*)
        echo powerpcle-unknown-cygwin
        exit 0 ;;
@@ -538,15 +688,11 @@ EOF
        echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
        exit 0 ;;
     *:Linux:*:*)
-       # uname on the ARM produces all sorts of strangeness, and we need to
-       # filter it out.
-       case "$UNAME_MACHINE" in
-         arm* | sa110*)              UNAME_MACHINE="arm" ;;
-       esac
 
        # The BFD linker knows what the default object file format is, so
-       # first see if it will tell us.
-       ld_help_string=`ld --help 2>&1`
+       # first see if it will tell us. cd to the root directory to prevent
+       # problems with other programs or directories called `ld' in the path.
+       ld_help_string=`cd /; ld --help 2>&1`
        ld_supported_emulations=`echo $ld_help_string \
                         | sed -ne '/supported emulations:/!d
                                    s/[         ][      ]*/ /g
@@ -554,68 +700,146 @@ EOF
                                    s/ .*//
                                    p'`
         case "$ld_supported_emulations" in
-         i?86linux)  echo "${UNAME_MACHINE}-pc-linux-gnuaout"      ; exit 0 ;;
-         i?86coff)   echo "${UNAME_MACHINE}-pc-linux-gnucoff"      ; exit 0 ;;
-         sparclinux) echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
-         armlinux)   echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
-         m68klinux)  echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
-         elf32ppc)   echo "powerpc-unknown-linux-gnu"              ; exit 0 ;;
+         *ia64)
+               echo "${UNAME_MACHINE}-unknown-linux"
+               exit 0
+               ;;
+         i?86linux)
+               echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+               exit 0
+               ;;
+         elf_i?86)
+               echo "${UNAME_MACHINE}-pc-linux"
+               exit 0
+               ;;
+         i?86coff)
+               echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+               exit 0
+               ;;
+         sparclinux)
+               echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
+               exit 0
+               ;;
+         armlinux)
+               echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
+               exit 0
+               ;;
+         elf32arm*)
+               echo "${UNAME_MACHINE}-unknown-linux-gnuoldld"
+               exit 0
+               ;;
+         armelf_linux*)
+               echo "${UNAME_MACHINE}-unknown-linux-gnu"
+               exit 0
+               ;;
+         m68klinux)
+               echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
+               exit 0
+               ;;
+         elf32ppc | elf32ppclinux)
+               # Determine Lib Version
+               cat >$dummy.c <<EOF
+#include <features.h>
+#if defined(__GLIBC__)
+extern char __libc_version[];
+extern char __libc_release[];
+#endif
+main(argc, argv)
+     int argc;
+     char *argv[];
+{
+#if defined(__GLIBC__)
+  printf("%s %s\n", __libc_version, __libc_release);
+#else
+  printf("unkown\n");
+#endif
+  return 0;
+}
+EOF
+               LIBC=""
+               $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null
+               if test "$?" = 0 ; then
+                       ./$dummy | grep 1\.99 > /dev/null
+                       if test "$?" = 0 ; then
+                               LIBC="libc1"
+                       fi
+               fi
+               rm -f $dummy.c $dummy
+               echo powerpc-unknown-linux-gnu${LIBC}
+               exit 0
+               ;;
+         shelf_linux)
+               echo "${UNAME_MACHINE}-unknown-linux-gnu"
+               exit 0
+               ;;
        esac
 
        if test "${UNAME_MACHINE}" = "alpha" ; then
-               sed 's/^        //'  <<EOF >dummy.s
-               .globl main
-               .ent main
-       main:
-               .frame \$30,0,\$26,0
-               .prologue 0
-               .long 0x47e03d80 # implver $0
-               lda \$2,259
-               .long 0x47e20c21 # amask $2,$1
-               srl \$1,8,\$2
-               sll \$2,2,\$2
-               sll \$0,3,\$0
-               addl \$1,\$0,\$0
-               addl \$2,\$0,\$0
-               ret \$31,(\$26),1
-               .end main
+               cat <<EOF >$dummy.s
+                       .data
+               \$Lformat:
+                       .byte 37,100,45,37,120,10,0     # "%d-%x\n"
+
+                       .text
+                       .globl main
+                       .align 4
+                       .ent main
+               main:
+                       .frame \$30,16,\$26,0
+                       ldgp \$29,0(\$27)
+                       .prologue 1
+                       .long 0x47e03d80 # implver \$0
+                       lda \$2,-1
+                       .long 0x47e20c21 # amask \$2,\$1
+                       lda \$16,\$Lformat
+                       mov \$0,\$17
+                       not \$1,\$18
+                       jsr \$26,printf
+                       ldgp \$29,0(\$26)
+                       mov 0,\$16
+                       jsr \$26,exit
+                       .end main
 EOF
                LIBC=""
-               ${CC-cc} dummy.s -o dummy 2>/dev/null
+               $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
                if test "$?" = 0 ; then
-                       ./dummy
-                       case "$?" in
-                       7)
+                       case `./$dummy` in
+                       0-0)
                                UNAME_MACHINE="alpha"
                                ;;
-                       15)
+                       1-0)
                                UNAME_MACHINE="alphaev5"
                                ;;
-                       14)
+                       1-1)
                                UNAME_MACHINE="alphaev56"
                                ;;
-                       10)
+                       1-101)
                                UNAME_MACHINE="alphapca56"
                                ;;
-                       16)
+                       2-303)
                                UNAME_MACHINE="alphaev6"
                                ;;
-                       esac    
+                       2-307)
+                               UNAME_MACHINE="alphaev67"
+                               ;;
+                       esac
 
-                       objdump --private-headers dummy | \
+                       objdump --private-headers $dummy | \
                          grep ld.so.1 > /dev/null
                        if test "$?" = 0 ; then
                                LIBC="libc1"
                        fi
-               fi      
-               rm -f dummy.s dummy
+               fi
+               rm -f $dummy.s $dummy
                echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ; exit 0
        elif test "${UNAME_MACHINE}" = "mips" ; then
-         cat >dummy.c <<EOF
-main(argc, argv)
-     int argc;
-     char *argv[];
-{
+         cat >$dummy.c <<EOF
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+       int main (int argc, char *argv[]) {
+#else
+       int main (argc, argv) int argc; char *argv[]; {
+#endif
 #ifdef __MIPSEB__
   printf ("%s-unknown-linux-gnu\n", argv[1]);
 #endif
@@ -625,8 +849,10 @@ main(argc, argv)
   return 0;
 }
 EOF
-         ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0
-         rm -f dummy.c dummy
+         $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm $dummy.c $dummy && exit 0
+         rm -f $dummy.c $dummy
+       elif test "${UNAME_MACHINE}" = "s390"; then
+         echo s390-ibm-linux && exit 0
        else
          # Either a pre-BFD a.out linker (linux-gnuoldld)
          # or one that does not give us useful --help.
@@ -645,12 +871,14 @@ EOF
            ;;
          esac
          # Determine whether the default compiler is a.out or elf
-         cat >dummy.c <<EOF
+         cat >$dummy.c <<EOF
 #include <features.h>
-main(argc, argv)
-     int argc;
-     char *argv[];
-{
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+       int main (int argc, char *argv[]) {
+#else
+       int main (argc, argv) int argc; char *argv[]; {
+#endif
 #ifdef __ELF__
 # ifdef __GLIBC__
 #  if __GLIBC__ >= 2
@@ -667,8 +895,8 @@ main(argc, argv)
   return 0;
 }
 EOF
-         ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0
-         rm -f dummy.c dummy
+         $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm $dummy.c $dummy && exit 0
+         rm -f $dummy.c $dummy
        fi ;;
 # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.  earlier versions
 # are messed up and put the nodename in both sysname and nodename.
@@ -684,10 +912,20 @@ EOF
        echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
        exit 0 ;;
     i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*)
+       UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
        if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
-               echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE}
+               echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+       else
+               echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+       fi
+       exit 0 ;;
+    i?86:*:5:7*)
+        # Fixed at (any) Pentium or better
+        UNAME_MACHINE=i586
+        if [ ${UNAME_SYSTEM} = "UnixWare" ] ; then
+           echo ${UNAME_MACHINE}-sco-sysv${UNAME_RELEASE}uw${UNAME_VERSION}
        else
-               echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE}
+           echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE}
        fi
        exit 0 ;;
     i?86:*:3.2:*)
@@ -699,19 +937,20 @@ EOF
                (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
                (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
                        && UNAME_MACHINE=i586
+               (/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \
+                       && UNAME_MACHINE=i686
+               (/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \
+                       && UNAME_MACHINE=i686
                echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
        else
                echo ${UNAME_MACHINE}-pc-sysv32
        fi
        exit 0 ;;
-    i?86:UnixWare:*:*)
-       if /bin/uname -X 2>/dev/null >/dev/null ; then
-         (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
-           && UNAME_MACHINE=i586
-       fi
-       echo ${UNAME_MACHINE}-unixware-${UNAME_RELEASE}-${UNAME_VERSION}
+    i?86:*DOS:*:*)
+       echo ${UNAME_MACHINE}-pc-msdosdjgpp
        exit 0 ;;
     pc:*:*:*)
+       # Left here for compatibility:
         # uname -m prints for DJGPP always 'pc', but it prints nothing about
         # the processor, so we play safe by assuming i386.
        echo i386-pc-msdosdjgpp
@@ -752,7 +991,7 @@ EOF
     mc68030:UNIX_System_V:4.*:*)
        echo m68k-atari-sysv4
        exit 0 ;;
-    i?86:LynxOS:2.*:*)
+    i?86:LynxOS:2.*:* | i?86:LynxOS:3.[01]*:*)
        echo i386-unknown-lynxos${UNAME_RELEASE}
        exit 0 ;;
     TSUNAMI:LynxOS:2.*:*)
@@ -764,6 +1003,9 @@ EOF
     SM[BE]S:UNIX_SV:*:*)
        echo mips-dde-sysv${UNAME_RELEASE}
        exit 0 ;;
+    RM*:ReliantUNIX-*:*:*)
+       echo mips-sni-sysv4
+       exit 0 ;;
     RM*:SINIX-*:*:*)
        echo mips-sni-sysv4
        exit 0 ;;
@@ -794,7 +1036,7 @@ EOF
     news*:NEWS-OS:*:6*)
        echo mips-sony-newsos6
        exit 0 ;;
-    R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R4000:UNIX_SV:*:*)
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
        if [ -d /usr/nec ]; then
                echo mips-nec-sysv${UNAME_RELEASE}
        else
@@ -810,28 +1052,45 @@ EOF
     BePC:BeOS:*:*)     # BeOS running on Intel PC compatible.
        echo i586-pc-beos
        exit 0 ;;
-# MIT addition
-    Power\ Macintosh:Rhapsody:*:*)
-       echo powerpc-apple-rhapsody${UNAME_RELEASE}
-       exit 0 ;;
-# MIT addition
-    powerpc:Rhapsody:*:*)
-       echo powerpc-unknown-rhapsody${UNAME_RELEASE}
-       exit 0 ;;
-# MIT addition
-    i?86:Rhapsody:*:*)
-       echo i386-unknown-rhapsody${UNAME_RELEASE}
-       exit 0 ;;
-# MIT addition
-    Power\ Macintosh:Mac\ OS:*:*)
-       echo powerpc-apple-macos${UNAME_RELEASE}
+    SX-4:SUPER-UX:*:*)
+       echo sx4-nec-superux${UNAME_RELEASE}
+       exit 0 ;;
+    SX-5:SUPER-UX:*:*)
+       echo sx5-nec-superux${UNAME_RELEASE}
+       exit 0 ;;
+    Power*:Rhapsody:*:*)
+       echo powerpc-apple-rhapsody${UNAME_RELEASE}
+       exit 0 ;;
+    *:Rhapsody:*:*)
+       echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+       exit 0 ;;
+    *:Darwin:*:*)
+       echo `uname -p`-apple-darwin${UNAME_RELEASE}
+       exit 0 ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+       if test "${UNAME_MACHINE}" = "x86pc"; then
+               UNAME_MACHINE=pc
+       fi
+       echo `uname -p`-${UNAME_MACHINE}-nto-qnx
+       exit 0 ;;
+    *:QNX:*:4*)
+       echo i386-pc-qnx
+       exit 0 ;;
+    NSR-W:NONSTOP_KERNEL:*:*)
+       echo nsr-tandem-nsk${UNAME_RELEASE}
+       exit 0 ;;
+    BS2000:POSIX*:*:*)
+       echo bs2000-siemens-sysv
+       exit 0 ;;
+    DS/*:UNIX_System_V:*:*)
+       echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
        exit 0 ;;
 esac
 
 #echo '(No uname command or uname output not recognized.)' 1>&2
 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
 
-cat >dummy.c <<EOF
+cat >$dummy.c <<EOF
 #ifdef _SEQUENT_
 # include <sys/types.h>
 # include <sys/utsname.h>
@@ -869,7 +1128,10 @@ main ()
 #endif
   int version;
   version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
-  printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
   exit (0);
 #endif
 
@@ -929,8 +1191,8 @@ main ()
 }
 EOF
 
-${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0
-rm -f dummy.c dummy
+$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm $dummy.c $dummy && exit 0
+rm -f $dummy.c $dummy
 
 # Apollos put the system type in the environment.
 
@@ -962,6 +1224,47 @@ then
     esac
 fi
 
-#echo '(Unable to guess system type)' 1>&2
+cat >&2 <<EOF
+$0: unable to guess system type
+
+The $version version of this script cannot recognize your system type.
+Please download the most up to date version of the config scripts:
+
+    ftp://ftp.gnu.org/pub/gnu/config/
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess version = $version
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
 
 exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "version='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
index 99526342468c512740717806a30f2353393c0e74..cb86fe1ef70f8b1ea96ce2bce0ea7c9fff52209d 100644 (file)
@@ -1,6 +1,10 @@
 #! /bin/sh
 # Configuration validation subroutine script, version 1.1.
-#   Copyright (C) 1991, 92-97, 1998 Free Software Foundation, Inc.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
+#   Free Software Foundation, Inc.
+
+version='2000-05-31'
+
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
 # can handle that machine.  It does not imply ALL GNU software can.
@@ -25,6 +29,9 @@
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.
 
+# Written by Per Bothner <bothner@cygnus.com>.
+# Please send patches to <config-patches@gnu.org>.
+#
 # Configuration subroutine to validate and canonicalize a configuration type.
 # Supply the specified configuration type as an argument.
 # If it is invalid, we print an error message on stderr and exit with code 1.
 #      CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
 # It is wrong to echo any other type of specification.
 
-if [ x$1 = x ]
-then
-       echo Configuration name missing. 1>&2
-       echo "Usage: $0 CPU-MFR-OPSYS" 1>&2
-       echo "or     $0 ALIAS" 1>&2
-       echo where ALIAS is a recognized configuration type. 1>&2
-       exit 1
-fi
+me=`echo "$0" | sed -e 's,.*/,,'`
 
-# First pass through any local machine types.
-case $1 in
-       *local*)
-               echo $1
-               exit 0
-               ;;
-       *)
-       ;;
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help               print this help, then exit
+  -V, --version            print version number, then exit"
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case "$1" in
+    --version | --vers* | -V )
+       echo "$version" ; exit 0 ;;
+    --help | --h* | -h )
+       echo "$usage"; exit 0 ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )        # Use stdin as input.
+       break ;;
+    -* )
+       exec >&2
+       echo "$me: invalid option $1"
+       echo "$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit 0;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
 esac
 
 # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
 # Here we must recognize all the valid KERNEL-OS combinations.
 maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
 case $maybe_os in
-  linux-gnu*)
+  nto-qnx* | linux-gnu*)
     os=-$maybe_os
     basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
     ;;
@@ -98,11 +136,21 @@ case $os in
                os=
                basic_machine=$1
                ;;
+       -sim | -cisco | -oki | -wec | -winbond)
+               os=
+               basic_machine=$1
+               ;;
+       -scout)
+               ;;
+       -wrs)
+               os=-vxworks
+               basic_machine=$1
+               ;;
        -hiux*)
                os=-hiuxwe2
                ;;
        -sco5)
-               os=sco3.2v5
+               os=-sco3.2v5
                basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
                ;;
        -sco4)
@@ -121,6 +169,9 @@ case $os in
                os=-sco3.2v2
                basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
                ;;
+       -udk*)
+               basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+               ;;
        -isc)
                os=-isc2.2
                basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
@@ -143,22 +194,36 @@ case $os in
        -psos*)
                os=-psos
                ;;
+       -mint | -mint[0-9]*)
+               basic_machine=m68k-atari
+               os=-mint
+               ;;
 esac
 
 # Decode aliases for certain CPU-COMPANY combinations.
 case $basic_machine in
        # Recognize the basic CPU types without company name.
        # Some are omitted here because they have special meanings below.
-       tahoe | i860 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \
+       tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \
                | arme[lb] | pyramid | mn10200 | mn10300 | tron | a29k \
-               | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 | hppa2.0 \
-               | alpha | alphaev5 | alphaev56 | we32k | ns16k | clipper \
-               | i370 | sh | powerpc | powerpcle | 1750a | dsp16xx | pdp11 \
-               | mips64 | mipsel | mips64el | mips64orion | mips64orionel \
-               | mipstx39 | mipstx39el \
-               | sparc | sparclet | sparclite | sparc64 | v850)
+               | 580 | i960 | h8300 \
+               | x86 | ppcbe | mipsbe | mipsle | shbe | shle | armbe | armle \
+               | hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \
+               | hppa64 \
+               | alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \
+               | alphaev6[78] \
+               | we32k | ns16k | clipper | i370 | sh | powerpc | powerpcle \
+               | 1750a | dsp16xx | pdp11 | mips16 | mips64 | mipsel | mips64el \
+               | mips64orion | mips64orionel | mipstx39 | mipstx39el \
+               | mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \
+               | mips64vr5000 | miprs64vr5000el | mcore \
+               | sparc | sparclet | sparclite | sparc64 | sparcv9 | v850 | c4x \
+               | thumb | d10v | fr30 | avr)
                basic_machine=$basic_machine-unknown
                ;;
+       m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | h8500 | w65 | pj | pjl)
+               ;;
+
        # We use `pc' rather than `unknown'
        # because (1) that's what they normally are, and
        # (2) the word "unknown" tends to confuse beginning users.
@@ -171,27 +236,49 @@ case $basic_machine in
                exit 1
                ;;
        # Recognize the basic CPU types with company name.
-       vax-* | tahoe-* | i[34567]86-* | i860-* | m32r-* | m68k-* | m68000-* \
+       # FIXME: clean up the formatting here.
+       vax-* | tahoe-* | i[34567]86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \
              | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | arm-* | c[123]* \
              | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \
-             | power-* | none-* | 580-* | cray2-* | h8300-* | i960-* \
-             | xmp-* | ymp-* | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* \
-             | alpha-* | alphaev5-* | alphaev56-* | we32k-* | cydra-* \
-             | ns16k-* | pn-* | np1-* | xps100-* | clipper-* | orion-* \
+             | power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \
+             | xmp-* | ymp-* \
+             | x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* | armbe-* | armle-* \
+             | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \
+             | hppa2.0n-* | hppa64-* \
+             | alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \
+             | alphaev6[78]-* \
+             | we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \
+             | clipper-* | orion-* \
              | sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \
-             | sparc64-* | mips64-* | mipsel-* \
-             | mips64el-* | mips64orion-* | mips64orionel-*  \
-             | mipstx39-* | mipstx39el-* \
-             | f301-*)
+             | sparc64-* | sparcv9-* | sparc86x-* | mips16-* | mips64-* | mipsel-* \
+             | mips64el-* | mips64orion-* | mips64orionel-* \
+             | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \
+             | mipstx39-* | mipstx39el-* | mcore-* \
+             | f301-* | armv*-* | s390-* | sv1-* | t3e-* \
+             | m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \
+             | thumb-* | v850-* | d30v-* | tic30-* | c30-* | fr30-* \
+             | bs2000-*)
                ;;
        # Recognize the various machine names and aliases which stand
        # for a CPU type and a company and sometimes even an OS.
+       386bsd)
+               basic_machine=i386-unknown
+               os=-bsd
+               ;;
        3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
                basic_machine=m68000-att
                ;;
        3b*)
                basic_machine=we32k-att
                ;;
+       a29khif)
+               basic_machine=a29k-amd
+               os=-udi
+               ;;
+       adobe68k)
+               basic_machine=m68010-adobe
+               os=-scout
+               ;;
        alliant | fx80)
                basic_machine=fx80-alliant
                ;;
@@ -221,6 +308,10 @@ case $basic_machine in
                basic_machine=m68k-apollo
                os=-sysv
                ;;
+       apollo68bsd)
+               basic_machine=m68k-apollo
+               os=-bsd
+               ;;
        aux)
                basic_machine=m68k-apple
                os=-aux
@@ -297,6 +388,10 @@ case $basic_machine in
        encore | umax | mmax)
                basic_machine=ns32k-encore
                ;;
+       es1800 | OSE68k | ose68k | ose | OSE)
+               basic_machine=m68k-ericsson
+               os=-ose
+               ;;
        fx2800)
                basic_machine=i860-alliant
                ;;
@@ -315,6 +410,14 @@ case $basic_machine in
                basic_machine=h8300-hitachi
                os=-hms
                ;;
+       h8300xray)
+               basic_machine=h8300-hitachi
+               os=-xray
+               ;;
+       h8500hms)
+               basic_machine=h8500-hitachi
+               os=-hms
+               ;;
        harris)
                basic_machine=m88k-harris
                os=-sysv3
@@ -330,13 +433,30 @@ case $basic_machine in
                basic_machine=m68k-hp
                os=-hpux
                ;;
+       hp3k9[0-9][0-9] | hp9[0-9][0-9])
+               basic_machine=hppa1.0-hp
+               ;;
        hp9k2[0-9][0-9] | hp9k31[0-9])
                basic_machine=m68000-hp
                ;;
        hp9k3[2-9][0-9])
                basic_machine=m68k-hp
                ;;
-       hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7)
+       hp9k6[0-9][0-9] | hp6[0-9][0-9])
+               basic_machine=hppa1.0-hp
+               ;;
+       hp9k7[0-79][0-9] | hp7[0-79][0-9])
+               basic_machine=hppa1.1-hp
+               ;;
+       hp9k78[0-9] | hp78[0-9])
+               # FIXME: really hppa2.0-hp
+               basic_machine=hppa1.1-hp
+               ;;
+       hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+               # FIXME: really hppa2.0-hp
+               basic_machine=hppa1.1-hp
+               ;;
+       hp9k8[0-9][13679] | hp8[0-9][13679])
                basic_machine=hppa1.1-hp
                ;;
        hp9k8[0-9][0-9] | hp8[0-9][0-9])
@@ -345,9 +465,16 @@ case $basic_machine in
        hppa-next)
                os=-nextstep3
                ;;
+       hppaosf)
+               basic_machine=hppa1.1-hp
+               os=-osf
+               ;;
+       hppro)
+               basic_machine=hppa1.1-hp
+               os=-proelf
+               ;;
        i370-ibm* | ibm*)
                basic_machine=i370-ibm
-               os=-mvs
                ;;
 # I'm not sure what "Sysv32" means.  Should this be sysv3.2?
        i[34567]86v32)
@@ -366,6 +493,22 @@ case $basic_machine in
                basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
                os=-solaris2
                ;;
+       i386mach)
+               basic_machine=i386-mach
+               os=-mach
+               ;;
+       i386-vsta | vsta)
+               basic_machine=i386-unknown
+               os=-vsta
+               ;;
+       i386-go32 | go32)
+               basic_machine=i386-unknown
+               os=-go32
+               ;;
+       i386-mingw32 | mingw32)
+               basic_machine=i386-unknown
+               os=-mingw32
+               ;;
        iris | iris4d)
                basic_machine=mips-sgi
                case $os in
@@ -394,6 +537,10 @@ case $basic_machine in
        miniframe)
                basic_machine=m68000-convergent
                ;;
+       *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+               basic_machine=m68k-atari
+               os=-mint
+               ;;
        mipsel*-linux*)
                basic_machine=mipsel-unknown
                os=-linux-gnu
@@ -408,10 +555,34 @@ case $basic_machine in
        mips3*)
                basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
                ;;
+       mmix*)
+               basic_machine=mmix-knuth
+               os=-mmixware
+               ;;
+       monitor)
+               basic_machine=m68k-rom68k
+               os=-coff
+               ;;
+       msdos)
+               basic_machine=i386-unknown
+               os=-msdos
+               ;;
+       mvs)
+               basic_machine=i370-ibm
+               os=-mvs
+               ;;
        ncr3000)
                basic_machine=i486-ncr
                os=-sysv4
                ;;
+       netbsd386)
+               basic_machine=i386-unknown
+               os=-netbsd
+               ;;
+       netwinder)
+               basic_machine=armv4l-rebel
+               os=-linux
+               ;;
        news | news700 | news800 | news900)
                basic_machine=m68k-sony
                os=-newsos
@@ -424,6 +595,10 @@ case $basic_machine in
                basic_machine=mips-sony
                os=-newsos
                ;;
+       necv70)
+               basic_machine=v70-nec
+               os=-sysv
+               ;;
        next | m*-next )
                basic_machine=m68k-next
                case $os in
@@ -449,9 +624,28 @@ case $basic_machine in
                basic_machine=i960-intel
                os=-nindy
                ;;
+       mon960)
+               basic_machine=i960-intel
+               os=-mon960
+               ;;
        np1)
                basic_machine=np1-gould
                ;;
+       nsr-tandem)
+               basic_machine=nsr-tandem
+               ;;
+       op50n-* | op60c-*)
+               basic_machine=hppa1.1-oki
+               os=-proelf
+               ;;
+       OSE68000 | ose68000)
+               basic_machine=m68000-ericsson
+               os=-ose
+               ;;
+       os68k)
+               basic_machine=m68k-none
+               os=-os68k
+               ;;
        pa-hitachi)
                basic_machine=hppa1.1-hitachi
                os=-hiuxwe2
@@ -469,19 +663,19 @@ case $basic_machine in
         pc532 | pc532-*)
                basic_machine=ns32k-pc532
                ;;
-       pentium | p5 | k5 | nexen)
+       pentium | p5 | k5 | k6 | nexen)
                basic_machine=i586-pc
                ;;
-       pentiumpro | p6 | k6 | 6x86)
+       pentiumpro | p6 | 6x86 | athlon)
                basic_machine=i686-pc
                ;;
        pentiumii | pentium2)
                basic_machine=i786-pc
                ;;
-       pentium-* | p5-* | k5-* | nexen-*)
+       pentium-* | p5-* | k5-* | k6-* | nexen-*)
                basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
                ;;
-       pentiumpro-* | p6-* | k6-* | 6x86-*)
+       pentiumpro-* | p6-* | 6x86-* | athlon-*)
                basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
                ;;
        pentiumii-* | pentium2-*)
@@ -505,12 +699,20 @@ case $basic_machine in
        ps2)
                basic_machine=i386-ibm
                ;;
+       rom68k)
+               basic_machine=m68k-rom68k
+               os=-coff
+               ;;
        rm[46]00)
                basic_machine=mips-siemens
                ;;
        rtpc | rtpc-*)
                basic_machine=romp-ibm
                ;;
+       sa29200)
+               basic_machine=a29k-amd
+               os=-udi
+               ;;
        sequent)
                basic_machine=i386-sequent
                ;;
@@ -518,6 +720,10 @@ case $basic_machine in
                basic_machine=sh-hitachi
                os=-hms
                ;;
+       sparclite-wrs)
+               basic_machine=sparclite-wrs
+               os=-vxworks
+               ;;
        sps7)
                basic_machine=m68k-bull
                os=-sysv2
@@ -525,6 +731,13 @@ case $basic_machine in
        spur)
                basic_machine=spur-unknown
                ;;
+       st2000)
+               basic_machine=m68k-tandem
+               ;;
+       stratus)
+               basic_machine=i860-stratus
+               os=-sysv4
+               ;;
        sun2)
                basic_machine=m68000-sun
                ;;
@@ -565,10 +778,18 @@ case $basic_machine in
        sun386 | sun386i | roadrunner)
                basic_machine=i386-sun
                ;;
+       sv1)
+               basic_machine=sv1-cray
+               os=-unicos
+               ;;
        symmetry)
                basic_machine=i386-sequent
                os=-dynix
                ;;
+       t3e)
+               basic_machine=t3e-cray
+               os=-unicos
+               ;;
        tx39)
                basic_machine=mipstx39-unknown
                ;;
@@ -586,6 +807,10 @@ case $basic_machine in
                basic_machine=a29k-nyu
                os=-sym1
                ;;
+       v810 | necv810)
+               basic_machine=v810-nec
+               os=-none
+               ;;
        vaxv)
                basic_machine=vax-dec
                os=-sysv
@@ -609,6 +834,14 @@ case $basic_machine in
                basic_machine=a29k-wrs
                os=-vxworks
                ;;
+       w65*)
+               basic_machine=w65-wdc
+               os=-none
+               ;;
+       w89k-*)
+               basic_machine=hppa1.1-winbond
+               os=-proelf
+               ;;
        xmp)
                basic_machine=xmp-cray
                os=-unicos
@@ -616,6 +849,10 @@ case $basic_machine in
         xps | xps100)
                basic_machine=xps100-honeywell
                ;;
+       z8k-*-coff)
+               basic_machine=z8k-unknown
+               os=-sim
+               ;;
        none)
                basic_machine=none-none
                os=-none
@@ -623,6 +860,15 @@ case $basic_machine in
 
 # Here we handle the default manufacturer of certain CPU types.  It is in
 # some cases the only manufacturer, in others, it is the most popular.
+       w89k)
+               basic_machine=hppa1.1-winbond
+               ;;
+       op50n)
+               basic_machine=hppa1.1-oki
+               ;;
+       op60c)
+               basic_machine=hppa1.1-oki
+               ;;
        mips)
                if [ x$os = x-linux-gnu ]; then
                        basic_machine=mips-unknown
@@ -645,7 +891,7 @@ case $basic_machine in
        we32k)
                basic_machine=we32k-att
                ;;
-       sparc)
+       sparc | sparcv9)
                basic_machine=sparc-sun
                ;;
         cydra)
@@ -657,6 +903,16 @@ case $basic_machine in
        orion105)
                basic_machine=clipper-highlevel
                ;;
+       mac | mpw | mac-mpw)
+               basic_machine=m68k-apple
+               ;;
+       pmac | pmac-mpw)
+               basic_machine=powerpc-apple
+               ;;
+       c4x*)
+               basic_machine=c4x-none
+               os=-coff
+               ;;
        *)
                echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
                exit 1
@@ -710,13 +966,34 @@ case $os in
              | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
              | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
              | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
-             | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \
+             | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
              | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
              | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
              | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-             | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -macos* | -rhapsody*)
+             | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
+             | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
+             | -openstep* | -oskit*)
        # Remember, each alternative MUST END IN *, to match a version number.
                ;;
+       -qnx*)
+               case $basic_machine in
+                   x86-* | i[34567]86-*)
+                       ;;
+                   *)
+                       os=-nto$os
+                       ;;
+               esac
+               ;;
+       -nto*)
+               os=-nto-qnx
+               ;;
+       -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+             | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+             | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+               ;;
+       -mac*)
+               os=`echo $os | sed -e 's|mac|macos|'`
+               ;;
        -linux*)
                os=`echo $os | sed -e 's|linux|linux-gnu|'`
                ;;
@@ -726,6 +1003,12 @@ case $os in
        -sunos6*)
                os=`echo $os | sed -e 's|sunos6|solaris3|'`
                ;;
+       -opened*)
+               os=-openedition
+               ;;
+       -wince*)
+               os=-wince
+               ;;
        -osfrose*)
                os=-osfrose
                ;;
@@ -741,12 +1024,18 @@ case $os in
        -acis*)
                os=-aos
                ;;
+       -386bsd)
+               os=-bsd
+               ;;
        -ctix* | -uts*)
                os=-sysv
                ;;
        -ns2 )
                os=-nextstep2
                ;;
+       -nsk)
+               os=-nsk
+               ;;
        # Preserve the version number of sinix5.
        -sinix5.*)
                os=`echo $os | sed -e 's|sinix|sysv|'`
@@ -772,9 +1061,18 @@ case $os in
        # This must come after -sysvr4.
        -sysv*)
                ;;
+       -ose*)
+               os=-ose
+               ;;
+       -es1800*)
+               os=-ose
+               ;;
        -xenix)
                os=-xenix
                ;;
+        -*mint | -*MiNT)
+               os=-mint
+               ;;
        -none)
                ;;
        *)
@@ -800,6 +1098,9 @@ case $basic_machine in
        *-acorn)
                os=-riscix1.2
                ;;
+       arm*-rebel)
+               os=-linux
+               ;;
        arm*-semi)
                os=-aout
                ;;
@@ -821,6 +1122,15 @@ case $basic_machine in
                # default.
                # os=-sunos4
                ;;
+       m68*-cisco)
+               os=-aout
+               ;;
+       mips*-cisco)
+               os=-elf
+               ;;
+       mips*-*)
+               os=-elf
+               ;;
        *-tti)  # must be before sparc entry or we get the wrong os.
                os=-sysv3
                ;;
@@ -833,6 +1143,15 @@ case $basic_machine in
        *-ibm)
                os=-aix
                ;;
+       *-wec)
+               os=-proelf
+               ;;
+       *-winbond)
+               os=-proelf
+               ;;
+       *-oki)
+               os=-proelf
+               ;;
        *-hp)
                os=-hpux
                ;;
@@ -896,6 +1215,18 @@ case $basic_machine in
        f301-fujitsu)
                os=-uxpv
                ;;
+       *-rom68k)
+               os=-coff
+               ;;
+       *-*bug)
+               os=-coff
+               ;;
+       *-apple)
+               os=-macos
+               ;;
+       *-atari*)
+               os=-mint
+               ;;
        *)
                os=-none
                ;;
@@ -917,9 +1248,15 @@ case $basic_machine in
                        -aix*)
                                vendor=ibm
                                ;;
+                       -beos*)
+                               vendor=be
+                               ;;
                        -hpux*)
                                vendor=hp
                                ;;
+                       -mpeix*)
+                               vendor=hp
+                               ;;
                        -hiux*)
                                vendor=hitachi
                                ;;
@@ -935,7 +1272,7 @@ case $basic_machine in
                        -genix*)
                                vendor=ns
                                ;;
-                       -mvs*)
+                       -mvs* | -opened*)
                                vendor=ibm
                                ;;
                        -ptx*)
@@ -947,9 +1284,26 @@ case $basic_machine in
                        -aux*)
                                vendor=apple
                                ;;
+                       -hms*)
+                               vendor=hitachi
+                               ;;
+                       -mpw* | -macos*)
+                               vendor=apple
+                               ;;
+                       -*mint | -*MiNT)
+                               vendor=atari
+                               ;;
                esac
                basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
                ;;
 esac
 
 echo $basic_machine$os
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "version='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
index 5e2a2c126fd827d787cfac311e50b32b1dc26e60..0c85a594eba5c0fe2e5e5aebd23bc89a35a4b0c9 100644 (file)
@@ -29,10 +29,10 @@ PICFLAGS=@PICFLAGS@
 PROFFLAGS=@PROFFLAGS@
 .SUFFIXES: .c .so .po
 .c.so:
-       $(CC) $(DEFS) $(DEFINES) $(LOCALINCLUDES) $(PICFLAGS) $(CPPFLAGS) $(CFLAGS) -c $< -o $*.so.o && \
+       $(CC) $(DEFS) $(DEFINES) $(PICFLAGS) $(CPPFLAGS) $(LOCALINCLUDES) $(CFLAGS) -c $< -o $*.so.o && \
                $(MV) $*.so.o $*.so
 .c.po:
-       $(CC) $(DEFS) $(DEFINES) $(LOCALINCLUDES) $(PROFFLAGS) $(CPPFLAGS) $(CFLAGS) -c $< -o $*.po.o && \
+       $(CC) $(DEFS) $(DEFINES) $(PROFFLAGS) $(CPPFLAGS) $(LOCALINCLUDES) $(CFLAGS) -c $< -o $*.po.o && \
                $(MV) $*.po.o $*.po
 
 # rules to generate object file lists
index abc3dff58c978e76aa99d65dd3a29ec9d9f7cdab..cb97a47cd86df26c4a6c09fbc3c215e228dc3e63 100644 (file)
@@ -70,7 +70,7 @@ SRCTOP = @srcdir@/$(BUILDTOP)
 VPATH = @srcdir@
 CONFIG_RELTOPDIR = @CONFIG_RELTOPDIR@
 
-ALL_CFLAGS = $(DEFS) $(DEFINES) $(LOCALINCLUDES) $(CPPFLAGS) $(CFLAGS)
+ALL_CFLAGS = $(DEFS) $(DEFINES) $(CPPFLAGS) $(LOCALINCLUDES) $(CFLAGS)
 CFLAGS = @CCOPTS@
 CPPFLAGS = @CPPFLAGS@
 DEFS = @DEFS@
index 73fdb2efad939e3846f2c4c3e848a01e45cb56cd..d70aff31cfaecc776b32666ef7a905e4bf40516a 100644 (file)
@@ -83,17 +83,29 @@ C=.^\
 srcdir = .
 SRCTOP = $(srcdir)\$(BUILDTOP)
 
-!if defined(KRB5_USE_DNS)
+!if defined(KRB5_USE_DNS) || defined(KRB5_USE_DNS_KDC) || defined(KRB5_USE_DNS_REALMS)
+!if defined(KRB5_NO_WSHELPER)
+DNSMSG=resolver
+!else
+DNSMSG=wshelper
+DNSFLAGS=-DWSHELPER=1
+!endif
 !if !defined(DNS_INC)
-!message Must define DNS_INC to point to wshelper includes dir!
+!message Must define DNS_INC to point to $(DNSMSG) includes dir!
 !error
 !endif
 !if !defined(DNS_LIB)
-!message Must define DNS_LIB to point to wshelper library!
+!message Must define DNS_LIB to point to $(DNSMSG) library!
 !error
 !endif
 DNSLIBS=$(DNS_LIB)
-DNSFLAGS=-I$(DNS_INC) -DKRB5_DNS_LOOKUP -DWSHELPER
+DNSFLAGS=-I$(DNS_INC) $(DNSFLAGS) -DKRB5_DNS_LOOKUP=1
+!if defined(KRB5_USE_DNS_KDC)
+DNSFLAGS=$(DNSFLAGS) -DKRB5_DNS_LOOKUP_KDC=1
+!endif
+!if defined(KRB5_USE_DNS_REALMS)
+DNSFLAGS=$(DNSFLAGS) -DKRB5_DNS_LOOKUP_REALMS=1
+!endif
 !else
 DNSLIBS=
 DNSFLAGS=
index 928ecb1fc81d270b8c4377ee01566af65652907c..b9ff393dbb9d09e8c2cde949d1f3fa953f642a67 100644 (file)
@@ -1,3 +1,62 @@
+2000-10-16  Miro Jurisic  <meeroh@mit.edu>
+
+       * win-mac.h: #include <KerberosConditionalMacros.h> on Mac OS
+        
+2000-10-02  Alexandra Ellwood  <lxs@mit.edu>
+
+       * krb5-int.h: Added warning comment about #define macintosh
+        
+2000-09-19  Miro Jurisic  <meeroh@mit.edu>
+
+       * win-mac.h: Put #include <fcntl.h> back in
+
+2000-06-02  Danilo Almeida  <dalmeida@mit.edu>
+
+       * krb5.hin (krb5_get_tgs_ktypes, krb5_free_ktypes): Fix linkage to
+       be KRB5_CALLCONV.
+
+       * k5-int.h (krb5int_cc_default): Fix linkage to be consistent with
+       code.  (Note: We should dump KRB5_DLLIMP.)
+
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb5.hin (krb5_recvauth_version): Declare.
+
+2000-5-19      Alexandra Ellwood <lxs@mit.edu>
+
+       * krb5-int.h: Added krb5int_cc_default.  This function supports the 
+       Kerberos Login Library and pops up a dialog if the cache does not
+       contain valid tickets.  This is used to automatically get a tgt before
+       obtaining service tickets.  Note that this should be an internal function
+       because callers don't expect krb5_cc_default to pop up a dialog!
+       (We found this out the hard way :-)
+
+2000-05-15      Jeffrey Altman          <jaltman@columbia.edu>
+
+        * krb5.hin -- Added prototypes for new public functions
+
+               krb5_appdefault_string
+               krb5_appdefault_boolean
+
+2000-04-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb5.hin: Declare krb5_free_ktypes.
+
+2000-4-13      Alexandra Ellwood <lxs@mit.edu>
+
+       * krb5-int.h: Added support to store a krb5_principal in the os_context 
+       along with the default ccache name (if known, this principal is the same 
+       as the last time we looked at the ccache.
+       * win-mac.h: Set up the macintosh build to use KerberosLogin.
+
+2000-03-25  Miro Jurisic  <meeroh@mit.edu>
+
+       * k5-int.h: Fixed protos for krb5_locate_srv_* (naddrs is int*)
+
+2000-03-20  Miro Jurisic  <meeroh@mit.edu>
+
+       * krb5.hin: Add krb5_free_default_realm
+
 2000-03-15  Danilo Almeida  <dalmeida@mit.edu>
 
        * krb5.hin: Add krb5_get_prompt_types() and related defs..
index 1c48809975936c8fa07b695b7b412a730d588b41..6205061688efe48ea599e257ed657b6dc9fbed8c 100644 (file)
 #define ANSI_STDIO
 #endif
 
-
+/* Note, this may shoot us in the foot if we switch to CW compilers for Mach-o builds */
 #ifndef macintosh
 #if defined(__MWERKS__) || defined(applec) || defined(THINK_C)
 #define macintosh
@@ -511,7 +511,7 @@ krb5_error_code krb5_sendto_kdc
                const krb5_data *,
                const krb5_data *,
                krb5_data *,
-               int *));
+               int));
 krb5_error_code krb5_get_krbhst
        KRB5_PROTOTYPE((krb5_context,
                const krb5_data *,
@@ -555,9 +555,8 @@ krb5_error_code krb5_locate_srv_conf
                        const krb5_data *,
                        const char *,
                        struct sockaddr **,
-                       int *,
-                       int *,
-                       int *));
+                       int*,
+            int));
 
 /* no context? */
 krb5_error_code krb5_locate_srv_dns
@@ -565,7 +564,7 @@ krb5_error_code krb5_locate_srv_dns
                        const char *,
                        const char *,
                        struct sockaddr **,
-                       int *));
+                       int*));
 
 #endif /* KRB5_LIBOS_PROTO__ */
 
@@ -788,11 +787,12 @@ KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_keyblock *key,
 #define KRB5_LIBOS__
 
 typedef struct _krb5_os_context {
-       krb5_magic      magic;
-       krb5_int32      time_offset;
-       krb5_int32      usec_offset;
-       krb5_int32      os_flags;
-       char *          default_ccname;
+       krb5_magic              magic;
+       krb5_int32              time_offset;
+       krb5_int32              usec_offset;
+       krb5_int32              os_flags;
+       char *                  default_ccname;
+       krb5_principal  default_ccprincipal;
 } *krb5_os_context;
 
 /*
@@ -965,7 +965,7 @@ KRB5_PROTOTYPE((krb5_context context,
                krb5_get_init_creds_opt *options,
                krb5_gic_get_as_key_fct gak,
                void *gak_data,
-               int *master,
+               int master,
                krb5_kdc_rep **as_reply));
 
 
@@ -1506,6 +1506,8 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes
                krb5_octet FAR * FAR *,
                size_t FAR *));
 
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5int_cc_default
+       KRB5_PROTOTYPE((krb5_context, krb5_ccache FAR *));
 
 krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default
        KRB5_PROTOTYPE((krb5_context, krb5_ccache, krb5_flags,
index 767d83566e1d4cd822b5cdd2021a5741a9b18c07..9954dca7950bb335fbb3c97a08c083e4ed7a5cf9 100644 (file)
@@ -1,3 +1,18 @@
+2000-06-02  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb.h (krb4_swab16): Mask upper byte of input after shifting, in
+       case the input value is a signed short.
+
+2000-05-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb.h (krb4_swab32): Mask high byte of input value after
+       shifting, to avoid "time out of bounds" error when byte orders are
+       different and low byte of timestamp has its high bit set and the
+       timestamp is stored as a signed value.
+
+       * krb.h (krb_get_err_text): Don't use "errno" as an argument
+       name.
+
 Mon Mar 15 15:58:34 1999  Tom Yu  <tlyu@mit.edu>
 
        * des.h: Fix GSS_DLLIMP.
index fe8830be47ed4642ee3f75d9353427cce36de099..4e2b675b7c61f64278c00f82a3e2ccaf31da81b9 100644 (file)
@@ -340,8 +340,8 @@ typedef struct msg_dat MSG_DAT;
 /*
  * New byte swapping routines, much cleaner
  */
-#define krb4_swab16(val)       (((val) >> 8) | ((val) << 8))
-#define krb4_swab32(val)       (((val)>>24) | (((val)>>8)&0xFF00) | \
+#define krb4_swab16(val)       ((((val) >> 8)&0xFF) | ((val) << 8))
+#define krb4_swab32(val)       ((((val)>>24)&0xFF) | (((val)>>8)&0xFF00) | \
                                  (((val)<<8)&0xFF0000) | ((val)<<24))
 
 /* Kerberos ticket flag field bit definitions */
@@ -466,7 +466,7 @@ KRB5_DLLIMP int KRB5_CALLCONV dest_tkt
        PROTOTYPE((void));
 /* err_txt.c */
 KRB5_DLLIMP const char FAR * KRB5_CALLCONV krb_get_err_text
-       PROTOTYPE((int errno));
+       PROTOTYPE((int errnum));
 /* g_ad_tkt.c */
 int get_ad_tkt
        PROTOTYPE((char *service, char *sinst, char *realm, int lifetime));
index ea8f93e879e63c3015c80dbedecd00a174a84807..37cf1c67c2b0909a6c87a63da8af53a24a655f12 100644 (file)
@@ -1394,13 +1394,15 @@ krb5_error_code krb5_get_default_in_tkt_ktypes
 krb5_error_code krb5_set_default_tgs_ktypes
        KRB5_PROTOTYPE((krb5_context,
                krb5_const krb5_enctype *));
-krb5_error_code krb5_get_tgs_ktypes
+krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes
        KRB5_PROTOTYPE((krb5_context,
                krb5_const_principal,
                krb5_enctype **));
 
 krb5_error_code krb5_get_permitted_enctypes
        KRB5_PROTOTYPE((krb5_context, krb5_enctype **));
+void KRB5_CALLCONV krb5_free_ktypes
+       KRB5_PROTOTYPE ((krb5_context, krb5_enctype *));
 
 krb5_boolean krb5_is_permitted_enctype
        KRB5_PROTOTYPE((krb5_context, krb5_enctype));
@@ -1799,6 +1801,9 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_default_realm
 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_set_default_realm
        KRB5_PROTOTYPE((krb5_context,
                   krb5_const char FAR * ));
+KRB5_DLLIMP void KRB5_CALLCONV krb5_free_default_realm
+       KRB5_PROTOTYPE((krb5_context,
+                  char FAR * ));
 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_sname_to_principal
        KRB5_PROTOTYPE((krb5_context,
                krb5_const char FAR *,
@@ -1976,6 +1981,15 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_recvauth
                krb5_int32, 
                krb5_keytab,
                krb5_ticket FAR * FAR *));
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_recvauth_version
+       KRB5_PROTOTYPE((krb5_context,
+               krb5_auth_context FAR *,
+               krb5_pointer,
+               krb5_principal,
+               krb5_int32, 
+               krb5_keytab,
+               krb5_ticket FAR * FAR *,
+               krb5_data FAR *));
 
 krb5_error_code krb5_walk_realm_tree
        KRB5_PROTOTYPE((krb5_context,
@@ -2384,6 +2398,24 @@ krb5_decode_ticket
 KRB5_PROTOTYPE((const krb5_data *code, 
                krb5_ticket **rep));
 
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_appdefault_string
+KRB5_PROTOTYPE((krb5_context context,
+               const char *appname,  
+               const krb5_data *realm,
+               const char *option,
+               const char *default_value,
+               char ** ret_value));
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_appdefault_boolean
+KRB5_PROTOTYPE((krb5_context context,
+               const char *appname,  
+               const krb5_data *realm,
+               const char *option,
+               int default_value,
+               int *ret_value));
+
 /*
  * The realm iterator functions
  */
index 6fc5cc384bbf5ab7f83f02409fbd95fed46f84c8..3941a36b2177ace517e822c71a551917466f829e 100644 (file)
@@ -1,3 +1,17 @@
+2000-10-02     Alexandra Ellwood <lxs@mit.edu>
+
+       * kdb.h: added Mac OS X #define (__MACH__) -- we're still a kerberos client
+
+2000-5-18      Alexandra Ellwood <lxs@mit.edu>
+
+       * macsock.h: local_addr_fallback_kludge defined to 0 again... fixed gethostname
+
+2000-5-9       Alexandra Ellwood <lxs@mit.edu>
+
+       * macsock.h: local_addr_fallback_kludge now defined to magic gethostaddr function
+       in the Sockets Library, which does exactly what we want if the search domain is not
+       specified.
+
 1998-11-22  Miro Jurisic  <meeroh@.mit.edu>
 
        * macsock.h: MacOS: only #define MACHOSTNAMELEN when not
index 8316efefc47cdf215a920627ae084a6346efa47d..60a08f43195b7ca45131b98ad91ae81520bf8c1d 100644 (file)
@@ -84,7 +84,7 @@
 #define KRB5_KDB_CREATE_BTREE          0x00000001
 #define KRB5_KDB_CREATE_HASH           0x00000002
 
-#if !defined(macintosh) && !defined(_MSDOS) && !defined(_WIN32)
+#if !defined(macintosh) && !defined(_MSDOS) && !defined(_WIN32) && !defined(__MACH__)
 
 /*
  * Note --- these structures cannot be modified without changing the
index 06b103af3a8caa185d34853bbccb2af8a79d9644..6dc8c32e57996e9813c5a91f50eb9908e0945d5f 100644 (file)
@@ -93,7 +93,7 @@ typedef int SOCKET;
 #define        SOCKET_ERRNO            (GetMITLibError())
 #define        SOCKET_SET_ERRNO(x)     (SetMITLibError(x))
 
-#define local_addr_fallback_kludge() (0)
+#define local_addr_fallback_kludge() 0
 
 
 #endif /* macsock_h */
index e2d37e00f869689ef0bbcefd8a2188fb615a1bb9..e52dded4f854e64bb23bffe8dee02a2b8fced1d5 100644 (file)
@@ -226,6 +226,10 @@ HINSTANCE get_lib_instance(void);
 
 #ifdef macintosh
 
+#include <KerberosConditionalMacros.h>
+
+#define USE_LOGIN_LIBRARY
+
 #define KRB5_CALLCONV
 #define KRB5_CALLCONV_C
 #define KRB5_DLLIMP
@@ -246,9 +250,9 @@ HINSTANCE get_lib_instance(void);
 #include <unix.h>
 #include <ctype.h>
 
-#ifdef NEED_LOWLEVEL_IO
+/*#ifdef NEED_LOWLEVEL_IO*/
 #include <fcntl.h>
-#endif
+/*#endif*/
 
 /*
  * Which encryption routines libcrypto will provide is controlled by
index aa19760d4f9d5f6fd37513c270f9bcb55fc3fb9a..475cfa7c6bcbe56a6f1b61411c772e846fd69d47 100644 (file)
@@ -1,3 +1,21 @@
+2001-02-22  Tom Yu  <tlyu@mit.edu>
+
+       * kadmin.M: Remove references to "rename_principal".
+
+2000-06-09  Tom Yu  <tlyu@mit.edu>
+
+       * kadmin.M: Update to reflect new -e and -keepold flags.
+
+2000-06-06  Ken Raeburn  <raeburn@mit.edu>
+
+       * kadmin.c (kadmin_startup): Don't pass keytab_name to printf if
+       it's NULL.
+
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * strftime.c: Replace with a copy of the one from libkrb5, which
+       isn't under GPL.
+
 2000-03-01  Tom Yu  <tlyu@mit.edu>
 
        * kadmin.c (kadmin_cpw): Initialize ks_tuple to NULL.
index a74874ff96d194719febbb7ecfd47be049f774e8..08e02e5c948ce27aff9437692c8b5dfaefc30ba6 100644 (file)
@@ -320,6 +320,12 @@ sets the key of the principal to a random value
 sets the key of the principal to the specified string and does not
 prompt for a password.  Note:  using this option in a shell script can
 be dangerous if unauthorized users gain read access to the script.
+.TP
+\fB\-e\fP \fI"enc:salt ..."\fP
+uses the specified list of enctype\-salttype pairs for setting the key
+of the principal.  The quotes are necessary if there are multiple
+enctype\-salttype pairs.  This will not function against kadmin
+daemons earlier than krb5\-1.2.
 .nf
 .TP
 EXAMPLE:
@@ -372,8 +378,8 @@ KADM5_UNK_PRINC (principal does not exist)
 modifies the specified principal, changing the fields as specified.  The
 options are as above for
 .BR add_principal ,
-except that password changing is forbidden by this command.  In
-addition, the option
+except that password changing and flags related to password changing
+are forbidden by this command.  In addition, the option
 .B \-clearpolicy
 will clear the current policy of a principal.  This command requires the
 .I modify
@@ -391,42 +397,6 @@ KADM5_BAD_MASK (shouldn't happen)
 .RE
 .fi
 .TP
-\fBrename_principal\fP [\fB-force\fP] \fIold new\fP
-rename the principal
-.I old
-to
-.IR new .
-Prompts for confirmation, unless the
-.B \-force
-option is given.  Requires both the
-.I add
-and
-.I delete
-privileges.  Aliased to
-.BR renprinc .
-.sp
-.nf
-.RS
-.TP
-EXAMPLE:
-kadmin: renprinc tlyutest test0
-Are you sure you want to rename the principal
-"tlyutest@BLEEP.COM" to
-"test0@BLEEP.COM"? (yes/no): yes
-Principal "tlyutest@BLEEP.COM" renamed to
-"test0@BLEEP.COM".
-Make sure that you have removed "tlyutest@BLEEP.COM" from
-all ACLs before reusing.
-kadmin:
-.TP
-ERRORS:
-KADM5_AUTH_ADD (requires "add" privilege)
-KADM5_AUTH_DELETE (requires "delete" privilege)
-KADM5_UNK_PRINC (source principal does not exist)
-KADM5_DUP (target principal already exists)
-.RE
-.fi
-.TP
 \fBchange_password\fP [\fIoptions\fP] \fIprincipal\fP
 changes the password of
 .IR principal .
@@ -447,6 +417,18 @@ sets the key of the principal to a random value
 .TP
 \fB\-pw\fP \fIpassword\fP
 set the password to the specified string.  Not recommended.
+.TP
+\fB\-e\fP \fI"enc:salt ..."\fP
+uses the specified list of enctype\-salttype pairs for setting the key
+of the principal.  The quotes are necessary if there are multiple
+enctype\-salttype pairs.  This will not function against kadmin
+daemons earlier than krb5\-1.2.
+.TP
+\fB\-keepold \fP 
+Keeps the previous kvno's keys around.  There is no
+easy way to delete the old keys, and this flag is usually not
+necessary except perhaps for TGS keys.  Don't use this flag unless you
+know what you're doing.
 .nf
 .TP
 EXAMPLE:
@@ -664,7 +646,10 @@ kadmin:
 .RE
 .fi
 .TP
-\fBktadd\fP [\fB\-k\fP \fIkeytab\fP] [\fB\-q\fP] [\fIprincipal\fP | \fB\-glob\fP \fIprinc-exp\fP] [\fI...\fP]
+\fBktadd\fP [\fB\-k\fP \fIkeytab\fP] [\fB\-q\fP] [\fB\-e\fP \fIkeysaltlist\fP]
+.br
+[\fIprincipal\fP | \fB\-glob\fP \fIprinc-exp\fP] [\fI...\fP]
+.br
 Adds a principal or all principals matching
 .I princ-exp
 to a keytab, randomizing each principal's key in the process.  Requires the
@@ -772,3 +757,9 @@ OpenVision Kerberos administration program.
 .SH BUGS
 .PP
 Command output needs to be cleaned up.
+
+There is no way to delete a key kept around from a "\-keepold" option
+to a password-changing command, other than to do a password change
+without the "\-keepold" option, which will of course cause problems if
+the key is a TGS key.  There will be more powerful key-manipulation
+commands in the future.
index 803853230f76c94ea2955648df7d9f345a45a91f..2b1d8ac93e4a510b16b816497892606684dd9596 100644 (file)
@@ -392,8 +392,12 @@ char *kadmin_startup(argc, argv)
                                        KADM5_API_VERSION_2,
                                        &handle);
     } else if (use_keytab) {
-        printf("Authenticating as principal %s with keytab %s.\n",
-               princstr, keytab_name);
+        if (keytab_name)
+            printf("Authenticating as principal %s with keytab %s.\n",
+                   princstr, keytab_name);
+        else
+            printf("Authenticating as principal %s with default keytab.\n",
+                   princstr);
         retval = kadm5_init_with_skey(princstr, keytab_name,
                                       KADM5_ADMIN_SERVICE, 
                                       &params,
index 484852a72d13d83361cefdcc8448efe5d774dccc..6fb621e41173554be02f3f33e9932f4f1d4e9015 100644 (file)
-/* strftime - custom formatting of date and/or time
-   Copyright (C) 1989, 1991, 1992 Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
-
-/* Note: this version of strftime lacks locale support,
-   but it is standalone.
-
-   Performs `%' substitutions similar to those in printf.  Except
-   where noted, substituted fields have a fixed size; numeric fields are
-   padded if necessary.  Padding is with zeros by default; for fields
-   that display a single number, padding can be changed or inhibited by
-   following the `%' with one of the modifiers described below.  Unknown
-   field specifiers are copied as normal characters.  All other
-   characters are copied to the output without change.
-
-   Supports a superset of the ANSI C field specifiers.
-
-   Literal character fields:
-   %   %
-   n   newline
-   t   tab
-
-   Numeric modifiers (a nonstandard extension):
-   -   do not pad the field
-   _   pad the field with spaces
-
-   Time fields:
-   %H  hour (00..23)
-   %I  hour (01..12)
-   %k  hour ( 0..23)
-   %l  hour ( 1..12)
-   %M  minute (00..59)
-   %p  locale's AM or PM
-   %r  time, 12-hour (hh:mm:ss [AP]M)
-   %R  time, 24-hour (hh:mm)
-   %s  time in seconds since 00:00:00, Jan 1, 1970 (a nonstandard extension)
-   %S  second (00..61)
-   %T  time, 24-hour (hh:mm:ss)
-   %X  locale's time representation (%H:%M:%S)
-   %Z  time zone (EDT), or nothing if no time zone is determinable
-
-   Date fields:
-   %a  locale's abbreviated weekday name (Sun..Sat)
-   %A  locale's full weekday name, variable length (Sunday..Saturday)
-   %b  locale's abbreviated month name (Jan..Dec)
-   %B  locale's full month name, variable length (January..December)
-   %c  locale's date and time (Sat Nov 04 12:02:33 EST 1989)
-   %C  century (00..99)
-   %d  day of month (01..31)
-   %e  day of month ( 1..31)
-   %D  date (mm/dd/yy)
-   %h  same as %b
-   %j  day of year (001..366)
-   %m  month (01..12)
-   %U  week number of year with Sunday as first day of week (00..53)
-   %w  day of week (0..6)
-   %W  week number of year with Monday as first day of week (00..53)
-   %x  locale's date representation (mm/dd/yy)
-   %y  last two digits of year (00..99)
-   %Y  year (1970...)
-
-   David MacKenzie <djm@gnu.ai.mit.edu> */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <sys/types.h>
-#if defined(TM_IN_SYS_TIME) || (!defined(HAVE_TM_ZONE) && !defined(HAVE_TZNAME))
-#include <sys/time.h>
+/*     $NetBSD: strftime.c,v 1.8 1999/02/07 17:33:30 augustss Exp $    */
+
+/*
+ * Copyright (c) 1989 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *     This product includes software developed by the University of
+ *     California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char *sccsid = "@(#)strftime.c  5.11 (Berkeley) 2/24/91";
 #else
-#include <time.h>
-#endif
-
-#ifndef STDC_HEADERS
-time_t mktime ();
+__RCSID("$NetBSD: strftime.c,v 1.8 1999/02/07 17:33:30 augustss Exp $");
 #endif
+#endif /* LIBC_SCCS and not lint */
 
-#if defined(HAVE_TZNAME)
-extern char *tzname[2];
-#endif
-
-/* Types of padding for numbers in date and time. */
-enum padding
-{
-  none, blank, zero
-};
+#include <string.h>
+#include <time.h>
 
-static char const* const days[] =
-{
-  "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"
+/* begin krb5 hack - replace stuff that would come from netbsd libc */
+#undef _CurrentTimeLocale
+#define _CurrentTimeLocale (&dummy_locale_info)
+
+struct dummy_locale_info_t {
+    char d_t_fmt[15];
+    char t_fmt_ampm[12];
+    char t_fmt[9];
+    char d_fmt[9];
+    char day[7][10];
+    char abday[7][4];
+    char mon[12][10];
+    char abmon[12][4];
+    char am_pm[2][3];
 };
-
-static char const * const months[] =
-{
-  "January", "February", "March", "April", "May", "June",
-  "July", "August", "September", "October", "November", "December"
+static const struct dummy_locale_info_t dummy_locale_info = {
+    "%a %b %d %X %Y",          /* %c */
+    "%I:%M:%S %p",             /* %r */
+    "%H:%M:%S",                        /* %X */
+    "%m/%d/%y",                        /* %x */
+    { "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday",
+      "Saturday" },
+    { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" },
+    { "January", "February", "March", "April", "May", "June",
+      "July", "August", "September", "October", "November", "December" },
+    { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+      "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" },
+    { "AM", "PM" },
 };
+#undef  TM_YEAR_BASE
+#define TM_YEAR_BASE 1900
+
+#undef  DAYSPERLYEAR
+#define DAYSPERLYEAR 366
+#undef  DAYSPERNYEAR
+#define DAYSPERNYEAR 365
+#undef  DAYSPERWEEK
+#define DAYSPERWEEK 7
+#undef  isleap
+#define isleap(N)      ((N % 4) == 0 && (N % 100 != 0 || N % 400 == 0))
+#undef  tzname
+#define tzname my_tzname
+static const char *const tzname[2] = { 0, 0 };
+#undef  tzset
+#define tzset()
+#undef __P
+#define __P(X) X /* we already require ansi c in this tree */
+/* end krb5 hack */
+
+static int _add __P((const char *, char **, const char *));
+static int _conv __P((int, int, int, char **, const char *));
+static int _secs __P((const struct tm *, char **, const char *));
+static size_t _fmt __P((const char *, const struct tm *, char **,
+           const char *));
 
-/* Add character C to STRING and increment LENGTH,
-   unless LENGTH would exceed MAX. */
-
-#define add_char(c)                                                    \
-  do                                                                   \
-    {                                                                  \
-      if (length + 1 <= max)                                           \
-       string[length++] = (c);                                         \
-    }                                                                  \
-  while (0)
-
-/* Add a 2 digit number to STRING, padding if specified.
-   Return the number of characters added, up to MAX. */
-
-static int
-add_num2 (string, num, max, pad)
-     char *string;
-     int num;
-     int max;
-     enum padding pad;
-{
-  int top = num / 10;
-  int length = 0;
-
-  if (top == 0 && pad == blank)
-    add_char (' ');
-  else if (top != 0 || pad == zero)
-    add_char (top + '0');
-  add_char (num % 10 + '0');
-  return length;
-}
-
-/* Add a 3 digit number to STRING, padding if specified.
-   Return the number of characters added, up to MAX. */
-
-static int
-add_num3 (string, num, max, pad)
-     char *string;
-     int num;
-     int max;
-     enum padding pad;
+size_t
+strftime(s, maxsize, format, t)
+       char *s;
+       size_t maxsize;
+       const char *format;
+       const struct tm *t;
 {
-  int top = num / 100;
-  int mid = (num - top * 100) / 10;
-  int length = 0;
-
-  if (top == 0 && pad == blank)
-    add_char (' ');
-  else if (top != 0 || pad == zero)
-    add_char (top + '0');
-  if (mid == 0 && top == 0 && pad == blank)
-    add_char (' ');
-  else if (mid != 0 || top != 0 || pad == zero)
-    add_char (mid + '0');
-  add_char (num % 10 + '0');
-  return length;
+       char *pt;
+
+       tzset();
+       if (maxsize < 1)
+               return (0);
+
+       pt = s;
+       if (_fmt(format, t, &pt, s + maxsize)) {
+               *pt = '\0';
+               return (pt - s);
+       } else
+               return (0);
 }
 
-/* Like strncpy except return the number of characters copied. */
-
-static int
-add_str (to, from, max)
-     char *to;
-     const char *from;
-     int max;
+#define SUN_WEEK(t)    (((t)->tm_yday + 7 - \
+                               ((t)->tm_wday)) / 7)
+#define MON_WEEK(t)    (((t)->tm_yday + 7 - \
+                               ((t)->tm_wday ? (t)->tm_wday - 1 : 6)) / 7)
+
+static size_t
+_fmt(format, t, pt, ptlim)
+       const char *format;
+       const struct tm *t;
+       char **pt;
+       const char * const ptlim;
 {
-  int i;
-
-  for (i = 0; from[i] && i <= max; ++i)
-    to[i] = from[i];
-  return i;
+       for (; *format; ++format) {
+               if (*format == '%') {
+                       ++format;
+                       if (*format == 'E') {
+                               /* Alternate Era */
+                               ++format;
+                       } else if (*format == 'O') {
+                               /* Alternate numeric symbols */
+                               ++format;
+                       }
+                       switch (*format) {
+                       case '\0':
+                               --format;
+                               break;
+                       case 'A':
+                               if (t->tm_wday < 0 || t->tm_wday > 6)
+                                       return (0);
+                               if (!_add(_CurrentTimeLocale->day[t->tm_wday],
+                                   pt, ptlim))
+                                       return (0);
+                               continue;
+
+                       case 'a':
+                               if (t->tm_wday < 0 || t->tm_wday > 6)
+                                       return (0);
+                               if (!_add(_CurrentTimeLocale->abday[t->tm_wday],
+                                   pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'B':
+                               if (t->tm_mon < 0 || t->tm_mon > 11)
+                                       return (0);
+                               if (!_add(_CurrentTimeLocale->mon[t->tm_mon],
+                                   pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'b':
+                       case 'h':
+                               if (t->tm_mon < 0 || t->tm_mon > 11)
+                                       return (0);
+                               if (!_add(_CurrentTimeLocale->abmon[t->tm_mon],
+                                   pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'C':
+                               if (!_conv((t->tm_year + TM_YEAR_BASE) / 100,
+                                   2, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'c':
+                               if (!_fmt(_CurrentTimeLocale->d_t_fmt, t, pt,
+                                   ptlim))
+                                       return (0);
+                               continue;
+                       case 'D':
+                               if (!_fmt("%m/%d/%y", t, pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'd':
+                               if (!_conv(t->tm_mday, 2, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'e':
+                               if (!_conv(t->tm_mday, 2, ' ', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'H':
+                               if (!_conv(t->tm_hour, 2, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'I':
+                               if (!_conv(t->tm_hour % 12 ?
+                                   t->tm_hour % 12 : 12, 2, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'j':
+                               if (!_conv(t->tm_yday + 1, 3, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'k':
+                               if (!_conv(t->tm_hour, 2, ' ', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'l':
+                               if (!_conv(t->tm_hour % 12 ?
+                                   t->tm_hour % 12: 12, 2, ' ', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'M':
+                               if (!_conv(t->tm_min, 2, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'm':
+                               if (!_conv(t->tm_mon + 1, 2, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'n':
+                               if (!_add("\n", pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'p':
+                               if (!_add(_CurrentTimeLocale->am_pm[t->tm_hour
+                                   >= 12], pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'R':
+                               if (!_fmt("%H:%M", t, pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'r':
+                               if (!_fmt(_CurrentTimeLocale->t_fmt_ampm, t, pt,
+                                   ptlim))
+                                       return (0);
+                               continue;
+                       case 'S':
+                               if (!_conv(t->tm_sec, 2, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 's':
+                               if (!_secs(t, pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'T':
+                               if (!_fmt("%H:%M:%S", t, pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 't':
+                               if (!_add("\t", pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'U':
+                               if (!_conv(SUN_WEEK(t), 2, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'u':
+                               if (!_conv(t->tm_wday ? t->tm_wday : 7, 1, '0',
+                                   pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'V':       /* ISO 8601 week number */
+                       case 'G':       /* ISO 8601 year (four digits) */
+                       case 'g':       /* ISO 8601 year (two digits) */
+/*
+** From Arnold Robbins' strftime version 3.0:  "the week number of the
+** year (the first Monday as the first day of week 1) as a decimal number
+** (01-53)."
+** (ado, 1993-05-24)
+**
+** From "http://www.ft.uni-erlangen.de/~mskuhn/iso-time.html" by Markus Kuhn:
+** "Week 01 of a year is per definition the first week which has the
+** Thursday in this year, which is equivalent to the week which contains
+** the fourth day of January. In other words, the first week of a new year
+** is the week which has the majority of its days in the new year. Week 01
+** might also contain days from the previous year and the week before week
+** 01 of a year is the last week (52 or 53) of the previous year even if
+** it contains days from the new year. A week starts with Monday (day 1)
+** and ends with Sunday (day 7).  For example, the first week of the year
+** 1997 lasts from 1996-12-30 to 1997-01-05..."
+** (ado, 1996-01-02)
+*/
+                               {
+                                       int     year;
+                                       int     yday;
+                                       int     wday;
+                                       int     w;
+
+                                       year = t->tm_year + TM_YEAR_BASE;
+                                       yday = t->tm_yday;
+                                       wday = t->tm_wday;
+                                       for ( ; ; ) {
+                                               int     len;
+                                               int     bot;
+                                               int     top;
+
+                                               len = isleap(year) ?
+                                                       DAYSPERLYEAR :
+                                                       DAYSPERNYEAR;
+                                               /*
+                                               ** What yday (-3 ... 3) does
+                                               ** the ISO year begin on?
+                                               */
+                                               bot = ((yday + 11 - wday) %
+                                                       DAYSPERWEEK) - 3;
+                                               /*
+                                               ** What yday does the NEXT
+                                               ** ISO year begin on?
+                                               */
+                                               top = bot -
+                                                       (len % DAYSPERWEEK);
+                                               if (top < -3)
+                                                       top += DAYSPERWEEK;
+                                               top += len;
+                                               if (yday >= top) {
+                                                       ++year;
+                                                       w = 1;
+                                                       break;
+                                               }
+                                               if (yday >= bot) {
+                                                       w = 1 + ((yday - bot) /
+                                                               DAYSPERWEEK);
+                                                       break;
+                                               }
+                                               --year;
+                                               yday += isleap(year) ?
+                                                       DAYSPERLYEAR :
+                                                       DAYSPERNYEAR;
+                                       }
+#ifdef XPG4_1994_04_09
+                                       if ((w == 52
+                                            && t->tm_mon == TM_JANUARY)
+                                           || (w == 1
+                                               && t->tm_mon == TM_DECEMBER))
+                                               w = 53;
+#endif /* defined XPG4_1994_04_09 */
+                                       if (*format == 'V') {
+                                               if (!_conv(w, 2, '0',
+                                                       pt, ptlim))
+                                                       return (0);
+                                       } else if (*format == 'g') {
+                                               if (!_conv(year % 100, 2, '0',
+                                                       pt, ptlim))
+                                                       return (0);
+                                       } else  if (!_conv(year, 4, '0',
+                                                       pt, ptlim))
+                                                       return (0);
+                               }
+                               continue;
+                       case 'W':
+                               if (!_conv(MON_WEEK(t), 2, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'w':
+                               if (!_conv(t->tm_wday, 1, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'x':
+                               if (!_fmt(_CurrentTimeLocale->d_fmt, t, pt,
+                                   ptlim))
+                                       return (0);
+                               continue;
+                       case 'X':
+                               if (!_fmt(_CurrentTimeLocale->t_fmt, t, pt,
+                                   ptlim))
+                                       return (0);
+                               continue;
+                       case 'y':
+                               if (!_conv((t->tm_year + TM_YEAR_BASE) % 100,
+                                   2, '0', pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'Y':
+                               if (!_conv((t->tm_year + TM_YEAR_BASE), 4, '0',
+                                   pt, ptlim))
+                                       return (0);
+                               continue;
+                       case 'Z':
+                               if (tzname[t->tm_isdst ? 1 : 0] &&
+                                   !_add(tzname[t->tm_isdst ? 1 : 0], pt,
+                                   ptlim))
+                                       return (0);
+                               continue;
+                       case '%':
+                       /*
+                        * X311J/88-090 (4.12.3.5): if conversion char is
+                        * undefined, behavior is undefined.  Print out the
+                        * character itself as printf(3) does.
+                        */
+                       default:
+                               break;
+                       }
+               }
+               if (*pt == ptlim)
+                       return (0);
+               *(*pt)++ = *format;
+       }
+       return (ptlim - *pt);
 }
 
 static int
-add_num_time_t (string, max, num)
-     char *string;
-     int max;
-     time_t num;
+_secs(t, pt, ptlim)
+       const struct tm *t;
+       char **pt;
+       const char * const ptlim;
 {
-  /* This buffer is large enough to hold the character representation
-     (including the trailing NUL) of any unsigned decimal quantity
-     whose binary representation fits in 128 bits.  */
-  char buf[40];
-  int length;
-
-  if (sizeof (num) > 16)
-    abort ();
-  sprintf (buf, "%lu", (unsigned long) num);
-  length = add_str (string, buf, max);
-  return length;
+       char buf[15];
+       time_t s;
+       char *p;
+       struct tm tmp;
+
+       buf[sizeof (buf) - 1] = '\0';
+       /* Make a copy, mktime(3) modifies the tm struct. */
+       tmp = *t;
+       s = mktime(&tmp);
+       for (p = buf + sizeof(buf) - 2; s > 0 && p > buf; s /= 10)
+               *p-- = (char)(s % 10 + '0');
+       return (_add(++p, pt, ptlim));
 }
 
-/* Return the week in the year of the time in TM, with the weeks
-   starting on Sundays. */
-
 static int
-sun_week (tm)
-     struct tm *tm;
+_conv(n, digits, pad, pt, ptlim)
+       int n, digits;
+       int pad;
+       char **pt;
+       const char * const ptlim;
 {
-  int dl;
-
-  /* Set `dl' to the day in the year of the last day of the week previous
-     to the one containing the day specified in TM.  If the day specified
-     in TM is in the first week of the year, `dl' will be negative or 0.
-     Otherwise, calculate the number of complete weeks before our week
-     (dl / 7) and add any partial week at the start of the year (dl % 7). */
-  dl = tm->tm_yday - tm->tm_wday;
-  return dl <= 0 ? 0 : dl / 7 + (dl % 7 != 0);
+       char buf[10];
+       char *p;
+
+       buf[sizeof (buf) - 1] = '\0';
+       for (p = buf + sizeof(buf) - 2; n > 0 && p > buf; n /= 10, --digits)
+               *p-- = n % 10 + '0';
+       while (p > buf && digits-- > 0)
+               *p-- = pad;
+       return (_add(++p, pt, ptlim));
 }
 
-/* Return the week in the year of the time in TM, with the weeks
-   starting on Mondays. */
-
 static int
-mon_week (tm)
-     struct tm *tm;
-{
-  int dl, wday;
-
-  if (tm->tm_wday == 0)
-    wday = 6;
-  else
-    wday = tm->tm_wday - 1;
-  dl = tm->tm_yday - wday;
-  return dl <= 0 ? 0 : dl / 7 + (dl % 7 != 0);
-}
-
-#if !defined(HAVE_TM_ZONE) && !defined(HAVE_TZNAME)
-char *
-zone_name (tp)
-     struct tm *tp;
+_add(str, pt, ptlim)
+       const char *str;
+       char **pt;
+       const char * const ptlim;
 {
-  char *timezone ();
-  struct timeval tv;
-  struct timezone tz;
-
-  gettimeofday (&tv, &tz);
-  return timezone (tz.tz_minuteswest, tp->tm_isdst);
-}
-#endif
-
-/* Format the time given in TM according to FORMAT, and put the
-   results in STRING.
-   Return the number of characters (not including terminating null)
-   that were put into STRING, or 0 if the length would have
-   exceeded MAX. */
-
-size_t
-strftime (string, max, format, tm)
-     char *string;
-     size_t max;
-     const char *format;
-     const struct tm *tm;
-{
-  enum padding pad;            /* Type of padding to apply. */
-  size_t length = 0;           /* Characters put in STRING so far. */
-
-  for (; *format && length < max; ++format)
-    {
-      if (*format != '%')
-       add_char (*format);
-      else
-       {
-         ++format;
-         /* Modifiers: */
-         if (*format == '-')
-           {
-             pad = none;
-             ++format;
-           }
-         else if (*format == '_')
-           {
-             pad = blank;
-             ++format;
-           }
-         else
-           pad = zero;
-
-         switch (*format)
-           {
-             /* Literal character fields: */
-           case 0:
-           case '%':
-             add_char ('%');
-             break;
-           case 'n':
-             add_char ('\n');
-             break;
-           case 't':
-             add_char ('\t');
-             break;
-           default:
-             add_char (*format);
-             break;
-
-             /* Time fields: */
-           case 'H':
-           case 'k':
-             length +=
-               add_num2 (&string[length], tm->tm_hour, max - length,
-                         *format == 'H' ? pad : blank);
-             break;
-           case 'I':
-           case 'l':
-             {
-               int hour12;
-
-               if (tm->tm_hour == 0)
-                 hour12 = 12;
-               else if (tm->tm_hour > 12)
-                 hour12 = tm->tm_hour - 12;
-               else
-                 hour12 = tm->tm_hour;
-               length +=
-                 add_num2 (&string[length], hour12, max - length,
-                           *format == 'I' ? pad : blank);
-             }
-             break;
-           case 'M':
-             length +=
-               add_num2 (&string[length], tm->tm_min, max - length, pad);
-             break;
-           case 'p':
-             if (tm->tm_hour < 12)
-               add_char ('A');
-             else
-               add_char ('P');
-             add_char ('M');
-             break;
-           case 'r':
-             length +=
-               strftime (&string[length], max - length, "%I:%M:%S %p", tm);
-             break;
-           case 'R':
-             length +=
-               strftime (&string[length], max - length, "%H:%M", tm);
-             break;
-
-           case 's':
-             {
-               struct tm writable_tm;
-               writable_tm = *tm;
-               length += add_num_time_t (&string[length], max - length,
-                                         mktime (&writable_tm));
-             }
-             break;
-
-           case 'S':
-             length +=
-               add_num2 (&string[length], tm->tm_sec, max - length, pad);
-             break;
-           case 'T':
-             length +=
-               strftime (&string[length], max - length, "%H:%M:%S", tm);
-             break;
-           case 'X':
-             length +=
-               strftime (&string[length], max - length, "%H:%M:%S", tm);
-             break;
-           case 'Z':
-#ifdef HAVE_TM_ZONE
-             length += add_str (&string[length], tm->tm_zone, max - length);
-#else
-#ifdef HAVE_TZNAME
-             if (tm->tm_isdst && tzname[1] && *tzname[1])
-               length += add_str (&string[length], tzname[1], max - length);
-             else
-               length += add_str (&string[length], tzname[0], max - length);
-#else
-             length += add_str (&string[length], zone_name (tm), max - length);
-#endif
-#endif
-             break;
 
-             /* Date fields: */
-           case 'a':
-             add_char (days[tm->tm_wday][0]);
-             add_char (days[tm->tm_wday][1]);
-             add_char (days[tm->tm_wday][2]);
-             break;
-           case 'A':
-             length +=
-               add_str (&string[length], days[tm->tm_wday], max - length);
-             break;
-           case 'b':
-           case 'h':
-             add_char (months[tm->tm_mon][0]);
-             add_char (months[tm->tm_mon][1]);
-             add_char (months[tm->tm_mon][2]);
-             break;
-           case 'B':
-             length +=
-               add_str (&string[length], months[tm->tm_mon], max - length);
-             break;
-           case 'c':
-             length +=
-               strftime (&string[length], max - length,
-                         "%a %b %d %H:%M:%S %Z %Y", tm);
-             break;
-           case 'C':
-             length +=
-               add_num2 (&string[length], (tm->tm_year + 1900) / 100,
-                         max - length, pad);
-             break;
-           case 'd':
-             length +=
-               add_num2 (&string[length], tm->tm_mday, max - length, pad);
-             break;
-           case 'e':
-             length +=
-               add_num2 (&string[length], tm->tm_mday, max - length, blank);
-             break;
-           case 'D':
-             length +=
-               strftime (&string[length], max - length, "%m/%d/%y", tm);
-             break;
-           case 'j':
-             length +=
-               add_num3 (&string[length], tm->tm_yday + 1, max - length, pad);
-             break;
-           case 'm':
-             length +=
-               add_num2 (&string[length], tm->tm_mon + 1, max - length, pad);
-             break;
-           case 'U':
-             length +=
-               add_num2 (&string[length], sun_week (tm), max - length, pad);
-             break;
-           case 'w':
-             add_char (tm->tm_wday + '0');
-             break;
-           case 'W':
-             length +=
-               add_num2 (&string[length], mon_week (tm), max - length, pad);
-             break;
-           case 'x':
-             length +=
-               strftime (&string[length], max - length, "%m/%d/%y", tm);
-             break;
-           case 'y':
-             length +=
-               add_num2 (&string[length], tm->tm_year % 100,
-                         max - length, pad);
-             break;
-           case 'Y':
-             add_char ((tm->tm_year + 1900) / 1000 + '0');
-             length +=
-               add_num3 (&string[length],
-                         (1900 + tm->tm_year) % 1000, max - length, zero);
-             break;
-           }
+       for (;; ++(*pt)) {
+               if (*pt == ptlim)
+                       return (0);
+               if ((**pt = *str++) == '\0')
+                       return (1);
        }
-    }
-  add_char (0);
-  return length - 1;
 }
index 9a309bd82ecde8faceb090c63ccfcdf2e793c84c..9ed9d92ca08341791a0fc6d7f799e2b0e15e827a 100644 (file)
@@ -1,3 +1,15 @@
+2001-02-05  Tom Yu  <tlyu@mit.edu>
+
+       * kdb5_util.M: Fix some formatting nits and document new flags
+       controlling dump formats.
+
+2000-06-30  Tom Yu  <tlyu@mit.edu>
+
+       * dump.c: Add a new dump version, r1_3_version, and make it the
+       default; it will be used in krb5-1.3 and will permit a principal's
+       kadm5 data to be dumped.  This is an interim measure until we
+       redesign the dump format somewhat.
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 4378e310c9369dabaf7ad1908d3518f0f95fe7cd..49e49f727212fe80990bb1127fd0bf07c86292a2 100644 (file)
@@ -74,8 +74,16 @@ static krb5_error_code dump_k5beta_iterator PROTOTYPE((krb5_pointer,
                                                       krb5_db_entry *));
 static krb5_error_code dump_k5beta6_iterator PROTOTYPE((krb5_pointer,
                                                        krb5_db_entry *));
+static krb5_error_code dump_k5beta6_iterator_ext PROTOTYPE((krb5_pointer,
+                                                           krb5_db_entry *,
+                                                           int));
 static krb5_error_code dump_k5beta7_princ PROTOTYPE((krb5_pointer,
                                                     krb5_db_entry *));
+static krb5_error_code dump_k5beta7_princ_ext PROTOTYPE((krb5_pointer,
+                                                        krb5_db_entry *,
+                                                        int));
+static krb5_error_code dump_k5beta7_princ_withpolicy
+                       PROTOTYPE((krb5_pointer, krb5_db_entry *));
 static krb5_error_code dump_ov_princ PROTOTYPE((krb5_pointer,
                                                krb5_db_entry *));
 static void dump_k5beta7_policy PROTOTYPE((void *, osa_policy_ent_t));
@@ -141,6 +149,16 @@ dump_version ov_version = {
      process_ov_record,
 };
 
+dump_version r1_3_version = {
+     "Kerberos version 5 release 1.3",
+     "kdb5_util load_dump version 5\n",
+     0,
+     0,
+     dump_k5beta7_princ_withpolicy,
+     dump_k5beta7_policy,
+     process_k5beta7_record,
+};
+
 /* External data */
 extern char            *current_dbname;
 extern krb5_boolean    dbactive;
@@ -220,6 +238,7 @@ static const char dfile_err_fmt[] = "%s: cannot open %s (%s)\n";
 
 static const char oldoption[] = "-old";
 static const char b6option[] = "-b6";
+static const char b7option[] = "-b7";
 static const char verboseoption[] = "-verbose";
 static const char updateoption[] = "-update";
 static const char hashoption[] = "-hash";
@@ -633,6 +652,15 @@ static krb5_error_code
 dump_k5beta6_iterator(ptr, entry)
     krb5_pointer       ptr;
     krb5_db_entry      *entry;
+{
+    return dump_k5beta6_iterator_ext(ptr, entry, 0);
+}
+
+static krb5_error_code
+dump_k5beta6_iterator_ext(ptr, entry, kadm)
+    krb5_pointer       ptr;
+    krb5_db_entry      *entry;
+    int                        kadm;
 {
     krb5_error_code    retval;
     struct dump_args   *arg;
@@ -703,7 +731,10 @@ dump_k5beta6_iterator(ptr, entry)
              */
             switch (tlp->tl_data_type) {
             case KRB5_TL_KADM_DATA:
-                 skip++;
+                 if (kadm)
+                     counter++;
+                 else
+                     skip++;
                  break;
             default:
                  counter++;
@@ -731,7 +762,7 @@ dump_k5beta6_iterator(ptr, entry)
                    entry->fail_auth_count);
            /* Pound out tagged data. */
            for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) {
-               if (tlp->tl_data_type == KRB5_TL_KADM_DATA)
+               if (tlp->tl_data_type == KRB5_TL_KADM_DATA && !kadm)
                     continue; /* see above, [krb5-admin/89] */
 
                fprintf(arg->ofile, "%d\t%d\t",
@@ -796,6 +827,15 @@ static krb5_error_code
 dump_k5beta7_princ(ptr, entry)
     krb5_pointer       ptr;
     krb5_db_entry      *entry;
+{
+    return dump_k5beta7_princ_ext(ptr, entry, 0);
+}
+
+static krb5_error_code
+dump_k5beta7_princ_ext(ptr, entry, kadm)
+    krb5_pointer       ptr;
+    krb5_db_entry      *entry;
+    int                        kadm;
 {
      krb5_error_code retval;
      struct dump_args *arg;
@@ -826,7 +866,7 @@ dump_k5beta7_princ(ptr, entry)
          /* save the callee from matching the name again */
          tmp_nnames = arg->nnames;
          arg->nnames = 0;
-         retval = dump_k5beta6_iterator(ptr, entry);
+         retval = dump_k5beta6_iterator_ext(ptr, entry, kadm);
          arg->nnames = tmp_nnames;
      }
 
@@ -834,6 +874,14 @@ dump_k5beta7_princ(ptr, entry)
      return retval;
 }
 
+static krb5_error_code
+dump_k5beta7_princ_withpolicy(ptr, entry)
+    krb5_pointer       ptr;
+    krb5_db_entry      *entry;
+{
+    return dump_k5beta7_princ_ext(ptr, entry, 1);
+}
+
 void dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
 {
      struct dump_args *arg;
@@ -953,7 +1001,7 @@ static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb)
 
 /*
  * usage is:
- *     dump_db [-old] [-b6] [-ov] [-verbose] [filename [principals...]]
+ *     dump_db [-old] [-b6] [-b7] [-ov] [-verbose] [filename [principals...]]
  */
 void
 dump_db(argc, argv)
@@ -980,7 +1028,7 @@ dump_db(argc, argv)
        programname = strrchr(argv[0], (int) '/') + 1;
     ofile = (char *) NULL;
     error = 0;
-    dump = &beta7_version;
+    dump = &r1_3_version;
     arglist.verbose = 0;
     new_mkey_file = 0;
     mkey_convert = 0;
@@ -993,6 +1041,8 @@ dump_db(argc, argv)
             dump = &old_version;
        else if (!strcmp(argv[aindex], b6option))
             dump = &beta6_version;
+       else if (!strcmp(argv[aindex], b7option))
+            dump = &beta7_version;
        else if (!strcmp(argv[aindex], ovoption))
             dump = &ov_version;
        else if (!strcmp(argv[aindex], verboseoption))
@@ -2008,7 +2058,8 @@ restore_dump(programname, kcontext, dumpfile, f, verbose, dump, pol_db)
 }
 
 /*
- * Usage: load_db [-old] [-ov] [-b6] [-verbose] [-update] [-hash] filename
+ * Usage: load_db [-old] [-ov] [-b6] [-b7] [-verbose] [-update] [-hash]
+ *             filename
  */
 void
 load_db(argc, argv)
@@ -2052,6 +2103,8 @@ load_db(argc, argv)
             load = &old_version;
        else if (!strcmp(argv[aindex], b6option))
             load = &beta6_version;
+       else if (!strcmp(argv[aindex], b7option))
+            load = &beta7_version;
        else if (!strcmp(argv[aindex], ovoption))
             load = &ov_version;
        else if (!strcmp(argv[aindex], verboseoption))
@@ -2129,6 +2182,8 @@ load_db(argc, argv)
              load = &beta6_version;
         else if (strcmp(buf, beta7_version.header) == 0)
              load = &beta7_version;
+        else if (strcmp(buf, r1_3_version.header) == 0)
+             load = &r1_3_version;
         else if (strncmp(buf, ov_version.header,
                          strlen(ov_version.header)) == 0)
              load = &ov_version;
index 829e55af847d31d631f126c0bdcc722fefbfecc7..8f529d6a767bded8fa644d451a6a79363a2a640f 100644 (file)
@@ -4,8 +4,8 @@ kdb5_util \- Kerberos database maintainance utility
 .SH SYNOPSIS
 .B kdb5_util
 .I command
-[\fB\-r\fP \fIrealm\fP] [\fB\-d\fP \fIdbname\fP]
-[\fB\-k\fP \fImkeytype\fP] [\fB\-M\fP \fImkeyname\fP]
+[\fB\-r\fP\ \fIrealm\fP] [\fB\-d\fP\ \fIdbname\fP]
+[\fB\-k\fP\ \fImkeytype\fP] [\fB\-M\fP\ \fImkeyname\fP]
 [\fB\-m\fP]
 .I command_options
 .SH DESCRIPTION
@@ -35,25 +35,25 @@ successfully opens the database, because the database may not exist yet
 or the stash file may be corrupt.
 .SH COMMAND-LINE OPTIONS
 .TP
-\fB\-r\fP \fIrealm\fP
+\fB\-r\fP\ \fIrealm\fP
 specifies the Kerberos realm of the database; by default the realm
 returned by
 .IR krb5_default_local_realm (3)
 is used.
 .TP
-\fB-d\fP \fIdbname\fP
+\fB\-d\fP\ \fIdbname\fP
 specifies the name under which the principal database is stored; by
 default the database is that listed in
 .IR kdc.conf (5).
 The KADM5 policy database and lock file are also derived from this
 value.
 .TP
-\fB\-k\fP \fImkeytype\fP
+\fB\-k\fP\ \fImkeytype\fP
 specifies the key type of the master key in the database; the default is
 that given in
 .IR kdc.conf .
 .TP
-\fB\-M\fP \fImkeyname\fP
+\fB\-M\fP\ \fImkeyname\fP
 principal name for the master key in the database; the default is
 that given in
 .IR kdc.conf .
@@ -63,7 +63,7 @@ specifies that the master database password should be read from the TTY
 rather than fetched from a file on disk.
 .SH COMMANDS
 .TP
-\fBcreate\fP [\fB-s\fP]
+\fBcreate\fP [\fB\-s\fP]
 Creates a new database.  If the
 .B \-s
 option is specified, the stash file is also created.  This command fails
@@ -78,15 +78,17 @@ the
 .B \-f
 argument, does not prompt the user.
 .TP
-\fBstash\fP [\fB\-f\fP \fIkeyfile\fP]
+\fBstash\fP [\fB\-f\fP\ \fIkeyfile\fP]
 Stores the master principal's keys in a stash file.  The
 .B \-f
 argument can be used to override the keyfile specified at startup.
 .TP
-\fBdump\fP [\fB\-old\fP] [\fB\-b6\fP] [\fB\-ov\fP] [\fB-verbose\fP] [\fIfilename\fP [\fIprincipals...\fP]]
+\fBdump\fP [\fB\-old\fP] [\fB\-b6\fP] [\fB\-b7\fP] [\fB\-ov\fP]
+[\fB\-verbose\fP] [\fIfilename\fP [\fIprincipals...\fP]]
+.br
 Dumps the current Kerberos and KADM5 database into an ASCII file.  By
 default, the database is dumped in current format, "kdb5_util
-load_dumpversion 4".  Options:
+load_dumpversion 5".  Options:
 .RS
 .TP
 .B \-old
@@ -97,6 +99,9 @@ causes the dump to be in the Kerberos 5 Beta 5 and earlier dump format
 causes the dump to be in the Kerberos 5 Beta 6 format ("kdb5_edit
 load_dump version 3.0").
 .TP
+.B \-b7
+causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util load_dump version 4").  This was the dump format produced on releases prior to 1.2.2.
+.TP
 .B \-ov
 causes the dump to be in
 .I ovsec_adm_export
@@ -107,7 +112,9 @@ causes the name of each principal and policy to be printed as it is
 dumped.
 .RE
 .TP
-\fBload\fP [\fB\-old\fP] [\fB\-b6\fP] [\fB\-ov\fP] [\fB-verbose\fP] [\fB-update\fP] \fIfilename dbname\fP [\fIadmin_dbname\fP]
+\fBload\fP [\fB\-old\fP] [\fB\-b6\fP] [\fB\-ov\fP]
+[\fB\-verbose\fP] [\fB\-update\fP] \fIfilename dbname\fP [\fIadmin_dbname\fP]
+.br
 Loads a database dump from the named file into the named database.
 Unless the 
 .B \-old
@@ -130,6 +137,10 @@ requires the database to be in the Kerberos 5 Beta 5 and earlier format
 requires the database to be in the Kerberos 5 Beta 6 format ("kdb5_edit
 load_dump version 3.0").
 .TP
+.B \-b7
+requires the database to be in the Kerberos 5 Beta 7 format ("kdb5_util
+load_dump version 4").
+.TP
 .B \-ov
 requires the database to be in
 .I ovsec_adm_import
@@ -159,7 +170,7 @@ if not specified.
 \fBdump_v4\fP [\fIfilename\fP]
 Dumps the current database into the Kerberos 4 database dump format.
 .TP
-\fBload_v4\fP [\fB\-t\fP] [\fB-n\fP] [\fB\-K\fP] [\fB-s \fIstashfile\fP] \fIinputfile\fP
+\fBload_v4\fP [\fB\-t\fP] [\fB-n\fP] [\fB\-K\fP] [\fB\-s\ \fIstashfile\fP] \fIinputfile\fP
 Loads a Kerberos 4 database dump file.  Options:
 .RS
 .TP
index fbd4611cf8c3ab7604f2d339926407bddc5d65e0..8218363e713bbe549d1eef57a2221c180cb68d42 100644 (file)
@@ -1,3 +1,8 @@
+2000-05-19  Ken Raeburn  <raeburn@mit.edu>
+
+       * ktutil_funcs.c (ktutil_write_keytab): Reject a filename that's
+       too long.
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index d4c0ce95b4d4e6ea88331b01ed9cd2ee64147c38..c39173fe7bf2fc3081bcf1b8b3b3519a8f4259d1 100644 (file)
@@ -317,7 +317,9 @@ krb5_error_code ktutil_write_keytab(context, list, name)
     krb5_error_code retval = 0;
 
     strcpy(ktname, "WRFILE:");
-    strncat(ktname, name, MAXPATHLEN);
+    if (strlen (name) >= MAXPATHLEN)
+       return ENAMETOOLONG;
+    strncat (ktname, name, MAXPATHLEN);
     retval = krb5_kt_resolve(context, ktname, &kt);
     if (retval)
        return retval;
index 3833b63d6f63b3cdb92ad38ef46092874f039d1f..e7ce2d690189da6100ad6ad40d10be7a5ee85c6a 100644 (file)
@@ -1,3 +1,7 @@
+2000-05-08  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * xm_kpasswd.c (motif_com_err): Don't overflow buffer "buf".
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 0db1111c64a93c468efc2bb55d7ea8eddf34a134..4232e3baf4219b9e4175452c5cb3fa07db1be264 100644 (file)
@@ -111,13 +111,15 @@ motif_com_err (whoami, code, fmt, args)
 
   if (whoami)
     {
-      strcpy(buf, whoami);
-      strcat(buf, ": ");
+      strncpy(buf, whoami, sizeof(buf) - 1);
+      buf[sizeof(buf) - 1] = '\0';
+      strncat(buf, ": ", sizeof(buf) - 1 - strlen(buf));
     }
   if (code)
     {
-      strcat(buf, error_message(code));
-      strcat(buf, " ");
+      buf[sizeof(buf) - 1] = '\0';
+      strncat(buf, error_message(code), sizeof(buf) - 1 - strlen(buf));
+      strncat(buf, " ", sizeof(buf) - 1 - strlen(buf));
     }
   if (fmt)
     {
index d5f932eb253420cbefdc11a7164cd502c64fe74e..b889b6ce300aae298c5e064d6ccdfdcdfc231b48 100644 (file)
@@ -1,3 +1,12 @@
+2000-06-21  Tom Yu  <tlyu@mit.edu>
+
+       * server_stubs.c: Kludge to rename xdr_free() properly.
+
+2000-05-23  Tom Yu  <tlyu@mit.edu>
+
+       * schpw.c (process_chpw_request): Add new argument to call to
+       chpass_principal_util()
+
 2000-03-16  Ken Raeburn  <raeburn@mit.edu>
            Matt Crawford  <crawdad@fnal.gov>
 
index f246571f8c3dfb372dfc78b71900c89c1e2836ec..9de81160bc2adb954bb34305fdb867beab95f838 100644 (file)
@@ -229,7 +229,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sin, req, rep)
     ptr[clear.length] = '\0';
 
     ret = kadm5_chpass_principal_util(server_handle, ticket->enc_part2->client,
-                                     ptr, NULL, strresult);
+                                     ptr, NULL, strresult, sizeof(strresult));
 
     /* zap the password */
     memset(clear.data, 0, clear.length);
index 2eef601b22bc5872b04d2e50bf6b3eb0c754d610..f763677b3e074f7523fe75b1ac410f43644e34fc 100644 (file)
@@ -18,6 +18,8 @@ static char *rcsid = "$Header$";
 #include <syslog.h>
 #include "misc.h"
 
+#define xdr_free gssrpc_xdr_free /* XXX kludge */
+
 #define LOG_UNAUTH  "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s"
 #define        LOG_DONE    "Request: %s, %s, %s, client=%s, service=%s, addr=%s"
 
index e1fedafaa317f57dc46a26da091aba11ab7b3bd7..a69cf30036bf54fb40a013fde8848100acd7522a 100644 (file)
@@ -1,3 +1,13 @@
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * kdc.conf.proto: Use des3 master key.
+
+2000-05-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * krb5.conf.proto: Set dns_fallback=no.
+
+       * kdc.conf.proto: Add des3 to supported_enctypes.
+
 Wed Jan 21 12:44:25 1998  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
        * kdc.conf.proto: Add kpasswd_port line so kadmind can start as
index 69d604106f6ba233a0cf669fe8866f6f1231045c..6f9edeb5b38438065726425648e2cb5333ece8db 100644 (file)
@@ -11,7 +11,6 @@
                dict_file = __K5ROOT__/ovsec_adm.dict
                kadmind_port = 1751
                kpasswd_port = 1752
-               master_key_type = des-cbc-crc
-               supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4 des-cbc-md5:normal des-cbc-raw:normal
+               master_key_type = des3-hmac-sha1
+               supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-md5:normal des-cbc-raw:normal
        }
-
index a0638157053cb0554f7f4bda3bdb08a4be5f889b..5521267c7bf0060dfad04de8ad294b1337e44e4d 100644 (file)
@@ -1,6 +1,7 @@
 [libdefaults]
        default_realm = __REALM__
        default_keytab_name = FILE:__K5ROOT__/v5srvtab
+       dns_fallback = no
 
 [realms]
        __REALM__ = {
index e3d88d1d22b4a15dfa0943c64b9cf4b59b006a90..08f1d239f966418bee39dce5dd22e6c78865efef 100644 (file)
@@ -1,3 +1,8 @@
+2000-05-23  Tom Yu  <tlyu@mit.edu>
+
+       * tcl_kadm5.c (tcl_kadm5_chpass_principal_util): Add new argument
+       to call to chpass_principal_util().
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index c334850f2893a6f9da35bf456712751c680acf94..5d0a62bc2e2e3b5b5987bbfc937c77ca51d31b17 100644 (file)
@@ -1965,7 +1965,8 @@ int tcl_kadm5_chpass_principal_util(ClientData clientData,
                                            override_qual,
 #endif                                     
                                            pw_ret_var ? &pw_ret : 0,
-                                           msg_ret_var ? msg_ret : 0);
+                                           msg_ret_var ? msg_ret : 0,
+                                           msg_ret_var ? sizeof(msg_ret) : 0);
 
      if (ret == KADM5_OK) {
          if (pw_ret_var &&
index c036eb83e0751c69ef31155146bc021ef48f3ea4..fd06738c549953bba45a882145aba5fb3c1640f4 100644 (file)
@@ -1,3 +1,30 @@
+2000-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * admin_server.c (main, case 'r'): Reject realm name that's too
+       long.
+
+       * acl_files.c (acl_load): Return error if name too long.
+
+       * kadm_err.et (KADM_REALM_TOO_LONG): New error code.
+       * kadm_ser_wrap.c (kadm_ser_init): Return it instead of truncating
+       a too-long realm name.
+
+2000-05-23  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * acl_files.c (acl_canonicalize_principal): If the principal name
+       would be too long, return a zero-length string to mark it as invalid.
+       (acl_load): Don't add the principal to the hash if it's invalid.
+       (acl_add): Don't check the principal if it's invalid.
+       (acl_delete): Don't try to delete the principal if it's invalid.
+
+       * kadm_ser_wrap.c (kadm_ser_init): Truncate "server_parm.krbrlm"
+       if "realm" is too long.
+
+2000-05-23  Tom Yu  <tlyu@mit.edu>
+
+       * kadm_server.c (kadm_ser_cpw): Add new arg to call to
+       chpass_principal_util().
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 22a0007de6b8939701f96498cd41cd651407706a..3e3bbe6d91d167b39be3c7d232ea25fe15d438c7 100644 (file)
@@ -69,7 +69,8 @@ void acl_canonicalize_principal(principal, canon)
 char *principal;
 char *canon;
 {
-    char *dot, *atsign, *end;
+    char *dot, *atsign, *end, *canon_save = canon;
+    char realm[REALM_SZ];
     int len;
 
     dot = strchr(principal, INST_SEP);
@@ -94,18 +95,33 @@ char *canon;
 
     /* Get the principal name */
     len = MIN(ANAME_SZ, COR(dot, COR(atsign, end)) - principal);
-    strncpy(canon, principal, len);
-    canon += len;
+    if(canon + len < canon_save + MAX_PRINCIPAL_SIZE) {
+       strncpy(canon, principal, len);
+       canon += len;
+    } else {
+       strcpy(canon, "");
+       return;
+    }
 
     /* Add INST_SEP */
-    *canon++ = INST_SEP;
+    if(canon + 1 < canon_save + MAX_PRINCIPAL_SIZE) {
+       *canon++ = INST_SEP;
+    } else {
+       strcpy(canon, "");
+       return;
+    }
 
     /* Get the instance, if it exists */
     if(dot != NULL) {
        ++dot;
        len = MIN(INST_SZ, COR(atsign, end) - dot);
-       strncpy(canon, dot, len);
-       canon += len;
+        if(canon + len < canon_save + MAX_PRINCIPAL_SIZE) {
+           strncpy(canon, dot, len);
+           canon += len;
+       } else {
+           strcpy(canon, "");
+           return;
+       }
     }
 
     /* Add REALM_SEP */
@@ -116,11 +132,21 @@ char *canon;
     if(atsign != NULL) {
        ++atsign;
        len = MIN(REALM_SZ, end - atsign);
-       strncpy(canon, atsign, len);
-       canon += len;
-       *canon++ = '\0';
-    } else if(krb_get_lrealm(canon, 1) != KSUCCESS) {
-       strcpy(canon, KRB_REALM);
+        if(canon + len + 1 < canon_save + MAX_PRINCIPAL_SIZE) {
+           strncpy(canon, atsign, len);
+           canon += len;
+           *canon++ = '\0';
+       } else {
+           strcpy(canon, "");
+           return;
+       }
+    } else if(krb_get_lrealm(realm, 1) != KSUCCESS) {
+        if(canon + strlen(realm) < canon_save + MAX_PRINCIPAL_SIZE) {
+           strcpy(canon, KRB_REALM);
+       } else {
+           strcpy(canon, "");
+           return;
+       }
     }
 }
            
@@ -399,7 +425,11 @@ char *name;
     }
 
     /* Set up the acl */
-    strcpy(acl_cache[i].filename, name);
+    if (strlen (name) >= sizeof (acl_cache[i].filename) - 1) {
+       return -1;
+    }
+    strncpy(acl_cache[i].filename, name, sizeof(acl_cache[i].filename) - 1);
+    acl_cache[i].filename[sizeof(acl_cache[i].filename) - 1] = '\0';
     if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
     /* Force reload */
     acl_cache[i].acl = (struct hashtbl *) 0;
@@ -426,7 +456,9 @@ char *name;
           while(fgets(buf, sizeof(buf), f) != NULL) {
               nuke_whitespace(buf);
               acl_canonicalize_principal(buf, canon);
-              add_hash(acl_cache[i].acl, canon);
+              if(strlen(canon) > 0) {
+                  add_hash(acl_cache[i].acl, canon);
+              }
           }
           fclose(f);
           acl_cache[i].status = s;
@@ -459,6 +491,9 @@ char *principal;
 
     acl_canonicalize_principal(principal, canon);
 
+    /* Is it an invalid principal name? */
+    if(strlen(canon) == 0) return(0);
+
     /* Is it there? */
     if(acl_exact_match(acl, canon)) return(1);
 
@@ -489,6 +524,9 @@ char *principal;
 
     acl_canonicalize_principal(principal, canon);
 
+    /* Is it an invalid principal name? */
+    if(strlen(canon) == 0) return(-1);
+
     if((new = acl_lock_file(acl)) == NULL) return(-1);
     if((acl_exact_match(acl, canon))
        || (idx = acl_load(acl)) < 0) {
@@ -523,6 +561,9 @@ char *principal;
 
     acl_canonicalize_principal(principal, canon);
 
+    /* Is it an invalid principal name? */
+    if(strlen(canon) == 0) return(-1);
+
     if((new = acl_lock_file(acl)) == NULL) return(-1);
     if((!acl_exact_match(acl, canon))
        || (idx = acl_load(acl)) < 0) {
index 90bf087c95fb258a00e28fb3bba48b743da62b98..cd8742dea0f6a7075a5fbc99e7729b0e4f8213b1 100644 (file)
@@ -149,6 +149,10 @@ char *argv[];
            fascist_cpw = 0;
            break;
        case 'r':
+           if (strlen (optarg) + 1 > REALM_SZ) {
+               com_err(argv[0], 0, "realm name `%s' too long", optarg);
+               exit(1);
+           }
            (void) strncpy(krbrlm, optarg, sizeof(krbrlm) - 1);
            break;
         case 'k':
index a192730833b52855795969796cce4e6b5d92ede9..07ab9da4b2818d130647bf7c9927498c9b422670 100644 (file)
@@ -54,4 +54,5 @@ ec KADM_INSECURE_PW,  "Insecure password rejected"
 ec KADM_PW_MISMATCH,   "Cleartext password and DES key did not match"
 
 ec KADM_NOT_SERV_PRINC,        "Invalid principal for change srvtab request"
+ec KADM_REALM_TOO_LONG, "Realm name too long"
 end
index bca814d0766d15e42a1972db43ef0669b38710e8..42d27aa466742bd034712bb9519b3bdef08aedba 100644 (file)
@@ -47,7 +47,7 @@ kadm_ser_init(inter, realm, params)
 kadm_ser_init(inter, realm)
     int inter;                 /* interactive or from file */
     char realm[];
-#endif   
+#endif
 {
     struct servent *sep;
     struct hostent *hp;
@@ -64,7 +64,11 @@ kadm_ser_init(inter, realm)
     
     (void) strcpy(server_parm.sname, PWSERV_NAME);
     (void) strcpy(server_parm.sinst, KRB_MASTER);
-    (void) strcpy(server_parm.krbrlm, realm);
+    if (strlen (realm) > REALM_SZ)
+       return KADM_REALM_TOO_LONG;
+    (void) strncpy(server_parm.krbrlm, realm, sizeof(server_parm.krbrlm)-1);
+    server_parm.krbrlm[sizeof(server_parm.krbrlm) - 1] = '\0';
+
     if (krb5_425_conv_principal(kadm_context, server_parm.sname,
                                server_parm.sinst, server_parm.krbrlm,
                                &server_parm.sprinc))
index 687259bf5d5fbf862e88feef0c885f0cd4aa0256..886620f319c90a9a407319ab95303566f4380234 100644 (file)
@@ -309,7 +309,8 @@ int *outlen;
        *msg_ret = '\0';
     } else {
        retval = kadm5_chpass_principal_util(kadm5_handle, user_princ,
-                                            pword, NULL, msg_ret);
+                                            pword, NULL, msg_ret,
+                                            sizeof(msg_ret));
        msg_ptr = msg_ret;
     }
     (void) krb5_free_principal(kadm_context, user_princ);
index a63cc97cef880afba6e68f097e5648650abfc16a..1fedd802dcc99e0564d53c97967bf59ed29fedbf 100644 (file)
@@ -1,3 +1,21 @@
+2000-05-24  Ken Raeburn  <raeburn@mit.edu>
+           Ezra Peisach  <epeisach@mit.edu>
+
+       * proto_serv.c (proto_serv): Don't overflow err_str.  Pass data
+       pointer and not a krb5_data to sprintf.  Remove unused variable
+       adm_errmsg.  Remove unused label done.  Declare variable
+       mime_setting only if MIME_SUPPORTED is defined.  Make variables
+       db_opened and kret volatile.
+       (proto_fmt_reply_msg): Unused variable deleted.
+
+2000-05-23  Tom Yu  <tlyu@mit.edu>
+
+       * kadm5_defs.h: Add argument for length of error string.
+
+       * main.c (pwd_change): Add argument for length of error string.
+
+       * proto_serv.c (proto_serv): Fix up call to pwd_change().
+
 2000-02-28  Ezra Peisach  <epeisach@mit.edu>
 
        * proto_serv.c (proto_serv): For error return,strdup the returned
index 08650bd838d365ee4d6489286bb880e331af0be8..17ec2e59525e7a9571c9a83b3b3ea57cb9557c88 100644 (file)
@@ -259,7 +259,8 @@ krb5_int32 pwd_change
                   krb5_ticket *,
                   krb5_data *,
                   krb5_data *,
-                  char []));
+                  char [],
+                  int));
 
 #if 0
 
index a9b381ed042d002cfdb197786d36ff2ec459b0f8..cec5bf821dcb2641b84f24381bf9baba18a305c9 100644 (file)
@@ -230,7 +230,7 @@ krb5_error_code key_close_db(krb5_context context)
 
 krb5_int32
 pwd_change(kcontext, debug_level, auth_context, ticket,
-             olddata, newdata, err_str)
+             olddata, newdata, err_str, err_str_len)
     krb5_context       kcontext;
     int                        debug_level;
     krb5_auth_context  auth_context;
@@ -238,6 +238,7 @@ pwd_change(kcontext, debug_level, auth_context, ticket,
     krb5_data          *olddata;
     krb5_data          *newdata;
     char               err_str[];
+    int                        err_str_len;
 {
      kadm5_ret_t ret;
      krb5_int32                        now;
@@ -301,7 +302,7 @@ pwd_change(kcontext, debug_level, auth_context, ticket,
                                          principal,
                                          newdata->data,
                                          NULL,
-                                         err_str))
+                                         err_str, err_str_len))
         return(KRB5_ADM_PW_UNACCEPT);
 
     return(KRB5_ADM_SUCCESS);
index 413c5efe8ab4412fdc4cb24375b8796881a3c5ba..419f8611d11df805136938620f25879c28f469c9 100644 (file)
@@ -52,7 +52,6 @@ static const char *proto_rd_cmd_msg = "\004%d: cannot read administrative protoc
 static const char *proto_db_open_msg = "\004%d: cannot open database";
 static const char *proto_db_close_msg = "\004%d: cannot close database";
 static const char *proto_wr_reply_msg = "\004%d: cannot write administrative protocol reply";
-static const char *proto_fmt_reply_msg = "\004%d: cannot format administrative protocol reply";
 extern char *programname;
 
 static int     proto_proto_timeout = -1;
@@ -109,7 +108,7 @@ proto_serv(kcontext, my_id, cl_sock, sv_p, cl_p)
     void               *sv_p;
     void               *cl_p;
 {
-    krb5_error_code    kret;
+    volatile krb5_error_code   kret;
     struct sockaddr_in *cl_addr;
     struct sockaddr_in *sv_addr;
 
@@ -127,12 +126,14 @@ proto_serv(kcontext, my_id, cl_sock, sv_p, cl_p)
 #endif /* POSIX_SIGNALS */
 
     char               *curr_lang = (char *) NULL;
+#ifdef MIME_SUPPORTED
     krb5_boolean       mime_setting = 0;
+#endif
 
     krb5_int32         num_args;
     krb5_data          *arglist;
 
-    krb5_boolean       db_opened;
+    volatile krb5_boolean      db_opened;
 
     cl_addr = (struct sockaddr_in *) cl_p;
     sv_addr = (struct sockaddr_in *) sv_p;
@@ -286,6 +287,7 @@ proto_serv(kcontext, my_id, cl_sock, sv_p, cl_p)
         */
        while (1) {
            krb5_int32  cmd_error;
+           /* If this size changed, change the sprintf below */
            char        err_str[1024];
            krb5_int32  cmd_repl_ncomps;
            krb5_data   *cmd_repl_complist;
@@ -412,7 +414,8 @@ proto_serv(kcontext, my_id, cl_sock, sv_p, cl_p)
                                               ticket,
                                               &arglist[1],
                                               &arglist[2],
-                                              &err_str);
+                                              err_str,
+                                              sizeof(err_str));
                    }
                    else {
                        DPRINT(DEBUG_REQUESTS, proto_debug_level,
@@ -732,7 +735,7 @@ proto_serv(kcontext, my_id, cl_sock, sv_p, cl_p)
                           ("> %d:UNKNOWN command %s\n", my_id,
                          arglist[0].data));
                    cmd_error = KRB5_ADM_CMD_UNKNOWN;
-                   sprintf(err_str, "Command %s not supported.", arglist[0]);
+                   sprintf(err_str, "Command %-.900s not supported", arglist[0].data); /* XXX Knows size of err_str.  */
                }
            }
            else {
@@ -770,7 +773,6 @@ proto_serv(kcontext, my_id, cl_sock, sv_p, cl_p)
                }
            }
            else {
-               char            *adm_errmsg;
                krb5_data       reply_comps;
 
                reply_comps.data = err_str;
@@ -858,7 +860,6 @@ proto_serv(kcontext, my_id, cl_sock, sv_p, cl_p)
        key_close_db(kcontext);
     close(cl_sock);
 
- done:
     DPRINT(DEBUG_CALLS, proto_debug_level, ("X proto_serv() = %d\n", kret));
     return(kret);
 }
index d0bbda28127c1bf7ea64cd441cd9ae288b974494..0ef81dafb6f5345d76403ccf5e7973950c657ce7 100644 (file)
@@ -1,3 +1,44 @@
+2001-02-02  Ken Raeburn  <raeburn@mit.edu>
+
+       * network.c (foreach_localaddr): Sync with lib/krb5/os/localaddr.c
+       version.
+
+2000-05-17  Tom Yu  <tlyu@mit.edu>
+
+       * kerberos_v4.c (process_v4): Zero out v4_pkt.mbz.
+       (kerberos_v4): Fix handling of APPL_REQUEST messages to deal with
+       ridiculously long realms, etc.  Fix up some calls to
+       kerb_err_reply() to be more useful.  Set req_*_ptr before any
+       possible calls to kerb_err_reply().
+
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kdc_util.c (add_to_transited): Use strncpy/strncat when building
+        data in buffers so as not to overrun "prev", "current", and "exp".
+       * kerberos_v4.c (process_v4): Don't assume that the realm is null-
+       terminated.
+       (set_tgtkey): Truncate realm name if it's too long.
+
+2000-04-28  Ken Raeburn  <raeburn@mit.edu>
+           Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kdc_util.c (add_to_transited): Use strncpy/strncat when building
+       data in buffers.  Fix some limit checks.
+       * kerberos_v4.c (kerb_err_reply): Use strncat so as not to overrun
+       error buffer.
+
+2000-04-22  Ken Raeburn  <raeburn@mit.edu>
+
+       * network.c: Include stddef.h.
+       (foreach_localaddr): Check each address against previously used
+       addresses, and skip duplicates, in case multiple interfaces have
+       the same address.
+
+2000-04-21  Ken Raeburn  <raeburn@mit.edu>
+
+       * network.c (foreach_localaddr): If called functions fail, drop
+       out of loop and return nonzero.
+
 2000-03-14  Ken Raeburn  <raeburn@mit.edu>
 
        * sock2p.c: New file.
index f5a0016b7646d61580cfd50be4d9ddde822af31f..e2c73a0f8ff1e50cdbf80459553eb9222e0b8cb8 100644 (file)
@@ -657,26 +657,30 @@ add_to_transited(tgt_trans, new_trans, tgs, client, server)
 
     clst = strlen(current) - 1;
     if (current[0] == ' ') {
-      strcpy(exp, current+1);
+      strncpy(exp, current+1, sizeof(exp) - 1);
+      exp[sizeof(exp) - 1] = '\0';
     }
     else if ((current[0] == '/') && (prev[0] == '/')) {
-      strcpy(exp, prev);
+      strncpy(exp, prev, sizeof(exp) - 1);
+      exp[sizeof(exp) - 1] = '\0';
       if (strlen(exp) + strlen(current) + 1 >= MAX_REALM_LN) {
        retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
        goto fail;
       }
-      strcat(exp, current);
+      strncat(exp, current, sizeof(exp) - 1 - strlen(exp));
     }
     else if (current[clst] == '.') {
-      strcpy(exp, current);
-      if (strlen(exp) + strlen(current) + 1 >= MAX_REALM_LN) {
+      strncpy(exp, current, sizeof(exp) - 1);
+      exp[sizeof(exp) - 1] = '\0';
+      if (strlen(exp) + strlen(prev) + 1 >= MAX_REALM_LN) {
        retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
        goto fail;
       }
-      strcat(exp, prev);
+      strncat(exp, prev, sizeof(exp) - 1 - strlen(exp));
     }
     else {
-      strcpy(exp, current);
+      strncpy(exp, current, sizeof(exp) - 1);
+      exp[sizeof(exp) - 1] = '\0';
     }
 
     /* read field into next */
@@ -718,11 +722,12 @@ add_to_transited(tgt_trans, new_trans, tgs, client, server)
       if ((next[nlst] != '.') && (next[0] != '/') &&
           (pl = subrealm(exp, realm))) {
         added = TRUE;
+       current[sizeof(current) - 1] = '\0';
        if (strlen(current) + (pl>0?pl:-pl) + 2 >= MAX_REALM_LN) {
          retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
          goto fail;
        }
-        strcat(current, ",");
+        strncat(current, ",", sizeof(current) - 1 - strlen(current));
         if (pl > 0) {
           strncat(current, realm, pl);
         }
@@ -762,19 +767,22 @@ add_to_transited(tgt_trans, new_trans, tgs, client, server)
              retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
              goto fail;
            }
-           strcat(current, " ");
+           strncat(current, " ", sizeof(current) - 1 - strlen(current));
+           current[sizeof(current) - 1] = '\0';
           }
          if (strlen(current) + strlen(realm) + 1 >= MAX_REALM_LN) {
            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
            goto fail;
          }
-          strcat(current, realm);
+          strncat(current, realm, sizeof(current) - 1 - strlen(current));
+         current[sizeof(current) - 1] = '\0';
         }
        if (strlen(current) + (pl>0?pl:-pl) + 2 >= MAX_REALM_LN) {
          retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
          goto fail;
        }
-        strcat(current,",");
+        strncat(current,",", sizeof(current) - 1 - strlen(current));
+       current[sizeof(current) - 1] = '\0';
         if (pl > 0) {
           strncat(current, exp, pl);
         }
@@ -798,8 +806,10 @@ add_to_transited(tgt_trans, new_trans, tgs, client, server)
     strcat(trans, current);
     new_trans->length = strlen(trans) + 1;
 
-    strcpy(prev, exp);
-    strcpy(current, next);
+    strncpy(prev, exp, sizeof(prev) - 1);
+    prev[sizeof(prev) - 1] = '\0';
+    strncpy(current, next, sizeof(current) - 1);
+    current[sizeof(current) - 1] = '\0';
   }
 
   if (!added) {
index f05452e184de9540aeee57a398f3641f64f0d85d..6629c3e35f5e52e93f8d3e33b49887f7eac7aa8f 100644 (file)
@@ -233,11 +233,11 @@ krb5_data **resp;
         return(retval);
 
     if (!*local_realm) {               /* local-realm name already set up */
-       /* XXX assumes realm is null-terminated! */
        lrealm = master_princ->realm.data;
-       if (strlen(lrealm) < sizeof(local_realm))
-           strcpy(local_realm, lrealm);
-       else
+       if (master_princ->realm.length < sizeof(local_realm)) {
+           memcpy(local_realm, lrealm, master_princ->realm.length);
+           local_realm[master_princ->realm.length] = '\0';
+       } else
            retval = KRB5_CONFIG_NOTENUFSPACE;
     }
     /* convert client_fulladdr to client_sockaddr:
@@ -256,6 +256,7 @@ krb5_data **resp;
            return KRB5KRB_ERR_FIELD_TOOLONG;
     }
     v4_pkt.length = pkt->length;
+    v4_pkt.mbz = 0;
     memcpy( v4_pkt.dat, pkt->data, pkt->length);
 
     kerberos_v4( &client_sockaddr, &v4_pkt);
@@ -622,6 +623,9 @@ kerberos_v4(client, pkt)
 
     req_act_vno = req_version;
 
+    /* set these to point to something safe */
+    req_name_ptr = req_inst_ptr = req_realm_ptr = "";
+
     /* check if disabled, but we tell client */
     if (kdc_v4 == KDC_V4_DISABLE) {
        lt = klog(L_KRB_PERR,
@@ -700,7 +704,7 @@ kerberos_v4(client, pkt)
 
            if ((i = check_princ(req_name_ptr, req_inst_ptr, 0,
                                 &a_name_data, &k5key, 0))) {
-               kerb_err_reply(client, pkt, i, lt);
+               kerb_err_reply(client, pkt, i, "check_princ failed");
                a_name_data.key_low = a_name_data.key_high = 0;
                krb5_free_keyblock_contents(kdc_context, &k5key);
                return;
@@ -715,7 +719,7 @@ kerberos_v4(client, pkt)
            /* this does all the checking */
            if ((i = check_princ(service, instance, lifetime,
                                 &s_name_data, &k5key, 1))) {
-               kerb_err_reply(client, pkt, i, lt);
+               kerb_err_reply(client, pkt, i, "check_princ failed");
                a_name_data.key_high = a_name_data.key_low = 0;
                s_name_data.key_high = s_name_data.key_low = 0;
                krb5_free_keyblock_contents(kdc_context, &k5key);
@@ -806,19 +810,40 @@ kerberos_v4(client, pkt)
            tk->length = 0;
            k_flags = 0;        /* various kerberos flags */
 
+           auth->mbz = 0;      /* pkt->mbz already zeroed */
            auth->length = 4 + strlen((char *)pkt->dat + 3);
+           if (auth->length + 1 > MAX_KTXT_LEN) {
+               lt = klog(L_KRB_PERR,
+                         "APPL request with realm length too long from %s",
+                         inet_ntoa(client_host));
+               kerb_err_reply(client, pkt, RD_AP_INCON,
+                              "realm length too long");
+               return;
+           }
+
            auth->length += (int) *(pkt->dat + auth->length) +
                (int) *(pkt->dat + auth->length + 1) + 2;
+           if (auth->length > MAX_KTXT_LEN) {
+               lt = klog(L_KRB_PERR,
+                         "APPL request with funky tkt or req_id length from %s",
+                         inet_ntoa(client_host));
+               kerb_err_reply(client, pkt, RD_AP_INCON,
+                              "funky tkt or req_id length");
+               return;
+           }
 
            memcpy(auth->dat, pkt->dat, auth->length);
 
            strncpy(tktrlm, (char *)auth->dat + 3, REALM_SZ);
+           tktrlm[REALM_SZ-1] = '\0';
            kvno = (krb5_kvno)auth->dat[2];
            if (set_tgtkey(tktrlm, kvno)) {
                lt = klog(L_ERR_UNK,
                          "FAILED set_tgtkey realm %s, kvno %d. Host: %s ",
                          tktrlm, kvno, inet_ntoa(client_host));
-               kerb_err_reply(client, pkt, kerno, lt);
+               /* no better error code */
+               kerb_err_reply(client, pkt,
+                              KERB_ERR_PRINCIPAL_UNKNOWN, lt);
                return;
            }
            kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
@@ -863,7 +888,7 @@ kerberos_v4(client, pkt)
            kerno = check_princ(service, instance, req_life,
                                &s_name_data, &k5key, 1);
            if (kerno) {
-               kerb_err_reply(client, pkt, kerno, lt);
+               kerb_err_reply(client, pkt, kerno, "check_princ failed");
                s_name_data.key_high = s_name_data.key_low = 0;
                krb5_free_keyblock_contents(kdc_context, &k5key);
                return;
@@ -968,7 +993,7 @@ kerb_err_reply(client, pkt, err, string)
     static char e_msg[128];
 
     strcpy(e_msg, "\nKerberos error -- ");
-    strcat(e_msg, string);
+    strncat(e_msg, string, sizeof(e_msg) - 1 - 19);
     cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
                 req_time_ws, err, e_msg);
     krb4_sendto(f, (char *) e_pkt->dat, e_pkt->length, 0,
@@ -1127,7 +1152,8 @@ set_tgtkey(r, kvno)
 
     if (!K4KDC_ENCTYPE_OK(k5key.enctype)) {
        krb_set_key_krb5(kdc_context, &k5key);
-       strcpy(lastrealm, r);
+       strncpy(lastrealm, r, sizeof(lastrealm) - 1);
+       lastrealm[sizeof(lastrealm) - 1] = '\0';
        last_kvno = kvno;
     } else {
        /* unseal tgt key from master key */
@@ -1136,7 +1162,8 @@ set_tgtkey(r, kvno)
        kdb_encrypt_key(key, key, master_key,
                        master_key_schedule, DECRYPT);
        krb_set_key((char *) key, 0);
-       strcpy(lastrealm, r);
+       strncpy(lastrealm, r, sizeof(lastrealm) - 1);
+       lastrealm[sizeof(lastrealm) - 1] = '\0';
        last_kvno = kvno;
     }
     krb5_free_keyblock_contents(kdc_context, &k5key);
index 502682a863ff87e42c3840a81f136497f5657bf2..12ef4be7121c44dc6f02c4c248823a22e86c4fca 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * kdc/network.c
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,2000 by the Massachusetts Institute of Technology.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
@@ -35,6 +35,7 @@
 #include <sys/ioctl.h>
 #include <syslog.h>
 
+#include <stddef.h>
 #include <ctype.h>
 #ifdef HAVE_NETINET_IN_H
 #include <sys/types.h>
@@ -120,13 +121,17 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
     int (*betweenfn) (void *);
     int (*pass2fn) (void *, struct sockaddr *);
 {
-    struct ifreq *ifr, ifreq;
+    struct ifreq *ifr, ifreq, *ifr2;
     struct ifconf ifc;
-    int s, code, n, i;
+    int s, code, n, i, j;
     int est_if_count = 8, est_ifreq_size;
     char *buf = 0;
     size_t current_buf_size = 0;
-    
+    int fail = 0;
+#ifdef SIOCGSIZIFCONF
+    int ifconfsize = -1;
+#endif
+
     s = socket (USE_AF, USE_TYPE, USE_PROTO);
     if (s < 0)
        return SOCKET_ERRNO;
@@ -134,8 +139,17 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
     /* At least on NetBSD, an ifreq can hold an IPv4 address, but
        isn't big enough for an IPv6 or ethernet address.  So add a
        little more space.  */
-    est_ifreq_size = sizeof (struct ifreq) + 8;
-    current_buf_size = est_ifreq_size * est_if_count;
+    est_ifreq_size = sizeof (struct ifreq) + 16;
+#ifdef SIOCGSIZIFCONF
+    code = ioctl (s, SIOCGSIZIFCONF, &ifconfsize);
+    if (!code) {
+       current_buf_size = ifconfsize;
+       est_if_count = ifconfsize / est_ifreq_size;
+    }
+#endif
+    if (current_buf_size == 0) {
+       current_buf_size = est_ifreq_size * est_if_count;
+    }
     buf = malloc (current_buf_size);
 
  ask_again:
@@ -149,12 +163,35 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
        closesocket (s);
        return retval;
     }
-    /* Test that the buffer was big enough that another ifreq could've
+    /* BSD 4.4 and similar systems truncate the address list if the
+       supplied buffer isn't big enough.
+
+       Test that the buffer was big enough that another ifreq could've
        fit easily, if the OS wanted to provide one.  That seems to be
        the only indication we get, complicated by the fact that the
        associated address may make the required storage a little
        bigger than the size of an ifreq.  */
-    if (current_buf_size - ifc.ifc_len < sizeof (struct ifreq) + 40) {
+#define SLOP (sizeof (struct ifreq) + 128)
+    if ((current_buf_size - ifc.ifc_len < sizeof (struct ifreq) + SLOP
+       /* On AIX 4.3.3, ifc.ifc_len may be set to a larger size than
+          provided under some circumstances.  On my test system, a
+          supplied value of 32..112 gets me 112, but with no data
+          filled in even at 112.  But larger input ifc_len values get
+          me larger output values, so it's not necessarily the full
+          desired output buffer size.  And as near as I can tell, the
+          ifc_len output has little to do with the offset of the last
+          byte in the buffer actually modified, except that both
+          input and output ifc_len values are higher (i.e., no buffer
+          overrun takes place in my testing).  */
+        || current_buf_size < ifc.ifc_len)
+       /* But let's let SIOCGSIZIFCONF dominate, unless we discover
+          it's broken somewhere.  */
+#ifdef SIOCGSIZIFCONF
+       && ifconfsize <= 0
+#endif
+       /* And we need *some* sort of bounds.  */
+       && current_buf_size <= 100000
+       ) {
        int new_size;
        char *newbuf;
 
@@ -172,7 +209,15 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
     }
 
     n = ifc.ifc_len;
-
+    if (n > current_buf_size)
+       n = current_buf_size;
+
+    /* Note: Apparently some systems put the size (used or wanted?)
+       into the start of the buffer, just none that I'm actually
+       using.  Fix this when there's such a test system available.
+       The Samba mailing list archives mention that NTP looks for the
+       size on these systems: *-fujitsu-uxp* *-ncr-sysv4*
+       *-univel-sysv*.  [raeburn:20010201T2226-05]  */
     for (i = 0; i < n; i+= ifreq_size(*ifr) ) {
        ifr = (struct ifreq *)((caddr_t) ifc.ifc_buf+i);
 
@@ -184,6 +229,7 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
 
            continue;
        }
+
 #ifdef IFF_LOOPBACK
            /* None of the current callers want loopback addresses.  */
        if (ifreq.ifr_flags & IFF_LOOPBACK)
@@ -193,13 +239,32 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
        if (!(ifreq.ifr_flags & IFF_UP))
            goto skip;
 
+       /* Make sure we didn't process this address already.  */
+       for (j = 0; j < i; j += ifreq_size(*ifr2)) {
+           ifr2 = (struct ifreq *)((caddr_t) ifc.ifc_buf+j);
+           if (ifr2->ifr_name[0] == 0)
+               continue;
+           if (ifr2->ifr_addr.sa_family == ifr->ifr_addr.sa_family
+               && ifreq_size (*ifr) == ifreq_size (*ifr2)
+               /* Compare address info.  If this isn't good enough --
+                  i.e., if random padding bytes turn out to differ
+                  when the addresses are the same -- then we'll have
+                  to do it on a per address family basis.  */
+               && !memcmp (&ifr2->ifr_addr.sa_data, &ifr->ifr_addr.sa_data,
+                           (ifreq_size (*ifr)
+                            - offsetof (struct ifreq, ifr_addr.sa_data))))
+               goto skip;
+       }
+
        if ((*pass1fn) (data, &ifr->ifr_addr)) {
-           abort ();
+           fail = 1;
+           goto punt;
        }
     }
 
     if (betweenfn && (*betweenfn)(data)) {
-       abort ();
+       fail = 1;
+       goto punt;
     }
 
     if (pass2fn)
@@ -211,13 +276,15 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
                continue;
 
            if ((*pass2fn) (data, &ifr->ifr_addr)) {
-               abort ();
+               fail = 1;
+               goto punt;
            }
        }
+ punt:
     closesocket(s);
     free (buf);
 
-    return 0;
+    return fail;
 }
 
 struct socksetup {
index e3c656b572a627ac573201320c504c050563a09b..7f84ad1c37dc4ebcc5ee1a9cd5bf51e9d8cc277f 100644 (file)
@@ -1,3 +1,8 @@
+2001-02-05  Tom Yu  <tlyu@mit.edu>
+
+       * cnv_tkt_skey.c (krb524_convert_tkt_skey): Avoid double-free;
+       caller should free v5tkt. [pullup from trunk]
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index fc25246cd9f6910f6c26fe0896eab84a35f102a1..e717b89664d469fafaa4d093732533795783fe29 100644 (file)
@@ -72,7 +72,6 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
 
      v5tkt->enc_part2 = NULL;
      if ((ret = krb5_decrypt_tkt_part(context, v5_skey, v5tkt))) {
-         krb5_free_ticket(context, v5tkt);
          return ret;
      }
      v5etkt = v5tkt->enc_part2;
index b5abe94b8a8eaab8f777355214b9b140cefd7a62..3a8846c76acb03da07809b008450ecd9ce6fe224 100644 (file)
@@ -1,3 +1,36 @@
+2000-06-02  Danilo Almeida  <dalmeida@mit.edu>
+
+       * win_glue.c (GetCallingAppVerInfo, krb5_vercheck): Use
+       APPVERINFO_SIZE-sized buffers instead of hard-coding a number
+       everywhere.  Document the buffer size in funciton documentation.
+
+       * krb5_32.def: Add krb5int_cc_default for the benefit of GSS API DLL.
+
+2000-05-23  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * win_glue.c (GetCallingAppVerInfo): Don't overfill buffers
+       "AppTitle", "AppVer", and "AppIni".
+
+2000-05-15      Jeffrey Altman          <jaltman@columbia.edu>
+
+        * krb5_32.def -- Added exports for new public functions
+
+               krb5_appdefault_string
+               krb5_appdefault_boolean
+
+2000-05-04  Danilo Almeida  <dalmeida@mit.edu>
+
+       * krb5_32.def: Reflect something closer to the reality of
+       what we would like to do for 1.3.
+
+2000-05-03  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * win_glue.c (do_timebomb): Don't overflow buffer "buf".
+
+2000-04-29  Jeffrey Altman <jaltman@columbia.edu>
+
+        * krb5_32.def: Add krb5_get_tgs_ktypes, krb5_free_ktypes for gssapi
+
 2000-03-15  Danilo Almeida  <dalmeida@mit.edu>
 
        * krb5_32.def: Add krb5_get_prompt_types.
index a48ec1f54ce0e357959822fea6164fbd6aa40f17..9038bb75174cdf1d32d5adea170e77c3b56a932e 100644 (file)
@@ -1,3 +1,12 @@
+2001-01-29  Ken Raeburn  <raeburn@mit.edu>
+
+       * make_checksum.c (krb5_c_make_checksum): Clear checksum contents
+       pointer after freeing it in error case.
+
+2000-06-03  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in(LIBMAJOR, LIBMINOR): Bump library version.
+
 2000-01-24  Tom Yu  <tlyu@mit.edu>
 
        * crypto_libinit.c: Add terminating newline; use 0 and 1 instead
index 71bddf5c4bb695582c3d1787d1491b79de698649..64f19d18e1c0b2fee7e24e892e734c0bc9477bee 100644 (file)
@@ -106,8 +106,8 @@ SRCS=\
 
 
 LIB=k5crypto
-LIBMAJOR=2
-LIBMINOR=1
+LIBMAJOR=3
+LIBMINOR=0
 RELDIR=crypto
 
 STOBJLISTS=crc32/OBJS.ST des/OBJS.ST dk/OBJS.ST enc_provider/OBJS.ST \
index 90e34f87c2ee64040eebf5b1607ea574214ea390..7908f5683b8e4901239ef38bd6b4f6e5ff9440ae 100644 (file)
@@ -1,3 +1,17 @@
+2000-06-03  Tom Yu  <tlyu@mit.edu>
+
+       * dk_encrypt.c (krb5_dk_encrypt, krb5_marc_dk_encrypt): Chain
+       ivecs.
+       
+       * dk_decrypt.c (krb5_dk_decrypt, krb5_marc_dk_decrypt): Chain
+       ivecs.
+
+2000-04-28  Ken Raeburn  <raeburn@mit.edu>
+
+       * derive.c (krb5_derive_key): If memory allocation fails, release
+       other allocated blocks before returning, instead of trying to
+       release them after returning.
+
 2000-01-21  Ken Raeburn  <raeburn@mit.edu>
 
        * checksum.c (krb5_dk_make_checksum): enc_providers are now
index 8765605fbcadf1f54fe0915dae9804c384435a06..dbd4a2a2d84bdd9fc977380852a5117b3f4edba0 100644 (file)
@@ -51,14 +51,14 @@ krb5_derive_key(enc, inkey, outkey, in_constant)
        return(ENOMEM);
 
     if ((outblockdata = (unsigned char *) malloc(blocksize)) == NULL) {
-       return(ENOMEM);
        free(inblockdata);
+       return(ENOMEM);
     }
 
     if ((rawkey = (unsigned char *) malloc(keybytes)) == NULL) {
-       return(ENOMEM);
        free(outblockdata);
        free(inblockdata);
+       return(ENOMEM);
     }
 
     inblock.data = inblockdata;
index d3077615f8c6b6856e9920697f224f278708a992..d6e7c0db304b37ffac19a7aa200b942c2e4e5d3c 100644 (file)
@@ -41,7 +41,7 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
 {
     krb5_error_code ret;
     size_t hashsize, blocksize, keybytes, keylength, enclen, plainlen;
-    unsigned char *plaindata, *kedata, *kidata, *cksum;
+    unsigned char *plaindata, *kedata, *kidata, *cksum, *cn;
     krb5_keyblock ke, ki;
     krb5_data d1, d2;
     unsigned char constantdata[K5CLENGTH];
@@ -108,6 +108,11 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
     if ((ret = ((*(enc->decrypt))(&ke, ivec, &d1, &d2))) != 0)
        goto cleanup;
 
+    if (ivec != NULL && ivec->length == blocksize)
+       cn = d1.data + d1.length - blocksize;
+    else
+       cn = NULL;
+
     /* verify the hash */
 
     d1.length = hashsize;
@@ -134,6 +139,9 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
 
     memcpy(output->data, d2.data+blocksize, output->length);
 
+    if (cn != NULL)
+       memcpy(ivec->data, cn, blocksize);
+
     ret = 0;
 
 cleanup:
@@ -163,7 +171,7 @@ krb5_marc_dk_decrypt(enc, hash, key, usage, ivec, input, output)
 {
     krb5_error_code ret;
     size_t hashsize, blocksize, keybytes, keylength, enclen, plainlen;
-    unsigned char *plaindata, *kedata, *kidata, *cksum;
+    unsigned char *plaindata, *kedata, *kidata, *cksum, *cn;
     krb5_keyblock ke, ki;
     krb5_data d1, d2;
     unsigned char constantdata[K5CLENGTH];
@@ -230,6 +238,11 @@ krb5_marc_dk_decrypt(enc, hash, key, usage, ivec, input, output)
     if ((ret = ((*(enc->decrypt))(&ke, ivec, &d1, &d2))) != 0)
        goto cleanup;
 
+    if (ivec != NULL && ivec->length == blocksize)
+       cn = d1.data + d1.length - blocksize;
+    else
+       cn = NULL;
+
     /* verify the hash */
 
     d1.length = hashsize;
@@ -264,6 +277,9 @@ krb5_marc_dk_decrypt(enc, hash, key, usage, ivec, input, output)
 
     memcpy(output->data, d2.data+4+blocksize, output->length);
 
+    if (cn != NULL)
+       memcpy(ivec->data, cn, blocksize);
+
     ret = 0;
 
 cleanup:
index 8627353dbc52b2c7d1ef5d11c76ceee2398051e0..2bc2b6ba421202ac49f061bba8f81e2de79dcfcb 100644 (file)
@@ -65,7 +65,7 @@ krb5_dk_encrypt(enc, hash, key, usage, ivec, input, output)
     krb5_error_code ret;
     unsigned char constantdata[K5CLENGTH];
     krb5_data d1, d2;
-    unsigned char *plaintext, *kedata, *kidata;
+    unsigned char *plaintext, *kedata, *kidata, *cn;
     krb5_keyblock ke, ki;
 
     /* allocate and set up plaintext and to-be-derived keys */
@@ -142,6 +142,11 @@ krb5_dk_encrypt(enc, hash, key, usage, ivec, input, output)
     if ((ret = ((*(enc->encrypt))(&ke, ivec, &d1, &d2))))
        goto cleanup;
 
+    if (ivec != NULL && ivec->length == blocksize)
+       cn = d2.data + d2.length - blocksize;
+    else
+       cn = NULL;
+
     /* hash the plaintext */
 
     d2.length = enclen - plainlen;
@@ -149,8 +154,14 @@ krb5_dk_encrypt(enc, hash, key, usage, ivec, input, output)
 
     output->length = enclen;
 
-    if ((ret = krb5_hmac(hash, &ki, 1, &d1, &d2)))
+    if ((ret = krb5_hmac(hash, &ki, 1, &d1, &d2))) {
        memset(d2.data, 0, d2.length);
+       goto cleanup;
+    }
+
+    /* update ivec */
+    if (cn != NULL)
+       memcpy(ivec->data, cn, blocksize);
 
     /* ret is set correctly by the prior call */
 
@@ -196,7 +207,7 @@ krb5_marc_dk_encrypt(enc, hash, key, usage, ivec, input, output)
     krb5_error_code ret;
     unsigned char constantdata[K5CLENGTH];
     krb5_data d1, d2;
-    unsigned char *plaintext, *kedata, *kidata;
+    unsigned char *plaintext, *kedata, *kidata, *cn;
     krb5_keyblock ke, ki;
 
     /* allocate and set up plaintext and to-be-derived keys */
@@ -278,6 +289,11 @@ krb5_marc_dk_encrypt(enc, hash, key, usage, ivec, input, output)
     if ((ret = ((*(enc->encrypt))(&ke, ivec, &d1, &d2))))
        goto cleanup;
 
+    if (ivec != NULL && ivec->length == blocksize)
+       cn = d2.data + d2.length - blocksize;
+    else
+       cn = NULL;
+
     /* hash the plaintext */
 
     d2.length = enclen - plainlen;
@@ -285,8 +301,14 @@ krb5_marc_dk_encrypt(enc, hash, key, usage, ivec, input, output)
 
     output->length = enclen;
 
-    if ((ret = krb5_hmac(hash, &ki, 1, &d1, &d2)))
+    if ((ret = krb5_hmac(hash, &ki, 1, &d1, &d2))) {
        memset(d2.data, 0, d2.length);
+       goto cleanup;
+    }
+
+    /* update ivec */
+    if (cn != NULL)
+       memcpy(ivec->data, cn, blocksize);
 
     /* ret is set correctly by the prior call */
 
index 300f37535289c2785bcbad30ce38daba53f72644..64f63894c19aa8d7fb6f956b4fe58a1e790bb658 100644 (file)
@@ -114,6 +114,7 @@ cleanup:
     if (ret) {
        memset(cksum->contents, 0, cksum->length);
        free(cksum->contents);
+       cksum->contents = NULL;
     }
 
     return(ret);
index cada473021298f61c5c4922a4cf1c6657463d8e0..74f994b5e002e2a5ded6153c5783cffdb27159f2 100644 (file)
@@ -1,3 +1,9 @@
+2000-06-03  Tom Yu  <tlyu@mit.edu>
+
+       * old_encrypt.c (krb5_old_encrypt): Chain ivecs.
+
+       * old_decrypt.c (krb5_old_decrypt): Chain ivecs.
+
 2000-01-21  Ken Raeburn  <raeburn@mit.edu>
 
        * des_stringtokey.c (mit_des_string_to_key_int): Declare.
index 1bcb0d38b0c2167ca9c7be94204414291f9a4556..bfbe56a109dd079c4e11c593f61b92e71c67d6e6 100644 (file)
@@ -45,7 +45,7 @@ krb5_old_decrypt(enc, hash, key, usage, ivec, input, arg_output)
 {
     krb5_error_code ret;
     size_t blocksize, hashsize, plainsize;
-    unsigned char *cksumdata;
+    unsigned char *cksumdata, *cn;
     krb5_data output, cksum, crcivec;
     int alloced;
 
@@ -82,6 +82,17 @@ krb5_old_decrypt(enc, hash, key, usage, ivec, input, arg_output)
 
     /* decrypt it */
 
+    /* save last ciphertext block in case we decrypt in place */
+    if (ivec != NULL && ivec->length == blocksize) {
+       cn = malloc(blocksize);
+       if (cn == NULL) {
+           ret = ENOMEM;
+           goto cleanup;
+       }
+       memcpy(cn, input->data + input->length - blocksize, blocksize);
+    } else
+       cn = NULL;
+
     /* XXX this is gross, but I don't have much choice */
     if ((key->enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) {
        crcivec.length = key->length;
@@ -119,6 +130,10 @@ krb5_old_decrypt(enc, hash, key, usage, ivec, input, arg_output)
     }
     arg_output->length = plainsize;
 
+    /* update ivec */
+    if (cn != NULL)
+       memcpy(ivec->data, cn, blocksize);
+
     ret = 0;
 
 cleanup:
@@ -127,6 +142,8 @@ cleanup:
        free(output.data);
     }
 
+    if (cn != NULL)
+       free(cn);
     memset(cksumdata, 0, hashsize);
     free(cksumdata);
     return(ret);
index d90d0f8852f9b299664e5854bb00e1b9ef47ebfb..8860ba5ff99af8baf029c5f1736a6595b2c04955 100644 (file)
@@ -55,6 +55,7 @@ krb5_old_encrypt(enc, hash, key, usage, ivec, input, output)
     krb5_error_code ret;
     size_t blocksize, hashsize, enclen;
     krb5_data datain, crcivec;
+    int real_ivec;
 
     (*(enc->block_size))(&blocksize);
     (*(hash->hash_size))(&hashsize);
@@ -92,11 +93,17 @@ krb5_old_encrypt(enc, hash, key, usage, ivec, input, output)
        crcivec.length = key->length;
        crcivec.data = key->contents;
        ivec = &crcivec;
-    }
+       real_ivec = 0;
+    } else
+       real_ivec = 1;
 
     if ((ret = ((*(enc->encrypt))(key, ivec, output, output))))
        goto cleanup;
 
+    /* update ivec */
+    if (real_ivec && ivec != NULL && ivec->length == blocksize)
+       memcpy(ivec->data, output->data + output->length - blocksize,
+              blocksize);
 cleanup:
     if (ret)
        memset(output->data, 0, output->length);
index 6d401a9bf06220d6ac2f9f703094082480951796..b22131e0f4ab8b702fccdb5ffdabdb2f5bfd986f 100644 (file)
@@ -158,4 +158,4 @@ void prng_cleanup (void)
 {
        free (random_state);
        inited = 0;
-}
\ No newline at end of file
+}
index 1e0213f8aeceac4598d868970886731a21d54eae..060c2e7ecef11e5b1f9c6714408f1dd80fff2027 100644 (file)
@@ -1,3 +1,7 @@
+2000-06-03  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in(LIBMINOR): Bump library version.
+
 Tue Feb 22 10:23:19 2000  Ezra Peisach  <epeisach@mit.edu>
 
        * Makefile.in (clean-unix): Add clean-libobjs.
index bee2b8593bf5db4198e4c6491fbb2ae89f96e5c9..20936da1984782d332acc856e3064a65c5e706ee 100644 (file)
@@ -24,7 +24,7 @@ SRCS=\
 
 LIB=gssapi_krb5
 LIBMAJOR=2
-LIBMINOR=1
+LIBMINOR=2
 STOBJLISTS=OBJS.ST generic/OBJS.ST krb5/OBJS.ST
 SHLIB_EXPDEPS=\
        $(TOPLIBD)/libkrb5$(SHLIBEXT) \
index 234c95348a66083db90cfb1405a166ab167945a5..8e1c9f856e0b1416f203f3be335fe3c7f73caa5d 100644 (file)
@@ -1,3 +1,8 @@
+2000-09-11  Alexandra Ellwood <lxs@mit.edu>
+        * gssapi_generic.h: Added check for Mac OS X includes.  This will
+        not break autoconf-style builds because they do not include
+        ConditionalMacros.h.
+        
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 8317cad45a61ec24df37b7508465cabe083f5322..d4fbbcc4f9987b13e92ff808fca03e4d4ed04aae 100644 (file)
@@ -27,7 +27,7 @@
  * $Id$
  */
 
-#if defined(__MWERKS__) || defined(applec) || defined(THINK_C)
+#if defined(__MWERKS__) || defined(applec) || defined(THINK_C) || (TARGET_API_MAC_OSX == 1)
 #include <gssapi.h>
 #else
 #include <gssapi/gssapi.h>
diff --git a/src/lib/gssapi/krb5/3des.txt b/src/lib/gssapi/krb5/3des.txt
new file mode 100644 (file)
index 0000000..f39c6fc
--- /dev/null
@@ -0,0 +1,274 @@
+CAT Working Group                                           K. Raeburn
+Internet-draft                                                     MIT
+Category:                                                June xx, 2000
+Updates: RFC 1964
+Document: draft-raeburn-gssapi-krb5-3des-XX.txt
+
+        Triple-DES Support for the Kerberos 5 GSSAPI Mechanism
+
+Status of this Memo
+   This document is an Internet-Draft and is in full conformance with
+   all provisions of Section 10 of RFC2026 [1]. Internet-Drafts are
+   working documents of the Internet Engineering Task Force (IETF),
+   its areas, and its working groups. Note that other groups may also
+   distribute working documents as Internet-Drafts. Internet-Drafts
+   are draft documents valid for a maximum of six months and may be
+   updated, replaced, or obsoleted by other documents at any time. It
+   is inappropriate to use Internet-Drafts as reference material or to
+   cite them other than as "work in progress."
+     
+   The list of current Internet-Drafts can be accessed at 
+   http://www.ietf.org/ietf/1id-abstracts.txt  
+
+   The list of Internet-Draft Shadow Directories can be accessed at 
+   http://www.ietf.org/shadow.html. 
+    
+1. Abstract 
+
+   The MIT Kerberos 5 release version 1.2 includes support for
+   triple-DES with key derivation [KrbRev].  Recent work by the EFF
+   [EFF] has demonstrated the vulnerability of single-DES mechanisms
+   to brute-force attacks by sufficiently motivated and well-funded
+   parties.
+
+   The GSSAPI Kerberos 5 mechanism definition [GSSAPI-KRB5]
+   specifically enumerates encryption and checksum types,
+   independently of how such schemes may be used in Kerberos.  In the
+   long run, a new Kerberos-based mechanism, which does not require
+   separately enumerating for the GSSAPI mechanism each of the various
+   encryption types defined by Kerberos, is a better approach.
+   Efforts to produce such a specification are under way.
+
+   In the interest of providing increased security in the near term,
+   however, MIT is adding support for triple-DES to the existing
+   mechanism implementation we ship, as described here.
+
+2. New Algorithm Identifiers
+
+   One new sealing algorithm is defined, for use in WRAP tokens:
+
+   02 00 - DES3-KD
+
+   This algorithm uses triple-DES with key derivation, with a usage
+   value KG_USAGE_SEAL.  Padding is still to 8-byte multiples, and the
+   IV for encrypting application data is zero.
+
+   One new signing algorithm is defined, for use in MIC, Wrap, and
+   Delete tokens:
+
+   04 00 - HMAC SHA1 DES3-KD
+
+   This algorithm generates an HMAC using SHA-1 and a derived DES3 key
+   with usage KG_USAGE_SIGN, as (should be described) in [KrbRev].
+   [XXX: The current [KrbRev] description refers to out-of-date I-Ds
+   from Marc Horowitz.  The text in [KrbRev] may be inadequate to
+   produce an interoperable implementation.]
+
+   The checksum size for this algorithm is 20 octets.  See section 4.3
+   below for the use of checksum lengths of other than eight bytes.
+
+3. Key Derivation
+
+   For purposes of key derivation, we add three new usage values to the
+   list defined in [KrbRev]; one for signing messages, one for
+   sealing messages, and one for encrypting sequence numbers:
+
+   #define KG_USAGE_SEAL 22
+   #define KG_USAGE_SIGN 23
+   #define KG_USAGE_SEQ  24
+
+4. Adjustments to Previous Definitions
+
+4.1. Quality of Protection
+
+   The GSSAPI specification [GSSAPI] says that a zero QOP value
+   indicates the "default".  The original specification for the
+   Kerberos 5 mechanism says that a zero QOP value (or a QOP value
+   with the appropriate bits clear) means DES encryption.
+
+   Rather than continue to force the use of plain DES when the
+   application doesn't use mechanism-specific QOP values, the better
+   choice appears to be to redefine the DES QOP value as some non-zero
+   value, and define a triple-DES value as well.  Then a zero value
+   continues to imply the default, which would be triple-DES
+   protection when given a triple-DES session key.
+
+   Our values are:
+
+   GSS_KRB5_INTEG_C_QOP_HMAC_SHA1        0x0004
+            /* SHA-1 checksum encrypted with key derivation */
+
+   GSS_KRB5_CONF_C_QOP_DES               0x0100
+            /* plain DES encryption */
+   GSS_KRB5_CONF_C_QOP_DES3_KD           0x0200
+            /* triple-DES with key derivation */
+
+   Rather than open the question of whether to specify means for
+   deriving a key of one type given a key of another type, and the
+   security implications of whether to generate a long key from a
+   shorter one, our implementation will simply return an error if the
+   QOP value specified does not correspond to the session key type.
+
+   [XXX: Not implemented yet.  Currently an error is reported for all
+   non-zero values.  This should be changed before the release, so an
+   application can insist on getting no less than triple-DES
+   protection.]
+
+4.2. MIC Sequence Number Encryption
+
+   The sequence numbers are encrypted in the context key (as defined
+   in [GSSAPI-KRB5] -- this will be either the Kerberos session key or
+   asubkey provided by the context initiator), using whatever
+   encryption system is designated by the type of that context key.
+   The IV is formed from the first N bytes of the SGN_CKSUM field,
+   where N is the number of bytes needed for the IV.  (With all
+   algorithms described here and in [GSSAPI-KRB5], the checksum is at
+   least as large as the IV.)
+
+4.3. Message Layout
+
+   Both MIC and Wrap tokens, as defined in [GSSAPI-KRB5], contain an
+   checksum field SGN_CKSUM.  In [GSSAPI-KRB5], this field was
+   specified as being 8 bytes long.  We now change this size to be
+   "defined by the checksum algorithm", and retroactively amend the
+   descriptions of all the checksum algorithms described in
+   [GSSAPI-KRB5] to explicitly specify 8-byte output.  Application
+   data continues to immediately follow the checksum field in the Wrap
+   token.
+
+   The revised message descriptions are thus:
+
+   MIC:
+
+   Byte no          Name           Description
+    0..1           TOK_ID          Identification field.
+    2..3           SGN_ALG         Integrity algorithm indicator.
+    4..7           Filler          Contains ff ff ff ff
+    8..15          SND_SEQ         Sequence number field.
+    16..s+15       SGN_CKSUM       Checksum of "to-be-signed data",
+                                   calculated according to algorithm
+                                   specified in SGN_ALG field.
+
+   Wrap:
+
+   Byte no          Name           Description
+    0..1           TOK_ID          Identification field.
+                                   Tokens emitted by GSS_Wrap() contain
+                                   the hex value 02 01 in this field.
+    2..3           SGN_ALG         Checksum algorithm indicator.
+    4..5           SEAL_ALG        Sealing algorithm indicator.
+    6..7           Filler          Contains ff ff
+    8..15          SND_SEQ         Encrypted sequence number field.
+    16..s+15       SGN_CKSUM       Checksum of plaintext padded data,
+                                   calculated according to algorithm
+                                   specified in SGN_ALG field.
+    s+16..last     Data            encrypted or plaintext padded data
+
+   Where "s" indicates the size of the checksum.
+
+   As indicated above in section 2, we define the HMAC SHA1 DES3-KD
+   checksum algorithm to produce a 20-byte output, so encrypted data
+   begins at byte 36.
+
+5. Backwards Compatibility Considerations
+
+   The context initiator should request of the KDC credentials using
+   session-key cryptosystem types supported by that implementation; if
+   the only types returned by the KDC are not supported by the
+   mechanism implementation, it should indicate a failure.  This may
+   seem obvious, but early implementations of both Kerberos and the
+   GSSAPI Kerberos mechanism supported only DES keys, so the
+   cryptosystem compatibility question was easy to overlook.
+
+   Under the current mechanism, no negotiation of algorithm types
+   occurs, so server-side (acceptor) implementations cannot request
+   that clients not use algorithm types not understood by the server.
+   However, administration of the server's Kerberos data has to be
+   done in communication with the KDC, and it is from the KDC that the
+   client will request credentials.  The KDC could therefore be tasked
+   with limiting session keys for a given service to types actually
+   supported by the Kerberos and GSSAPI software on the server.
+
+   This does have a drawback for cases where a service principal name
+   is used both for GSSAPI-based and non-GSSAPI-based communication,
+   if the GSSAPI implementation does not understand triple-DES but the
+   Kerberos implementation does.  It means that triple-DES session
+   keys cannot be issued for that service principal, which keeps the
+   protection of non-GSSAPI services weaker than necessary.  However,
+   in the most recent MIT releases thus far, while triple-DES support
+   has been present, it has required additional work to enable, so it
+   should not be in use for many services.
+
+   It would also be possible to have clients attempt to get single-DES
+   session keys before trying to get triple-DES session keys, and have
+   the KDC refuse to issue the single-DES keys only for the most
+   critical of services, for which single-DES protection is considered
+   inadequate.  However, that would eliminate the possibility of
+   connecting with the more secure cryptosystem to any service that
+   can be accessed with the weaker cryptosystem.
+
+   We have chosen to go with the former approach, putting the burden
+   on the KDC administration and gaining the best protection possible
+   for GSSAPI services, possibly at the cost of protection of
+   non-GSSAPI Kerberos services running earlier versions of the
+   software.
+   [XXX: Actually, we haven't entirely decided and cast it in stone
+   yet, it's just what I've implemented; it's easy to change.]
+
+6. Security Considerations
+
+   Various tradeoffs arise regarding the mixing of new and old
+   software, or GSSAPI-based and non-GSSAPI Kerberos authentication.
+   They are discussed in section 4.
+
+7. References
+
+   [EFF] Electronic Frontier Foundation, "Cracking DES: Secrets of
+   Encryption Research, Wiretap Politics, and Chip Design", O'Reilly &
+   Associates, Inc., May, 1998.
+
+   [GSSAPI] Linn, J., "Generic Security Service Application Program
+   Interface Version 2, Update 1", RFC 2743, January, 2000.
+
+   [GSSAPI-KRB5] Linn, J., "The Kerberos Version 5 GSS-API Mechanism",
+   RFC 1964, June, 1996.
+
+   [KrbRev] Neuman, C., Kohl, J., Ts'o, T., "The Kerberos Network
+   Authentication Service (V5)",
+   draft-ietf-cat-kerberos-revisions-05.txt, March 10, 2000.
+
+8. Author's Address
+
+   Kenneth Raeburn
+   Massachusetts Institute of Technology
+   77 Massachusetts Avenue
+   Cambridge, MA 02139
+
+9. Full Copyright Statement
+
+   Copyright (C) The Internet Society (2000).  All Rights Reserved. 
+    
+   This document and translations of it may be copied and furnished to 
+   others, and derivative works that comment on or otherwise explain it 
+   or assist in its implementation may be prepared, copied, published 
+   and distributed, in whole or in part, without restriction of any 
+   kind, provided that the above copyright notice and this paragraph 
+   are included on all such copies and derivative works.  However, this   
+   document itself may not be modified in any way, such as by removing   
+   the copyright notice or references to the Internet Society or other   
+   Internet organizations, except as needed for the purpose of 
+   developing Internet standards in which case the procedures for 
+   copyrights defined in the Internet Standards process must be 
+   followed, or as required to translate it into languages other than 
+   English. 
+    
+   The limited permissions granted above are perpetual and will not be 
+   revoked by the Internet Society or its successors or assigns. 
+    
+   This document and the information contained herein is provided on an 
+   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 
+   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 
+   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 
+   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 
+   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 
index 06639d4040f506518be42af45cb2288acbe3e19d..44d99901ac54e6f3d6b10a78a26cf942d9ac5426 100644 (file)
@@ -1,4 +1,131 @@
-2000-01-27  Ken Raeburn  <raeburn@raeburn.org>
+2001-01-30  Ezra Peisach  <epeisach@mit.edu>
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): If an error
+       occurs after the auth_context is established, but before the
+       krb5_gss_ctx_id_rec is established, release our pointer to the
+       replay cache and invoke krb5_auth_con_free(). [krb5-libs/855]
+
+2000-09-19  Miro Jurisic  <meeroh@mit.edu>
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context)
+       * acquire_cred.c (krb5_gss_acquire_cred)
+       * import_sec_context.c (krb5_gss_convert_static_mech_oid)
+       * init_sec_context.c (krb5_gss_init_sec_context)
+       * inq_cred.c (krb5_gss_inquire_cred)
+               Cast away constness from gss_OID where necessary to compile
+               with strict compilers
+
+2000-06-27  Tom Yu  <tlyu@mit.edu>
+
+       * init_sec_context.c (get_credentials): Add initial iteration of
+       krb5_get_credentials in order to differentiate between an actual
+       missing credential and merely a bad match based on enctype.  This
+       was causing problems with kadmin.
+
+2000-06-09  Tom Yu  <tlyu@mit.edu>
+
+       * init_sec_context.c (get_credentials): The KDC as well as the
+       ccache may indicate that an enctype is not supported; reflect that
+       in the loop breakout condition.
+
+2000-06-07  Tom Yu  <tlyu@mit.edu>
+
+       * init_sec_context.c (get_credentials): Rework the enctype loop
+       again.
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): Remove
+       explicit check of mech OID against credential.
+
+2000-06-04  Tom Yu  <tlyu@mit.edu>
+
+       * init_sec_context.c (get_credentials): Reverse sense of test;
+       break out of enctype loop if one succeeds.
+
+2000-06-03  Tom Yu  <tlyu@mit.edu>
+
+       * util_crypt.c (kg_encrypt): Copy ivec, since c_encrypt() now
+       updates ivecs.
+       (kg_decrypt): Copy ivec, since c_decrypt() now updates ivecs.
+
+2000-06-02  Ken Raeburn  <raeburn@mit.edu>
+
+       * init_sec_context.c (get_credentials): Don't check each enctype
+       against a list from the krb5 library; instead, just try to use it,
+       and go on to the next if the error code indicates we can't use it.
+
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * gssapiP_krb5.h (KG_USAGE_SEQ): New value.
+       (enum qop): New type, derived from spec but currently not used.
+       * util_crypt.c (kg_encrypt, kg_decrypt): Added key derivation
+       usage value as an argument.  Prototypes and callers updated; all
+       callers use KG_USAGE_SEAL, except KG_USAGE_SEQ when encrypting
+       sequence numbers.
+       * 3des.txt: New file.
+
+2000-5-19      Alexandra Ellwood <lxs@mit.edu>
+
+       * acquire_cred.c: Changed to use krb5int_cc_default.  This function 
+       supports the Kerberos Login Library and pops up a dialog if the cache does 
+       not contain valid tickets.  This is used to automatically get a tgt before
+       obtaining service tickets.  Note that this should be an internal function
+       because callers don't expect krb5_cc_default to pop up a dialog!
+       (We found this out the hard way :-)
+
+2000-05-03  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * add_cred.c (krb5_gss_add_cred): Don't overflow buffers "ktboth"
+       or "ccboth".
+
+2000-04-21  Ken Raeburn  <raeburn@mit.edu>
+
+       * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete field
+       gsskrb5_version.
+       (struct _krb5_gss_cred_id_rec): Delete field rfcv2_mech.
+       * accept_sec_context.c, acquire_cred.c, add_cred.c, inq_cred.c,
+       k5seal.c, k5unseal.c, ser_ctx.c:
+       Delete krb5-mech2 support.
+
+       * init_sec_context.c (get_credentials): Enctype argument is now a
+       pointer to a list of enctypes.  Explicitly try each in order until
+       success or an error other than cryptosystem not being supported.
+       (krb5_gss_init_sec_context): Pass list of cryptosystems, starting
+       with 3DES.
+
+       * gssapiP_krb5.h (enum sgn_alg, enum seal_alg): New types,
+       giving symbolic names for values from RFC 1964, a Microsoft win2k
+       I-D, and our proposed 3des-sha1 values.
+       (KG_USAGE_SEAL, KG_USAGE_SIGN): New macros.
+
+       * accept_sec_context.c (rd_req_keyproc): Already-disabled routine
+       deleted.
+       (krb5_gss_accept_sec_context): Use sgn_alg and seal_alg symbolic
+       names.  Add a case for des3-hmac-sha1.
+       * k5seal.c (make_seal_token_v1): Likewise.  Do key derivation for
+       checksums.
+       * k5unseal.c (kg_unseal_v1): Likewise.
+       * util_crypt.c (kg_encrypt, kg_decrypt): Do key derivation for
+       encryption.
+
+       * util_crypt.c (zeros): Unused variable deleted.
+
+2000-04-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * wrap_size_limit.c: Remove mech2 support.  Add MIT copyright.
+
+2000-04-08  Tom Yu  <tlyu@mit.edu>
+
+       * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix up
+       wrap_size_limit() to deal with integrity wrap tokens properly.
+       The rfc1964 mech always pads and confounds regardless of whether
+       confidentiality is requested.
+
+2000-03-20  Ken Raeburn  <raeburn@mit.edu>
+
+       * accept_sec_context.c, init_sec_context.c: Disable krb5-mech2
+       stuff for now.  (Tom Yu's krb5-1.1 patch.)
+
+2000-01-27  Ken Raeburn  <raeburn@mit.edu>
 
        * init_sec_context.c (krb5_gss_init_sec_context): Default to
        des-cbc-crc.
index fc920ec27001a13aa7aa03b1b25f493e9c80668f..d000f077303d9651e3df5fda6c9fcd13a70d9cea 100644 (file)
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2000 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  * 
 #include "k5-int.h"
 #include "gssapiP_krb5.h"
 #include <memory.h>
+#include <assert.h>
 
 /*
  * $Id$
  */
 
-#if 0
-
-/* XXXX This widen/narrow stuff is bletcherous, but it seems to be
-   necessary.  Perhaps there is a "better" way, but I don't know what it
-   is */
-
-#include <krb5/widen.h>
-static krb5_error_code
-rd_req_keyproc(krb5_pointer keyprocarg, krb5_principal server,
-              krb5_kvno kvno, krb5_keyblock **keyblock)
-#include <krb5/narrow.h>
-{
-   krb5_error_code code;
-   krb5_keytab_entry ktentry;
-
-   if (code = krb5_kt_get_entry((krb5_keytab) keyprocarg, server, kvno,
-                               &ktentry))
-      return(code);
-
-   code = krb5_copy_keyblock(&ktentry.key, keyblock);
-
-   (void) krb5_kt_free_entry(&ktentry);
-
-   return(code);
-}
-
-#endif
-
 /* Decode, decrypt and store the forwarded creds in the local ccache. */
 static krb5_error_code
 rd_and_store_for_creds(context, inbuf, out_cred)
@@ -145,7 +142,6 @@ rd_and_store_for_creds(context, inbuf, out_cred)
        /* cred->princ already set */
        cred->prerfc_mech = 1; /* this cred will work with all three mechs */
        cred->rfc_mech = 1;
-       cred->rfcv2_mech = 1; 
        cred->keytab = NULL; /* no keytab associated with this... */
        cred->ccache = ccache; /* but there is a credential cache */
        cred->tgt_expire = creds[0]->times.endtime; /* store the end time */
@@ -206,11 +202,10 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    krb5_ui_4 gss_flags = 0;
    int decode_req_message = 0;
    krb5_gss_ctx_id_rec *ctx = 0;
-#if 0
    krb5_enctype enctype;
-#endif
    krb5_timestamp now;
    gss_buffer_desc token;
+   int err;
    krb5_auth_context auth_context = NULL;
    krb5_ticket * ticket = NULL;
    int option_id;
@@ -222,7 +217,6 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    gss_cred_id_t cred_handle = NULL;
    krb5_gss_cred_id_t deleg_cred = NULL;
    int token_length;
-   int gsskrb5_vers;
    int nctypes;
    krb5_cksumtype *ctypes = 0;
    struct kg2_option fwcred;
@@ -296,13 +290,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
                                      &(ap_req.length),
                                      &ptr, KG_TOK_CTX_AP_REQ,
                                      input_token->length))) {
-       if (! cred->rfc_mech) {
-          code = G_WRONG_MECH;
-          major_status = GSS_S_DEFECTIVE_TOKEN;
-          goto fail;
-       }
        mech_used = gss_mech_krb5;
-       gsskrb5_vers = 1000;
    } else if ((code == G_WRONG_MECH) &&
              !(code = g_verify_token_header((gss_OID) gss_mech_krb5_old,
                                             &(ap_req.length), 
@@ -315,56 +303,15 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        * compatibility, and use it to decide when to use the
        * old behavior.
        */
-       if (! cred->prerfc_mech) {
-          code = G_WRONG_MECH;
-          major_status = GSS_S_DEFECTIVE_TOKEN;
-          goto fail;
-       }
        mech_used = gss_mech_krb5_old;
-       gsskrb5_vers = 1000;
-   } else if ((code == G_WRONG_MECH) &&
-             !(code = g_verify_token_header((gss_OID) gss_mech_krb5_v2,
-                                            &token_length, 
-                                            &ptr, KG2_TOK_INITIAL,
-                                            input_token->length))) {
-       if (! cred->rfcv2_mech) {
-          code = G_WRONG_MECH;
-          major_status = GSS_S_DEFECTIVE_TOKEN;
-          goto fail;
-       }
-       mech_used = gss_mech_krb5_v2;
-       gsskrb5_vers = 2000;
    } else {
        major_status = GSS_S_DEFECTIVE_TOKEN;
        goto fail;
    }
 
-   if (gsskrb5_vers == 2000) {
-       /* gss krb5 v2 */
-
-       fwcred.option_id = KRB5_GSS_FOR_CREDS_OPTION;
-       fwcred.data = NULL;
-
-       if (GSS_ERROR(major_status =
-                    kg2_parse_token(&code, ptr, token_length,
-                                    &gss_flags, &nctypes, &ctypes,
-                                    delegated_cred_handle?1:0,
-                                    &fwcred, &ap_req, NULL))) {
-          goto fail;
-       }
-
-       gss_flags = (ptr[0]<<24) | (ptr[1]<<16) | (ptr[2]<<8) | ptr[3];
-
-       gss_flags &= ~GSS_C_DELEG_FLAG; /* mask out the delegation flag;
-                                         if there's a delegation, we'll
-                                         set it below */
-   } else {
-       /* gss krb5 v1 */
-
-       sptr = (char *) ptr;
-       TREAD_STR(sptr, ap_req.data, ap_req.length);
-       decode_req_message = 1;
-   }
+   sptr = (char *) ptr;
+   TREAD_STR(sptr, ap_req.data, ap_req.length);
+   decode_req_message = 1;
 
    /* construct the sender_addr */
 
@@ -416,9 +363,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    }
 #endif
 
-   if (gsskrb5_vers == 2000) {
-       bigend = 1;
-   } else {
+   {
        /* gss krb5 v1 */
 
        /* stash this now, for later. */
@@ -551,13 +496,12 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    }
 
    memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
-   ctx->mech_used = mech_used;
+   ctx->mech_used = (gss_OID) mech_used;
    ctx->auth_context = auth_context;
    ctx->initiate = 0;
    ctx->gss_flags = KG_IMPLFLAGS(gss_flags);
    ctx->seed_init = 0;
    ctx->big_endian = bigend;
-   ctx->gsskrb5_version = gsskrb5_vers;
 
    /* Intern the ctx pointer so that delete_sec_context works */
    if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
@@ -603,114 +547,37 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        goto fail;
    }
 
-   if (gsskrb5_vers == 2000) {
-       int cblen;
-       krb5_boolean valid;
-
-       /* intersect the token ctypes with the local ctypes */
-
-       if (code = krb5_c_keyed_checksum_types(context, ctx->subkey->enctype,
-                                             &ctx->nctypes, &ctx->ctypes))
-          goto fail;
-
-       if (nctypes == 0) {
-          code = KRB5_CRYPTO_INTERNAL;
-          goto fail;
-       }
-
-       kg2_intersect_ctypes(&ctx->nctypes, ctx->ctypes, nctypes, ctypes);
-
-       if (nctypes == 0) {
-          code = KG_NO_CTYPES;
-          goto fail;
-       }
+   switch(ctx->subkey->enctype) {
+   case ENCTYPE_DES_CBC_MD5:
+   case ENCTYPE_DES_CBC_CRC:
+       ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW;
+       ctx->signalg = SGN_ALG_DES_MAC_MD5;
+       ctx->cksum_size = 8;
+       ctx->sealalg = SEAL_ALG_DES;
 
-       /* process the delegated cred, if any */
-
-       if (fwcred.data) {
-          krb5_data option;
-
-          option.length = fwcred.length;
-          option.data = fwcred.data;
-
-          if (code = rd_and_store_for_creds(context, &option, &deleg_cred)) {
-              major_status = GSS_S_FAILURE;
-              goto fail;
-          }
-
-          gss_flags |= GSS_C_DELEG_FLAG; /* got a delegation */
-       }
-
-       /* construct the checksum buffer */
-
-       cblen = 4*5;
-       if (input_chan_bindings)
-          cblen += (input_chan_bindings->initiator_address.length+
-                    input_chan_bindings->acceptor_address.length+
-                    input_chan_bindings->application_data.length);
-
-       cksumdata.length = cblen + ((char *)(ap_req.data-2) - (char *)(ptr-2));
+       /* fill in the encryption descriptors */
 
-       if ((cksumdata.data = (char *) malloc(cksumdata.length)) == NULL) {
-          code = ENOMEM;
+       if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) {
           major_status = GSS_S_FAILURE;
           goto fail;
        }
 
-       ptr2 = cksumdata.data;
-
-       if (input_chan_bindings) {
-          TWRITE_INT(ptr2, input_chan_bindings->initiator_addrtype, 1);
-          TWRITE_BUF(ptr2, input_chan_bindings->initiator_address, 1);
-          TWRITE_INT(ptr2, input_chan_bindings->acceptor_addrtype, 1);
-          TWRITE_BUF(ptr2, input_chan_bindings->acceptor_address, 1);
-          TWRITE_BUF(ptr2, input_chan_bindings->application_data, 1);
-       } else {
-          memset(ptr2, 0, cblen);
-          ptr2 += cblen;
-       }
-
-       memcpy(ptr2, ptr-2, ((char *)(ap_req.data-2) - (char *)(ptr-2)));
+       for (i=0; i<ctx->enc->length; i++)
+          /*SUPPRESS 113*/
+          ctx->enc->contents[i] ^= 0xf0;
 
-       if (code = krb5_c_verify_checksum(context, ctx->subkey,
-                                        KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
-                                        &cksumdata, authdat->checksum,
-                                        &valid)) {
+       if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq))) {
           major_status = GSS_S_FAILURE;
           goto fail;
        }
 
-       free(cksumdata.data);
-       cksumdata.data = 0;
+       break;
 
-       if (!valid) {
-          code = 0;
-          major_status = GSS_S_BAD_SIG;
-          goto fail;
-       }
-   } else {
-       /* gss krb5 v1 */
-
-       switch(ctx->subkey->enctype) {
-       case ENCTYPE_DES_CBC_MD5:
-       case ENCTYPE_DES_CBC_CRC:
-          ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW;
-          ctx->signalg = 0;
-          ctx->cksum_size = 8;
-          ctx->sealalg = 0;
-          break;
-#if 0
-       case ENCTYPE_DES3_CBC_MD5:
-          enctype = ENCTYPE_DES3_CBC_RAW;
-          ctx->signalg = 3;
-          ctx->cksum_size = 16;
-          ctx->sealalg = 1;
-          break;
-#endif
-       default:
-          code = KRB5_BAD_ENCTYPE;
-          goto fail;
-       }
+   case ENCTYPE_DES3_CBC_SHA1:
+       ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW;
+       ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
+       ctx->cksum_size = 20;
+       ctx->sealalg = SEAL_ALG_DES3KD;
 
        /* fill in the encryption descriptors */
 
@@ -719,14 +586,16 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
           goto fail;
        }
 
-       for (i=0; i<ctx->enc->length; i++)
-          /*SUPPRESS 113*/
-          ctx->enc->contents[i] ^= 0xf0;
-
        if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq))) {
           major_status = GSS_S_FAILURE;
           goto fail;
        }
+
+       break;
+
+   default:
+       code = KRB5_BAD_ENCTYPE;
+       goto fail;
    }
 
    ctx->endtime = ticket->enc_part2->times.endtime;
@@ -769,122 +638,22 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        /* the reply token hasn't been sent yet, but that's ok. */
        ctx->established = 1;
 
-       if (ctx->gsskrb5_version == 2000) {
-          krb5_ui_4 tok_flags;
-
-          tok_flags =
-              (ctx->gss_flags & GSS_C_DELEG_FLAG)?KG2_RESP_FLAG_DELEG_OK:0;
-
-          cksumdata.length = 8 + 4*ctx->nctypes + 4;
-
-          if ((cksumdata.data = (char *) malloc(cksumdata.length)) == NULL) {
-              code = ENOMEM;
-              major_status = GSS_S_FAILURE;
-              goto fail;
-          }
-
-          /* construct the token fields */
-
-          ptr = cksumdata.data;
-
-          ptr[0] = (KG2_TOK_RESPONSE >> 8) & 0xff;
-          ptr[1] = KG2_TOK_RESPONSE & 0xff;
-
-          ptr[2] = (tok_flags >> 24) & 0xff;
-          ptr[3] = (tok_flags >> 16) & 0xff;
-          ptr[4] = (tok_flags >> 8) & 0xff;
-          ptr[5] = tok_flags & 0xff;
-
-          ptr[6] = (ctx->nctypes >> 8) & 0xff;
-          ptr[7] = ctx->nctypes & 0xff;
-
-          ptr += 8;
-
-          for (i=0; i<ctx->nctypes; i++) {
-              ptr[i] = (ctx->ctypes[i] >> 24) & 0xff;
-              ptr[i+1] = (ctx->ctypes[i] >> 16) & 0xff;
-              ptr[i+2] = (ctx->ctypes[i] >> 8) & 0xff;
-              ptr[i+3] = ctx->ctypes[i] & 0xff;
-
-              ptr += 4;
-          }
-
-          memset(ptr, 0, 4);
-
-          /* make the MIC token */
-
-          {
-              gss_buffer_desc text, token;
+       token.length = g_token_size((gss_OID) mech_used, ap_rep.length);
 
-              text.length = cksumdata.length;
-              text.value = cksumdata.data;
-
-              /* ctx->seq_send must be set before this call */
-
-              if (GSS_ERROR(major_status =
-                            krb5_gss_get_mic(&code, ctx,
-                                             GSS_C_QOP_DEFAULT,
-                                             &text, &token)))
-                  goto fail;
-
-              mic.length = token.length;
-              mic.data = token.value;
-          }
-
-          token.length = g_token_size((gss_OID) mech_used,
-                                      (cksumdata.length-2)+4+ap_rep.length+
-                                      mic.length);
-
-          if ((token.value = (unsigned char *) xmalloc(token.length))
-              == NULL) {
-              code = ENOMEM;
-              major_status = GSS_S_FAILURE;
-              goto fail;
-          }
-          ptr = token.value;
-          g_make_token_header((gss_OID) mech_used,
-                              (cksumdata.length-2)+4+ap_rep.length+mic.length,
-                              &ptr, KG2_TOK_RESPONSE);
-
-          memcpy(ptr, cksumdata.data+2, cksumdata.length-2);
-          ptr += cksumdata.length-2;
-
-          ptr[0] = (ap_rep.length >> 8) & 0xff;
-          ptr[1] = ap_rep.length & 0xff;
-          memcpy(ptr+2, ap_rep.data, ap_rep.length);
-
-          ptr += (2+ap_rep.length);
-
-          ptr[0] = (mic.length >> 8) & 0xff;
-          ptr[1] = mic.length & 0xff;
-          memcpy(ptr+2, mic.data, mic.length);
-
-          ptr += (2+mic.length);
-
-          free(cksumdata.data);
-          cksumdata.data = 0;
-
-          /* gss krb5 v2 */
-       } else {
-          /* gss krb5 v1 */
-
-          token.length = g_token_size((gss_OID) mech_used, ap_rep.length);
-
-          if ((token.value = (unsigned char *) xmalloc(token.length))
-              == NULL) {
-              major_status = GSS_S_FAILURE;
-              code = ENOMEM;
-              goto fail;
-          }
-          ptr = token.value;
-          g_make_token_header((gss_OID) mech_used, ap_rep.length,
-                              &ptr, KG_TOK_CTX_AP_REP);
+       if ((token.value = (unsigned char *) xmalloc(token.length))
+          == NULL) {
+          major_status = GSS_S_FAILURE;
+          code = ENOMEM;
+          goto fail;
+       }
+       ptr = token.value;
+       g_make_token_header((gss_OID) mech_used, ap_rep.length,
+                          &ptr, KG_TOK_CTX_AP_REP);
 
-          TWRITE_STR(ptr, ap_rep.data, ap_rep.length);
+       TWRITE_STR(ptr, ap_rep.data, ap_rep.length);
 
-          ctx->established = 1;
+       ctx->established = 1;
 
-       }
    } else {
        token.length = 0;
        token.value = NULL;
@@ -943,6 +712,11 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        free(ctypes);
    if (authdat)
        krb5_free_authenticator(context, authdat);
+   /* The ctx structure has the handle of the auth_context */
+   if (auth_context && !ctx) {
+       (void)krb5_auth_con_setrcache(context, auth_context, NULL);
+       krb5_auth_con_free(context, auth_context);
+   }
    if (reqcksum.contents)
        xfree(reqcksum.contents);
    if (ap_rep.data)
@@ -1014,13 +788,8 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        if (code)
           return (major_status);
 
-       if (gsskrb5_vers == 2000) {
-          tmsglen = 12+scratch.length;
-          toktype = KG2_TOK_RESPONSE;
-       } else {
-          tmsglen = scratch.length;
-          toktype = KG_TOK_CTX_ERROR;
-       }
+       tmsglen = scratch.length;
+       toktype = KG_TOK_CTX_ERROR;
 
        token.length = g_token_size((gss_OID) mech_used, tmsglen);
        token.value = (unsigned char *) xmalloc(token.length);
@@ -1030,24 +799,6 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        ptr = token.value;
        g_make_token_header((gss_OID) mech_used, tmsglen, &ptr, toktype);
 
-       if (gsskrb5_vers == 2000) {
-          krb5_ui_4 flags;
-
-          flags = KG2_RESP_FLAG_ERROR;
-
-          ptr[0] = (flags << 24) & 0xff;
-          ptr[1] = (flags << 16) & 0xff;
-          ptr[2] = (flags << 8) & 0xff;
-          ptr[3] = flags & 0xff;
-
-          memset(ptr+4, 0, 6);
-
-          ptr[10] = (scratch.length << 8) & 0xff;
-          ptr[11] = scratch.length & 0xff;
-
-          ptr += 12;
-       }
-
        TWRITE_STR(ptr, scratch.data, scratch.length);
        xfree(scratch.data);
 
index b67eb4f8f82a169eeee83eb95ac8c28304d55c7a..c2921f286ea5413f3a764c195de98d8e237154c7 100644 (file)
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2000 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  * 
@@ -154,7 +178,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
 
    /* open the default credential cache */
 
-   if ((code = krb5_cc_default(context, &ccache))) {
+   if ((code = krb5int_cc_default(context, &ccache))) {
       *minor_status = code;
       return(GSS_S_CRED_UNAVAIL);
    }
@@ -283,7 +307,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    size_t i;
    krb5_gss_cred_id_t cred;
    gss_OID_set ret_mechs;
-   int req_old, req_new, req_v2;
+   int req_old, req_new;
    OM_uint32 ret;
    krb5_error_code code;
 
@@ -313,22 +337,18 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    if (desired_mechs == GSS_C_NULL_OID_SET) {
       req_old = 1;
       req_new = 1;
-      req_v2 = 1;
    } else {
       req_old = 0;
       req_new = 0;
-      req_v2 = 0;
 
       for (i=0; i<desired_mechs->count; i++) {
         if (g_OID_equal(gss_mech_krb5_old, &(desired_mechs->elements[i])))
            req_old++;
         if (g_OID_equal(gss_mech_krb5, &(desired_mechs->elements[i])))
            req_new++;
-        if (g_OID_equal(gss_mech_krb5_v2, &(desired_mechs->elements[i])))
-           req_v2++;
       }
 
-      if (!req_old && !req_new && !req_v2) {
+      if (!req_old && !req_new) {
         *minor_status = 0;
         return(GSS_S_BAD_MECH);
       }
@@ -347,7 +367,6 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    cred->princ = NULL;
    cred->prerfc_mech = req_old;
    cred->rfc_mech = req_new;
-   cred->rfcv2_mech = req_v2;
 
    cred->keytab = NULL;
    cred->ccache = NULL;
@@ -442,15 +461,11 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
                                                            &ret_mechs)) ||
           (cred->prerfc_mech &&
            GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
-                                                          gss_mech_krb5_old,
+                                                          (gss_OID) gss_mech_krb5_old,
                                                           &ret_mechs))) ||
           (cred->rfc_mech &&
            GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
-                                                          gss_mech_krb5,
-                                                          &ret_mechs))) ||
-          (cred->rfcv2_mech &&
-           GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
-                                                          gss_mech_krb5_v2,
+                                                          (gss_OID) gss_mech_krb5,
                                                           &ret_mechs)))) {
           if (cred->ccache)
               (void)krb5_cc_close(context, cred->ccache);
index 2a6fdb47b5c27ced856064fcdd39004e8cfe6637..918c2641205bc6547638908cb31a6559ff2fcc17 100644 (file)
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2000 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  * 
@@ -110,8 +134,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
     /* check that desired_mech isn't already in the credential */
 
     if ((g_OID_equal(desired_mech, gss_mech_krb5_old) && cred->prerfc_mech) ||
-       (g_OID_equal(desired_mech, gss_mech_krb5) && cred->rfc_mech) ||
-       (g_OID_equal(desired_mech, gss_mech_krb5_v2) && cred->rfcv2_mech)) {
+       (g_OID_equal(desired_mech, gss_mech_krb5) && cred->rfc_mech)) {
        *minor_status = 0;
        return(GSS_S_DUPLICATE_ELEMENT);
     }
@@ -156,7 +179,6 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
        new_cred->usage = cred_usage;
        new_cred->prerfc_mech = cred->prerfc_mech;
        new_cred->rfc_mech = cred->rfc_mech;
-       new_cred->rfcv2_mech = cred->rfcv2_mech;
        new_cred->tgt_expire = cred->tgt_expire;
 
        if (code = krb5_copy_principal(context, cred->princ,
@@ -177,8 +199,9 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
                return(GSS_S_FAILURE);
            }
 
-           strcpy(ktboth, kttype);
-           strcat(ktboth, ":");
+           strncpy(ktboth, kttype, sizeof(ktboth) - 1);
+           ktboth[sizeof(ktboth) - 1] = '\0';
+           strncat(ktboth, ":", sizeof(ktboth) - 1 - strlen(ktboth));
 
            if (code = krb5_kt_get_name(context, cred->keytab,
                                        ktboth+strlen(ktboth),
@@ -234,9 +257,10 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
                return(GSS_S_FAILURE);
            }
 
-           strcpy(ccboth, cctype);
-           strcat(ccboth, ":");
-           strcat(ccboth, ccname);
+           strncpy(ccboth, cctype, sizeof(ccboth) - 1);
+           ccboth[sizeof(ccboth) - 1] = '\0';
+           strncat(ccboth, ":", sizeof(ccboth) - 1 - strlen(ccboth));
+           strncat(ccboth, ccname, sizeof(ccboth) - 1 - strlen(ccboth));
 
            if (code = krb5_cc_resolve(context, ccboth, &new_cred->ccache)) {
                if (new_cred->rcache)
@@ -280,8 +304,6 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
        cred->prerfc_mech = 1;
     else if (g_OID_equal(desired_mech, gss_mech_krb5))
        cred->rfc_mech = 1;
-    else if (g_OID_equal(desired_mech, gss_mech_krb5_v2))
-       cred->rfcv2_mech = 1;
 
     /* set the outputs */
 
index e344b4fbb56e6faa512fea8832261b635eedfddc..166c4c41776c0f0bb0ef0c8a6da1e49a934b4236 100644 (file)
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2000 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  * 
 #define KG2_RESP_FLAG_ERROR            0x0001
 #define KG2_RESP_FLAG_DELEG_OK         0x0002
 
+/* These are to be stored in little-endian order, i.e., des-mac is
+   stored as 02 00.  */
+enum sgn_alg {
+  SGN_ALG_DES_MAC_MD5           = 0x0000,
+  SGN_ALG_MD2_5                 = 0x0001,
+  SGN_ALG_DES_MAC               = 0x0002,
+  SGN_ALG_3                    = 0x0003, /* not published */
+  SGN_ALG_HMAC_MD5              = 0x0011, /* microsoft w2k; no support */
+  SGN_ALG_HMAC_SHA1_DES3_KD     = 0x0004
+};
+enum seal_alg {
+  SEAL_ALG_NONE            = 0xffff,
+  SEAL_ALG_DES             = 0x0000,
+  SEAL_ALG_1              = 0x0001, /* not published */
+  SEAL_ALG_MICROSOFT_RC4   = 0x0010, /* microsoft w2k; no support */
+  SEAL_ALG_DES3KD          = 0x0002
+};
+
+#define KG_USAGE_SEAL 22
+#define KG_USAGE_SIGN 23
+#define KG_USAGE_SEQ  24
+
+enum qop {
+  GSS_KRB5_INTEG_C_QOP_MD5       = 0x0001, /* *partial* MD5 = "MD2.5" */
+  GSS_KRB5_INTEG_C_QOP_DES_MD5   = 0x0002,
+  GSS_KRB5_INTEG_C_QOP_DES_MAC   = 0x0003,
+  GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004,
+  GSS_KRB5_INTEG_C_QOP_MASK      = 0x00ff,
+  GSS_KRB5_CONF_C_QOP_DES        = 0x0100,
+  GSS_KRB5_CONF_C_QOP_DES3_KD    = 0x0200,
+  GSS_KRB5_CONF_C_QOP_MASK       = 0xff00
+};
+
 /** internal types **/
 
 typedef krb5_principal krb5_gss_name_t;
@@ -89,7 +146,6 @@ typedef struct _krb5_gss_cred_id_rec {
    krb5_principal princ;       /* this is not interned as a gss_name_t */
    int prerfc_mech;
    int rfc_mech;
-   int rfcv2_mech;
 
    /* keytab (accept) data */
    krb5_keytab keytab;
@@ -125,7 +181,6 @@ typedef struct _krb5_gss_ctx_id_rec {
    int big_endian;
    krb5_auth_context auth_context;
    gss_OID_desc *mech_used;
-   int gsskrb5_version;
    int nctypes;
    krb5_cksumtype *ctypes;
 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
@@ -190,12 +245,18 @@ int kg_encrypt_size PROTOTYPE((krb5_context context,
                               krb5_keyblock *key, int n));
 
 krb5_error_code kg_encrypt PROTOTYPE((krb5_context context, 
-            krb5_keyblock *key,
-            krb5_pointer iv, krb5_pointer in, krb5_pointer out, int length));
+                                     krb5_keyblock *key, int usage,
+                                     krb5_pointer iv,
+                                     krb5_pointer in,
+                                     krb5_pointer out,
+                                     int length));
 
 krb5_error_code kg_decrypt PROTOTYPE((krb5_context context,
-                           krb5_keyblock *key, 
-                          krb5_pointer iv, krb5_pointer in, krb5_pointer out, int length));
+                                     krb5_keyblock *key,  int usage,
+                                     krb5_pointer iv,
+                                     krb5_pointer in,
+                                     krb5_pointer out,
+                                     int length));
 
 OM_uint32 kg_seal PROTOTYPE((krb5_context context,
                  OM_uint32 *minor_status,
index fd5415a56aa3e4a3fb7ff12688dd498fc0deedc7..659cdc2b7a1c7020d719abb63ded66f3bb8a10d2 100644 (file)
@@ -44,7 +44,7 @@ gss_OID krb5_gss_convert_static_mech_oid(oid)
                if ((oid->length == p->length) &&
                    (memcmp(oid->elements, p->elements, p->length) == 0)) {
                        gss_release_oid(&minor_status, &oid);
-                       return p;
+                       return (gss_OID) p;
                }
        }
        return oid;
index d0c8bc944568133b4fa8255dce8090b77389348c..f35de930bb70bac20cb20abfaaeff0cf5d77f0dc 100644 (file)
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2000 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  * 
@@ -49,6 +73,7 @@
 #include "gssapiP_krb5.h"
 #include <memory.h>
 #include <stdlib.h>
+#include <assert.h>
 
 /*
  * $Id$
@@ -63,17 +88,18 @@ int krb5_gss_dbg_client_expcreds = 0;
  * ccache.
  */
 static krb5_error_code get_credentials(context, cred, server, now,
-                                      endtime, enctype, out_creds)
+                                      endtime, enctypes, out_creds)
     krb5_context context;
     krb5_gss_cred_id_t cred;
     krb5_principal server;
     krb5_timestamp now;
     krb5_timestamp endtime;
-    krb5_enctype enctype;
+    const krb5_enctype *enctypes;
     krb5_creds **out_creds;
 {
     krb5_error_code    code;
     krb5_creds                 in_creds;
+    int i;
     
     memset((char *) &in_creds, 0, sizeof(krb5_creds));
 
@@ -82,10 +108,35 @@ static krb5_error_code get_credentials(context, cred, server, now,
     if ((code = krb5_copy_principal(context, server, &in_creds.server)))
        goto cleanup;
     in_creds.times.endtime = endtime;
-    in_creds.keyblock.enctype = enctype;
 
-    if ((code = krb5_get_credentials(context, 0, cred->ccache, 
-                                    &in_creds, out_creds)))
+    in_creds.keyblock.enctype = 0;
+
+    /*
+     * Initial iteration is necessary to catch a non-matching
+     * credential prior to looping through the GSSAPI-supported
+     * enctypes, since an enctype mismatch in the loop below will
+     * return KRB5_CC_NOTFOUND rather than one of the other error
+     * codes.
+     */
+    code = krb5_get_credentials(context, 0, cred->ccache,
+                               &in_creds, out_creds);
+    if (code)
+       goto cleanup;
+    krb5_free_creds(context, *out_creds);
+    *out_creds = NULL;
+    for (i = 0; enctypes[i]; i++) {
+       in_creds.keyblock.enctype = enctypes[i];
+       code = krb5_get_credentials(context, 0, cred->ccache, 
+                                   &in_creds, out_creds);
+       if (code != KRB5_CC_NOT_KTYPE && code != KRB5_CC_NOTFOUND
+           && code != KRB5KDC_ERR_ETYPE_NOSUPP)
+           break;
+    }
+    if (enctypes[i] == 0) {
+       code = KRB5_CONFIG_ETYPE_NOSUPP;
+       goto cleanup;
+    }
+    if (code)
        goto cleanup;
 
     /*
@@ -93,7 +144,8 @@ static krb5_error_code get_credentials(context, cred, server, now,
      * boundaries) because accept_sec_context code is also similarly
      * non-forgiving.
      */
-    if (!krb5_gss_dbg_client_expcreds && (*out_creds)->times.endtime < now) {
+    if (!krb5_gss_dbg_client_expcreds && *out_creds != NULL &&
+       (*out_creds)->times.endtime < now) {
        code = KRB5KRB_AP_ERR_TKT_EXPIRED;
        goto cleanup;
     }
@@ -117,196 +169,8 @@ make_ap_req_v2(context, ctx, cred, k_cred, chan_bindings, mech_type, token)
     gss_OID mech_type;
     gss_buffer_t token;
 {
-    krb5_flags mk_req_flags = 0;
-    krb5_int32 con_flags;
-    krb5_error_code code;
-    krb5_data credmsg, cksumdata, ap_req;
-    int i, tlen, cblen, nctypes;
-    krb5_cksumtype *ctypes;
-    unsigned char *t, *ptr;
-
-    credmsg.data = 0;
-    cksumdata.data = 0;
-    ap_req.data = 0;
-    ctypes = 0;
-
-    /* create the option data if necessary */
-    if (ctx->gss_flags & GSS_C_DELEG_FLAG) {
-       /* first get KRB_CRED message, so we know its length */
-
-       /* clear the time check flag that was set in krb5_auth_con_init() */
-       krb5_auth_con_getflags(context, ctx->auth_context, &con_flags);
-       krb5_auth_con_setflags(context, ctx->auth_context,
-                              con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
-
-       code = krb5_fwd_tgt_creds(context, ctx->auth_context, 0,
-                                 cred->princ, ctx->there, cred->ccache, 1,
-                                 &credmsg);
-
-       /* turn KRB5_AUTH_CONTEXT_DO_TIME back on */
-       krb5_auth_con_setflags(context, ctx->auth_context, con_flags);
-
-       if (code) {
-           /* don't fail here; just don't accept/do the delegation
-               request */
-           ctx->gss_flags &= ~GSS_C_DELEG_FLAG;
-       } else {
-           if (credmsg.length > KRB5_INT16_MAX) {
-               krb5_free_data_contents(context, &credmsg);
-               return(KRB5KRB_ERR_FIELD_TOOLONG);
-           }
-       }
-    } else {
-       credmsg.length = 0;
-    }
-       
-    /* construct the list of compatible cksum types */
-
-    if ((code = krb5_c_keyed_checksum_types(context,
-                                           k_cred->keyblock.enctype,
-                                           &nctypes, &ctypes)))
-       goto cleanup;
-
-    if (nctypes == 0) {
-       code = KRB5_CRYPTO_INTERNAL;
-       goto cleanup;
-    }
-
-    /* construct the checksum fields */
-
-    cblen = 4*5;
-    if (chan_bindings)
-       cblen += (chan_bindings->initiator_address.length+
-                 chan_bindings->acceptor_address.length+
-                 chan_bindings->application_data.length);
-
-    cksumdata.length = cblen + 8 + 4*nctypes + 4;
-    if (credmsg.length)
-       cksumdata.length += 4 + credmsg.length;
-
-    if ((cksumdata.data = (char *) malloc(cksumdata.length)) == NULL)
-       goto cleanup;
-
-    /* helper macros.  This code currently depends on a long being 32
-       bits, and htonl dtrt. */
-
-    ptr = cksumdata.data;
-
-    if (chan_bindings) {
-       TWRITE_INT(ptr, chan_bindings->initiator_addrtype, 1);
-       TWRITE_BUF(ptr, chan_bindings->initiator_address, 1);
-       TWRITE_INT(ptr, chan_bindings->acceptor_addrtype, 1);
-       TWRITE_BUF(ptr, chan_bindings->acceptor_address, 1);
-       TWRITE_BUF(ptr, chan_bindings->application_data, 1);
-    } else {
-       memset(ptr, 0, cblen);
-       ptr += cblen;
-    }
-
-    /* construct the token fields */
-
-    ptr[0] = (KG2_TOK_INITIAL >> 8) & 0xff;
-    ptr[1] = KG2_TOK_INITIAL & 0xff;
-
-    ptr[2] = (ctx->gss_flags >> 24) & 0xff;
-    ptr[3] = (ctx->gss_flags >> 16) & 0xff;
-    ptr[4] = (ctx->gss_flags >> 8) & 0xff;
-    ptr[5] = ctx->gss_flags & 0xff;
-
-    ptr[6] = (nctypes >> 8) & 0xff;
-    ptr[7] = nctypes & 0xff;
-
-    ptr += 8;
-
-    for (i=0; i<nctypes; i++) {
-       ptr[0] = (ctypes[i] >> 24) & 0xff;
-       ptr[1] = (ctypes[i] >> 16) & 0xff;
-       ptr[2] = (ctypes[i] >> 8) & 0xff;
-       ptr[3] = ctypes[i] & 0xff;
-
-       ptr += 4;
-    }
-
-    if (credmsg.length) {
-       ptr[0] = (KRB5_GSS_FOR_CREDS_OPTION >> 8) & 0xff;
-       ptr[1] = KRB5_GSS_FOR_CREDS_OPTION & 0xff;
-
-       ptr[2] = (credmsg.length >> 8) & 0xff;
-       ptr[3] = credmsg.length & 0xff;
-
-       ptr += 4;
-
-       memcpy(ptr, credmsg.data, credmsg.length);
-
-       ptr += credmsg.length;
-    }
-
-    memset(ptr, 0, 4);
-
-    /* call mk_req.  subkey and ap_req need to be used or destroyed */
-
-    mk_req_flags = AP_OPTS_USE_SUBKEY;
-
-    if (ctx->gss_flags & GSS_C_MUTUAL_FLAG)
-       mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED;
-
-    if ((code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags,
-                                    &cksumdata, k_cred, &ap_req)))
-       goto cleanup;
-
-   /* store the interesting stuff from creds and authent */
-   ctx->endtime = k_cred->times.endtime;
-   ctx->krb_flags = k_cred->ticket_flags;
-
-   /* build up the token */
-
-   /* allocate space for the token */
-   tlen = g_token_size((gss_OID) mech_type,
-                      (cksumdata.length-(2+cblen))+2+ap_req.length);
-
-   if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
-      code = ENOMEM;
-      goto cleanup;
-   }
-
-   ptr = t;
-
-   g_make_token_header((gss_OID) mech_type,
-                      (cksumdata.length-(2+cblen))+2+ap_req.length,
-                      &ptr, KG2_TOK_INITIAL);
-
-   /* skip over the channel bindings and the token id */
-   memcpy(ptr, cksumdata.data+cblen+2, cksumdata.length-(cblen+2));
-   ptr += cksumdata.length-(cblen+2);
-   ptr[0] = (ap_req.length >> 8) & 0xff;
-   ptr[1] = ap_req.length & 0xff;
-   ptr += 2;
-   memcpy(ptr, ap_req.data, ap_req.length);
-
-   /* pass allocated data back */
-
-   ctx->nctypes = nctypes;
-   ctx->ctypes = ctypes;
-
-   token->length = tlen;
-   token->value = (void *) t;
-
-   code = 0;
-
-cleanup:
-   if (code) {
-       if (ctypes)
-          krb5_free_cksumtypes(context, ctypes);
-   }
-
-   if (credmsg.data)
-       free(credmsg.data);
-   if (ap_req.data)
-       free(ap_req.data);
-   if (cksumdata.data)
-       free(cksumdata.data);
-
-   return(code);
+    int krb5_mech2_supported = 0;
+    assert(krb5_mech2_supported);
 }
 
 static krb5_error_code
@@ -480,13 +344,19 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
    krb5_context context;
    krb5_gss_cred_id_t cred;
    krb5_creds *k_cred = 0;
-   krb5_enctype enctype = ENCTYPE_DES_CBC_CRC;
+   static const krb5_enctype wanted_enctypes[] = {
+#if 1
+     ENCTYPE_DES3_CBC_SHA1,
+#endif
+     ENCTYPE_DES_CBC_CRC,
+     ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4,
+     0
+   };
    krb5_error_code code; 
    krb5_gss_ctx_id_rec *ctx, *ctx_free;
    krb5_timestamp now;
    gss_buffer_desc token;
-   int gsskrb5_vers = 0;
-   int i, err;
+   int i, j, err;
    int default_mech = 0;
    krb5_ui_4 resp_flags;
    OM_uint32 major_status;
@@ -528,32 +398,19 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
    err = 0;
    if (mech_type == GSS_C_NULL_OID) {
        default_mech = 1;
-       if (cred->rfcv2_mech) {
-          mech_type = gss_mech_krb5_v2;
-          gsskrb5_vers = 2000;
-       } else if (cred->rfc_mech) {
-          mech_type = gss_mech_krb5;
-          gsskrb5_vers = 1000;
-          enctype = ENCTYPE_DES_CBC_CRC;
+       if (cred->rfc_mech) {
+          mech_type = (gss_OID) gss_mech_krb5;
        } else if (cred->prerfc_mech) {
-          mech_type = gss_mech_krb5_old;
-          gsskrb5_vers = 1000;
-          enctype = ENCTYPE_DES_CBC_CRC;
+          mech_type = (gss_OID) gss_mech_krb5_old;
        } else {
           err = 1;
        }
-   } else if (g_OID_equal(mech_type, gss_mech_krb5_v2)) {
-       if (!cred->rfcv2_mech)
-          err = 1;
-       gsskrb5_vers = 2000;
    } else if (g_OID_equal(mech_type, gss_mech_krb5)) {
        if (!cred->rfc_mech)
           err = 1;
-       gsskrb5_vers = 1000;
    } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) {
        if (!cred->prerfc_mech)
           err = 1;
-       gsskrb5_vers = 1000;
    } else {
        err = 1;
    }
@@ -607,7 +464,6 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
       ctx->seed_init = 0;
       ctx->big_endian = 0;  /* all initiators do little-endian, as per spec */
       ctx->seqstate = 0;
-      ctx->gsskrb5_version = gsskrb5_vers;
       ctx->nctypes = 0;
       ctx->ctypes = 0;
 
@@ -628,27 +484,12 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
          goto fail;
 
       if ((code = get_credentials(context, cred, ctx->there, now,
-                                      ctx->endtime, enctype, &k_cred)))
+                                 ctx->endtime, wanted_enctypes, &k_cred)))
          goto fail;
 
-      /*
-       * If the default mechanism was requested, and the keytype is
-       * DES_CBC, force the old mechanism
-       */
-      if (default_mech &&
-         ((k_cred->keyblock.enctype == ENCTYPE_DES_CBC_CRC) ||
-          (k_cred->keyblock.enctype == ENCTYPE_DES_CBC_MD4) ||
-          (k_cred->keyblock.enctype == ENCTYPE_DES_CBC_MD5))) {
-        ctx->gsskrb5_version = gsskrb5_vers = 1000;
-        mech_type = gss_mech_krb5;
-        if (k_cred->keyblock.enctype != ENCTYPE_DES_CBC_CRC) {
-            krb5_free_creds(context, k_cred);
-            enctype = ENCTYPE_DES_CBC_CRC;
-            if ((code = get_credentials(context, cred, ctx->there, now,
-                                        ctx->endtime, enctype, &k_cred)))
-                goto fail;
-         }
-     }
+      if (default_mech) {
+        mech_type = (gss_OID) gss_mech_krb5;
+      }
 
       if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used)
          != GSS_S_COMPLETE) {
@@ -660,24 +501,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
        */
       ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
 
-      if (ctx->gsskrb5_version == 2000) {
-         /* gsskrb5 v2 */
-         if ((code = make_ap_req_v2(context, ctx,
-                                    cred, k_cred, input_chan_bindings, 
-                                    mech_type, &token))) {
-             if ((code == KRB5_FCC_NOFILE) || (code == KRB5_CC_NOTFOUND) ||
-                 (code == KG_EMPTY_CCACHE))
-                 major_status = GSS_S_NO_CRED;
-             if (code == KRB5KRB_AP_ERR_TKT_EXPIRED)
-                 major_status = GSS_S_CREDENTIALS_EXPIRED;
-             goto fail;
-         }
-
-         krb5_auth_con_getlocalseqnumber(context, ctx->auth_context,
-                                         &ctx->seq_send);
-         krb5_auth_con_getlocalsubkey(context, ctx->auth_context,
-                                      &ctx->subkey);
-      } else {
+      {
          /* gsskrb5 v1 */
          if ((code = make_ap_req_v1(context, ctx,
                                     cred, k_cred, input_chan_bindings, 
@@ -699,11 +523,41 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
 
          switch(ctx->subkey->enctype) {
          case ENCTYPE_DES_CBC_MD5:
+         case ENCTYPE_DES_CBC_MD4:
          case ENCTYPE_DES_CBC_CRC:
              ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW;
-             ctx->signalg = 0;
+             ctx->signalg = SGN_ALG_DES_MAC_MD5;
              ctx->cksum_size = 8;
-             ctx->sealalg = 0;
+             ctx->sealalg = SEAL_ALG_DES;
+
+             /* The encryption key is the session key XOR
+                0xf0f0f0f0f0f0f0f0.  */
+             if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc)))
+                 goto fail;
+
+             for (i=0; i<ctx->enc->length; i++)
+                 /*SUPPRESS 113*/
+                 ctx->enc->contents[i] ^= 0xf0;
+
+             if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq)))
+                 goto fail;
+
+             break;
+
+         case ENCTYPE_DES3_CBC_SHA1:
+             ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW;
+             ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
+             ctx->cksum_size = 20;
+             ctx->sealalg = SEAL_ALG_DES3KD;
+
+             code = krb5_copy_keyblock (context, ctx->subkey, &ctx->enc);
+             if (code)
+                 goto fail;
+             code = krb5_copy_keyblock (context, ctx->subkey, &ctx->seq);
+             if (code) {
+                 krb5_free_keyblock (context, ctx->enc);
+                 goto fail;
+             }
              break;
 #if 0
          case ENCTYPE_DES3_CBC_MD5:
@@ -714,20 +568,10 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
              break;
 #endif
          default:
+             *minor_status = KRB5_BAD_ENCTYPE;
              return GSS_S_FAILURE;
          }
 
-         /* the encryption key is the session key XOR 0xf0f0f0f0f0f0f0f0 */
-
-         if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc)))
-             goto fail;
-
-         for (i=0; i<ctx->enc->length; i++)
-             /*SUPPRESS 113*/
-             ctx->enc->contents[i] ^= 0xf0;
-
-         if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq)))
-             goto fail;
       }
 
       if (k_cred) {
@@ -824,94 +668,38 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
 
       ptr = (unsigned char *) input_token->value;
 
-      if (ctx->gsskrb5_version == 2000) {
-         int token_length;
-         int nctypes;
-         krb5_cksumtype *ctypes = 0;
-
-         /* gsskrb5 v2 */
-
-         if ((code = g_verify_token_header((gss_OID) ctx->mech_used,
-                                          &token_length,
-                                          &ptr, KG2_TOK_RESPONSE,
-                                          input_token->length))) {
-             major_status = GSS_S_DEFECTIVE_TOKEN;
-             goto fail;
-         }
-
-         if (GSS_ERROR(major_status =
-                       kg2_parse_token(minor_status, ptr, token_length,
-                                       &resp_flags, &nctypes, &ctypes,
-                                       0, NULL, &ap_rep, &mic))) {
-             if (ctypes)
-                 free(ctypes);
-             code = *minor_status;
-             goto fail;
-         }
-         major_status = GSS_S_FAILURE;
-
-         kg2_intersect_ctypes(&ctx->nctypes, ctx->ctypes, nctypes, ctypes);
-
-         free(ctypes);
+      if ((err = g_verify_token_header((gss_OID) ctx->mech_used,
+                                      &(ap_rep.length),
+                                      &ptr, KG_TOK_CTX_AP_REP,
+                                      input_token->length))) {
+         if (g_verify_token_header((gss_OID) ctx->mech_used,
+                                   &(ap_rep.length),
+                                   &ptr, KG_TOK_CTX_ERROR,
+                                   input_token->length) == 0) {
 
-         if (ctx->nctypes == 0) {
-             code = KG_NO_CTYPES;
-             goto fail;
-         }
+             /* Handle a KRB_ERROR message from the server */
 
-         if (resp_flags & KG2_RESP_FLAG_ERROR) {
-             if ((code = krb5_rd_error(context, &ap_rep, &krb_error)))
+             sptr = (char *) ptr;           /* PC compiler bug */
+             TREAD_STR(sptr, ap_rep.data, ap_rep.length);
+                     
+             code = krb5_rd_error(context, &ap_rep, &krb_error);
+             if (code)
                  goto fail;
-
              if (krb_error->error)
                  code = krb_error->error + ERROR_TABLE_BASE_krb5;
              else
                  code = 0;
-
              krb5_free_error(context, krb_error);
              goto fail;
+         } else {
+             *minor_status = 0;
+             return(GSS_S_DEFECTIVE_TOKEN);
          }
-
-         if (resp_flags & KG2_RESP_FLAG_DELEG_OK)
-             ctx->gss_flags |= GSS_C_DELEG_FLAG;
-
-         /* drop through to ap_rep handling */
-      } else {
-         /* gsskrb5 v1 */
-
-         if ((err = g_verify_token_header((gss_OID) ctx->mech_used,
-                                          &(ap_rep.length),
-                                          &ptr, KG_TOK_CTX_AP_REP,
-                                          input_token->length))) {
-             if (g_verify_token_header((gss_OID) ctx->mech_used,
-                                       &(ap_rep.length),
-                                       &ptr, KG_TOK_CTX_ERROR,
-                                       input_token->length) == 0) {
-
-                 /* Handle a KRB_ERROR message from the server */
-
-                 sptr = (char *) ptr;           /* PC compiler bug */
-                 TREAD_STR(sptr, ap_rep.data, ap_rep.length);
-                     
-                 code = krb5_rd_error(context, &ap_rep, &krb_error);
-                 if (code)
-                     goto fail;
-                 if (krb_error->error)
-                     code = krb_error->error + ERROR_TABLE_BASE_krb5;
-                 else
-                     code = 0;
-                 krb5_free_error(context, krb_error);
-                 goto fail;
-             } else {
-                 *minor_status = 0;
-                 return(GSS_S_DEFECTIVE_TOKEN);
-             }
-         }
-
-         sptr = (char *) ptr;                      /* PC compiler bug */
-         TREAD_STR(sptr, ap_rep.data, ap_rep.length);
       }
 
+      sptr = (char *) ptr;                      /* PC compiler bug */
+      TREAD_STR(sptr, ap_rep.data, ap_rep.length);
+
       /* decode the ap_rep */
       if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep,
                              &ap_rep_data))) {
@@ -938,26 +726,6 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
       /* set established */
       ctx->established = 1;
 
-      if (ctx->gsskrb5_version == 2000) {
-         gss_buffer_desc mic_data, mic_token;
-
-         /* start with the token id */
-         mic_data.value = ptr-2;
-         /* end before the ap-rep length */
-         mic_data.length = ((char*)(ap_rep.data-2)-(char*)(ptr-2));
-
-         mic_token.length = mic.length;
-         mic_token.value = mic.data;
-
-         if (GSS_ERROR(major_status = 
-                       krb5_gss_verify_mic(minor_status, *context_handle,
-                                           &mic_data, &mic_token, NULL))) {
-             code = *minor_status;
-             goto fail;
-         }
-         major_status = GSS_S_FAILURE;
-      }
-
       /* set returns */
 
       if (time_rec) {
index c800012c84d946596546205d9fc56393c7071e4d..6fbbadcbebe48ceb2aac13eb51680062100888a8 100644 (file)
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2000 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  * 
@@ -116,15 +140,11 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
                                                            &mechs)) ||
           (cred->prerfc_mech &&
            GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
-                                                          gss_mech_krb5_old,
+                                                          (gss_OID) gss_mech_krb5_old,
                                                           &mechs))) ||
           (cred->rfc_mech &&
            GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
-                                                          gss_mech_krb5,
-                                                          &mechs))) ||
-          (cred->rfcv2_mech &&
-           GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
-                                                          gss_mech_krb5_v2,
+                                                          (gss_OID) gss_mech_krb5,
                                                           &mechs)))) {
           krb5_free_principal(context, ret_name);
           /* *minor_status set above */
index ae8cc759054f435c53175a539f13700e98c91e36..1ca108e653471967c4dae5b3d02228cf54e4157c 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -40,7 +40,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 #include "gssapiP_krb5.h"
 
 static krb5_error_code
-make_priv_token_v2 PROTOTYPE((krb5_context context,
-                             krb5_keyblock *subkey,
+make_seal_token_v1 PROTOTYPE((krb5_context context,
+                             krb5_keyblock *enc,
+                             krb5_keyblock *seq,
                              krb5_int32 *seqnum,
                              int direction,
                              gss_buffer_t text,
                              gss_buffer_t token,
+                             int signalg,
+                             int cksum_size,
+                             int sealalg,
+                             int encrypt,
+                             int toktype,
+                             int bigend,
                              gss_OID oid));
 
 static krb5_error_code
-make_priv_token_v2(context, subkey, seqnum, direction, text, token, oid)
-     krb5_context context;
-     krb5_keyblock *subkey;
-     krb5_int32 *seqnum;
-     int direction;
-     gss_buffer_t text;
-     gss_buffer_t token;
-     gss_OID oid;
-{
-   krb5_data plain;
-   krb5_enc_data cipher;
-   krb5_error_code code;
-   size_t enclen;
-   int tlen;
-   unsigned char *t, *ptr;
-
-   plain.data = 0;
-   cipher.ciphertext.data = 0;
-   t = 0;
-
-   plain.length = 7+text->length;
-   if ((plain.data = (void *) malloc(plain.length)) == NULL) {
-       code = ENOMEM;
-       goto cleanup;
-   }
-
-   plain.data[0] = (*seqnum >> 24) & 0xff;
-   plain.data[1] = (*seqnum >> 16) & 0xff;
-   plain.data[2] = (*seqnum >> 8) & 0xff;
-   plain.data[3] = *seqnum & 0xff;
-
-   plain.data[4] = direction?0:0xff;
-   
-   plain.data[5] = (text->length >> 8) & 0xff;
-   plain.data[6] = text->length & 0xff;
-
-   memcpy(plain.data+7, text->value, text->length);
-
-   if (code = krb5_c_encrypt_length(context, subkey->enctype, 
-                                   plain.length, &enclen))
-       goto cleanup;
-
-   tlen = g_token_size((gss_OID) oid, 2+enclen);
-
-   if ((t = (unsigned char *) xmalloc(tlen)) == NULL)
-      return(ENOMEM);
-
-   ptr = t;
-
-   g_make_token_header((gss_OID) oid, 2+enclen, &ptr,
-                      KG2_TOK_WRAP_PRIV);
-
-   ptr[0] = (enclen >> 8) & 0xff;
-   ptr[1] = enclen & 0xff;
-
-   cipher.ciphertext.length = enclen;
-   cipher.ciphertext.data = ptr+2;
-
-   if (code = krb5_c_encrypt(context, subkey,
-                            KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV,
-                            0, &plain, &cipher))
-       goto cleanup;
-
-   /* that's it.  return the token */
-
-   (*seqnum)++;
-
-   token->length = tlen;
-   token->value = (void *) t;
-
-   code = 0;
-
-cleanup:
-   if (plain.data)
-       free(plain.data);
-   if (code) {
-       if (t)
-          free(t);
-   }
-
-   return(code);
-}
-
-static krb5_error_code
-make_integ_token_v2 PROTOTYPE((krb5_context context,
-                              krb5_keyblock *subkey,
-                              krb5_cksumtype ctype,
-                              krb5_int32 *seqnum,
-                              int direction,
-                              gss_buffer_t text,
-                              gss_buffer_t token,
-                              int toktype,
-                              gss_OID oid));
-
-static krb5_error_code
-make_integ_token_v2(context, subkey, ctype, seqnum, direction, text, token, 
-                   toktype, oid)
-     krb5_context context;
-     krb5_keyblock *subkey;
-     krb5_cksumtype ctype;
-     krb5_int32 *seqnum;
-     int direction;
-     gss_buffer_t text;
-     gss_buffer_t token;
-     int toktype;
-     gss_OID oid;
+make_seal_token_v1(context, enc, seq, seqnum, direction, text, token,
+                  signalg, cksum_size, sealalg, encrypt, toktype,
+                  bigend, oid)
+    krb5_context context;
+    krb5_keyblock *enc;
+    krb5_keyblock *seq;
+    krb5_int32 *seqnum;
+    int direction;
+    gss_buffer_t text;
+    gss_buffer_t token;
+    int signalg;
+    int cksum_size;
+    int sealalg;
+    int encrypt;
+    int toktype;
+    int bigend;
+    gss_OID oid;
 {
     krb5_error_code code;
-    int tmp, tlen;
-    unsigned char *t, *ptr;
-    krb5_data plain;
+    size_t sumlen;
+    char *data_ptr;
+    krb5_data plaind;
+    krb5_checksum md5cksum;
     krb5_checksum cksum;
+    int conflen=0, tmsglen, tlen;
+    unsigned char *t, *ptr;
 
-    plain.data = 0;
-    t = 0;
-    cksum.contents = 0;
+    int encblksize, sumblksize;
+
+    switch (signalg) {
+    case SGN_ALG_DES_MAC_MD5:
+    case SGN_ALG_MD2_5:
+    case SGN_ALG_HMAC_MD5:
+       sumblksize = 1;
+       break;
+    case SGN_ALG_DES_MAC:
+       sumblksize = 8;
+       break;
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+       sumblksize = 1;
+       break;
+    default:
+       abort ();
+       return 123; /* find error code */
+    }
 
-    /* assemble the checksum buffer and compute the checksum */
+    switch (sealalg) {
+    case SEAL_ALG_NONE:
+    case SEAL_ALG_DES:
+    case SEAL_ALG_DES3KD:
+       encblksize = 8;
+       break;
+    default:
+       abort ();
+       return 12345654321;
+    }
 
-    plain.length = 7+text->length;
+    /* create the token buffer */
 
-    if ((plain.data = (char *) malloc(plain.length)) == NULL) {
-       code = errno;
-       goto cleanup;
+    if (toktype == KG_TOK_SEAL_MSG) {
+       if (bigend && !encrypt) {
+           tmsglen = text->length;
+       } else {
+           conflen = kg_confounder_size(context, enc);
+           /* XXX knows that des block size is 8 */
+           tmsglen = (conflen+text->length+8)&(~7);
+       }
+    } else {
+       tmsglen = 0;
     }
 
-    plain.data[0] = (*seqnum >> 24) & 0xff;
-    plain.data[1] = (*seqnum >> 16) & 0xff;
-    plain.data[2] = (*seqnum >> 8) & 0xff;
-    plain.data[3] = *seqnum & 0xff;
+    tlen = g_token_size((gss_OID) oid, 14+cksum_size+tmsglen);
 
-    plain.data[4] = direction?0:0xff;
+    if ((t = (unsigned char *) xmalloc(tlen)) == NULL)
+       return(ENOMEM);
 
-    plain.data[5] = (text->length >> 8) & 0xff;
-    plain.data[6] = text->length & 0xff;
+    /*** fill in the token */
 
-    memcpy(plain.data+7, text->value, text->length);
+    ptr = t;
 
-    if (code = krb5_c_make_checksum(context, ctype, subkey,
-                                   (toktype == KG2_TOK_WRAP_INTEG)?
-                                   KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG:
-                                   KRB5_KEYUSAGE_GSS_TOK_MIC,
-                                   &plain, &cksum))
-       goto cleanup;
+    g_make_token_header((gss_OID) oid, 14+cksum_size+tmsglen, &ptr, toktype);
 
-    /* assemble the token itself */
+    /* 0..1 SIGN_ALG */
 
-    if (toktype == KG2_TOK_WRAP_INTEG)
-       tmp = 4+(7+text->length)+2+cksum.length;
-    else
-       tmp = 4+(5)+2+cksum.length;
+    ptr[0] = signalg & 0xff;
+    ptr[1] = (signalg >> 8) & 0xff;
 
-    tlen = g_token_size((gss_OID) oid, tmp);
+    /* 2..3 SEAL_ALG or Filler */
 
-    if ((t = (unsigned char *) xmalloc(tlen)) == NULL)
-       return(ENOMEM);
+    if ((toktype == KG_TOK_SEAL_MSG) && encrypt) {
+       ptr[2] = sealalg & 0xff;
+       ptr[3] = (sealalg >> 8) & 0xff;
+    } else {
+       /* No seal */
+       ptr[2] = 0xff;
+       ptr[3] = 0xff;
+    }
 
-    ptr = t;
+    /* 4..5 Filler */
+
+    ptr[4] = 0xff;
+    ptr[5] = 0xff;
+
+    /* pad the plaintext, encrypt if needed, and stick it in the token */
+
+    /* initialize the the cksum */
+    switch (signalg) {
+    case SGN_ALG_DES_MAC_MD5:
+    case SGN_ALG_MD2_5:
+    case SGN_ALG_HMAC_MD5:
+       md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
+       break;
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+       md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+       break;
+    default:
+    case SGN_ALG_DES_MAC:
+       abort ();
+    }
 
-    g_make_token_header((gss_OID) oid, tmp, &ptr, toktype);
+    if (code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen))
+       return(code);
+    md5cksum.length = sumlen;
+
+    if (toktype == KG_TOK_SEAL_MSG) {
+       unsigned char *plain;
+       unsigned char pad;
+
+       if (!bigend || encrypt) {
+           if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
+               xfree(t);
+               return(ENOMEM);
+           }
+
+           if ((code = kg_make_confounder(context, enc, plain))) {
+               xfree(plain);
+               xfree(t);
+               return(code);
+           }
+
+           memcpy(plain+conflen, text->value, text->length);
+
+           /* XXX 8 is DES cblock size */
+           pad = 8-(text->length%8);
+
+           memset(plain+conflen+text->length, pad, pad);
+       } else {
+           /* plain is never used in the bigend && !encrypt case */
+           plain = NULL;
+       }
+
+       if (encrypt) {
+           if ((code = kg_encrypt(context, enc, KG_USAGE_SEAL, NULL,
+                                  (krb5_pointer) plain,
+                                  (krb5_pointer) (ptr+cksum_size+14),
+                                  tmsglen))) {
+               if (plain)
+                   xfree(plain);
+               xfree(t);
+               return(code);
+           }
+       } else {
+           if (bigend)
+               memcpy(ptr+14+cksum_size, text->value, text->length);
+           else
+               memcpy(ptr+14+cksum_size, plain, tmsglen);
+       }
+
+       /* compute the checksum */
+
+       /* 8 = head of token body as specified by mech spec */
+       if (! (data_ptr =
+              (char *) xmalloc(8 + (bigend ? text->length : tmsglen)))) {
+           if (plain)
+               xfree(plain);
+           xfree(t);
+           return(ENOMEM);
+       }
+       (void) memcpy(data_ptr, ptr-2, 8);
+       if (bigend)
+           (void) memcpy(data_ptr+8, text->value, text->length);
+       else
+           (void) memcpy(data_ptr+8, plain, tmsglen);
+       plaind.length = 8 + (bigend ? text->length : tmsglen);
+       plaind.data = data_ptr;
+       code = krb5_c_make_checksum(context, md5cksum.checksum_type, seq,
+                                   KG_USAGE_SIGN, &plaind, &md5cksum);
+       xfree(data_ptr);
+
+       if (code) {
+           if (plain)
+               xfree(plain);
+           xfree(t);
+           return(code);
+       }
 
-    ptr[0] = (ctype >> 24) & 0xff;
-    ptr[1] = (ctype >> 16) & 0xff;
-    ptr[2] = (ctype >> 8) & 0xff;
-    ptr[3] = ctype & 0xff;
+       if (plain)
+           xfree(plain);
+    } else {
+       /* Sign only.  */
+       /* compute the checksum */
 
-    ptr += 4;
+       if (! (data_ptr = (char *) xmalloc(8 + text->length))) {
+           xfree(t);
+           return(ENOMEM);
+       }
+       (void) memcpy(data_ptr, ptr-2, 8);
+       (void) memcpy(data_ptr+8, text->value, text->length);
+       plaind.length = 8 + text->length;
+       plaind.data = data_ptr;
+       code = krb5_c_make_checksum(context, md5cksum.checksum_type, seq,
+                                   KG_USAGE_SIGN, &plaind, &md5cksum);
+       xfree(data_ptr);
+       if (code) {
+           xfree(t);
+           return(code);
+       }
+    }
 
-    if (toktype == KG2_TOK_WRAP_INTEG) {
-       memcpy(ptr, plain.data, 7+text->length);
-       ptr += 7+text->length;
-    } else {
-       memcpy(ptr, plain.data, 5);
-       ptr += 5;
+    switch(signalg) {
+    case SGN_ALG_DES_MAC_MD5:
+    case 3:
+
+       if ((code = kg_encrypt(context, seq, KG_USAGE_SEAL,
+                              (g_OID_equal(oid, gss_mech_krb5_old) ?
+                               seq->contents : NULL),
+                              md5cksum.contents, md5cksum.contents, 16))) {
+           xfree(md5cksum.contents);
+           xfree(t);
+           return code;
+       }
+
+       cksum.length = cksum_size;
+       cksum.contents = md5cksum.contents + 16 - cksum.length;
+
+       memcpy(ptr+14, cksum.contents, cksum.length);
+       break;
+
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+       /*
+        * Using key derivation, the call to krb5_c_make_checksum
+        * already dealt with encrypting.
+        */
+       if (md5cksum.length != cksum_size)
+           abort ();
+       memcpy (ptr+14, md5cksum.contents, md5cksum.length);
+       break;
     }
 
-    ptr[0] = (cksum.length >> 8) & 0xff;
-    ptr[1] = cksum.length & 0xff;
-    ptr += 2;
+    xfree(md5cksum.contents);
+
+    /* create the seq_num */
 
-    memcpy(ptr, cksum.contents, cksum.length);
+    if ((code = kg_make_seq_num(context, seq, direction?0:0xff, *seqnum,
+                               ptr+14, ptr+6))) {
+       xfree(t);
+       return(code);
+    }
 
     /* that's it.  return the token */
 
@@ -247,372 +331,110 @@ make_integ_token_v2(context, subkey, ctype, seqnum, direction, text, token,
     token->length = tlen;
     token->value = (void *) t;
 
-    code = 0;
-
-cleanup:
-    if (plain.data)
-       free(plain.data);
-    if (cksum.contents)
-       krb5_free_checksum_contents(context, &cksum);
-    if (code) {
-       if (t)
-           free(t);
-    }
-
-   return(code);
+    return(0);
 }
 
-static krb5_error_code
-make_seal_token_v1 PROTOTYPE((krb5_context context,
-                             krb5_keyblock *enc,
-                             krb5_keyblock *seq,
-                             krb5_int32 *seqnum,
-                             int direction,
-                             gss_buffer_t text,
-                             gss_buffer_t token,
-                             int signalg,
-                             int cksum_size,
-                             int sealalg,
-                             int encrypt,
-                             int toktype,
-                             int bigend,
-                             gss_OID oid));
+/* if signonly is true, ignore conf_req, conf_state,
+   and do not encode the ENC_TYPE, MSG_LENGTH, or MSG_TEXT fields */
 
-static krb5_error_code
-make_seal_token_v1(context, enc, seq, seqnum, direction, text, token,
-                  signalg, cksum_size, sealalg, encrypt, toktype,
-                  bigend, oid)
-     krb5_context context;
-     krb5_keyblock *enc;
-     krb5_keyblock *seq;
-     krb5_int32 *seqnum;
-     int direction;
-     gss_buffer_t text;
-     gss_buffer_t token;
-     int signalg;
-     int cksum_size;
-     int sealalg;
-     int encrypt;
-     int toktype;
-     int bigend;
-     gss_OID oid;
+OM_uint32
+kg_seal(context, minor_status, context_handle, conf_req_flag, qop_req,
+       input_message_buffer, conf_state, output_message_buffer, toktype)
+    krb5_context context;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    int conf_req_flag;
+    int qop_req;
+    gss_buffer_t input_message_buffer;
+    int *conf_state;
+    gss_buffer_t output_message_buffer;
+    int toktype;
 {
-   krb5_error_code code;
-   size_t sumlen;
-   char *data_ptr;
-   krb5_data plaind;
-   krb5_checksum md5cksum;
-   krb5_checksum cksum;
-   int conflen=0, tmsglen, tlen;
-   unsigned char *t, *ptr;
-
-   /* create the token buffer */
-
-   if (toktype == KG_TOK_SEAL_MSG) {
-      if (bigend && !encrypt) {
-        tmsglen = text->length;
-      } else {
-        conflen = kg_confounder_size(context, enc);
-        /* XXX knows that des block size is 8 */
-        tmsglen = (conflen+text->length+8)&(~7);
-      }
-   } else {
-      tmsglen = 0;
-   }
-
-   tlen = g_token_size((gss_OID) oid, 14+cksum_size+tmsglen);
-
-   if ((t = (unsigned char *) xmalloc(tlen)) == NULL)
-      return(ENOMEM);
-
-   /*** fill in the token */
-
-   ptr = t;
-
-   g_make_token_header((gss_OID) oid, 14+cksum_size+tmsglen, &ptr, toktype);
-
-   /* 0..1 SIGN_ALG */
-
-   ptr[0] = signalg;
-   ptr[1] = 0;
-   
-   /* 2..3 SEAL_ALG or Filler */
-
-   if ((toktype == KG_TOK_SEAL_MSG) && encrypt) {
-      ptr[2] = sealalg;
-      ptr[3] = 0;
-   } else {
-      /* No seal */
-      ptr[2] = 0xff;
-      ptr[3] = 0xff;
-   }
-
-   /* 4..5 Filler */
-
-   ptr[4] = 0xff;
-   ptr[5] = 0xff;
-
-   /* pad the plaintext, encrypt if needed, and stick it in the token */
-
-   /* initialize the the cksum */
-   if (code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &sumlen))
-       return(code);
-
-   md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
-   md5cksum.length = sumlen;
-   if (toktype == KG_TOK_SEAL_MSG) {
-      unsigned char *plain;
-      unsigned char pad;
-
-      if (!bigend || encrypt) {
-        if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
-           xfree(t);
-           return(ENOMEM);
-        }
-
-        if ((code = kg_make_confounder(context, enc, plain))) {
-           xfree(plain);
-           xfree(t);
-           return(code);
-        }
-
-        memcpy(plain+conflen, text->value, text->length);
-
-        /* XXX 8 is DES cblock size */
-        pad = 8-(text->length%8);
-
-        memset(plain+conflen+text->length, pad, pad);
-      } else {
-        /* plain is never used in the bigend && !encrypt case */
-        plain = NULL;
-      }
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_error_code code;
+    krb5_timestamp now;
 
-      if (encrypt) {
-        if ((code = kg_encrypt(context, enc, NULL, (krb5_pointer) plain,
-                               (krb5_pointer) (ptr+cksum_size+14),
-                               tmsglen))) {
-           if (plain)
-              xfree(plain);
-           xfree(t);
-           return(code);
-        }
-      } else {
-        if (bigend)
-           memcpy(ptr+14+cksum_size, text->value, text->length);
-        else
-           memcpy(ptr+14+cksum_size, plain, tmsglen);
-      }
-
-      /* compute the checksum */
-
-      /* 8 = head of token body as specified by mech spec */
-      if (! (data_ptr =
-            (char *) xmalloc(8 + (bigend ? text->length : tmsglen)))) {
-         if (plain)
-             xfree(plain);
-         xfree(t);
-         return(ENOMEM);
-      }
-      (void) memcpy(data_ptr, ptr-2, 8);
-      if (bigend)
-         (void) memcpy(data_ptr+8, text->value, text->length);
-      else
-         (void) memcpy(data_ptr+8, plain, tmsglen);
-      plaind.length = 8 + (bigend ? text->length : tmsglen);
-      plaind.data = data_ptr;
-      code = krb5_c_make_checksum(context, md5cksum.checksum_type,
-                                 0, 0, &plaind, &md5cksum);
-      xfree(data_ptr);
-
-      if (code) {
-         if (plain)
-             xfree(plain);
-         xfree(t);
-         return(code);
-         memcpy(ptr+14+cksum_size, plain, tmsglen);
-      }
-
-      if (plain)
-        xfree(plain);
-   } else {
-      /* compute the checksum */
-
-      if (! (data_ptr = (char *) xmalloc(8 + text->length))) {
-         xfree(t);
-         return(ENOMEM);
-      }
-      (void) memcpy(data_ptr, ptr-2, 8);
-      (void) memcpy(data_ptr+8, text->value, text->length);
-      plaind.length = 8 + text->length;
-      plaind.data = data_ptr;
-      code = krb5_c_make_checksum(context, md5cksum.checksum_type, 0, 0,
-                                 &plaind, &md5cksum);
-      xfree(data_ptr);
-      if (code) {
-         xfree(t);
-         return(code);
-      }
-   }
-
-   switch(signalg) {
-   case 0:
-   case 3:
+    output_message_buffer->length = 0;
+    output_message_buffer->value = NULL;
 
+    /* only default qop or matching established cryptosystem is allowed */
+    
 #if 0
-       /* XXX this depends on the key being a single-des key */
-
-       /* DES CBC doesn't use a zero IV like it should in some
-         krb5 implementations (beta5+).  So we just do the
-         DES encryption the long way, and keep the last block
-         as the MAC */
-
-       /* XXX not converted to new api since it's inside an #if 0 */
-
-       /* initialize the the cksum and allocate the contents buffer */
-       cksum.checksum_type = CKSUMTYPE_DESCBC;
-       cksum.length = krb5_checksum_size(context, CKSUMTYPE_DESCBC);
-       if ((cksum.contents = (krb5_octet *) xmalloc(cksum.length)) == NULL)
-          return(ENOMEM);
-
-       /* XXX not converted to new api since it's inside an #if 0 */
-       if (code = krb5_calculate_checksum(context, cksum.checksum_type,
-                                         md5cksum.contents, 16,
-                                         seq->contents, 
-                                         seq->length,
-                                         &cksum)) {
-         xfree(cksum.contents);
-         xfree(md5cksum.contents);
-         xfree(t);
-         return(code);
-       }
-
-       memcpy(ptr+14, cksum.contents, 8);
-
-       xfree(cksum.contents);
+    switch (qop_req & GSS_KRB5_CONF_C_QOP_MASK) {
+    case GSS_C_QOP_DEFAULT:
+       break;
+    default:
+    unknown_qop:
+       *minor_status = (OM_uint32) G_UNKNOWN_QOP;
+       return GSS_S_FAILURE;
+    case GSS_KRB5_CONF_C_QOP_DES:
+       if (ctx->sealalg != SEAL_ALG_DES) {
+       bad_qop:
+           *minor_status = (OM_uint32) G_BAD_QOP;
+           return GSS_S_FAILURE;
+       }
+       break;
+    case GSS_KRB5_CONF_C_QOP_DES3:
+       if (ctx->sealalg != SEAL_ALG_DES3)
+           goto bad_qop;
+       break;
+    }
+    switch (qop_req & GSS_KRB5_INTEG_C_QOP_MASK) {
+    case GSS_C_QOP_DEFAULT:
+       break;
+    default:
+       goto unknown_qop;
+    case GSS_KRB5_INTEG_C_QOP_MD5:
+    case GSS_KRB5_INTEG_C_QOP_DES_MD5:
+    case GSS_KRB5_INTEG_C_QOP_DES_MAC:
+       if (ctx->sealalg != SEAL_ALG_DES)
+           goto bad_qop;
+       break;
+    case GSS_KRB5_INTEG_C_QOP_HMAC_SHA1:
+       if (ctx->sealalg != SEAL_ALG_DES3KD)
+           goto bad_qop;
+       break;
+    }
 #else
-       if ((code = kg_encrypt(context, seq,
-                             (g_OID_equal(oid, gss_mech_krb5_old) ?
-                              seq->contents : NULL),
-                             md5cksum.contents, md5cksum.contents, 16))) {
-         xfree(md5cksum.contents);
-         xfree(t);
-         return code;
-       }
-       
-       cksum.length = cksum_size;
-       cksum.contents = md5cksum.contents + 16 - cksum.length;
-
-       memcpy(ptr+14, cksum.contents, cksum.length);
+    if (qop_req != 0) {
+       *minor_status = (OM_uint32) G_UNKNOWN_QOP;
+       return GSS_S_FAILURE;
+    }
 #endif
 
-       break;
-   }
-
-   xfree(md5cksum.contents);
-
-   /* create the seq_num */
+    /* validate the context handle */
+    if (! kg_validate_ctx_id(context_handle)) {
+       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+       return(GSS_S_NO_CONTEXT);
+    }
 
-   if ((code = kg_make_seq_num(context, seq, direction?0:0xff, *seqnum,
-                              ptr+14, ptr+6))) {
-      xfree(t);
-      return(code);
-   }
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   /* that's it.  return the token */
+    if (! ctx->established) {
+       *minor_status = KG_CTX_INCOMPLETE;
+       return(GSS_S_NO_CONTEXT);
+    }
 
-   (*seqnum)++;
+    if ((code = krb5_timeofday(context, &now))) {
+       *minor_status = code;
+       return(GSS_S_FAILURE);
+    }
 
-   token->length = tlen;
-   token->value = (void *) t;
+    code = make_seal_token_v1(context, ctx->enc, ctx->seq,
+                             &ctx->seq_send, ctx->initiate,
+                             input_message_buffer, output_message_buffer,
+                             ctx->signalg, ctx->cksum_size, ctx->sealalg,
+                             conf_req_flag, toktype, ctx->big_endian,
+                             ctx->mech_used);
 
-   return(0);
-}
+    if (code) {
+       *minor_status = code;
+       return(GSS_S_FAILURE);
+    }
 
-/* if signonly is true, ignore conf_req, conf_state, 
-   and do not encode the ENC_TYPE, MSG_LENGTH, or MSG_TEXT fields */
+    if (conf_state)
+       *conf_state = conf_req_flag;
 
-OM_uint32
-kg_seal(context, minor_status, context_handle, conf_req_flag, qop_req, 
-       input_message_buffer, conf_state, output_message_buffer, toktype)
-     krb5_context context;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     int conf_req_flag;
-     int qop_req;
-     gss_buffer_t input_message_buffer;
-     int *conf_state;
-     gss_buffer_t output_message_buffer;
-     int toktype;
-{
-   krb5_gss_ctx_id_rec *ctx;
-   krb5_error_code code;
-   krb5_timestamp now;
-
-   output_message_buffer->length = 0;
-   output_message_buffer->value = NULL;
-
-   /* only default qop is allowed */
-   if (qop_req != GSS_C_QOP_DEFAULT) {
-      *minor_status = (OM_uint32) G_UNKNOWN_QOP;
-      return(GSS_S_FAILURE);
-   }
-
-   /* validate the context handle */
-   if (! kg_validate_ctx_id(context_handle)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_NO_CONTEXT);
-   }
-
-   ctx = (krb5_gss_ctx_id_rec *) context_handle;
-
-   if (! ctx->established) {
-      *minor_status = KG_CTX_INCOMPLETE;
-      return(GSS_S_NO_CONTEXT);
-   }
-
-   if ((code = krb5_timeofday(context, &now))) {
-      *minor_status = code;
-      return(GSS_S_FAILURE);
-   }
-
-   if (ctx->gsskrb5_version == 2000) {
-       if (toktype == KG_TOK_WRAP_MSG) {
-          if (conf_req_flag)
-              toktype = KG2_TOK_WRAP_PRIV;
-          else
-              toktype = KG2_TOK_WRAP_INTEG;
-       } else {
-          toktype = KG2_TOK_MIC;
-       }
-
-       if (conf_req_flag) {
-          code = make_priv_token_v2(context, ctx->subkey, &ctx->seq_send,
-                                    ctx->initiate, input_message_buffer,
-                                    output_message_buffer, ctx->mech_used);
-       } else {
-          code = make_integ_token_v2(context, ctx->subkey, ctx->ctypes[0],
-                                     &ctx->seq_send, ctx->initiate,
-                                     input_message_buffer,
-                                     output_message_buffer, toktype,
-                                     ctx->mech_used);
-       }
-   } else {
-       code = make_seal_token_v1(context, ctx->enc, ctx->seq,
-                                &ctx->seq_send, ctx->initiate,
-                                input_message_buffer, output_message_buffer,
-                                ctx->signalg, ctx->cksum_size, ctx->sealalg,
-                                conf_req_flag, toktype, ctx->big_endian,
-                                ctx->mech_used);
-   }
-
-   if (code) {
-      *minor_status = code;
-      return(GSS_S_FAILURE);
-   }
-
-   if (conf_state)
-      *conf_state = conf_req_flag;
-
-   *minor_status = 0;
-   return((ctx->endtime < now)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
+    *minor_status = 0;
+    return((ctx->endtime < now)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
 }
index 64a95396bf8840eb555edfd7a882b01908f02c38..9e4d35311cf7cb71078cddce83f3c2f374b2072f 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -40,7 +40,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  * $Id$
  */
 
-static OM_uint32
-kg2_verify_mic(context, minor_status, ctx, ptr, bodysize,
-              text, qop_state)
-     krb5_context context;
-     OM_uint32 *minor_status;
-     krb5_gss_ctx_id_rec *ctx;
-     unsigned char *ptr;
-     int bodysize;
-     gss_buffer_t text;
-     gss_qop_t *qop_state;
+/* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
+   conf_state is only valid if SEAL. */
+
+OM_uint32
+kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
+            conf_state, qop_state, toktype)
+    krb5_context context;
+    OM_uint32 *minor_status;
+    krb5_gss_ctx_id_rec *ctx;
+    unsigned char *ptr;
+    int bodysize;
+    gss_buffer_t message_buffer;
+    int *conf_state;
+    int *qop_state;
+    int toktype;
 {
-    size_t cksumlen;
     krb5_error_code code;
-    krb5_data plain;
-    krb5_cksumtype tctype;
-    krb5_ui_4 tseqnum;
-    int tdirection;
+    int tmsglen;
+    int conflen = 0;
+    int signalg;
+    int sealalg;
+    gss_buffer_desc token;
     krb5_checksum cksum;
-    krb5_boolean ckvalid;
+    krb5_checksum md5cksum;
+    krb5_data plaind;
+    char *data_ptr;
     krb5_timestamp now;
+    unsigned char *plain;
+    int cksum_len = 0;
+    int plainlen;
+    int direction;
+    krb5_int32 seqnum;
     OM_uint32 retval;
+    size_t sumlen;
 
-    plain.data = 0;
-    cksum.contents = 0;
-
-    /* verify the header */
-
-    if (bodysize < 11) {
-       free(plain.data);
-       *minor_status = G_TOK_TRUNC;
-       return(GSS_S_DEFECTIVE_TOKEN);
+    if (toktype == KG_TOK_SEAL_MSG) {
+       message_buffer->length = 0;
+       message_buffer->value = NULL;
     }
 
-    /* allocate the checksum buffer */
-
-    plain.length = 7+text->length;
-
-    if ((plain.data = (char *) malloc(plain.length)) == NULL) {
-       *minor_status = ENOMEM;
-       return(GSS_S_FAILURE);
-    }
+    /* get the sign and seal algorithms */
 
-    /* suck out the body parts from the token */
+    signalg = ptr[0] + (ptr[1]<<8);
+    sealalg = ptr[2] + (ptr[3]<<8);
 
-    tctype = (krb5_cksumtype) ((ptr[0]<<24) | (ptr[1]<<16) |
-                              (ptr[2]<<8) | ptr[3]);
-    ptr += 4;
+    /* Sanity checks */
 
-    memcpy(plain.data, ptr, 5);
-    tseqnum = ((ptr[0]<<24) | (ptr[1]<<16) | (ptr[2]<<8) | ptr[3]);
-    ptr += 4;
-    tdirection = ptr[0];
-    ptr += 1;
-
-    cksum.length = (ptr[0]<<8) | ptr[1];
-    ptr += 2;
-    bodysize -= 11;
-
-    if (cksum.length != bodysize) {
-       free(plain.data);
-       *minor_status = G_TOK_TRUNC;
-       return(GSS_S_DEFECTIVE_TOKEN);
+    if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) {
+       *minor_status = 0;
+       return GSS_S_DEFECTIVE_TOKEN;
     }
 
-    cksum.contents = ptr;
-    cksum.checksum_type = tctype;
+    if ((toktype != KG_TOK_SEAL_MSG) &&
+       (sealalg != 0xffff)) {
+       *minor_status = 0;
+       return GSS_S_DEFECTIVE_TOKEN;
+    }
 
-    /* finish assembling the checksum buffer and compute the checksum */
+    /* in the current spec, there is only one valid seal algorithm per
+       key type, so a simple comparison is ok */
 
-    plain.data[5] = (text->length >> 8) & 0xff;
-    plain.data[6] = text->length & 0xff;
+    if ((toktype == KG_TOK_SEAL_MSG) &&
+       !((sealalg == 0xffff) ||
+         (sealalg == ctx->sealalg))) {
+       *minor_status = 0;
+       return GSS_S_DEFECTIVE_TOKEN;
+    }
 
-    memcpy(plain.data+7, text->value, text->length);
+    /* there are several mappings of seal algorithms to sign algorithms,
+       but few enough that we can try them all. */
 
-    if (code = krb5_c_verify_checksum(context, ctx->subkey,
-                                     KRB5_KEYUSAGE_GSS_TOK_MIC,
-                                     &plain, &cksum, &ckvalid)) {
-       free(plain.data);
-       *minor_status = code;
-       return(GSS_S_FAILURE);
+    if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
+       (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
+       (ctx->sealalg == SEAL_ALG_DES3KD &&
+        signalg != SGN_ALG_HMAC_SHA1_DES3_KD)) {
+       *minor_status = 0;
+       return GSS_S_DEFECTIVE_TOKEN;
     }
 
-    if (!ckvalid) {
-       free(plain.data);
+    switch (signalg) {
+    case SGN_ALG_DES_MAC_MD5:
+    case SGN_ALG_MD2_5:
+       cksum_len = 8;
+       break;
+    case SGN_ALG_3:
+       cksum_len = 16;
+       break;
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+       cksum_len = 20;
+       break;
+    default:
        *minor_status = 0;
-       return(GSS_S_BAD_SIG);
+       return GSS_S_DEFECTIVE_TOKEN;
     }
 
-    /* check context expiry */
+    if (toktype == KG_TOK_SEAL_MSG)
+       tmsglen = bodysize-(14+cksum_len);
 
-   if ((code = krb5_timeofday(context, &now))) {
-       free(plain.data);
-       *minor_status = code;
-       return(GSS_S_FAILURE);
-   }
+    /* get the token parameters */
 
-   if (now > ctx->endtime) {
-       free(plain.data);
-       *minor_status = 0;
-       return(GSS_S_CONTEXT_EXPIRED);
-   }
+    /* decode the message, if SEAL */
 
-   /* do sequencing checks */
+    if (toktype == KG_TOK_SEAL_MSG) {
+       if (sealalg != 0xffff) {
+           if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
+               *minor_status = ENOMEM;
+               return(GSS_S_FAILURE);
+           }
 
-   if ((ctx->initiate && tdirection != 0xff) ||
-       (!ctx->initiate && tdirection != 0)) {
-       free(plain.data);
-       *minor_status = G_BAD_DIRECTION;
-       return(GSS_S_BAD_SIG);
-   }
+           if ((code = kg_decrypt(context, ctx->enc, KG_USAGE_SEAL, NULL,
+                                  ptr+14+cksum_len, plain, tmsglen))) {
+               xfree(plain);
+               *minor_status = code;
+               return(GSS_S_FAILURE);
+           }
+       } else {
+           plain = ptr+14+cksum_len;
+       }
 
-   retval = g_order_check(&(ctx->seqstate), tseqnum);
+       plainlen = tmsglen;
 
-   free(plain.data);
+       if ((sealalg == 0xffff) && ctx->big_endian) {
+           token.length = tmsglen;
+       } else {
+           conflen = kg_confounder_size(context, ctx->enc);
+           token.length = tmsglen - conflen - plain[tmsglen-1];
+       }
 
-   if (retval) {
-       *minor_status = 0;
-       return(retval);
-   }
+       if (token.length) {
+           if ((token.value = (void *) xmalloc(token.length)) == NULL) {
+               if (sealalg != 0xffff)
+                   xfree(plain);
+               *minor_status = ENOMEM;
+               return(GSS_S_FAILURE);
+           }
+           memcpy(token.value, plain+conflen, token.length);
+       }
+    } else if (toktype == KG_TOK_SIGN_MSG) {
+       token = *message_buffer;
+       plain = token.value;
+       plainlen = token.length;
+    } else {
+       token.length = 0;
+       token.value = NULL;
+       plain = token.value;
+       plainlen = token.length;
+    }
 
-   if (qop_state)
-       *qop_state = GSS_C_QOP_DEFAULT;
+    /* compute the checksum of the message */
+
+    /* initialize the the cksum */
+    switch (signalg) {
+    case SGN_ALG_DES_MAC_MD5:
+    case SGN_ALG_MD2_5:
+    case SGN_ALG_HMAC_MD5:
+    case SGN_ALG_DES_MAC:
+    case SGN_ALG_3:
+       md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
+       break;
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+       md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+       break;
+    default:
+       abort ();
+    }
 
-   *minor_status = 0;
-   return(GSS_S_COMPLETE);
-}
+    if (code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen))
+       return(code);
+    md5cksum.length = sumlen;
 
-static OM_uint32
-kg2_unwrap_integ(context, minor_status, ctx, ptr, bodysize, output, qop_state)
-     krb5_context context;
-     OM_uint32 *minor_status;
-     krb5_gss_ctx_id_rec *ctx;
-     unsigned char *ptr;
-     int bodysize;
-     gss_buffer_t output;
-     gss_qop_t *qop_state;
-{
-    krb5_error_code code;
-    OM_uint32 retval;
-    krb5_ui_4 tseqnum;
-    int tdirection;
-    int tmsglen;
-    unsigned char *tmsg;
-    krb5_data plain;
-    krb5_checksum tcksum;
-    krb5_boolean ckvalid;
-    krb5_timestamp now;
+    switch (signalg) {
+    case SGN_ALG_DES_MAC_MD5:
+    case SGN_ALG_3:
+       /* compute the checksum of the message */
 
-    output->length = 0;
-    output->value = NULL;
+       /* 8 = bytes of token body to be checksummed according to spec */
 
-    /* read the body parts out of the message */
+       if (! (data_ptr = (void *)
+              xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
+           if (sealalg != 0xffff)
+               xfree(plain);
+           if (toktype == KG_TOK_SEAL_MSG)
+               xfree(token.value);
+           *minor_status = ENOMEM;
+           return(GSS_S_FAILURE);
+       }
 
-    if (bodysize < 11) {
-       *minor_status = G_TOK_TRUNC;
-       return(GSS_S_DEFECTIVE_TOKEN);
-    }
+       (void) memcpy(data_ptr, ptr-2, 8);
 
-    tcksum.checksum_type = (krb5_cksumtype) ((ptr[0]<<24) | (ptr[1]<<16) |
-                                            (ptr[2]<<8) | ptr[3]);
-    ptr += 4;
+       if (ctx->big_endian)
+           (void) memcpy(data_ptr+8, token.value, token.length);
+       else
+           (void) memcpy(data_ptr+8, plain, plainlen);
 
-    plain.data = ptr;
+       plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
+       plaind.data = data_ptr;
+       code = krb5_c_make_checksum(context, md5cksum.checksum_type,
+                                   ctx->seq, KG_USAGE_SIGN,
+                                   &plaind, &md5cksum);
+       xfree(data_ptr);
+
+       if (code) {
+           if (toktype == KG_TOK_SEAL_MSG)
+               xfree(token.value);
+           *minor_status = code;
+           return(GSS_S_FAILURE);
+       }
 
-    tseqnum = ((ptr[0]<<24) | (ptr[1]<<16) | (ptr[2]<<8) | ptr[3]);
-    ptr += 4;
-    tdirection = ptr[0];
-    ptr += 1;
+       if ((code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
+                              (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
+                               ctx->seq->contents : NULL),
+                              md5cksum.contents, md5cksum.contents, 16))) {
+           xfree(md5cksum.contents);
+           if (toktype == KG_TOK_SEAL_MSG)
+               xfree(token.value);
+           *minor_status = code;
+           return GSS_S_FAILURE;
+       }
 
-    tmsglen = (ptr[0]<<8) | ptr[1];
-    ptr += 2;
-    bodysize -= 11;
+       if (signalg == 0)
+           cksum.length = 8;
+       else
+           cksum.length = 16;
+       cksum.contents = md5cksum.contents + 16 - cksum.length;
 
-    if (bodysize < tmsglen) {
-       *minor_status = G_TOK_TRUNC;
-       return(GSS_S_DEFECTIVE_TOKEN);
-    }
+       code = memcmp(cksum.contents, ptr+14, cksum.length);
+       break;
 
-    tmsg = ptr;
-    ptr += tmsglen;
-    bodysize -= tmsglen;
+    case SGN_ALG_MD2_5:
+       if (!ctx->seed_init &&
+           (code = kg_make_seed(context, ctx->subkey, ctx->seed))) {
+           xfree(md5cksum.contents);
+           if (sealalg != 0xffff)
+               xfree(plain);
+           if (toktype == KG_TOK_SEAL_MSG)
+               xfree(token.value);
+           *minor_status = code;
+           return GSS_S_FAILURE;
+       }
 
-    plain.length = ((char*)ptr) - ((char *)plain.data);
+       if (! (data_ptr = (void *)
+              xmalloc(sizeof(ctx->seed) + 8 +
+                      (ctx->big_endian ? token.length : plainlen)))) {
+           xfree(md5cksum.contents);
+           if (sealalg == 0)
+               xfree(plain);
+           if (toktype == KG_TOK_SEAL_MSG)
+               xfree(token.value);
+           *minor_status = ENOMEM;
+           return(GSS_S_FAILURE);
+       }
+       (void) memcpy(data_ptr, ptr-2, 8);
+       (void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed));
+       if (ctx->big_endian)
+           (void) memcpy(data_ptr+8+sizeof(ctx->seed),
+                         token.value, token.length);
+       else
+           (void) memcpy(data_ptr+8+sizeof(ctx->seed),
+                         plain, plainlen);
+       plaind.length = 8 + sizeof(ctx->seed) +
+           (ctx->big_endian ? token.length : plainlen);
+       plaind.data = data_ptr;
+       xfree(md5cksum.contents);
+       code = krb5_c_make_checksum(context, md5cksum.checksum_type,
+                                   ctx->seq, KG_USAGE_SIGN,
+                                   &plaind, &md5cksum);
+       xfree(data_ptr);
+
+       if (code) {
+           if (sealalg == 0)
+               xfree(plain);
+           if (toktype == KG_TOK_SEAL_MSG)
+               xfree(token.value);
+           *minor_status = code;
+           return(GSS_S_FAILURE);
+       }
 
-    tcksum.length = (ptr[0]<<8) | ptr[1];
-    ptr += 2;
-    bodysize -= 2;
+       code = memcmp(md5cksum.contents, ptr+14, 8);
+       /* Falls through to defective-token??  */
 
-    if (bodysize != tcksum.length) {
-       *minor_status = G_TOK_TRUNC;
+    default:
+       *minor_status = 0;
        return(GSS_S_DEFECTIVE_TOKEN);
-    }
-
-    tcksum.contents = ptr;
 
-    /* verify the MIC */
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+       /* compute the checksum of the message */
 
-    if (code = krb5_c_verify_checksum(context, ctx->subkey,
-                                     KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG,
-                                     &plain, &tcksum, &ckvalid)) {
-       *minor_status = code;
-       return(GSS_S_FAILURE);
-    }
+       /* 8 = bytes of token body to be checksummed according to spec */
 
-    if (!ckvalid) {
-       *minor_status = 0;
-       return(GSS_S_BAD_SIG);
-    }
+       if (! (data_ptr = (void *)
+              xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
+           if (sealalg != 0xffff)
+               xfree(plain);
+           if (toktype == KG_TOK_SEAL_MSG)
+               xfree(token.value);
+           *minor_status = ENOMEM;
+           return(GSS_S_FAILURE);
+       }
 
-    /* check context expiry */
-
-   if ((code = krb5_timeofday(context, &now))) {
-       *minor_status = code;
-       return(GSS_S_FAILURE);
-   }
-
-   if (now > ctx->endtime) {
-       *minor_status = 0;
-       return(GSS_S_CONTEXT_EXPIRED);
-   }
-
-   /* do sequencing checks */
-
-   if ((ctx->initiate && tdirection != 0xff) ||
-       (!ctx->initiate && tdirection != 0)) {
-       *minor_status = G_BAD_DIRECTION;
-       return(GSS_S_BAD_SIG);
-   }
-
-   if (retval = g_order_check(&(ctx->seqstate), tseqnum)) {
-       *minor_status = 0;
-       return(retval);
-   }
-
-   if (tmsglen) {
-       if ((output->value = (void *) malloc(tmsglen)) == NULL) {
-          *minor_status = ENOMEM;
-          return(GSS_S_FAILURE);
-       }
-       memcpy(output->value, tmsg, tmsglen);
-       output->length = tmsglen;
-   }
-
-   if (qop_state)
-       *qop_state = GSS_C_QOP_DEFAULT;
-
-   *minor_status = 0;
-   return(GSS_S_COMPLETE);
-}
+       (void) memcpy(data_ptr, ptr-2, 8);
 
-static OM_uint32
-kg2_unwrap_priv(context, minor_status, ctx, ptr, bodysize, output, qop_state)
-     krb5_context context;
-     OM_uint32 *minor_status;
-     krb5_gss_ctx_id_rec *ctx;
-     unsigned char *ptr;
-     int bodysize;
-     gss_buffer_t output;
-     gss_qop_t *qop_state;
-{
-    krb5_error_code code;
-    OM_uint32 retval;
-    krb5_enc_data cipher;
-    krb5_data plain;
-    krb5_ui_4 tseqnum;
-    int tdirection;
-    int tmsglen;
-    unsigned char *tmsg;
-    krb5_timestamp now;
+       if (ctx->big_endian)
+           (void) memcpy(data_ptr+8, token.value, token.length);
+       else
+           (void) memcpy(data_ptr+8, plain, plainlen);
 
-    output->length = 0;
-    output->value = NULL;
+       plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
+       plaind.data = data_ptr;
+       code = krb5_c_make_checksum(context, md5cksum.checksum_type,
+                                   ctx->seq, KG_USAGE_SIGN,
+                                   &plaind, &md5cksum);
+       xfree(data_ptr);
 
-    /* read the body parts out of the message */
+       if (code) {
+           if (toktype == KG_TOK_SEAL_MSG)
+               xfree(token.value);
+           *minor_status = code;
+           return(GSS_S_FAILURE);
+       }
 
-    if (bodysize < 2) {
-       *minor_status = G_TOK_TRUNC;
-       return(GSS_S_DEFECTIVE_TOKEN);
+       code = memcmp(md5cksum.contents, ptr+14, md5cksum.length);
+       break;
     }
 
-    cipher.ciphertext.length = (ptr[0]<<8) | ptr[1];
-    ptr += 2;
-    bodysize -= 2;
+    xfree(md5cksum.contents);
+    if (sealalg != 0xffff)
+       xfree(plain);
 
-    if (bodysize != cipher.ciphertext.length) {
-       *minor_status = G_TOK_TRUNC;
-       return(GSS_S_DEFECTIVE_TOKEN);
-    }
+    /* compare the computed checksum against the transmitted checksum */
 
-    cipher.ciphertext.data = ptr;
-    cipher.enctype = ENCTYPE_UNKNOWN;
-
-    plain.length = cipher.ciphertext.length;
-    if ((plain.data = (char *) malloc(plain.length)) == NULL) {
+    if (code) {
+       if (toktype == KG_TOK_SEAL_MSG)
+           xfree(token.value);
        *minor_status = 0;
-       return(GSS_S_FAILURE);
-    }
-
-    /* decrypt (and implicitly verify) the encrypted data */
-
-    if (code = krb5_c_decrypt(context, ctx->subkey,
-                             KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV,
-                             0, &cipher, &plain)) {
-       free(plain.data);
-       *minor_status = code;
-       return(GSS_S_FAILURE);
+       return(GSS_S_BAD_SIG);
     }
 
-    /* parse out the encrypted fields */
 
-    ptr = plain.data;
-    bodysize = plain.length;
+    /* it got through unscathed.  Make sure the context is unexpired */
 
-    if (bodysize < 7) {
-       free(plain.data);
-       *minor_status = G_TOK_TRUNC;
-       return(GSS_S_DEFECTIVE_TOKEN);
-    }
+    if (toktype == KG_TOK_SEAL_MSG)
+       *message_buffer = token;
 
-    tseqnum = ((ptr[0]<<24) | (ptr[1]<<16) | (ptr[2]<<8) | ptr[3]);
-    ptr += 4;
-    tdirection = ptr[0];
-    ptr += 1;
+    if (conf_state)
+       *conf_state = (sealalg != 0xffff);
 
-    tmsglen = (ptr[0]<<8) | ptr[1];
-    ptr += 2;
-    bodysize -= 7;
-
-    /* check context expiry */
+    if (qop_state)
+       *qop_state = GSS_C_QOP_DEFAULT;
 
     if ((code = krb5_timeofday(context, &now))) {
-       free(plain.data);
        *minor_status = code;
        return(GSS_S_FAILURE);
     }
 
     if (now > ctx->endtime) {
-       free(plain.data);
        *minor_status = 0;
        return(GSS_S_CONTEXT_EXPIRED);
     }
 
     /* do sequencing checks */
 
-    if ((ctx->initiate && tdirection != 0xff) ||
-       (!ctx->initiate && tdirection != 0)) {
-       free(plain.data);
-       *minor_status = G_BAD_DIRECTION;
+    if ((code = kg_get_seq_num(context, ctx->seq, ptr+14, ptr+6, &direction,
+                              &seqnum))) {
+       if (toktype == KG_TOK_SEAL_MSG)
+           xfree(token.value);
+       *minor_status = code;
        return(GSS_S_BAD_SIG);
     }
 
-    if (retval = g_order_check(&(ctx->seqstate), tseqnum)) {
-       free(plain.data);
-       *minor_status = 0;
-       return(retval);
-    }
-
-    /* now copy out the data.  can't do a strict equality check here,
-       since the output could be padded.  */
-
-    if (bodysize < tmsglen) {
-       free(plain.data);
-       *minor_status = G_TOK_TRUNC;
-       return(GSS_S_DEFECTIVE_TOKEN);
-    }
-
-    tmsg = ptr;
-
-    if (tmsglen) {
-        if ((output->value = (void *) malloc(tmsglen)) == NULL) {
-           free(plain.data);
-           *minor_status = ENOMEM;
-            return(GSS_S_FAILURE);
-       }
-       memcpy(output->value, tmsg, tmsglen);
-       output->length = tmsglen;
+    if ((ctx->initiate && direction != 0xff) ||
+       (!ctx->initiate && direction != 0)) {
+       if (toktype == KG_TOK_SEAL_MSG)
+           xfree(token.value);
+       *minor_status = G_BAD_DIRECTION;
+       return(GSS_S_BAD_SIG);
     }
 
-    if (qop_state)
-       *qop_state = GSS_C_QOP_DEFAULT;
+    retval = g_order_check(&(ctx->seqstate), seqnum);
 
-    free(plain.data);
+    /* success or ordering violation */
 
     *minor_status = 0;
-    return(GSS_S_COMPLETE);
+    return(retval);
 }
 
 /* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
    conf_state is only valid if SEAL. */
 
 OM_uint32
-kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
-            conf_state, qop_state, toktype)
-     krb5_context context;
-     OM_uint32 *minor_status;
-     krb5_gss_ctx_id_rec *ctx;
-     unsigned char *ptr;
-     int bodysize;
-     gss_buffer_t message_buffer;
-     int *conf_state;
-     int *qop_state;
-     int toktype;
+kg_unseal(context, minor_status, context_handle, input_token_buffer,
+         message_buffer, conf_state, qop_state, toktype)
+    krb5_context context;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_buffer_t input_token_buffer;
+    gss_buffer_t message_buffer;
+    int *conf_state;
+    int *qop_state;
+    int toktype;
 {
-   krb5_error_code code;
-   int tmsglen;
-   int conflen = 0;
-   int signalg;
-   int sealalg;
-   gss_buffer_desc token;
-   krb5_checksum cksum;
-   krb5_checksum desmac;
-   krb5_checksum md5cksum;
-   krb5_data plaind;
-   char *data_ptr;
-   krb5_timestamp now;
-   unsigned char *plain;
-   int cksum_len = 0;
-   int plainlen;
-   int err;
-   int direction;
-   krb5_int32 seqnum;
-   OM_uint32 retval;
-   size_t sumlen;
-
-   if (toktype == KG_TOK_SEAL_MSG) {
-      message_buffer->length = 0;
-      message_buffer->value = NULL;
-   }
-
-   /* get the sign and seal algorithms */
-
-   signalg = ptr[0] + (ptr[1]<<8);
-   sealalg = ptr[2] + (ptr[3]<<8);
-
-   /* Sanity checks */
-
-   if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
-   }
-
-   if ((toktype != KG_TOK_SEAL_MSG) &&
-       (sealalg != 0xffff)) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
-   }
-
-   /* in the current spec, there is only one valid seal algorithm per
-      key type, so a simple comparison is ok */
-
-   if ((toktype == KG_TOK_SEAL_MSG) &&
-       !((sealalg == 0xffff) ||
-        (sealalg == ctx->sealalg))) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
-   }
-
-   /* there are several mappings of seal algorithms to sign algorithms,
-      but few enough that we can try them all. */
-
-   if (((ctx->sealalg == 0) &&
-       (signalg > 1)) ||
-       ((ctx->sealalg == 1) &&
-       (signalg != 3))) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
-   }
-
-   switch (signalg) {
-   case 0:
-   case 1:
-      cksum_len = 8;
-      break;
-   case 3:
-      cksum_len = 16;
-      break;
-   }
-
-   if (toktype == KG_TOK_SEAL_MSG)
-       tmsglen = bodysize-(14+cksum_len);
-
-   /* get the token parameters */
-
-   /* decode the message, if SEAL */
-
-   if (toktype == KG_TOK_SEAL_MSG) {
-      if (sealalg != 0xffff) {
-        if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
-           *minor_status = ENOMEM;
-           return(GSS_S_FAILURE);
-        }
+    krb5_gss_ctx_id_rec *ctx;
+    unsigned char *ptr;
+    int bodysize;
+    int err;
+
+    /* validate the context handle */
+    if (! kg_validate_ctx_id(context_handle)) {
+       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+       return(GSS_S_NO_CONTEXT);
+    }
 
-        if ((code = kg_decrypt(context, ctx->enc, NULL,
-                               ptr+14+cksum_len, plain, tmsglen))) {
-           xfree(plain);
-           *minor_status = code;
-           return(GSS_S_FAILURE);
-        }
-      } else {
-        plain = ptr+14+cksum_len;
-      }
-
-      plainlen = tmsglen;
-
-      if ((sealalg == 0xffff) && ctx->big_endian) {
-        token.length = tmsglen;
-      } else {
-        conflen = kg_confounder_size(context, ctx->enc);
-        token.length = tmsglen - conflen - plain[tmsglen-1];
-      }
-
-      if (token.length) {
-        if ((token.value = (void *) xmalloc(token.length)) == NULL) {
-           if (sealalg != 0xffff)
-              xfree(plain);
-           *minor_status = ENOMEM;
-           return(GSS_S_FAILURE);
-        }
-        memcpy(token.value, plain+conflen, token.length);
-      }
-   } else if (toktype == KG_TOK_SIGN_MSG) {
-      token = *message_buffer;
-      plain = token.value;
-      plainlen = token.length;
-   } else {
-      token.length = 0;
-      token.value = NULL;
-      plain = token.value;
-      plainlen = token.length;
-   }
-
-   /* compute the checksum of the message */
-
-   /* initialize the the cksum */
-   if (code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &sumlen))
-       return(code);
-
-   md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
-   md5cksum.length = sumlen;
-
-   switch (signalg) {
-   case 0:
-   case 3:
-      /* compute the checksum of the message */
-
-      /* 8 = bytes of token body to be checksummed according to spec */
-
-      if (! (data_ptr = (void *)
-            xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
-         if (sealalg != 0xffff)
-             xfree(plain);
-         if (toktype == KG_TOK_SEAL_MSG)
-             xfree(token.value);
-         *minor_status = ENOMEM;
-         return(GSS_S_FAILURE);
-      }
-
-      (void) memcpy(data_ptr, ptr-2, 8);
-
-      if (ctx->big_endian)
-         (void) memcpy(data_ptr+8, token.value, token.length);
-      else
-         (void) memcpy(data_ptr+8, plain, plainlen);
-
-      plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
-      plaind.data = data_ptr;
-      code = krb5_c_make_checksum(context, md5cksum.checksum_type, 0, 0,
-                                 &plaind, &md5cksum);
-      xfree(data_ptr);
-
-      if (code) {
-         if (toktype == KG_TOK_SEAL_MSG)
-             xfree(token.value);
-         *minor_status = code;
-         return(GSS_S_FAILURE);
-      }
-
-#if 0
-      /* XXX this depends on the key being a single-des key, but that's
-        all that kerberos supports right now */
-
-      /* initialize the the cksum and allocate the contents buffer */
-      cksum.checksum_type = CKSUMTYPE_DESCBC;
-      cksum.length = krb5_checksum_size(context, CKSUMTYPE_DESCBC);
-      if ((cksum.contents = (krb5_octet *) xmalloc(cksum.length)) == NULL) {
-         xfree(md5cksum.contents);
-         if (toktype == KG_TOK_SEAL_MSG)
-             xfree(token.value);
-         *minor_status = ENOMEM;
-         return(GSS_S_FAILURE);
-      }
-
-      /* XXX not converted to new api since it's inside an #if 0 */
-      if (code = krb5_calculate_checksum(context, cksum.checksum_type,
-                                        md5cksum.contents, 16,
-                                        ctx->seq.key->contents, 
-                                        ctx->seq.key->length,
-                                        &cksum)) {
-        xfree(cksum.contents);
-        xfree(md5cksum.contents);
-        if (toktype == KG_TOK_SEAL_MSG)
-           xfree(token.value);
-        *minor_status = code;
-        return(GSS_S_FAILURE);
-      }
-
-      code = memcmp(cksum.contents, ptr+14, cksum.length);
-
-      xfree(cksum.contents);
-#else
-      if ((code = kg_encrypt(context, ctx->seq,
-                            (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
-                             ctx->seq->contents : NULL),
-                            md5cksum.contents, md5cksum.contents, 16))) {
-        xfree(md5cksum.contents);
-        if (toktype == KG_TOK_SEAL_MSG)
-           xfree(token.value);
-        *minor_status = code;
-        return GSS_S_FAILURE;
-      }
-
-      if (signalg == 0)
-        cksum.length = 8;
-      else
-        cksum.length = 16;
-      cksum.contents = md5cksum.contents + 16 - cksum.length;
-
-      code = memcmp(cksum.contents, ptr+14, cksum.length);
-#endif
-      break;
-
-   case 1:
-       if (!ctx->seed_init &&
-          (code = kg_make_seed(context, ctx->subkey, ctx->seed))) {
-          xfree(md5cksum.contents);
-          if (sealalg != 0xffff)
-              xfree(plain);
-          if (toktype == KG_TOK_SEAL_MSG)
-              xfree(token.value);
-          *minor_status = code;
-          return GSS_S_FAILURE;
-       }
-
-      if (! (data_ptr = (void *)
-            xmalloc(sizeof(ctx->seed) + 8 +
-                    (ctx->big_endian ? token.length : plainlen)))) {
-         xfree(md5cksum.contents);
-         if (sealalg == 0)
-             xfree(plain);
-         if (toktype == KG_TOK_SEAL_MSG)
-             xfree(token.value);
-         *minor_status = ENOMEM;
-         return(GSS_S_FAILURE);
-      }
-      (void) memcpy(data_ptr, ptr-2, 8);
-      (void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed));
-      if (ctx->big_endian)
-         (void) memcpy(data_ptr+8+sizeof(ctx->seed),
-                       token.value, token.length);
-      else
-         (void) memcpy(data_ptr+8+sizeof(ctx->seed),
-                       plain, plainlen);
-      plaind.length = 8 + sizeof(ctx->seed) +
-         (ctx->big_endian ? token.length : plainlen);
-      plaind.data = data_ptr;
-      xfree(md5cksum.contents);
-      code = krb5_c_make_checksum(context, md5cksum.checksum_type, 0, 0,
-                                 &plaind, &md5cksum);
-      xfree(data_ptr);
-
-      if (code) {
-         if (sealalg == 0)
-             xfree(plain);
-         if (toktype == KG_TOK_SEAL_MSG)
-             xfree(token.value);
-         *minor_status = code;
-         return(GSS_S_FAILURE);
-      }
-
-      code = memcmp(md5cksum.contents, ptr+14, 8);
-
-   default:
-      *minor_status = 0;
-      return(GSS_S_DEFECTIVE_TOKEN);
-   }
-
-   xfree(md5cksum.contents);
-   if (sealalg != 0xffff)
-      xfree(plain);
-
-   /* compare the computed checksum against the transmitted checksum */
-
-   if (code) {
-      if (toktype == KG_TOK_SEAL_MSG)
-        xfree(token.value);
-      *minor_status = 0;
-      return(GSS_S_BAD_SIG);
-   }
-      
-
-   /* it got through unscathed.  Make sure the context is unexpired */
-
-   if (toktype == KG_TOK_SEAL_MSG)
-      *message_buffer = token;
-
-   if (conf_state)
-      *conf_state = (sealalg != 0xffff);
-
-   if (qop_state)
-      *qop_state = GSS_C_QOP_DEFAULT;
-
-   if ((code = krb5_timeofday(context, &now))) {
-      *minor_status = code;
-      return(GSS_S_FAILURE);
-   }
-
-   if (now > ctx->endtime) {
-      *minor_status = 0;
-      return(GSS_S_CONTEXT_EXPIRED);
-   }
-
-   /* do sequencing checks */
-
-   if ((code = kg_get_seq_num(context, ctx->seq, ptr+14, ptr+6, &direction,
-                             &seqnum))) {
-      if (toktype == KG_TOK_SEAL_MSG)
-        xfree(token.value);
-      *minor_status = code;
-      return(GSS_S_BAD_SIG);
-   }
-
-   if ((ctx->initiate && direction != 0xff) ||
-       (!ctx->initiate && direction != 0)) {
-      if (toktype == KG_TOK_SEAL_MSG)
-        xfree(token.value);
-      *minor_status = G_BAD_DIRECTION;
-      return(GSS_S_BAD_SIG);
-   }
-
-   retval = g_order_check(&(ctx->seqstate), seqnum);
-   
-   /* success or ordering violation */
-
-   *minor_status = 0;
-   return(retval);
-}
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-/* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
-   conf_state is only valid if SEAL. */
+    if (! ctx->established) {
+       *minor_status = KG_CTX_INCOMPLETE;
+       return(GSS_S_NO_CONTEXT);
+    }
 
-OM_uint32
-kg_unseal(context, minor_status, context_handle, input_token_buffer,
-         message_buffer, conf_state, qop_state, toktype)
-     krb5_context context;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     gss_buffer_t input_token_buffer;
-     gss_buffer_t message_buffer;
-     int *conf_state;
-     int *qop_state;
-     int toktype;
-{
-   krb5_gss_ctx_id_rec *ctx;
-   unsigned char *ptr;
-   int bodysize;
-   int err;
-   OM_uint32 retval;
-
-   /* validate the context handle */
-   if (! kg_validate_ctx_id(context_handle)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_NO_CONTEXT);
-   }
-
-   ctx = (krb5_gss_ctx_id_rec *) context_handle;
-
-   if (! ctx->established) {
-      *minor_status = KG_CTX_INCOMPLETE;
-      return(GSS_S_NO_CONTEXT);
-   }
-
-   /* parse the token, leave the data in message_buffer, setting conf_state */
-
-   /* verify the header */
-
-   ptr = (unsigned char *) input_token_buffer->value;
-
-   if (ctx->gsskrb5_version == 2000) {
-       if (!(err = g_verify_token_header((gss_OID) ctx->mech_used,
-                                        &bodysize, &ptr, KG2_TOK_MIC,
-                                        input_token_buffer->length))) {
-          return(kg2_verify_mic(context, minor_status, ctx, ptr, bodysize,
-                                message_buffer, qop_state));
-       } else if (!(err = g_verify_token_header((gss_OID) ctx->mech_used,
-                                               &bodysize, &ptr,
-                                               KG2_TOK_WRAP_INTEG,
-                                               input_token_buffer->length))) {
-          if (GSS_ERROR(retval = kg2_unwrap_integ(context, minor_status,
-                                                  ctx, ptr, bodysize,
-                                                  message_buffer, qop_state)))
-              return(retval);
-
-          if (conf_state)
-              *conf_state = 0;
-          return(GSS_S_COMPLETE);
-       } else if (!(err = g_verify_token_header((gss_OID) ctx->mech_used,
-                                               &bodysize, &ptr,
-                                               KG2_TOK_WRAP_PRIV,
-                                               input_token_buffer->length))) {
-          if (GSS_ERROR(retval = kg2_unwrap_priv(context, minor_status,
-                                                 ctx, ptr, bodysize,
-                                                 message_buffer, qop_state)))
-              return(retval);
-
-          if (conf_state)
-              *conf_state = 1;
-          return(GSS_S_COMPLETE);
-       }
-   } else {
-       if (!(err = g_verify_token_header((gss_OID) ctx->mech_used,
-                                        &bodysize, &ptr, toktype,
-                                        input_token_buffer->length))) {
-          return(kg_unseal_v1(context, minor_status, ctx, ptr, bodysize,
-                              message_buffer, conf_state, qop_state,
-                              toktype));
-       }
-   }
-
-   *minor_status = err;
-   return(GSS_S_DEFECTIVE_TOKEN);
+    /* parse the token, leave the data in message_buffer, setting conf_state */
+
+    /* verify the header */
+
+    ptr = (unsigned char *) input_token_buffer->value;
+
+    if (!(err = g_verify_token_header((gss_OID) ctx->mech_used,
+                                     &bodysize, &ptr, toktype,
+                                     input_token_buffer->length))) {
+       return(kg_unseal_v1(context, minor_status, ctx, ptr, bodysize,
+                           message_buffer, conf_state, qop_state,
+                           toktype));
+    }
+
+    *minor_status = err;
+    return(GSS_S_DEFECTIVE_TOKEN);
 }
index 2a6231ee79f5ad6623e69c9a290f417fdc36efda..1989a7d558c76f8ca41153a16aa176467f06925a 100644 (file)
@@ -233,7 +233,6 @@ kg_ctx_size(kcontext, arg, sizep)
      * krb5_int32      for seq_recv.
      * krb5_int32      for established.
      * krb5_int32      for big_endian.
-     * krb5_int32      for gsskrb5_version.
      * krb5_int32      for nctypes.
      * krb5_int32      for trailer.
      */
@@ -349,8 +348,6 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
                                       &bp, &remain);
            (void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian,
                                       &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->gsskrb5_version,
-                                      &bp, &remain);
            (void) krb5_ser_pack_int32((krb5_int32) ctx->nctypes,
                                       &bp, &remain);
 
@@ -477,8 +474,6 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
            ctx->big_endian = (int) ibuf;
            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->gsskrb5_version = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
            ctx->nctypes = (int) ibuf;
 
            if ((kret = kg_oid_internalize(kcontext, &ctx->mech_used, &bp,
index 10e6b657fd12897e846f197fe883ab21b1cc3f98..47ffc5bcc5f1592de94d51609d0a6125f73aed52 100644 (file)
@@ -27,6 +27,7 @@
 #include "gssapiP_krb5.h"
 #include <memory.h>
 
+/* Checksumming the channel bindings always uses plain MD5.  */
 krb5_error_code
 kg_checksum_channel_bindings(context, cb, cksum, bigend)
      krb5_context context;
index 93d46946c1afb74c8e03a55b88b32bd3fd46b610..049e4d6bdc131de5382848fb6c6f1884c41040a5 100644 (file)
@@ -54,8 +54,6 @@
  * $Id$
  */
 
-static unsigned char zeros[8] = {0,0,0,0,0,0,0,0};
-
 int
 kg_confounder_size(context, key)
      krb5_context context;
@@ -105,9 +103,10 @@ kg_encrypt_size(context, key, n)
 }
 
 krb5_error_code
-kg_encrypt(context, key, iv, in, out, length)
+kg_encrypt(context, key, usage, iv, in, out, length)
      krb5_context context;
      krb5_keyblock *key;
+     int usage;
      krb5_pointer iv;
      krb5_pointer in;
      krb5_pointer out;
@@ -123,7 +122,10 @@ kg_encrypt(context, key, iv, in, out, length)
           return(code);
 
        ivd.length = blocksize;
-       ivd.data = iv;
+       ivd.data = malloc(ivd.length);
+       if (ivd.data == NULL)
+          return ENOMEM;
+       memcpy(ivd.data, iv, ivd.length);
        pivd = &ivd;
    } else {
        pivd = NULL;
@@ -135,18 +137,19 @@ kg_encrypt(context, key, iv, in, out, length)
    outputd.ciphertext.length = length;
    outputd.ciphertext.data = out;
 
-   return(krb5_c_encrypt(context, key,
-                        /* XXX this routine is only used for the old
-                           bare-des stuff which doesn't use the
-                           key usage */ 0, pivd, &inputd, &outputd));
+   code = krb5_c_encrypt(context, key, usage, pivd, &inputd, &outputd);
+   if (pivd != NULL)
+       krb5_free_data_contents(context, pivd);
+   return code;
 }
 
 /* length is the length of the cleartext. */
 
 krb5_error_code
-kg_decrypt(context, key, iv, in, out, length)
+kg_decrypt(context, key, usage, iv, in, out, length)
      krb5_context context;
      krb5_keyblock *key;
+     int usage;
      krb5_pointer iv;
      krb5_pointer in;
      krb5_pointer out;
@@ -162,7 +165,10 @@ kg_decrypt(context, key, iv, in, out, length)
           return(code);
 
        ivd.length = blocksize;
-       ivd.data = iv;
+       ivd.data = malloc(ivd.length);
+       if (ivd.data == NULL)
+          return ENOMEM;
+       memcpy(ivd.data, iv, ivd.length);
        pivd = &ivd;
    } else {
        pivd = NULL;
@@ -175,8 +181,8 @@ kg_decrypt(context, key, iv, in, out, length)
    outputd.length = length;
    outputd.data = out;
 
-   return(krb5_c_decrypt(context, key,
-                        /* XXX this routine is only used for the old
-                           bare-des stuff which doesn't use the
-                           key usage */ 0, pivd, &inputd, &outputd));
+   code = krb5_c_decrypt(context, key, usage, pivd, &inputd, &outputd);
+   if (pivd != NULL)
+       krb5_free_data_contents(context, pivd);
+   return code;
 }
index 206ee68a7b91f008fb75099f4e22f003e0b77ee7..b4a90443be4aefcc3700a6f2a40df0eb90ad84fb 100644 (file)
@@ -47,7 +47,7 @@ kg_make_seed(context, key, seed)
    for (i=0; i<tmpkey->length; i++)
       tmpkey->contents[i] = key->contents[key->length - 1 - i];
 
-   code = kg_encrypt(context, tmpkey, NULL, zeros, seed, 16);
+   code = kg_encrypt(context, tmpkey, KG_USAGE_SEAL, NULL, zeros, seed, 16);
 
    krb5_free_keyblock(context, tmpkey);
 
index e14b2f3fec89a29b14b33d943618f561f2a2fe64..b8f2b389a916343f334c4e0f37eac553cadd7b63 100644 (file)
@@ -47,7 +47,7 @@ kg_make_seq_num(context, key, direction, seqnum, cksum, buf)
    plain[6] = direction;
    plain[7] = direction;
 
-   return(kg_encrypt(context, key, cksum, plain, buf, 8));
+   return(kg_encrypt(context, key, KG_USAGE_SEQ, cksum, plain, buf, 8));
 }
 
 krb5_error_code kg_get_seq_num(context, key, cksum, buf, direction, seqnum)
@@ -61,7 +61,7 @@ krb5_error_code kg_get_seq_num(context, key, cksum, buf, direction, seqnum)
    krb5_error_code code;
    unsigned char plain[8];
 
-   if (code = kg_decrypt(context, key, cksum, buf, plain, 8))
+   if (code = kg_decrypt(context, key, KG_USAGE_SEQ, cksum, buf, plain, 8))
       return(code);
 
    if ((plain[4] != plain[5]) ||
index f7fee73cdf7237a5b2f3f017daf1294af9f34a0a..55d4bce4d779928622b18f7bd63fc1b60ad0dd22 100644 (file)
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2000 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  * 
@@ -66,6 +90,9 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
     krb5_context       context;
     krb5_gss_ctx_id_rec        *ctx;
     krb5_error_code code;
+    OM_uint32          data_size, conflen;
+    OM_uint32          ohlen;
+    int                        overhead;
 
     if (GSS_ERROR(kg_get_context(minor_status, &context)))
        return(GSS_S_FAILURE);
@@ -88,92 +115,23 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
        return(GSS_S_NO_CONTEXT);
     }
 
-    if (ctx->gsskrb5_version == 2000) {
-       if (conf_req_flag) {
-           /* this is pretty gross.  take the max output, and call
-              krb5_c_encrypt_length to see how much overhead is added
-              on.  subtract that much, and see if it fits in the
-              requested space.  If not, start subtracting 1 until it
-              does.  This doesn't necessarily give us the optimal
-              packing, but I think that's ok (I could start adding 1
-              until I went over, but that seems like it's not worth
-              the effort).  This is probably O(blocksize), but that's
-              never going to be large. */
-
-           OM_uint32 headerlen, plainlen;
-           size_t enclen;
-
-           headerlen = g_token_size((gss_OID) ctx->mech_used, 2);
-           plainlen = req_output_size - headerlen;
-
-           if (code = krb5_c_encrypt_length(context, ctx->enc->enctype,
-                                            plainlen, &enclen)) {
-               *minor_status = code;
-               return(GSS_S_FAILURE);
-           }
-
-           plainlen -= plainlen - (enclen - plainlen);
-
-           if (code = krb5_c_encrypt_length(context, ctx->enc->enctype,
-                                            plainlen, &enclen)) {
-               *minor_status = code;
-               return(GSS_S_FAILURE);
-           }
-
-           while (headerlen + enclen > req_output_size) {
-               plainlen--;
-
-               if (code = krb5_c_encrypt_length(context, ctx->enc->enctype,
-                                                plainlen, &enclen)) {
-                   *minor_status = code;
-                   return(GSS_S_FAILURE);
-               }
-           }
-
-           /* subtract off the fixed size inside the encrypted part */
-
-           plainlen -= 7;
-
-           *max_input_size = plainlen;
-       } else {
-           size_t cksumlen;
-           OM_uint32 headerlen;
-
-           if (code = krb5_c_checksum_length(context, ctx->ctypes[0],
-                                             &cksumlen)) {
-               *minor_status = code;
-               return(GSS_S_FAILURE);
-           }
-
-           headerlen = g_token_size((gss_OID) ctx->mech_used, 13 + cksumlen);
-
-           *max_input_size = req_output_size - headerlen;
-       }
-    } else {
-       OM_uint32               data_size, conflen;
-       OM_uint32               ohlen;
-       int                     overhead;
-
-       /* Calculate the token size and subtract that from the output size */
-       overhead = 7 + ctx->mech_used->length;
-       data_size = req_output_size;
-       if (conf_req_flag) {
-               conflen = kg_confounder_size(context, ctx->enc);
-               data_size = (conflen + data_size + 8) & (~7);
-       }
-       ohlen = g_token_size((gss_OID) ctx->mech_used,
-                            (unsigned int) (data_size + ctx->cksum_size + 14))
-               - req_output_size;
-
-       if (ohlen+overhead < req_output_size)
-           /*
-            * Cannot have trailer length that will cause us to pad over
-            * our length
-            */
-           *max_input_size = (req_output_size - ohlen - overhead) & (~7);
-       else
-           *max_input_size = 0;
-    }
+    /* Calculate the token size and subtract that from the output size */
+    overhead = 7 + ctx->mech_used->length;
+    data_size = req_output_size;
+    conflen = kg_confounder_size(context, ctx->enc);
+    data_size = (conflen + data_size + 8) & (~(OM_uint32)7);
+    ohlen = g_token_size((gss_OID) ctx->mech_used,
+                        (unsigned int) (data_size + ctx->cksum_size + 14))
+      - req_output_size;
+
+    if (ohlen+overhead < req_output_size)
+      /*
+       * Cannot have trailer length that will cause us to pad over our
+       * length.
+       */
+      *max_input_size = (req_output_size - ohlen - overhead) & (~(OM_uint32)7);
+    else
+      *max_input_size = 0;
 
     *minor_status = 0;
     return(GSS_S_COMPLETE);
index 8706ec072af80a1f8d47842ea4f8271b79f976c9..cb83f1184443ffe2b942613d8b525353bf24bb99 100644 (file)
@@ -1,3 +1,27 @@
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * alt_prof.c (kadm5_get_config_params): Include des3 in supported
+       enctypes by default.
+
+2000-05-19  Ken Raeburn  <raeburn@mit.edu>
+
+       * ovsec_glue.c (ovsec_kadm_chpass_principal_util): Use 1024 for
+       hard-coded length, to match existing callers.
+
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * admin.h: Add a length parameter to kadm5_chpass_principal_util().
+       * admin_internal.h: Add a length parameter to
+       _kadm5_chpass_principal_util().
+       * chpass_util.c (_kadm5_chpass_principal_util): Add a length parameter,
+       and use it to avoid overflowing "msg_ret".
+       * ovsec_glue.c (ovsec_kadm_chpass_principal_util): Adjust for new
+       parameter in kadm5_chpass_principal_util().
+
+2000-05-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * logger.c (klog_com_err_proc): Don't overflow buffer "outbuf".
+
 2000-02-26  Tom Yu  <tlyu@mit.edu>
 
        * kadm_rpc_xdr.c (xdr_cprinc3_arg): Don't XDR the nonexistent
index 159c7fb58a242aa38ee4937b988442feb096dc6d..2164e1e16c8dcdc4595c0a41d59e8cf35db8a851 100644 (file)
@@ -411,7 +411,8 @@ kadm5_ret_t    kadm5_chpass_principal_util(void *server_handle,
                                           krb5_principal princ,
                                           char *new_pw, 
                                           char **ret_pw,
-                                          char *msg_ret);
+                                          char *msg_ret,
+                                          int msg_len);
 
 kadm5_ret_t    kadm5_free_principal_ent(void *server_handle,
                                        kadm5_principal_ent_t
index d2d1533bc287d09d9be4e4e862181834ad4868b7..97cb5e52e22564b11c03c2e6d1712e4d9d63ca42 100644 (file)
@@ -62,7 +62,8 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
                                         krb5_principal princ,
                                         char *new_pw, 
                                         char **ret_pw,
-                                        char *msg_ret);
+                                        char *msg_ret,
+                                        int msg_len);
 
 /* this is needed by the alt_prof code I stole.  The functions
    maybe shouldn't be named krb5_*, but they are. */
index 5582df090522b6e793b8fb2151644d9df18dc814..4d1e7692092e2113efcd0a3c2a3d13d1425d32b4 100644 (file)
@@ -644,8 +644,8 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv,
         if (aprofile)
              krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
         if (svalue == NULL)
-             svalue = strdup("des-cbc-crc:normal");
-        
+             svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");
+
         params.keysalts = NULL;
         params.num_keysalts = 0;
         krb5_string_to_keysalts(svalue,
index dbf610ce302f1daaf67d12d1cac712fc25b07c77..ec97a0e4d7fc77784c77b4803cdfafc1a7a89ac1 100644 (file)
@@ -61,7 +61,8 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
                                         krb5_principal princ,
                                         char *new_pw, 
                                         char **ret_pw,
-                                        char *msg_ret)
+                                        char *msg_ret,
+                                        int msg_len)
 {
   int code, code2, pwsize;
   static char buffer[255];
@@ -94,12 +95,18 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
       memset(buffer, 0, sizeof(buffer));
 #endif      
       if (code == KRB5_LIBOS_BADPWDMATCH) {
-       strcpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH));
+       strncpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH),
+               msg_len - 1);
+       msg_ret[msg_len - 1] = '\0';
        return(code);
       } else {
-       sprintf(msg_ret, "%s %s\n%s\n", error_message(code), 
-               string_text(CHPASS_UTIL_WHILE_READING_PASSWORD),
-               string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
+        strncpy(msg_ret, error_message(code), msg_len - 1);
+        strncat(msg_ret, " ", msg_len - 1);
+        strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_READING_PASSWORD),
+               msg_len - 1);
+        strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+               msg_len - 1);
+       msg_ret[msg_len - 1] = '\0';
        return(code);
       }
     }
@@ -107,7 +114,8 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
 #ifdef ZEROPASSWD    
       memset(buffer, 0, sizeof(buffer));
 #endif      
-      strcpy(msg_ret, string_text(CHPASS_UTIL_NO_PASSWORD_READ));
+      strncpy(msg_ret, string_text(CHPASS_UTIL_NO_PASSWORD_READ), msg_len - 1);
+      msg_ret[msg_len - 1] = '\0';
       return(KRB5_LIBOS_CANTREADPWD); /* could do better */
     }
   }
@@ -123,7 +131,8 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
 #endif    
 
   if (code == KADM5_OK) {
-    strcpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_CHANGED));
+    strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_CHANGED), msg_len - 1);
+    msg_ret[msg_len - 1] = '\0';
     return(0);
   }
 
@@ -141,12 +150,15 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
   /* Ok, we have a password quality error. Return a good message */
 
   if (code == KADM5_PASS_REUSE) {
-    strcpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_REUSE));
+    strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_REUSE), msg_len - 1);
+    msg_ret[msg_len - 1] = '\0';
     return(code);
   }
 
   if (code == KADM5_PASS_Q_DICT) {
-    strcpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_IN_DICTIONARY));
+    strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_IN_DICTIONARY),
+           msg_len - 1);
+    msg_ret[msg_len - 1] = '\0';
     return(code);
   }
   
@@ -155,18 +167,32 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
   code2 = kadm5_get_principal (lhandle, princ, &princ_ent,
                               KADM5_PRINCIPAL_NORMAL_MASK);
   if (code2 != 0) {
-    sprintf(msg_ret, "%s %s\n%s %s\n\n%s\n ", error_message(code2), 
-           string_text(CHPASS_UTIL_GET_PRINC_INFO),
-           error_message(code),
-           string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
-           string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
+    strncpy(msg_ret, error_message(code2), msg_len - 1);
+    strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret));
+    strncat(msg_ret, string_text(CHPASS_UTIL_GET_PRINC_INFO), msg_len - 1 - strlen(msg_ret));
+    strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret));
+    strncat(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret));
+    strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret));
+    strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
+           msg_len - 1 - strlen(msg_ret));
+    strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret));
+    strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+           msg_len - 1 - strlen(msg_ret));
+    strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret));
+    msg_ret[msg_len - 1] = '\0';
     return(code);
   }
   
   if ((princ_ent.aux_attributes & KADM5_POLICY) == 0) {
-    sprintf(msg_ret, "%s %s\n\n%s", error_message(code), 
-           string_text(CHPASS_UTIL_NO_POLICY_YET_Q_ERROR),
-           string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
+    strncpy(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret));
+    strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret));
+    strncpy(msg_ret, string_text(CHPASS_UTIL_NO_POLICY_YET_Q_ERROR),
+           msg_len - 1 - strlen(msg_ret));
+    strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret));
+    strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+           msg_len - 1 - strlen(msg_ret));
+    msg_ret[msg_len - 1] = '\0';
+
     (void) kadm5_free_principal_ent(lhandle, &princ_ent);
     return(code);
   }
index 79dc124d04055a17114a38a700f53e0528e8fa52..931bc993fdfac622b7e64bab8b7ec1e94d5057c3 100644 (file)
@@ -1,3 +1,19 @@
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * clnt_chpass_util.c (kadm5_chpass_principal_util): Adjust for new
+       length parameter in both kadm5_chpass_principal_util() and in
+       _kadm5_chpass_principal_util().
+
+2000-05-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * client_init.c (enctypes): Add des3 and des-md5 to the list of
+       permitted enctypes.
+
+2000-05-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * client_init.c (_kadm5_init_any): Fix determination of client
+       name length for overflow checking.
+
 2000-02-26  Tom Yu  <tlyu@mit.edu>
 
        * client_principal.c (kadm5_create_principal_3): Remove keepold
index a3d261306c8e27e81517ac57c93e8db8dce80a45..b3832bb5928fe431be76d4afa3a314a54cd11c07 100644 (file)
@@ -134,6 +134,8 @@ static int preauth_search_list[] = {
 };
 
 static krb5_enctype enctypes[] = {
+    ENCTYPE_DES3_CBC_SHA1,
+    ENCTYPE_DES_CBC_MD5,
     ENCTYPE_DES_CBC_CRC,
     0,
 };
@@ -282,9 +284,15 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
          goto error;
 
      if (realm) {
+          if(strlen(service_name) + strlen(realm) + 1 >= sizeof(full_service_name)) {
+             goto error;
+         }
          sprintf(full_service_name, "%s@%s", service_name, realm);
      } else {
          /* krb5_princ_realm(creds.client) is not null terminated */
+          if(strlen(service_name) + krb5_princ_realm(handle->context, creds.client)->length + 1 >= sizeof(full_service_name)) {
+             goto error;
+         }
          strcpy(full_service_name, service_name);
          strcat(full_service_name, "@");
          strncat(full_service_name, krb5_princ_realm(handle->context,
index d6c7f0bfb2ee0418fb124addbea736d6bb43abd0..ae9ced08250d38734da1b47bafa5f19503592889 100644 (file)
@@ -5,11 +5,12 @@ kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
                                        krb5_principal princ,
                                        char *new_pw, 
                                        char **ret_pw,
-                                       char *msg_ret)
+                                       char *msg_ret,
+                                       int msg_len)
 {
   kadm5_server_handle_t handle = server_handle;
 
   CHECK_HANDLE(server_handle);
   return _kadm5_chpass_principal_util(handle, handle->lhandle, princ,
-                                     new_pw, ret_pw, msg_ret);
+                                     new_pw, ret_pw, msg_ret, msg_len);
 }
index 4f2ad200581f3ba45afaeaf88fcb80793b0ecb0b..bf6bbfd0021981235490fa5ea5a5c5c9abae1072 100644 (file)
@@ -199,8 +199,9 @@ klog_com_err_proc(whoami, code, format, ap)
 
     /* If reporting an error message, separate it. */
     if (code) {
-       strcat(outbuf, error_message(code));
-       strcat(outbuf, " - ");
+        outbuf[sizeof(outbuf) - 1] = '\0';
+       strncat(outbuf, error_message(code), sizeof(outbuf) - 1 - strlen(outbuf));
+       strncat(outbuf, " - ", sizeof(outbuf) - 1 - strlen(outbuf));
     }
     cp = &outbuf[strlen(outbuf)];
     
index 6118282df3232aa78e8b34ec8343967a682e167c..ce818934f27d86531e3065761c745901047348b7 100644 (file)
@@ -102,8 +102,10 @@ ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
                                                  char **ret_pw,
                                                  char *msg_ret)
 {
-     return kadm5_chpass_principal_util(server_handle, princ, new_pw,
-                                                 ret_pw, msg_ret);
+    /* Oh crap.  Can't change the API without bumping the API version... */
+    memset(msg_ret, '\0', 1024);
+    return kadm5_chpass_principal_util(server_handle, princ, new_pw,
+                                      ret_pw, msg_ret, 1024);
 }
 
 ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
index 792936dace0a35e6557ec754722ff0e24b826aac..44a0a2be3098757411fab9388af178789779c106 100644 (file)
@@ -1,3 +1,11 @@
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * adb_openclose.c (osa_adb_create_db): Open lock files using O_EXCL
+       and fdopen() the descriptor instead of using fopen().
+       * svr_chpass_util.c (kadm5_chpass_principal_util): Adjust for new
+       length parameter in both kadm5_chpass_principal_util() and in
+       _kadm5_chpass_principal_util().
+
 2000-03-16  Ken Raeburn  <raeburn@mit.edu>
            Matt Crawford  <crawdad@fnal.gov>
 
index e776192c2eaff490c67140353747ed4653b77ae2..2a9bba8f638cb3872d50a5bd564c38ed1018e3a3 100644 (file)
@@ -24,7 +24,7 @@ struct _locklist {
 osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfilename,
                                int magic)
 {
-     FILE *lf;
+     int lf;
      DB *db;
      HASHINFO info;
      
@@ -41,10 +41,10 @@ osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfilename,
          return errno;
 
      /* only create the lock file if we successfully created the db */
-     lf = fopen(lockfilename, "w+");
-     if (lf == NULL)
+     lf = THREEPARAMOPEN(lockfilename, O_RDWR | O_CREAT | O_EXCL, 0600);
+     if (lf == -1)
          return errno;
-     (void) fclose(lf);
+     (void) close(lf);
      
      return OSA_ADB_OK;
 }
@@ -333,7 +333,7 @@ osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode)
 
 osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db)
 {
-     int ret;
+     int ret, fd;
      
      if (!db->lock->lockcnt)           /* lock already unlocked */
          return OSA_ADB_NOTLOCKED;
@@ -341,8 +341,9 @@ osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db)
      if (--db->lock->lockcnt == 0) {
          if (db->lock->lockmode == OSA_ADB_PERMANENT) {
               /* now we need to create the file since it does not exist */
-              if ((db->lock->lockfile = fopen(db->lock->filename,
-                                              "w+")) == NULL)
+               fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL,
+                                   0600);
+              if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL)
                    return OSA_ADB_NOLOCKFILE;
          } else if (ret = krb5_lock_file(db->lock->context,
                                          fileno(db->lock->lockfile),
index df2bf4c47b751d6acfdb18278829e41a284e2db0..4c4c6bbe60da971420866d819c8d62556e137856 100644 (file)
@@ -5,11 +5,12 @@ kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
                                        krb5_principal princ,
                                        char *new_pw, 
                                        char **ret_pw,
-                                       char *msg_ret)
+                                       char *msg_ret,
+                                       int msg_len)
 {
   kadm5_server_handle_t handle = server_handle;
 
   CHECK_HANDLE(server_handle);
   return _kadm5_chpass_principal_util(handle, handle->lhandle, princ,
-                                     new_pw, ret_pw, msg_ret);
+                                     new_pw, ret_pw, msg_ret, msg_len);
 }
index b8e4b7109a4e3849c17ec648a18fc9b3eeaafcc5..b59aeba8eedd0ef348869d29b5d496a02bcce690 100644 (file)
@@ -1,3 +1,10 @@
+2000-05-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * api.2/chpass-principal-v2.exp (test200): Expect an additional
+       key to be reported, since des3 has been added to the list.
+       * api.2/get-principal-v2.exp (test101_102): Likewise.
+       * api.2/randkey-principal-v2.exp (test100): Likewise.
+
 2000-02-08  Tom Yu  <tlyu@mit.edu>
 
        * api.1/lock.exp: Since a "wait" directive to the command list of
index 40a78c9858a7d36a5d7f6f09bac7eb61f43f640a..ef45510a238899b746de45621fb7e92576e32255 100644 (file)
@@ -53,10 +53,10 @@ proc test200 {} {
     }
 
     # XXX Perhaps I should actually check the key type returned.
-    if {$num_keys == 2} {
+    if {$num_keys == 3} {
        pass "$test"
     } else {
-       fail "$test: $num_keys keys, should be 2"
+       fail "$test: $num_keys keys, should be 3"
     }
     if { ! [cmd {kadm5_destroy $server_handle}]} {
        error "$test: unexpected failure in destroy"
index 0e3e1b5a8fd1696071bdd827f3899a16b4e952cd..d2eb85a9060cd8a820d8dc940ed74e1c6e0c5937 100644 (file)
@@ -143,8 +143,8 @@ proc test101_102 {rpc} {
     }
 
     set failed 0
-    if {$num_keys != 2} {
-       fail "$test: num_keys $num_keys should be 2"
+    if {$num_keys != 3} {
+       fail "$test: num_keys $num_keys should be 3"
        set failed 1
     }
     for {set i 0} {$i < $num_keys} {incr i} {
index 5c8fdc5e50e2bbf34104d6f7ae825956eefdb631..d9cc9718a1c005f8aaadabd20d1fc852c85860d7 100644 (file)
@@ -47,10 +47,10 @@ proc test100 {} {
     }
 
     # XXX Perhaps I should actually check the key type returned.
-    if {$num_keys == 1} {
+    if {$num_keys == 2} {
        pass "$test"
     } else {
-       fail "$test: $num_keys keys, should be 1"
+       fail "$test: $num_keys keys, should be 2"
     }
     if { ! [cmd {kadm5_destroy $server_handle}]} {
        error "$test: unexpected failure in destroy"
index a710eb710d2fa44f974e11baab58729713869430..0c22f79a7e77a098e3b5c92620864a038dad696c 100644 (file)
@@ -1,3 +1,26 @@
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * t_kdb.c (gen_principal): Don't overflow "pnamebuf" if bad data was
+       passed in.
+
+2000-05-03  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * setup_mkey.c (krb5_db_setup_mkey_name): Use REALM_SEP_STRING
+       when computing size of buffer that is to include it.
+
+       * fetch_mkey.c (krb5_db_fetch_mkey): Make sure "defkeyfile" is
+       null terminated after construction.
+       * store_mkey.c (krb5_db_store_mkey): Likewise.
+
+2000-04-27  Ken Raeburn  <raeburn@mit.edu>
+           Ezra Peisach  <epeisach@mit.edu>
+
+       * t_kdb.c (gen_principal): Force argument to isalnum to be in
+       range 0..255.
+       (do_testing): Cast pid_t to long before passing to fprintf, and
+       use %ld format.  Fix argument lists to find_principal and
+       delete_principal.
+
 2000-03-16  Ezra Peisach  <epeisach@mit.edu>
 
        * kdb_xdr.c (krb5_dbe_lookup_mod_princ_data): Get rid of
index 2ff5c2942a5e690cc3108000c613e741f0d599b2..7ae26bbb9ccc706d703515f499a42f23fd357996 100644 (file)
@@ -133,7 +133,7 @@ krb5_db_fetch_mkey(context, mname, etype, fromkeyboard, twice, keyfile,
        (void) strncat(defkeyfile, realm->data,
                       min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1,
                           realm->length));
-       (void) strcat(defkeyfile, "");
+       defkeyfile[sizeof(defkeyfile) - 1] = '\0';
        
 #ifdef ANSI_STDIO
        if (!(kf = fopen((keyfile) ? keyfile : defkeyfile, "rb")))
index 0898a631158917503e6b73ef09760ef2056f1523..1788ecdd875ee4851c9d2c1624e97a5701a22b49 100644 (file)
@@ -56,7 +56,7 @@ krb5_db_setup_mkey_name(context, keyname, realm, fullname, principal)
 
     keylen = strlen(keyname);
         
-    fname = malloc(keylen+rlen+2);
+    fname = malloc(keylen+rlen+strlen(REALM_SEP_STRING)+1);
     if (!fname)
        return ENOMEM;
 
index d18630ac0b037353615a6674cdcb4d7e68cdbc84..47e0bc9c0d535a6f198c19631941825984fdad26 100644 (file)
@@ -68,7 +68,7 @@ krb5_db_store_mkey(context, keyfile, mname, key)
        (void) strncat(defkeyfile, realm->data,
                       min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1,
                           realm->length));
-       (void) strcat(defkeyfile, "");
+       defkeyfile[sizeof(defkeyfile) - 1] = '\0';
        keyfile = defkeyfile;
     }
 
index 8358088d2f5297415984b94d66e035c527609d2a..10e6163fb2caf0b13f9eefb86947d2f3bf17247f 100644 (file)
@@ -363,15 +363,23 @@ gen_principal(kcontext, realm, do_rand, n, princp, namep)
            complen = RANDOM(1,MAX_COMP_SIZE);
            for (j=0; j<complen; j++) {
                *cp = (char) RANDOM(0,256);
-               while (!isalnum(*cp))
+               while (!isalnum(*cp & 0xff))
                    *cp = (char) RANDOM(0,256);
                cp++;
+               if(cp + strlen(realm) >= pnamebuf + sizeof(pnamebuf))
+                   break;
            }
+           if(cp + strlen(realm) >= pnamebuf + sizeof(pnamebuf))
+               break;
            *cp = '/';
            cp++;
        }
-       cp[-1] = '@';
-       strcpy(cp, realm);
+       if(cp + strlen(realm) < pnamebuf + sizeof(pnamebuf)) {
+           cp[-1] = '@';
+           strcpy(cp, realm);
+       } else {
+            strcpy(cp , "");
+       }
     }
     else {
        instname = instnames[n % (sizeof(instnames)/sizeof(instnames[0]))];
@@ -894,45 +902,40 @@ do_testing(db, passes, verbose, timing, rcases, check, save_db, dontclean,
                                              &stat_kb,
                                              rseed))) {
                        fprintf(stderr,
-                               "%d: (%d,%d) Failed add of %s with %s\n",
-                               getpid(), i, j, playback_name(base+j),
+                               "%ld: (%d,%d) Failed add of %s with %s\n",
+                               (long) getpid(), i, j, playback_name(base+j),
                                error_message(kret));
                        break;
                    }
                    if (verbose > 4)
-                       fprintf(stderr, "*A[%d](%s)\n", getpid(),
+                       fprintf(stderr, "*A[%ld](%s)\n", (long) getpid(),
                                playback_name(base+j));
                }   
                for (j=0; (j<nper) && (!kret); j++) {
                    if ((kret = find_principal(ccontext,
                                               playback_principal(base+j),
-                                              &master_encblock,
-                                              &stat_kb,
-                                              rseed))) {
+                                              check))) {
                        fprintf(stderr,
-                               "%d: (%d,%d) Failed lookup of %s with %s\n",
-                               getpid(), i, j, playback_name(base+j),
+                               "%ld: (%d,%d) Failed lookup of %s with %s\n",
+                               (long) getpid(), i, j, playback_name(base+j),
                                error_message(kret));
                        break;
                    }
                    if (verbose > 4)
-                       fprintf(stderr, "-S[%d](%s)\n", getpid(),
+                       fprintf(stderr, "-S[%ld](%s)\n", (long) getpid(),
                                playback_name(base+j));
                }   
                for (j=0; (j<nper) && (!kret); j++) {
                    if ((kret = delete_principal(ccontext,
-                                                playback_principal(base+j),
-                                                &master_encblock,
-                                                &stat_kb,
-                                                rseed))) {
+                                              playback_principal(base+j)))) {
                        fprintf(stderr,
-                               "%d: (%d,%d) Failed delete of %s with %s\n",
-                               getpid(), i, j, playback_name(base+j),
+                               "%ld: (%d,%d) Failed delete of %s with %s\n",
+                               (long) getpid(), i, j, playback_name(base+j),
                                error_message(kret));
                        break;
                    }
                    if (verbose > 4)
-                       fprintf(stderr, "XD[%d](%s)\n", getpid(),
+                       fprintf(stderr, "XD[%ld](%s)\n", (long) getpid(),
                                playback_name(base+j));
                }
                krb5_db_fini(ccontext);
@@ -949,13 +952,13 @@ do_testing(db, passes, verbose, timing, rcases, check, save_db, dontclean,
        for (i=0; i<nprocs; i++) {
            if (waitpid(children[i], &existat, 0) == children[i]) {
                if (verbose) 
-                   fprintf(stderr, "%d finished with %d\n", children[i],
-                           existat);
+                   fprintf(stderr, "%ld finished with %d\n",
+                           (long) children[i], existat);
                if (existat)
                    kret = KRB5KRB_ERR_GENERIC;
            }
            else
-               fprintf(stderr, "Wait for %d failed\n", children[i]);
+               fprintf(stderr, "Wait for %ld failed\n", (long) children[i]);
        }
     }
 
index 187505b54984735a8c3ef29b43a3b99bea04b430..6aca2d862c165a2dccc5a9b016dbbbea3216dc80 100644 (file)
@@ -1,3 +1,99 @@
+2001-01-26  Tom Yu  <tlyu@mit.edu>
+
+       * dest_tkt.c: Clean up uid handling.  Fix stat checks.
+
+       * in_tkt.c: Clean up uid handling.  Fix stat checks.
+
+       * tf_util.c: Clean up uid handling.  Fix stat checks.
+
+2000-06-09  Tom Yu  <tlyu@mit.edu>
+
+       * configure.in: Check for strdup().
+
+       * kparse.c: Remove strsave() and replace with an inlined static
+       version of strdup() if HAVE_STRDUP is not defined.
+
+       * g_ad_tkt.c (get_ad_tkt): ptr may be signed; cast while
+       assigning to larger types.  [from Charles Hannum by way of
+       ghudson]
+
+2000-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+       * decomp_tkt.c (dcmp_tkt_int): Add a couple more length checks.
+       Reject names that are exactly ANAME_SZ (etc) bytes long without
+       the trailing nul, because krb.h says the *_SZ macros are "maximum
+       sizes ... +1".
+       * mk_auth.c (krb_mk_auth): Force nul termination of inst.
+       * sendauth.c (krb_sendauth): Force nul termination of srv_inst.
+
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * Password.c (GetUserInfo): Truncate user name if it's too long
+       to fit.
+       * cr_auth_repl.c (cr_auth_reply): Bail if the reply packet won't
+       fit into its buffer.
+       * cr_ciph.c (create_ciph): Ditto.
+       * cr_death_pkt.c (krb_create_death_packet): Truncate "aname" to
+       make it fit into the packet's data buffer.
+       * cr_err_repl.c (cr_err_reply): Bail if the reply packet won't
+       fit into its buffer.
+       * cr_tkt.c (krb_create_ticket): Ditto.
+       * g_ad_tkt.c (get_ad_tkt): Stop if data being added to buffer
+       would overflow it.  Add more sanity checks when decomposing the
+       credential received.
+       * g_in_tkt.c (krb_mk_in_tkt_preauth): Bail if the request packet
+       won't fit into its buffer.
+       * g_krbhst.c (get_krbhst_default): Truncate the guessed KDC's
+       hostname if it is too long.
+       * g_pw_in_tkt.c: Remove useless strcpy() prototype.
+       * kntoln.c (krb_kntoln): Don't overflow buffer "lname".
+       * mk_err.c (krb_mk_err): Return the needed buffer length if the
+       pointer passed in is NULL.
+       * mk_req.c (krb_mk_req): Bail if the reply packet won't 
+        fit into its buffer.
+       * rd_req.c (krb_rd_req): Sanity check the realm name being read,
+       and truncate the service name, nstance, and realm from credential
+       read from keytab.
+       * realmofhost.c (krb_realmofhost): Truncate realm names read
+       from file if they are too long.
+       * send_to_kdc.c (send_to_kdc): Truncate passed-in realm name.
+
+2000-05-08  Ken Raeburn  <raeburn@mit.edu>
+
+       * rd_req.c (krb_rd_req): Mask length byte with 0xff in case the
+       length is over 127 and char is signed.
+
+       * recvauth.c (krb_recvauth): If the number of bytes to be read
+       from the net is not positive, just return an error.
+
+2000-05-03  Tom Yu  <tlyu@mit.edu>
+
+       * cr_tkt.c: Delete prototype for krb_cr_tkt_int(), since the
+       definition is K&R style and contains narrow types.  Thank you
+       HP/UX for having a compiler that actually makes this a fatal
+       error.
+
+2000-04-28  Ken Raeburn  <raeburn@mit.edu>
+           Nalin Dahyabhai  <nalin@redhat.com>
+
+       * dest_tkt.c (dest_tkt): Don't overflow buffer "shmidname".
+       * in_tkt.c (in_tkt): Don't overflow buffer "shmidname".
+       * kuserok.c (kuserok): Don't overflow buffer "pbuf".
+       * tf_util.c (tf_init): Don't overflow buffer "shmidname".
+       * win_store.c (krb__get_cnffile): Don't overflow buffers "defname"
+       and "cnfname".
+       (krb__get_realmsfile): Don't overflow buffers "defname" and
+       "realmsname".
+
+2000-04-28  Tom Yu  <tlyu@mit.edu>
+
+       * rd_req.c (krb_rd_req): Fix some uses of strcpy().
+
+2000-03-12  Ezra Peisach  <epeisach@mit.edu>
+
+       * cr_tkt.c (krb_cr_tkt_int): Add static prototype.
+       * decomp_tkt.c: (dcmp_tkt_int): Add static prototype
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index b29663006877357bbd042c872b74590e103ece5f..5862e0e655c4389d8a2cb7168cc6ad2ca6cd75d8 100644 (file)
@@ -177,7 +177,8 @@ OSErr GetUserInfo( char *password )
        // already got a password, just get the initial ticket
        //////////////////////////////////////////////////////
        if (*gPassword) {
-               strcpy (UserName, krb_get_default_user( ));
+               strncpy (UserName, krb_get_default_user( ), sizeof(UserName)-1);
+               UserName[sizeof(UserName) - 1] = '\0';
                /* FIXME jcm - if we have a password then no dialog 
                   comes up for setting the uinstance. */
                rc = kname_parse(uname, uinst, realm, UserName);
@@ -201,7 +202,8 @@ OSErr GetUserInfo( char *password )
        }
 
        // Insert user's name in dialog
-       strcpy (UserName, krb_get_default_user( ));
+       strncpy (UserName, krb_get_default_user( ), sizeof(UserName) - 1);
+       UserName[sizeof(UserName) - 1] = '\0';
        if (*UserName) {
                tempStr[0] = strlen(UserName);
                memcpy( &(tempStr[1]), UserName, tempStr[0]);
@@ -417,7 +419,8 @@ CacheInitialTicket( serviceName )
        if (!serviceName || (serviceName[0] == '\0'))
                return err;
        
-       strcpy (UserName, krb_get_default_user());
+       strncpy (UserName, krb_get_default_user(), sizeof(UserName) - 1);
+       UserName[sizeof(UserName) - 1] = '\0';
                        
        err = kname_parse(uname, uinst, urealm, UserName);
        if (err) return err;
index 0434c7d0e034e2d6ab480a425a29e5bb2b37ac61..59937e1ace18cb2266c6e224d59ca0faec30f051 100644 (file)
@@ -38,7 +38,7 @@ else
        AC_DEFINE(BITS32)
 fi
 AC_DEFINE(KRB4_USE_KEYTAB)
-AC_HAVE_FUNCS(strsave seteuid setreuid setresuid)
+AC_HAVE_FUNCS(strdup seteuid setreuid setresuid)
 AC_PROG_AWK
 KRB5_BUILD_LIBOBJS
 KRB5_BUILD_LIBRARY_WITH_DEPS
index 5203506d34e51a193d895b1b811d971a6f8b2b5f..a0562d96f359a37e10928c90257a84b73cb4dfec 100644 (file)
@@ -83,6 +83,16 @@ create_auth_reply(pname,pinst,prealm,time_ws,n,x_date,kvno,cipher)
     if (n != 0)
        *v = 3;
 
+    /* Make sure the response will actually fit into its buffer. */
+    if(sizeof(pkt->dat) < 3 + strlen(pname) +
+                         1 + strlen(pinst) +
+                         1 + strlen(prealm) +
+                         4 + 1 + 4 +
+                         1 + 2 + cipher->length) {
+       pkt->length = 0;
+        return NULL;
+    }
+                         
     /* Add the basic info */
     (void) strcpy((char *) (pkt->dat+2), pname);
     pkt->length = 3 + strlen(pname);
index d15a4e0fd26609713fabf398513ac645e895bcc9..d9c751271f077667db31bfbc5d07c034bed762de 100644 (file)
@@ -71,6 +71,17 @@ create_ciph(c, session, service, instance, realm, life, kvno, tkt,
 
     ptr = (char *) c->dat;
 
+    if(sizeof(c->dat) / 8 < (8 +
+                            strlen(service) + 1 +
+                            strlen(instance) + 1 +
+                            strlen(realm) + 1 +
+                            1 + 1 + 1 +
+                            tkt->length + 4 +
+                            7) / 8) {
+        c->length = 0;
+        return(KFAILURE);
+    }
+
     memcpy(ptr, (char *) session, 8);
     ptr += 8;
 
index 8daa2d6881c3de862a07fc83372cb45a3a0a9905..c3562675dca529ad2e74dd6e3f3e69ede3af6ce7 100644 (file)
@@ -52,8 +52,9 @@ krb_create_death_packet(a_name)
     *v = (unsigned char) KRB_PROT_VERSION;
     *t = (unsigned char) AUTH_MSG_DIE;
     *t |= HOST_BYTE_ORDER;
-    (void) strcpy((char *) (pkt->dat+2),a_name);
-    pkt->length = 3 + strlen(a_name);
+    (void) strncpy((char *) (pkt->dat+2),a_name,sizeof(pkt->dat) - 3);
+    pkt->dat[sizeof(pkt->dat) - 1] = '\0';
+    pkt->length = 3 + strlen(pkt->dat+2);
     return pkt;
 }
 #endif /* DEBUG */
index 7f68bda76f784b62a5555306b3b891ea2412ca81..54e87d82ed6898f880c8cb27c59d7168a79bbed8 100644 (file)
@@ -78,6 +78,15 @@ cr_err_reply(pkt,pname,pinst,prealm,time_ws,e,e_string)
     *t = (unsigned char) AUTH_MSG_ERR_REPLY;
     *t |= HOST_BYTE_ORDER;
 
+    /* Make sure the reply will fit into the buffer. */
+    if(sizeof(pkt->dat) < 3 + strlen(pname) +
+                         1 + strlen(pinst) +
+                         1 + strlen(prealm) +
+                         4 + 4 +
+                         1 + strlen(e_string)) {
+        pkt->length = 0;
+       return;
+    }
     /* Add the basic info */
     (void) strcpy((char *) (pkt->dat+2),pname);
     pkt->length = 3 + strlen(pname);
index a8224f879a7fb4000c904beed4295fce1f07092e..34bec48012a1ace61e515a48f75998ed55abcaa3 100644 (file)
@@ -14,6 +14,7 @@
 #include "prot.h"
 #include <string.h>
 #include <krb5.h>
+
 /*
  * Create ticket takes as arguments information that should be in a
  * ticket, and the KTEXT object in which the ticket should be
@@ -134,6 +135,23 @@ krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, paddress,
     register char *data;        /* running index into ticket */
 
     tkt->length = 0;            /* Clear previous data  */
+
+    /* Check length of ticket */
+    if (sizeof(tkt->dat) < (sizeof(flags) +
+                            1 + strlen(pname) +
+                            1 + strlen(pinstance) +
+                            1 + strlen(prealm) +
+                            4 +                         /* address */
+                           8 +                         /* session */
+                           1 +                         /* life */
+                           4 +                         /* issue time */
+                            1 + strlen(sname) +
+                            1 + strlen(sinstance) +
+                           7) / 8) {                   /* roundoff */
+        memset(tkt->dat, 0, sizeof(tkt->dat));
+        return KFAILURE /* XXX */;
+    }
+
     flags |= HOST_BYTE_ORDER;   /* ticket byte order   */
     memcpy((char *) (tkt->dat), (char *) &flags, sizeof(flags));
     data = ((char *)tkt->dat) + sizeof(flags);
index 03398acd587147404f8a91f1043220364e34fed7..06e9e316c516a400f5680f0f37bd260023c87c4b 100644 (file)
 extern int krb_debug;
 #endif
 
+static int dcmp_tkt_int PROTOTYPE((KTEXT tkt, unsigned char *flags, 
+                                  char *pname, char *pinstance, char *prealm,
+                                  unsigned KRB4_32 *paddress, C_Block session,
+                                  int *life, unsigned KRB4_32 *time_sec, 
+                                  char *sname, char *sinstance, C_Block key, 
+                                  Key_schedule key_s, krb5_keyblock *k5key));
 /*
  * This routine takes a ticket and pointers to the variables that
  * should be filled in based on the information in the ticket.  It
@@ -186,17 +192,17 @@ dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, session,
     if (HOST_BYTE_ORDER != ((*flags >> K_FLAG_ORDER)& 1))
         tkt_swap_bytes++;
 
-    if (strlen(ptr) > ANAME_SZ)
+    if (strlen(ptr) >= ANAME_SZ)
         return(KFAILURE);
     (void) strcpy(pname,ptr);   /* pname */
     ptr += strlen(pname) + 1;
 
-    if (strlen(ptr) > INST_SZ)
+    if (strlen(ptr) >= INST_SZ)
         return(KFAILURE);
     (void) strcpy(pinstance,ptr); /* instance */
     ptr += strlen(pinstance) + 1;
 
-    if (strlen(ptr) > REALM_SZ)
+    if (strlen(ptr) >= REALM_SZ)
         return(KFAILURE);
     (void) strcpy(prealm,ptr);  /* realm */
     ptr += strlen(prealm) + 1;
@@ -223,9 +229,13 @@ dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, session,
     if (tkt_swap_bytes)
         *time_sec = krb4_swab32(*time_sec);
 
+    if (strlen(ptr) >= ANAME_SZ)
+       return KFAILURE;
     (void) strcpy(sname,ptr);   /* service name */
     ptr += 1 + strlen(sname);
 
+    if (strlen (ptr) >= INST_SZ)
+       return KFAILURE;
     (void) strcpy(sinstance,ptr); /* instance */
     ptr += 1 + strlen(sinstance);
 
index 70578183e3f426cc04e107627c6c70856a2b6eff..78878228a09e75bd28416fa4016c6c950d0b564f 100644 (file)
@@ -1,14 +1,29 @@
 /*
- * dest_tkt.c
+ * lib/krb4/dest_tkt.c
  *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
+ * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts
+ * Institute of Technology.  All Rights Reserved.
  *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
  */
 
-#include "mit-copyright.h"
 #include "krb.h"
 #include <stdio.h>
 #include <string.h>
 #ifdef TKT_SHMEM
 #include <sys/param.h>
 #endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
 #include <errno.h>
 
 #ifndef O_SYNC
 #define O_SYNC 0
 #endif
 
+#ifdef HAVE_SETEUID
+#define do_seteuid(e) seteuid((e))
+#else
+#ifdef HAVE_SETRESUID
+#define do_seteuid(e) setresuid(-1, (e), -1)
+#else
+#ifdef HAVE_SETREUID
+#define do_seteuid(e) setreuid(geteuid(), (e))
+#else
+#define do_seteuid(e) (errno = EPERM, -1)
+#endif
+#endif
+#endif
+
 /*
  * dest_tkt() is used to destroy the ticket store upon logout.
  * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
@@ -38,10 +70,13 @@ dest_tkt()
     char *file = TKT_FILE;
     int i,fd;
     extern int errno;
-    struct stat statb;
+    int ret;
+    struct stat statpre, statpost;
     char buf[BUFSIZ];
+    uid_t me, metoo;
 #ifdef TKT_SHMEM
     char shmidname[MAXPATHLEN];
+    size_t shmidlen;
 #endif /* TKT_SHMEM */
 
     /* If ticket cache selector is null, use default cache.  */
@@ -49,22 +84,56 @@ dest_tkt()
        file = tkt_string();
 
     errno = 0;
-    if (lstat(file,&statb) < 0)
-       goto out;
+    ret = KSUCCESS;
+    me = getuid();
+    metoo = geteuid();
 
-    if (!(statb.st_mode & S_IFREG)
-#ifdef notdef
-       || statb.st_mode & 077
-#endif
-       )
+    if (lstat(file, &statpre) < 0)
+       return (errno == ENOENT) ? RET_TKFIL : KFAILURE;
+    /*
+     * This does not guard against certain cases that are vulnerable
+     * to race conditions, such as world-writable or group-writable
+     * directories that are not stickybitted, or untrusted path
+     * components.  In all other cases, the following checks should be
+     * sufficient.  It is assumed that the aforementioned certain
+     * vulnerable cases are unlikely to arise on a well-administered
+     * system where the user is not deliberately being stupid.
+     */
+    if (!(statpre.st_mode & S_IFREG) || me != statpre.st_uid
+       || statpre.st_nlink != 1)
+       return KFAILURE;
+    /*
+     * Yes, we do uid twiddling here.  It's not optimal, but some
+     * applications may expect that the ruid is what should really own
+     * the ticket file, e.g. setuid applications.
+     */
+    if (me != metoo && do_seteuid(me) < 0)
+       return KFAILURE;
+    if ((fd = open(file, O_RDWR|O_SYNC, 0)) < 0) {
+       ret = (errno == ENOENT) ? RET_TKFIL : KFAILURE;
        goto out;
-
-    if ((fd = open(file, O_RDWR|O_SYNC, 0)) < 0)
+    }
+    /*
+     * Do some additional paranoid things.  The worst-case situation
+     * is that a user may be fooled into opening a non-regular file
+     * briefly if the file is in a directory with improper
+     * permissions.
+     */
+    if (fstat(fd, &statpost) < 0) {
+       (void)close(fd);
+       ret = KFAILURE;
+       goto out;
+    }
+    if (statpre.st_dev != statpost.st_dev
+       || statpre.st_ino != statpost.st_ino) {
+       (void)close(fd);
+       errno = 0;
+       ret = KFAILURE;
        goto out;
+    }
 
     memset(buf, 0, BUFSIZ);
-
-    for (i = 0; i < statb.st_size; i += BUFSIZ)
+    for (i = 0; i < statpost.st_size; i += BUFSIZ)
        if (write(fd, buf, BUFSIZ) != BUFSIZ) {
 #ifndef NO_FSYNC
            (void) fsync(fd);
@@ -81,16 +150,22 @@ dest_tkt()
     (void) unlink(file);
 
 out:
-    if (errno == ENOENT) return RET_TKFIL;
-    else if (errno != 0) return KFAILURE;
+    if (me != metoo && do_seteuid(metoo) < 0)
+       return KFAILURE;
+    if (ret != KSUCCESS)
+       return ret;
+
 #ifdef TKT_SHMEM
     /* 
      * handle the shared memory case 
      */
-    (void) strcpy(shmidname, file);
-    (void) strcat(shmidname, ".shm");
-    if ((i = krb_shm_dest(shmidname)) != KSUCCESS)
-       return(i);
-#endif /* TKT_SHMEM */
-    return(KSUCCESS);
+    shmidlen = strlen(file) + sizeof(".shm");
+    if (shmidlen > sizeof(shmidname))
+       return RET_TKFIL;
+    (void)strcpy(shmidname, file);
+    (void)strcat(shmidname, ".shm");
+    return krb_shm_dest(shmidname);
+#else  /* !TKT_SHMEM */
+    return KSUCCESS;
+#endif /* !TKT_SHMEM */
 }
index b3abb2ddc6913c76ff79af284e67178d8f19056a..afcd0c6f8b301581f6a7201f7a2116392dcb61ab 100644 (file)
 extern int krb_debug;
 extern int swap_bytes;
 
+/* Return the length of the string if a NUL is found within the first
+ * max_len bytes, otherwise, -1. */
+static int krb_strnlen(const char *str, int max_len)
+{
+    int i;
+    for(i = 0; i < max_len; i++) {
+        if(str[i] == '\0') {
+            return i;
+        }
+    }
+    return -1;
+}
+
 /*
  * get_ad_tkt obtains a new service ticket from Kerberos, using
  * the ticket-granting ticket which must be in the ticket file.
@@ -136,11 +149,22 @@ get_ad_tkt(service,sinstance,realm,lifetime)
        return(AD_NOTGT);
 
     /* timestamp */   /* FIXME -- always 0 now, should we fill it in??? */
+    if(pkt->length + 4 > sizeof(pkt->dat))
+        return(INTK_ERR);
     memcpy((char *) (pkt->dat+pkt->length), (char *) &time_ws, 4);
     pkt->length += 4;
+
+    if(pkt->length + 1 > sizeof(pkt->dat))
+        return(INTK_ERR);
     *(pkt->dat+(pkt->length)++) = (char) lifetime;
+
+    if(pkt->length + 1 + strlen(service) > sizeof(pkt->dat))
+        return(INTK_ERR);
     (void) strcpy((char *) (pkt->dat+pkt->length),service);
     pkt->length += 1 + strlen(service);
+
+    if(pkt->length + 1 + strlen(sinstance) > sizeof(pkt->dat))
+        return(INTK_ERR);
     (void) strcpy((char *)(pkt->dat+pkt->length),sinstance);
     pkt->length += 1 + strlen(sinstance);
 
@@ -199,18 +223,27 @@ get_ad_tkt(service,sinstance,realm,lifetime)
     memcpy((char *)ses, ptr, 8);
     ptr += 8;
 
-    (void) strcpy(s_name,ptr);
+    if(krb_strnlen(ptr, sizeof(s_name)) < 0)
+        return RD_AP_MODIFIED;
+    (void) strncpy(s_name,ptr,sizeof(s_name) - 1);
+    s_name[sizeof(s_name) - 1] = '\0';
     ptr += strlen(s_name) + 1;
 
-    (void) strcpy(s_instance,ptr);
+    if(krb_strnlen(ptr, sizeof(s_instance)) < 0)
+        return RD_AP_MODIFIED;
+    (void) strncpy(s_instance,ptr,sizeof(s_instance)-1);
+    s_instance[sizeof(s_instance)-1] = '\0';
     ptr += strlen(s_instance) + 1;
 
-    (void) strcpy(rlm,ptr);
+    if(krb_strnlen(ptr, sizeof(rlm)) < 0)
+        return RD_AP_MODIFIED;
+    (void) strncpy(rlm,ptr,sizeof(rlm) - 1);
+    rlm[sizeof(rlm)-1];
     ptr += strlen(rlm) + 1;
 
-    lifetime = (unsigned long) ptr[0];
-    kvno = (unsigned long) ptr[1];
-    tkt->length = (int) ptr[2];
+    lifetime = (unsigned char) ptr[0];
+    kvno = (unsigned char) ptr[1];
+    tkt->length = (unsigned char) ptr[2];
     ptr += 3;
     memcpy((char *)(tkt->dat), ptr, tkt->length);
     ptr += tkt->length;
index c9d6183820a92e0ac9fd8dde0a647af3288abde7..361273c9d73fc5cdd43161c7b99e6a5d016ae063 100644 (file)
@@ -152,6 +152,20 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life,
     *t = (unsigned char) AUTH_MSG_KDC_REQUEST;
     *t |= HOST_BYTE_ORDER;
 
+    /* Make sure the ticket data will fit into the buffer. */
+    if(sizeof(pkt->dat) < 2 +                  /* protocol version + flags */
+                         3 + strlen(user) +
+                         1 + strlen(instance) +
+                         1 + strlen(realm) +
+                         4 +                   /* timestamp */
+                         1 +                   /* lifetime */
+                         1 + strlen(service) +
+                         1 + strlen(sinstance) +
+                         preauth_len) {
+        pkt->length = 0;
+       return INTK_ERR;
+    }
+
     /* Now for the variable info */
     (void) strcpy((char *)(pkt->dat+2),user); /* aname */
     pkt->length = 3 + strlen(user);
index 529ac07694932ba3b7c5b12e3bc391e8fbbdf608..4e0fd6d7644a4f334ffc0cf322a3f03b446ed068 100644 (file)
@@ -52,9 +52,11 @@ get_krbhst_default(h, r, n)
      int n;
 {
     if (n==1) {
-        (void) strcpy(h,KRB_HOST);
-       (void) strcat(h,".");
-       (void) strcat(h,r);     /* KRB_HOST.REALM (ie. kerberos.CYGNUS.COM) */
+        (void) strncpy(h,KRB_HOST,MAXHOSTNAMELEN-1);
+       h[MAXHOSTNAMELEN-1] = '\0';
+       (void) strncat(h,".",MAXHOSTNAMELEN-1-strlen(h));
+       (void) strncat(h,r,MAXHOSTNAMELEN-1-strlen(h));
+                               /* KRB_HOST.REALM (ie. kerberos.CYGNUS.COM) */
        return(KSUCCESS);
     }
     else
index 983150ce40390e9f38668d327ff8f4a36d36ca70..c75023176bf717f343f145519973140103d8c243 100644 (file)
@@ -44,7 +44,8 @@ krb_get_lrealm(r,n)
     cnffile = krb__get_cnffile();
     if (!cnffile) {
        if (n == 1) {
-           (void) strcpy(r, KRB_REALM);
+           (void) strncpy(r, KRB_REALM, REALM_SZ);
+           r[REALM_SZ - 1] = '\0';
            return(KSUCCESS);
        }
        else
index 6723df87e37f62a36f8990b32f67b2db137c7893..13f762b0110a3a755f6b8e3a88e252d11e8e2c2e 100644 (file)
@@ -176,7 +176,6 @@ krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password)
 #include <signal.h>
 #include <setjmp.h>
 #else
-char     *strcpy();
 int      strcmp();
 #endif
 #if defined(__svr4__) || defined(__SVR4)
index ea17be8201541da6a6f0c0d8719afe2bd0d81cc2..a34f318df0b008eeede0266542f0f8fce0e29033 100644 (file)
@@ -1,14 +1,29 @@
 /*
- * in_tkt.c
+ * lib/krb4/in_tkt.c
  *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
+ * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts
+ * Institute of Technology.  All Rights Reserved.
  *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
  */
 
-#include "mit-copyright.h"
 #include <stdio.h>
 #include <string.h>
 #include "krb.h"
@@ -34,7 +49,7 @@ extern int krb_debug;
 #define do_seteuid(e) seteuid((e))
 #else
 #ifdef HAVE_SETRESUID
-#define do_seteuid(e) setresuid(getuid(), (e), geteuid())
+#define do_seteuid(e) setresuid(-1, (e), -1)
 #else
 #ifdef HAVE_SETREUID
 #define do_seteuid(e) setreuid(geteuid(), (e))
@@ -55,7 +70,7 @@ in_tkt(pname,pinst)
 {
     int tktfile;
     uid_t me, metoo, getuid(), geteuid();
-    struct stat buf;
+    struct stat statpre, statpost;
     int count;
     char *file = TKT_FILE;
     int fd;
@@ -72,20 +87,49 @@ in_tkt(pname,pinst)
 
     me = getuid ();
     metoo = geteuid();
-    if (lstat(file,&buf) == 0) {
-       if (buf.st_uid != me || !(buf.st_mode & S_IFREG) ||
-           buf.st_mode & 077) {
+    if (lstat(file, &statpre) == 0) {
+       if (statpre.st_uid != me || !(statpre.st_mode & S_IFREG)
+           || statpre.st_nlink != 1 || statpre.st_mode & 077) {
            if (krb_debug)
                fprintf(stderr,"Error initializing %s",file);
            return(KFAILURE);
        }
+       /*
+        * Yes, we do uid twiddling here.  It's not optimal, but some
+        * applications may expect that the ruid is what should really
+        * own the ticket file, e.g. setuid applications.
+        */
+       if (me != metoo && do_seteuid(me) < 0)
+           return KFAILURE;
        /* file already exists, and permissions appear ok, so nuke it */
-       if ((fd = open(file, O_RDWR|O_SYNC, 0)) < 0)
+       fd = open(file, O_RDWR|O_SYNC, 0);
+       (void)unlink(file);
+       if (me != metoo && do_seteuid(metoo) < 0)
+           return KFAILURE;
+       if (fd < 0) {
            goto out; /* can't zero it, but we can still try truncating it */
+       }
+
+       /*
+        * Do some additional paranoid things.  The worst-case
+        * situation is that a user may be fooled into opening a
+        * non-regular file briefly if the file is in a directory with
+        * improper permissions.
+        */
+       if (fstat(fd, &statpost) < 0) {
+           (void)close(fd);
+           goto out;
+       }
+       if (statpre.st_dev != statpost.st_dev
+           || statpre.st_ino != statpost.st_ino) {
+           (void)close(fd);
+           errno = 0;
+           goto out;
+       }
 
        memset(charbuf, 0, sizeof(charbuf));
 
-       for (i = 0; i < buf.st_size; i += sizeof(charbuf))
+       for (i = 0; i < statpost.st_size; i += sizeof(charbuf))
            if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) {
 #ifndef NO_FSYNC
                (void) fsync(fd);
@@ -117,12 +161,7 @@ in_tkt(pname,pinst)
     /* Set umask to ensure that we have write access on the created
        ticket file.  */
     mask = umask(077);
-    if ((tktfile = creat(file,0600)) < 0) {
-       umask(mask);
-       if (krb_debug)
-           fprintf(stderr,"Error initializing %s",TKT_FILE);
-        return(KFAILURE);
-    }
+    tktfile = open(file, O_RDWR|O_SYNC|O_CREAT|O_EXCL, 0600);
     umask(mask);
     if (me != metoo) {
        if (do_seteuid(metoo) < 0) {
@@ -134,19 +173,11 @@ in_tkt(pname,pinst)
            if (krb_debug)
                printf("swapped UID's %d and %d\n",me,metoo);
     }
-    if (lstat(file,&buf) < 0) {
+    if (tktfile < 0) {
        if (krb_debug)
            fprintf(stderr,"Error initializing %s",TKT_FILE);
         return(KFAILURE);
     }
-
-    if (buf.st_uid != me || !(buf.st_mode & S_IFREG) ||
-        buf.st_mode & 077) {
-       if (krb_debug)
-           fprintf(stderr,"Error initializing %s",TKT_FILE);
-        return(KFAILURE);
-    }
-
     count = strlen(pname)+1;
     if (write(tktfile,pname,count) != count) {
         (void) close(tktfile);
@@ -159,8 +190,9 @@ in_tkt(pname,pinst)
     }
     (void) close(tktfile);
 #ifdef TKT_SHMEM
-    (void) strcpy(shmidname, file);
-    (void) strcat(shmidname, ".shm");
+    (void) strncpy(shmidname, file, sizeof(shmidname) - 1);
+    shmidname[sizeof(shmidname) - 1] = '\0';
+    (void) strncat(shmidname, ".shm", sizeof(shmidname) - 1 - strlen(shmidname));
     return(krb_shm_create(shmidname));
 #else /* !TKT_SHMEM */
     return(KSUCCESS);
index 8b6cdfe0e5811c7080a6c8c34d14bbde25970f7b..f86599ccea3d71a13f763d3ec34b6e5ed1450db1 100644 (file)
  * KSUCCESS if all goes well, otherwise KFAILURE.
  */
 
+/* The definition of MAX_USERNAME here MUST agree with kuserok.c, or bad
+ * things will happen. */
+#define MAX_USERNAME 10
+
 krb_kntoln(ad,lname)
     AUTH_DAT *ad;
     char *lname;
@@ -51,6 +55,7 @@ krb_kntoln(ad,lname)
         return(KFAILURE);
     if (strcmp(ad->prealm,lrealm))
         return(KFAILURE);
-    (void) strcpy(lname,ad->pname);
+    (void) strncpy(lname,ad->pname,MAX_USERNAME-1);
+    lname[MAX_USERNAME - 1] = '\0';
     return(KSUCCESS);
 }
index 98e48fbd90d73e7aa6ae4c029ca9765f1c86d3f5..e72295c48fcd0f6b3a6c9eaaedf355dab847155b 100644 (file)
@@ -54,8 +54,8 @@
 
 static char *strutol();
 
-#ifndef HAVE_STRSAVE
-static char *strsave();
+#ifndef HAVE_STRDUP
+static char *strdup();
 #endif
 #ifndef HAVE_STDLIB_H
 extern char *malloc();
@@ -104,7 +104,7 @@ int fGetParameterSet( fp,parm,parmcount )
                                 keyword);
                         return(PS_BAD_KEYWORD);
                     }
-                    parm[i].value = strsave( value );
+                    parm[i].value = strdup(value);
                     break;
                 }
             }
@@ -552,34 +552,6 @@ int fGetChar(fp)
     return(ch);
 }
 
-
-/*
- * Routine Name: strsave
- *
- * Function: return a pointer to a saved copy of the
- * input string. the copy will be allocated
- * as large as necessary.
- *
- * Explicit Parameters: pointer to string to save
- *
- * Implicit Parameters: None
- *
- * External Procedures: malloc,strcpy,strlen
- *
- * Side Effects: None
- *
- * Return Value: pointer to copied string
- *
- */
-#ifndef HAVE_STRSAVE
-static char * strsave(p)
-    char *p;
-{
-    return(strcpy(malloc(strlen(p)+1),p));
-}
-#endif
-
-
 /*
  * strutol changes all characters in a string to lower case, in place.
  * the pointer to the beginning of the string is returned.
@@ -770,3 +742,42 @@ main(argc,argv)
     exit(0);
 }
 #endif
+
+/*
+ * Copyright (c) 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that: (1) source distributions retain this entire copyright
+ * notice and comment, and (2) distributions including binaries display
+ * the following acknowledgement:  ``This product includes software
+ * developed by the University of California, Berkeley and its contributors''
+ * in the documentation or other materials provided with the distribution
+ * and in all advertising materials mentioning features or use of this
+ * software. Neither the name of the University nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* based on @(#)strdup.c       5.3 (Berkeley) 6/1/90 */
+
+#ifndef HAVE_STRDUP
+static char *
+strdup(str)
+       const char *str;
+{
+       int len;
+       char *copy;
+
+       if (!str)
+               return((char *)0);
+       len = strlen(str) + 1;
+       if (!(copy = malloc((u_int)len)))
+               return((char *)0);
+       memcpy(copy, str, len);
+       return(copy);
+}
+#endif
index 0aee8934a095a1bf0f184afb1c0062d125664360..20587cb5be8ae1b40fda3ee60f4bb94fb68cf756 100644 (file)
@@ -118,8 +118,11 @@ kuserok(kdata, luser)
     if ((pwd = getpwnam(luser)) == NULL) {
        return(NOTOK);
     }
-    (void) strcpy(pbuf, pwd->pw_dir);
-    (void) strcat(pbuf, "/.klogin");
+    if (strlen (pwd->pw_dir) + sizeof ("/.klogin") >= sizeof (pbuf))
+       return NOTOK;
+    (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1);
+    pbuf[sizeof(pbuf) - 1] = '\0';
+    (void) strncat(pbuf, "/.klogin", sizeof(pbuf) - 1 - strlen(pbuf));
 
     if (access(pbuf, F_OK)) {   /* not accessible */
        /*
index 39a2e2f68b7b0811cb7b2de74cec6765c7012913..a94a25d85f44e5777a1aafea4399e5f68782cdba 100644 (file)
@@ -124,8 +124,10 @@ krb_mk_auth(options, ticket, service, inst, realm, checksum, version, buf)
        realm = krb_realm;
     }
 
-    if (!(options & KOPT_DONT_CANON))
-       (void) strncpy(inst, krb_get_phost(inst), INST_SZ);
+    if (!(options & KOPT_DONT_CANON)) {
+       (void) strncpy(inst, krb_get_phost(inst), INST_SZ - 1);
+       inst[INST_SZ-1] = 0;
+    }
 
     /* get the ticket if desired */
     if (!(options & KOPT_DONT_MK_REQ)) {
index e30e299bc436823614a32a1c70d8ec7cfdfcf505..029aa9f9c70e1c4ddca8d65bfaaa0ccb292e246d 100644 (file)
@@ -41,6 +41,14 @@ krb_mk_err(p,e,e_string)
 {
     u_char      *start;
 
+    /* Just return the buffer length if p is NULL, because writing to the
+     * buffer would be a bad idea.  Note that this feature is a change from
+     * previous versions, and can therefore only be used safely in this
+     * source tree, where we know this function supports it. */
+    if(p == NULL) {
+        return 2 + sizeof(e) + strlen(e_string);
+    }
+
     start = p;
 
     /* Create fixed part of packet */
index 1936cb287d3e051fc45fa9d0046951cc9940a24b..468dccdb6df5d673aa304cb293861cbdffc6f1aa 100644 (file)
@@ -130,6 +130,19 @@ krb_mk_req(authent,service,instance,realm,checksum)
 
     if (retval != KSUCCESS) return (retval);
 
+    if(sizeof(authent->dat) / 8 < (3 +
+                                  strlen(realm) + 1 + 2 +
+                                  3 + ticket->length +
+                                  strlen(cr.pname) + 1 +
+                                  strlen(cr.pinst) + 1 +
+                                  strlen(myrealm) + 1 +
+                                  4 +                          /* checksum */
+                                  4 +                          /* timestamp */
+                                  7) / 8) {                    /* round-up */
+           authent->length = 0;
+           return KFAILURE;
+    }
+
     if (krb_ap_req_debug)
         DEB (("%s %s %s %s %s\n", service, instance, realm,
                cr.pname, cr.pinst));
index c9b6ac73445e67c73018a7ee66cac7aa67cc3eb8..09f914d8a0bab3c99b2dc5bc90641b39041be274 100644 (file)
@@ -108,6 +108,19 @@ krb_clear_key_krb5(ctx)
     krb5_key = 0;
 }
 
+/* A helper function to let us see if a buffer is properly terminated. */
+static int
+krb_strnlen(const char *str, size_t max_len)
+{
+    int i = 0;
+    for(i = 0; i < max_len; i++) {
+        if(str[i] == '\0') {
+            return i;
+       }
+    }
+    return -1;
+}
+
 /*
  * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or
  * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(),
@@ -184,6 +197,8 @@ krb_rd_req(authent,service,instance,from_addr,ad,fn)
     krb5_keyblock keyblock;
     int status;
 
+    tkt->mbz = req_id->mbz = 0;
+
     if (authent->length <= 0)
        return(RD_AP_MODIFIED);
 
@@ -219,8 +234,13 @@ krb_rd_req(authent,service,instance,from_addr,ad,fn)
         mutual = 0;
 #endif /* lint */
     s_kvno = *ptr++;           /* get server key version */
-    (void) strcpy(realm,ptr);   /* And the realm of the issuing KDC */
-    ptr += strlen(ptr) + 1;     /* skip the realm "hint" */
+    if(krb_strnlen(ptr, sizeof(realm)) < 0) {
+       return RD_AP_MODIFIED;  /* must have been modified, the client wouldn't
+                                  try to trick us with wacky data */
+    }
+    (void) strncpy(realm,ptr,REALM_SZ);        /* And the realm of the issuing KDC */
+    realm[REALM_SZ-1] = '\0';
+    ptr += strlen(realm) + 1;  /* skip the realm "hint" */
 
     /*
      * If "fn" is NULL, key info should already be set; don't
@@ -249,13 +269,16 @@ krb_rd_req(authent,service,instance,from_addr,ad,fn)
                return(RD_AP_UNDEC);
        
 #endif /* !NOENCRYPTION */
-        (void) strcpy(st_rlm,realm);
-        (void) strcpy(st_nam,service);
-        (void) strcpy(st_inst,instance);
+        (void) strncpy(st_rlm,realm, sizeof(st_rlm) - 1);
+       st_rlm[sizeof(st_rlm) - 1] = '\0';
+        (void) strncpy(st_nam,service, sizeof(st_nam) - 1);
+       st_nam[sizeof(st_nam) - 1] = '\0';
+        (void) strncpy(st_inst,instance, sizeof(st_inst) - 1);
+       st_inst[sizeof(st_inst) - 1] = '\0';
     }
 
     /* Get ticket from authenticator */
-    tkt->length = (int) *ptr++;
+    tkt->length = (int) *ptr++ & 0xff;
     if ((tkt->length + (ptr+1 - (char *) authent->dat)) > authent->length)
        return(RD_AP_MODIFIED);
     memcpy((char *)(tkt->dat), ptr+1, tkt->length);
@@ -324,13 +347,16 @@ krb_rd_req(authent,service,instance,from_addr,ad,fn)
 #define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
 
     ptr = (char *) req_id->dat;
-    (void) strcpy(r_aname,ptr);        /* Authentication name */
+    (void) strncpy(r_aname,ptr,ANAME_SZ); /* Authentication name */
+    r_aname[ANAME_SZ-1] = '\0';
     ptr += strlen(r_aname)+1;
     check_ptr();
-    (void) strcpy(r_inst,ptr); /* Authentication instance */
+    (void) strncpy(r_inst,ptr,INST_SZ);        /* Authentication instance */
+    r_inst[INST_SZ-1] = '\0';
     ptr += strlen(r_inst)+1;
     check_ptr();
-    (void) strcpy(r_realm,ptr);        /* Authentication name */
+    (void) strncpy(r_realm,ptr,REALM_SZ); /* Authentication name */
+    r_realm[REALM_SZ-1] = '\0';
     ptr += strlen(r_realm)+1;
     check_ptr();
     memcpy((char *)&ad->checksum, ptr, 4);     /* Checksum */
index 90e01bb3487608060f61d20dec81f31b3ae91be7..1e4b78601a62311b6eec5922054d8fb374d5b4a3 100644 (file)
@@ -131,14 +131,18 @@ krb_realmofhost(host)
                  if (domain && (strlen(trans_host) == strlen(domain))
                      && !strcasecmp (trans_host, domain)) {
                    /* got domain match, save for later */
-                   (void) strcpy (ret_realm, trans_realm);
+                   (void) strncpy (ret_realm, trans_realm,
+                                   sizeof(ret_realm) - 1);
+                   ret_realm[sizeof(ret_realm) - 1] = '\0';
                    continue;
                  }
                } else {
                  /* want exact match of hostname */
                  if ((strlen(lhost) == strlen(trans_host)) &&
                      !strcasecmp (trans_host, lhost)) {
-                   (void) strcpy (ret_realm, trans_realm);
+                   (void) strncpy (ret_realm, trans_realm,
+                                   sizeof(ret_realm) - 1);
+                   ret_realm[sizeof(ret_realm) - 1] = '\0';
                    break;
                  }
                }
index e62e3f954c8b41df47dcd604d33ae0030fb6b53d..2a6665648e1bfaf3cc8ca303c75d3fc8700cade2 100644 (file)
@@ -188,9 +188,12 @@ krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata,
        if (i < KRB_SENDAUTH_VLEN) {
            /* since we already got the space, and part of the ticket,
               we read fewer bytes to get the rest of the ticket */
+           int len_to_read = tkt_len - KRB_SENDAUTH_VLEN + 1 + i;
+           if (len_to_read <= 0)
+               return KFAILURE;
            if (krb_net_read(fd, (char *)(tmp_buf+KRB_SENDAUTH_VLEN),
-                            (int) (tkt_len - KRB_SENDAUTH_VLEN + 1 + i))
-               != (int)(tkt_len - KRB_SENDAUTH_VLEN + 1 + i))
+                            len_to_read)
+               != len_to_read)
                return(errno);
        } else {
            if (krb_net_read(fd, (char *)(tmp_buf+i), (int)tkt_len) !=
index c7e0fb33b8e4466ee473e21c7f695d9215e2e000..f93b9d0793cedbb9d2eb958e2e04f69114e4fcb2 100644 (file)
@@ -94,12 +94,13 @@ send_to_kdc(pkt,rpkt,realm)
      * local realm.
      */
     if (realm)
-       (void) strcpy(lrealm, realm);
+       (void) strncpy(lrealm, realm, sizeof(lrealm) - 1);
     else
        if (krb_get_lrealm(lrealm,1)) {
            DEB (("%s: can't get local realm\n", prog));
            return(SKDC_CANT);
        }
+    lrealm[sizeof(lrealm) - 1] = '\0';
     DEB (("lrealm is %s\n", lrealm));
 
     if (SOCKET_INITIALIZE()) {
index 9b8fb390487a9190928f0e7cb4690dc6a6a8b2e1..76c470c20f669a86ab3f96efe2c0c864c1c1d86c 100644 (file)
@@ -208,7 +208,8 @@ krb_sendauth(options, fd, ticket, service, inst, realm, checksum,
     }
 
     /* copy instance into local storage, so mk_auth can canonicalize */
-    (void) strncpy(srv_inst, inst, INST_SZ);
+    (void) strncpy(srv_inst, inst, INST_SZ-1);
+    srv_inst[INST_SZ-1] = 0;
     rem = krb_mk_auth (options, ticket, service, srv_inst, realm, checksum,
                           version, packet);
     if (rem != KSUCCESS)
index ebf500bf2955b0d540624c798d75b151abaa98e6..faf115e9c93406b4b1d5839b552c6a3128e843c6 100644 (file)
@@ -1,20 +1,38 @@
 /*
- * tf_util.c
+ * lib/krb4/tf_util.c
  *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts
+ * Institute of Technology.  All Rights Reserved.
  *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
  */
 
-#include "mit-copyright.h"
-
 #include "krb.h"
 #include "k5-int.h"
 
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
 #include <sys/stat.h>
 #include <fcntl.h>
 
@@ -44,7 +62,6 @@ char *shmat();
 #ifdef NEED_UTIMES
 
 #include <sys/time.h>
-#include <unistd.h>
 #ifdef __SCO__
 #include <utime.h>
 #endif
@@ -62,6 +79,20 @@ int utimes(path, times)
 }
 #endif
 
+#ifdef HAVE_SETEUID
+#define do_seteuid(e) seteuid((e))
+#else
+#ifdef HAVE_SETRESUID
+#define do_seteuid(e) setresuid(-1, (e), -1)
+#else
+#ifdef HAVE_SETREUID
+#define do_seteuid(e) setreuid(geteuid(), (e))
+#else
+#define do_seteuid(e) (errno = EPERM, -1)
+#endif
+#endif
+#endif
+
 /*
  * fd must be initialized to something that won't ever occur as a real
  * file descriptor. Since open(2) returns only non-negative numbers as
@@ -149,7 +180,7 @@ int tf_init(tf_name, rw)
     int rw;
 {
     int     wflag;
-    uid_t   me= getuid();
+    uid_t   me, metoo;
     struct stat stat_buf, stat_buffd;
 #ifdef TKT_SHMEM
     char shmidname[MAXPATHLEN]; 
@@ -163,6 +194,7 @@ int tf_init(tf_name, rw)
     }
 
     me = getuid();
+    metoo = geteuid();
 
     switch (rw) {
     case R_TKT_FIL:
@@ -181,8 +213,9 @@ int tf_init(tf_name, rw)
        tf_name = tkt_string();
 
 #ifdef TKT_SHMEM
-    (void) strcpy(shmidname, tf_name);
-    (void) strcat(shmidname, ".shm");
+    (void) strncpy(shmidname, tf_name, sizeof(shmidname) - 1);
+    shmidname[sizeof(shmidname) - 1] = '\0';
+    (void) strncat(shmidname, ".shm", sizeof(shmidname) - 1 - strlen(shmidname));
 #endif /* TKT_SHMEM */
 
     /*
@@ -195,8 +228,30 @@ int tf_init(tf_name, rw)
     curpos = sizeof(tfbfr);
 
 #ifdef TKT_SHMEM
+    if (lstat(shmidname, &stat_buf) < 0) {
+       switch (errno) {
+       case ENOENT:
+           return NO_TKT_FIL;
+       default:
+           return TKT_FIL_ACC;
+       }
+    }
+    if (stat_buf.st_uid != me || !(stat_buf.st_mode & S_IFREG)
+       || stat_buf.st_nlink != 1 || stat_buf.st_mode & 077) {
+       return TKT_FIL_ACC;
+    }
+
+    /*
+     * Yes, we do uid twiddling here.  It's not optimal, but some
+     * applications may expect that the ruid is what should really own
+     * the ticket file, e.g. setuid applications.
+     */
+    if (me != metoo && do_seteuid(me) < 0)
+       return KFAILURE;
     sfp = fopen(shmidname, "r");       /* only need read/write on the
                                           actual tickets */
+    if (me != metoo && do_seteuid(metoo) < 0)
+       return KFAILURE;
     if (sfp == 0) {
         switch(errno) {
         case ENOENT:
@@ -206,10 +261,11 @@ int tf_init(tf_name, rw)
        }
     }
 
-    /* lstat() and fstat() the file to check that the file we opened is the *
-     * one we think it is, and to check ownership.                          */
-    if ((fstat(sfp->_file, &stat_buffd) < 0) || 
-       (lstat(shmidname, &stat_buf) < 0)) {
+    /*
+     * fstat() the file to check that the file we opened is the one we
+     * think it is.
+     */
+    if (fstat(fileno(sfp), &stat_buffd) < 0) {
         (void) close(fd);
        fd = -1;
        switch(errno) {
@@ -270,8 +326,25 @@ int tf_init(tf_name, rw)
     tmp_shm_addr = krb_shm_addr;
 #endif /* TKT_SHMEM */
     
+    if (lstat(tf_name, &stat_buf) < 0) {
+       switch (errno) {
+       case ENOENT:
+           return NO_TKT_FIL;
+       default:
+           return TKT_FIL_ACC;
+       }
+    }
+    if (stat_buf.st_uid != me || !(stat_buf.st_mode & S_IFREG)
+       || stat_buf.st_nlink != 1 || stat_buf.st_mode & 077) {
+       return TKT_FIL_ACC;
+    }
+
     if (wflag) {
+       if (me != metoo && do_seteuid(me) < 0)
+           return KFAILURE;
        fd = open(tf_name, O_RDWR, 0600);
+       if (me != metoo && do_seteuid(metoo) < 0)
+           return KFAILURE;
        if (fd < 0) {
            switch(errno) {
            case ENOENT:
@@ -280,10 +353,11 @@ int tf_init(tf_name, rw)
                return TKT_FIL_ACC;
          }
        }
-       /* lstat() and fstat() the file to check that the file we opened is the *
-        * one we think it is, and to check ownership.                          */
-       if ((fstat(fd, &stat_buffd) < 0) || 
-           (lstat(tf_name, &stat_buf) < 0)) {
+       /*
+        * fstat() the file to check that the file we opened is the
+        * one we think it is, and to check ownership.
+        */
+       if (fstat(fd, &stat_buffd) < 0) {
            (void) close(fd);
            fd = -1;
            switch(errno) {
@@ -326,7 +400,11 @@ int tf_init(tf_name, rw)
      * for read-only operations and locked for shared access. 
      */
 
+    if (me != metoo && do_seteuid(me) < 0)
+       return KFAILURE;
     fd = open(tf_name, O_RDONLY, 0600);
+    if (me != metoo && do_seteuid(metoo) < 0)
+       return KFAILURE;
     if (fd < 0) {
         switch(errno) {
        case ENOENT:
@@ -335,10 +413,11 @@ int tf_init(tf_name, rw)
            return TKT_FIL_ACC;
        }
     }
-    /* lstat() and fstat() the file to check that the file we opened is the *
-     * one we think it is, and to check ownership.                          */
-    if ((fstat(fd, &stat_buffd) < 0) || 
-       (lstat(tf_name, &stat_buf) < 0)) {
+    /*
+     * fstat() the file to check that the file we opened is the one we
+     * think it is, and to check ownership.
+     */
+    if (fstat(fd, &stat_buffd) < 0) {
         (void) close(fd);
        fd = -1;
        switch(errno) {
index 50507aa12762b35fb29abc5cfc969c54a6c972ad..28d11bd85dfccbaaaa3040840cac883e7534783f 100644 (file)
@@ -62,15 +62,17 @@ krb__get_cnffile()
        char defname[FILENAME_MAX];
        UINT rc;
 
-       rc = GetWindowsDirectory(defname, sizeof(defname));
+       defname[sizeof(defname) - 1] = '\0';
+       rc = GetWindowsDirectory(defname, sizeof(defname) - 1);
        assert(rc > 0);
 
-       strcat(defname, "\\");
+       strncat(defname, "\\", sizeof(defname) - 1 - strlen(defname));
 
-       strcat(defname, DEF_KRB_CONF);
+       strncat(defname, DEF_KRB_CONF, sizeof(defname) - 1 - strlen(defname));
 
+       cnfname[sizeof(cnfname) - 1] = '\0';
        GetPrivateProfileString(INI_FILES, INI_KRB_CONF, defname,
-               cnfname, sizeof(cnfname), KERBEROS_INI);
+               cnfname, sizeof(cnfname) - 1, KERBEROS_INI);
 
        cnffile = fopen(cnfname, "r");
 
@@ -94,15 +96,17 @@ krb__get_realmsfile()
        char defname[FILENAME_MAX];
        UINT rc;
 
-       rc = GetWindowsDirectory(defname, sizeof(defname));
+       defname[sizeof(defname) - 1] = '\0';
+       rc = GetWindowsDirectory(defname, sizeof(defname) - 1);
        assert(rc > 0);
 
-       strcat(defname, "\\");
+       strncat(defname, "\\", sizeof(defname) - 1 - strlen(defname));
 
-       strcat(defname, DEF_KRB_REALMS);
+       strncat(defname, DEF_KRB_REALMS, sizeof(defname) - 1 - strlen(defname));
 
+       defname[sizeof(defname) - 1] = '\0';
        GetPrivateProfileString(INI_FILES, INI_KRB_REALMS, defname,
-               realmsname, sizeof(realmsname), KERBEROS_INI);
+               realmsname, sizeof(realmsname) - 1, KERBEROS_INI);
 
        realmsfile = fopen(realmsname, "r");
 
index a2ab81a2a9fe29f4a3db1f2abac29613c9b493be..880670b3a0599952d5a7c1923deae29615c7d571 100644 (file)
@@ -1,3 +1,23 @@
+2000-11-29     Miro Jurisic <meeroh@mit.edu>
+
+       * krb5_libinit.c: Install a callback in the Mac OS sleep
+       queue to get notification of the machine coming out
+       of sleep, in order to refresh the cached uptime to
+       real time offset
+
+2000-10-02  Alexandra Ellwood <lxs@mit.edu
+
+   * krb5_libinit.c: added #define for Mac OS X so
+   that krb5int_cleanup_library calls krb5_stdcc_shutdown.
+
+2000-06-03  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in (LIBMAJOR, LIBMINOR): Bump version.
+
+2000-04-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * Makefile.in (SHLIB_EXPLIBS): Add @RESOLV_LIB@.
+
 2000-03-14  Ken Raeburn  <raeburn@mit.edu>
 
        * configure.in: Check for gethostbyname2.
index 0dab1f3a9816e0188b6791b4536e34503c147f1c..68e354c6f11d7606320fc164084f08932d3f0ac5 100644 (file)
@@ -32,8 +32,8 @@ LIBDONE= error_tables/DONE asn.1/DONE ccache/DONE ccache/stdio/DONE \
 STLIBOBJS=krb5_libinit.o
 
 LIB=krb5
-LIBMAJOR=2
-LIBMINOR=2
+LIBMAJOR=3
+LIBMINOR=0
 
 STOBJLISTS= \
        OBJS.ST \
@@ -58,7 +58,7 @@ RELDIR=krb5
 SHLIB_EXPDEPS = \
        $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
        $(TOPLIBD)/libcom_err$(SHLIBEXT)
-SHLIB_EXPLIBS=-lk5crypto -lcom_err @GEN_LIB@
+SHLIB_EXPLIBS=-lk5crypto -lcom_err @GEN_LIB@ @RESOLV_LIB@
 SHLIB_DIRS=-L$(TOPLIBD)
 SHLIB_RDIRS=$(KRB5_LIBDIR)
 
index 96f70986347044f71fd50b652e15f3d34d88ada6..bd0d03c469b769a7b67a0566b539e8aee77d5674 100644 (file)
@@ -1,3 +1,80 @@
+2001-01-31  Tom Yu  <tlyu@mit.edu>
+
+       * asn1buf.c (asn1buf_sync): Add new arguments to include the full
+       complement of data about a prefetched tag, as well as to indicate
+       whether the prefetched tag or the surrounding sequence is of an
+       indefinite length.
+       (asn1buf_skiptail): Add new arguments to indicate whether the
+       prefetched tag is indefinite, as well as its length.  This
+       facilitates proper skipping of trailing garbage.
+       (asn1buf_remains): Add new argument to indicate whether the
+       surrounding encoding is indefinite.  Don't advance buf->next if an
+       EOC encoding is detected; the caller will do that.
+       [pullup from trunk]
+
+       * asn1buf.h: Update prototypes. [pullup from trunk]
+
+       * asn1_get.c (asn1_get_tag_indef): Don't treat EOC encoding as
+       special anymore, since previous behavior was overloading the
+       tag number in a bad way.  Also, report a MISMATCH_INDEF error if
+       the tag encoding is for the forbidden primitive constructed
+       encoding. [pullup from trunk]
+
+       * asn1_k_decode.c (next_tag): Call get_tag_indef() in order to get
+       information about whether the length is indefinite.  Don't check
+       the tag class and construction explicitly.
+       (get_eoc): New macro to get a tag and check if it is an EOC
+       encoding.
+       (get_field, opt_field): Move the check for the tag class and
+       construction to here.
+       (get_field_body, get_lenfield_body): Call get_eoc() instead of
+       next_tag() if we are decoding a constructed indefinite encoding.
+       (begin_structure): Use a different variable to indicate whether
+       the sequence is indefinite as opposed to whether an individual
+       field is indefinite.
+       (end_structure): Update to new calling convention of
+       asn1buf_sync().
+       (sequence_of): Rewrite significantly.
+       (sequence_of_common): Move the bulk of previous sequence_of()
+       macro to here.  Does not declare some variables that sequence_of()
+       declares.
+       (sequence_of_no_tagvars): Similar to sequence_of() macro but
+       declares different variables for the purpose of prefetching the
+       final tag.
+       (end_sequence_of_no_tagvars): Similar to end_sequence_of() macro
+       but uses variables declared by the sequence_of_no_tagvars() macro
+       to prefetch the final tag.
+       (asn1_decode_principal_name): Update for new asn1buf_remains()
+       calling convention.  Call sequence_of_no_tagvars(), etc. instead
+       of sequence_of(), etc. in order to not declare shadowing
+       block-local variables.
+       (decode_array_body): Update for new asn1buf_remains() calling
+       convention.
+       (asn1_decode_sequence_of_enctype): Update for new
+       asn1buf_remains() calling convention.
+       [pullup from trunk]
+       
+       * krb5_decode.c (next_tag): Call get_tag_indef() in order to get
+       information about whether the length is indefinite.  Don't check
+       the tag class and construction explicitly.
+       (get_eoc): New macro to get a tag and check if it is an EOC
+       encoding.
+       (get_field, opt_field): Move the check for the tag class and
+       construction to here.
+       (get_field_body, get_lenfield_body): Call get_eoc() instead of
+       next_tag() if we are decoding a constructed indefinite encoding.
+       (begin_structure): Use a different variable to indicate whether
+       the sequence is indefinite as opposed to whether an individual
+       field is indefinite.
+       (end_structure): Update to new calling convention of
+       asn1buf_sync().
+       [pullup from trunk]
+
+2000-09-28  Miro Jurisic  <meeroh@mit.edu>
+
+       * asn1_encode.c (asn1_encode_generaltime): Fixed the Mac code to
+       use the correct epoch.
+
 2000-02-06  Ken Raeburn  <raeburn@mit.edu>
 
        Patches from Frank Cusack for helping in preauth replay
index 7ef89c8c2eafbdeae39127352cecccb008387a34..22235592bce3eeb6abd027eb2778de067a7c36fa 100644 (file)
 #include "asn1_encode.h"
 #include "asn1_make.h"
 
+#ifdef macintosh
+#include <Utilities.h>
+#endif
+
 asn1_error_code asn1_encode_integer(buf, val, retlen)
      asn1buf * buf;
      const long val;
@@ -186,12 +190,6 @@ asn1_error_code asn1_encode_ia5string(buf, len, val, retlen)
   return 0;
 }
 
-#ifdef macintosh
-#define EPOCH ((70 * 365 * 24 * 60 * 60) + (17 *  24 * 60 * 60) + (getTimeZoneOffset() * 60 * 60))
-#else
-#define EPOCH (0)
-#endif
-
 asn1_error_code asn1_encode_generaltime(buf, val, retlen)
      asn1buf * buf;
      const time_t val;
@@ -201,9 +199,11 @@ asn1_error_code asn1_encode_generaltime(buf, val, retlen)
   struct tm *gtime;
   char s[16];
   int length, sum=0;
-  time_t gmt_time;
+  time_t gmt_time = val;
 
-  gmt_time = val + EPOCH;
+#ifdef macintosh
+  unix_time_to_msl_time (&gmt_time);
+#endif
   gtime = gmtime(&gmt_time);
 
   /*
index 20334a2fc2197b46ad44b3953b17d5f366d811c0..f7947cc3fb4c9ac22f173aaf48af3f6d209346ea 100644 (file)
@@ -42,12 +42,6 @@ asn1_get_tag_indef(buf, class, construction, tagnum, retlen, indef)
       *tagnum = ASN1_TAGNUM_CEILING;
       return 0;
   }
-  /* Allow for the indefinite encoding */
-  if ( !*(buf->next) && !*(buf->next + 1)) {
-    buf->next += 2;
-    *tagnum = ASN1_TAGNUM_CEILING;
-    return 0;
-  }
   retval = asn1_get_id(buf,class,construction,tagnum);
   if(retval) return retval;
   retval = asn1_get_length(buf,retlen,indef);
index 6f72d8e122da55bd8cf7a59ca48a08e2eca4eacc..a855527422f0297d9a6ff03fc35e00a1445cfed1 100644 (file)
@@ -39,10 +39,16 @@ int length,taglen
 #define unused_var(x) if(0) x=0
 
 #define next_tag()\
-retval = asn1_get_tag(&subbuf,&class,&construction,&tagnum,&taglen);\
-if(retval) return retval;\
-if(class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\
-  return ASN1_BAD_ID
+retval = asn1_get_tag_indef(&subbuf,&class,&construction,\
+                           &tagnum,&taglen,&indef);\
+if(retval) return retval;
+
+#define get_eoc()                                              \
+retval = asn1_get_tag_indef(&subbuf,&class,&construction,      \
+                           &tagnum,&taglen,&indef);            \
+if(retval) return retval;                                      \
+if(class != UNIVERSAL || tagnum || indef)                      \
+  return ASN1_MISSING_EOC
 
 #define alloc_field(var,type)\
 var = (type*)calloc(1,sizeof(type));\
@@ -59,15 +65,21 @@ if(class != APPLICATION || construction != CONSTRUCTED ||\
 #define get_field_body(var,decoder)\
 retval = decoder(&subbuf,&(var));\
 if(retval) return retval;\
-if(!taglen) { next_tag(); }\
+if(!taglen && indef) { get_eoc(); }\
 next_tag()
 
 #define get_field(var,tagexpect,decoder)\
 if(tagnum > (tagexpect)) return ASN1_MISSING_FIELD;\
 if(tagnum < (tagexpect)) return ASN1_MISPLACED_FIELD;\
+if((class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \
+   && (tagnum || taglen || class != UNIVERSAL)) \
+  return ASN1_BAD_ID;\
 get_field_body(var,decoder)
 
 #define opt_field(var,tagexpect,decoder,optvalue)\
+if((class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \
+   && (tagnum || taglen || class != UNIVERSAL)) \
+  return ASN1_BAD_ID;\
 if(tagnum == (tagexpect)){\
   get_field_body(var,decoder); }\
 else var = optvalue
@@ -76,12 +88,15 @@ else var = optvalue
 #define get_lenfield_body(len,var,decoder)\
 retval = decoder(&subbuf,&(len),&(var));\
 if(retval) return retval;\
-if(!taglen) { next_tag(); }\
+if(!taglen && indef) { get_eoc(); }\
 next_tag()
 
 #define get_lenfield(len,var,tagexpect,decoder)\
 if(tagnum > (tagexpect)) return ASN1_MISSING_FIELD;\
 if(tagnum < (tagexpect)) return ASN1_MISPLACED_FIELD;\
+if((class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \
+   && (tagnum || taglen || class != UNIVERSAL)) \
+  return ASN1_BAD_ID;\
 get_lenfield_body(len,var,decoder)
 
 #define opt_lenfield(len,var,tagexpect,decoder)\
@@ -92,30 +107,58 @@ else { len = 0; var = 0; }
 
 #define begin_structure()\
 asn1buf subbuf;\
+int seqindef;\
 int indef;\
-retval = asn1_get_sequence(buf,&length,&indef);\
+retval = asn1_get_sequence(buf,&length,&seqindef);\
 if(retval) return retval;\
-retval = asn1buf_imbed(&subbuf,buf,length,indef);\
+retval = asn1buf_imbed(&subbuf,buf,length,seqindef);\
 if(retval) return retval;\
 next_tag()
 
 #define end_structure()\
-retval = asn1buf_sync(buf,&subbuf,tagnum,length);\
+retval = asn1buf_sync(buf,&subbuf,class,tagnum,length,indef,seqindef);\
 if(retval) return retval
 
-#define sequence_of(buf)\
-int size=0;\
-asn1buf seqbuf;\
-int length;\
-int indef;\
-retval = asn1_get_sequence(buf,&length,&indef);\
-if(retval) return retval;\
-retval = asn1buf_imbed(&seqbuf,buf,length,indef);\
+#define sequence_of(buf)                       \
+unsigned int length, taglen;                   \
+asn1_class class;                              \
+asn1_construction construction;                        \
+asn1_tagnum tagnum;                            \
+int indef;                                     \
+sequence_of_common(buf)
+
+#define sequence_of_common(buf)                                \
+int size=0;                                            \
+asn1buf seqbuf;                                                \
+int seqofindef;                                                \
+retval = asn1_get_sequence(buf,&length,&seqofindef);   \
+if(retval) return retval;                              \
+retval = asn1buf_imbed(&seqbuf,buf,length,seqofindef); \
 if(retval) return retval
 
-#define end_sequence_of(buf)\
-retval = asn1buf_sync(buf,&seqbuf,ASN1_TAGNUM_CEILING,length);\
-if(retval) return retval
+#define sequence_of_no_tagvars(buf)            \
+asn1_class eseqclass;                          \
+asn1_construction eseqconstr;                  \
+asn1_tagnum eseqnum;                           \
+unsigned int eseqlen;                          \
+int eseqindef;                                 \
+sequence_of_common(buf)
+
+#define end_sequence_of_no_tagvars(buf)                                \
+retval = asn1_get_tag_indef(&seqbuf,&eseqclass,&eseqconstr,    \
+                           &eseqnum,&eseqlen,&eseqindef);      \
+if(retval) return retval;                                      \
+retval = asn1buf_sync(buf,&seqbuf,eseqclass,eseqnum,           \
+                     eseqlen,eseqindef,seqofindef);            \
+if(retval) return retval;
+
+#define end_sequence_of(buf)                                   \
+retval = asn1_get_tag_indef(&seqbuf,&class,&construction,      \
+                           &tagnum,&taglen,&indef);            \
+if(retval) return retval;                                      \
+retval = asn1buf_sync(buf,&seqbuf,class,tagnum,                        \
+                     length,indef,seqofindef);                 \
+if(retval) return retval;
 
 #define cleanup()\
 return 0
@@ -206,8 +249,8 @@ asn1_error_code asn1_decode_principal_name(buf, val)
   { begin_structure();
     get_field((*val)->type,0,asn1_decode_int32);
   
-    { sequence_of(&subbuf);
-      while(asn1buf_remains(&seqbuf)){
+    { sequence_of_no_tagvars(&subbuf);
+      while(asn1buf_remains(&seqbuf,seqofindef) > 0){
        size++;
        if ((*val)->data == NULL)
          (*val)->data = (krb5_data*)malloc(size*sizeof(krb5_data));
@@ -221,8 +264,12 @@ asn1_error_code asn1_decode_principal_name(buf, val)
        if(retval) return retval;
       }
       (*val)->length = size;
-      end_sequence_of(&subbuf);
+      end_sequence_of_no_tagvars(&subbuf);
+    }
+    if (indef) {
+       get_eoc();
     }
+    next_tag();
     end_structure();
     (*val)->magic = KV5M_PRINCIPAL;
   }
@@ -528,7 +575,7 @@ if(*(array) == NULL) return ENOMEM;\
   type *elt;\
 \
   { sequence_of(buf);\
-    while(asn1buf_remains(&seqbuf) > 0){\
+    while(asn1buf_remains(&seqbuf,seqofindef) > 0){\
       alloc_field(elt,type);\
       get_element(elt,decoder);\
       array_append(val,size,elt,type);\
@@ -660,7 +707,7 @@ asn1_error_code asn1_decode_sequence_of_enctype(buf, num, val)
 {
   asn1_error_code retval;
   { sequence_of(buf);
-    while(asn1buf_remains(&seqbuf) > 0){
+    while(asn1buf_remains(&seqbuf,seqofindef) > 0){
       size++;
       if (*val == NULL)
         *val = (krb5_enctype*)malloc(size*sizeof(krb5_enctype));
index 9c639279a8cca25d92368c329cf054240b92fabd..4be82fbe617815083ac850010c169da6c29655f2 100644 (file)
@@ -54,6 +54,9 @@
 #include <stdio.h>
 #include "asn1_get.h"
 
+#define asn1_is_eoc(class, num, indef) \
+((class) == UNIVERSAL && !(num) && !(indef))
+
 asn1_error_code asn1buf_create(buf)
      asn1buf ** buf;
 {
@@ -91,34 +94,35 @@ asn1_error_code asn1buf_imbed(subbuf, buf, length, indef)
   return 0;
 }
 
-asn1_error_code asn1buf_sync(buf, subbuf, lasttag, length)
+asn1_error_code asn1buf_sync(buf, subbuf, class, lasttag, length, indef, seqindef)
      asn1buf * buf;
      asn1buf * subbuf;
+     const asn1_class class;
      const asn1_tagnum lasttag;
      const int length;
+     const int indef;
+     const int seqindef;
 {
   asn1_error_code retval;
 
-  if (length) {
+  if (!seqindef) {
+    /* sequence was encoded as definite length */
     buf->next = subbuf->bound + 1;
+  } else if (!asn1_is_eoc(class, lasttag, indef)) {
+      retval = asn1buf_skiptail(subbuf, length, indef);
+      if (retval)
+         return retval;
   } else {
-    /*
-     * indefinite length:
-     *
-     * Note that asn1_get_tag() returns ASN1_TAGNUM_CEILING
-     * for an EOC encoding.
-     */
-    if (lasttag != ASN1_TAGNUM_CEILING) {
-      retval = asn1buf_skiptail(subbuf);
-      if (retval) return retval;
-    }
+    /* We have just read the EOC octets. */
     buf->next = subbuf->next;
   }
   return 0;
 }
 
-asn1_error_code asn1buf_skiptail(buf)
+asn1_error_code asn1buf_skiptail(buf, length, indef)
      asn1buf *buf;
+     const int length;
+     const int indef;
 {
   asn1_error_code retval;
   asn1_class class;
@@ -126,15 +130,29 @@ asn1_error_code asn1buf_skiptail(buf)
   asn1_tagnum tagnum;
   int taglen;
   int nestlevel;
+  int tagindef;
 
-  nestlevel = 1;
+  nestlevel = 1 + indef;
+  if (!indef) {
+    if (length <= buf->bound - buf->next + 1)
+      buf->next += length;
+    else
+      return ASN1_OVERRUN;
+  }
   while (nestlevel > 0) {
-    retval = asn1_get_tag(buf, &class, &construction, &tagnum, &taglen);
+    retval = asn1_get_tag_indef(buf, &class, &construction, &tagnum,
+                               &taglen, &tagindef);
     if (retval) return retval;
-    if (construction == CONSTRUCTED && taglen == 0)
+    if (!tagindef) {
+      if (taglen <= buf->bound - buf->next + 1)
+       buf->next += taglen;
+      else
+       return ASN1_OVERRUN;
+    }
+    if (tagindef)
       nestlevel++;
-    if (tagnum == ASN1_TAGNUM_CEILING)
-      nestlevel--;
+    if (asn1_is_eoc(class, tagnum, tagindef))
+      nestlevel--;             /* got an EOC encoding */
   }
   return 0;
 }
@@ -247,8 +265,9 @@ asn1_error_code asn1buf_remove_charstring(buf, len, s)
   return 0;
 }
 
-int asn1buf_remains(buf)
+int asn1buf_remains(buf, indef)
     asn1buf *buf;
+    int indef;
 {
   int remain;
   if(buf == NULL || buf->base == NULL) return 0;
@@ -256,15 +275,9 @@ int asn1buf_remains(buf)
   if (remain <= 0) return remain;
   /*
    * Two 0 octets means the end of an indefinite encoding.
-   * 
-   * XXX  Do we need to test to make sure we'er actually doing an
-   * indefinite encoding here?
    */
-  if ( !*(buf->next) && !*(buf->next + 1)) {
-   /* buf->bound = buf->next + 1;  */
-      buf->next += 2;
+  if (indef && remain >= 2 && !*(buf->next) && !*(buf->next + 1))
       return 0;
-  }
   else return remain;
 }
 
@@ -379,9 +392,9 @@ asn1_error_code asn1buf_ensure_space(buf, amount)
      asn1buf * buf;
      const int amount;
 {
-  int free = asn1buf_free(buf);
-  if(free < amount){
-    asn1_error_code retval = asn1buf_expand(buf, amount-free);
+  int avail = asn1buf_free(buf);
+  if(avail < amount){
+    asn1_error_code retval = asn1buf_expand(buf, amount-avail);
     if(retval) return retval;
   }
   return 0;
index 52fc0d625adb28af8702b7642e49730d0469b068..3f4a6ace5c19796c9b7951e7b926a86d7fedeb80 100644 (file)
@@ -121,14 +121,17 @@ asn1_error_code asn1buf_imbed
              position starts at the beginning of *subbuf. */
 
 asn1_error_code asn1buf_sync
-       PROTOTYPE((asn1buf *buf, asn1buf *subbuf, const asn1_tagnum lasttag,
-                  const int length));
+       PROTOTYPE((asn1buf *buf, asn1buf *subbuf, const asn1_class class, 
+                  const asn1_tagnum lasttag,
+                  const int length, const int indef,
+                  const int seqindef));
 /* requires  *subbuf is a sub-buffer of *buf, as created by asn1buf_imbed.
-             lasttag is a pointer to the last tagnumber read.
+             lasttag is the last tagnumber read.
    effects   Synchronizes *buf's current position to match that of *subbuf. */
 
 asn1_error_code asn1buf_skiptail
-       PROTOTYPE((asn1buf *buf));
+       PROTOTYPE((asn1buf *buf, const int length,
+                  const int indef));
 /* requires  *buf is a subbuffer used in a decoding of a
              constructed indefinite sequence.
    effects   skips trailing fields. */
@@ -143,7 +146,7 @@ asn1_error_code asn1buf_insert_octet
    effects   Inserts o into the buffer *buf, expanding the buffer if
              necessary.  Returns ENOMEM memory is exhausted. */
 #if ((__GNUC__ >= 2) && !defined(ASN1BUF_OMIT_INLINE_FUNCS))
-extern inline asn1_error_code asn1buf_insert_octet(buf, o)
+extern __inline__ asn1_error_code asn1buf_insert_octet(buf, o)
      asn1buf * buf;
      const int o;
 {
@@ -221,7 +224,7 @@ asn1_error_code asn12krb5_buf
 
 
 int asn1buf_remains
-       PROTOTYPE((asn1buf *buf));
+       PROTOTYPE((asn1buf *buf, int indef));
 /* requires  *buf is a buffer containing an asn.1 structure or array
    modifies  *buf
    effects   Returns the number of unprocessed octets remaining in *buf. */
index 69028b9bb7405513ab4cfa970e0c5bb26dc7f5bb..ff935c6d514e7f802b9fb71af33231f70de5d460 100644 (file)
@@ -77,23 +77,29 @@ if(tagnum != (tagexpect)) clean_return(KRB5_BADMSGTYPE)
 
 /* decode an explicit tag and place the number in tagnum */
 #define next_tag()\
-retval = asn1_get_tag(&subbuf,&class,&construction,&tagnum,NULL);\
-if(retval) clean_return(retval);\
-if(class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\
-  clean_return(ASN1_BAD_ID)
+retval = asn1_get_tag_indef(&subbuf,&class,&construction,&tagnum,NULL,&indef);\
+if(retval) clean_return(retval)
+
+#define get_eoc()                                              \
+retval = asn1_get_tag_indef(&subbuf,&class,&construction,      \
+                           &tagnum,NULL,&indef);               \
+if(retval) return retval;                                      \
+if(class != UNIVERSAL || tagnum || indef)                      \
+  return ASN1_MISSING_EOC
 
 /* decode sequence header and initialize tagnum with the first field */
 #define begin_structure()\
 asn1buf subbuf;\
+int seqindef;\
 int indef;\
-retval = asn1_get_sequence(&buf,&length,&indef);\
+retval = asn1_get_sequence(&buf,&length,&seqindef);\
 if(retval) clean_return(retval);\
-retval = asn1buf_imbed(&subbuf,&buf,length,indef);\
+retval = asn1buf_imbed(&subbuf,&buf,length,seqindef);\
 if(retval) clean_return(retval);\
 next_tag()
 
 #define end_structure()\
-retval = asn1buf_sync(&buf,&subbuf,tagnum,length);\
+retval = asn1buf_sync(&buf,&subbuf,class,tagnum,length,indef,seqindef);\
 if (retval) clean_return(retval)
 
 /* process fields *******************************************/
@@ -101,6 +107,7 @@ if (retval) clean_return(retval)
 #define get_field_body(var,decoder)\
 retval = decoder(&subbuf,&(var));\
 if(retval) clean_return(retval);\
+if (indef) { get_eoc(); }\
 next_tag()
 
 /* decode a field (<[UNIVERSAL id]> <length> <contents>)
@@ -110,26 +117,35 @@ next_tag()
 #define get_field(var,tagexpect,decoder)\
 if(tagnum > (tagexpect)) clean_return(ASN1_MISSING_FIELD);\
 if(tagnum < (tagexpect)) clean_return(ASN1_MISPLACED_FIELD);\
+if(class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\
+  clean_return(ASN1_BAD_ID);\
 get_field_body(var,decoder)
 
 /* decode (or skip, if not present) an optional field */
 #define opt_field(var,tagexpect,decoder)\
+if(class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\
+  clean_return(ASN1_BAD_ID);\
 if(tagnum == (tagexpect)){ get_field_body(var,decoder); }
 
 /* field w/ accompanying length *********/
 #define get_lenfield_body(len,var,decoder)\
 retval = decoder(&subbuf,&(len),&(var));\
 if(retval) clean_return(retval);\
+if (indef) { get_eoc(); }\
 next_tag()
 
 /* decode a field w/ its length (for string types) */
 #define get_lenfield(len,var,tagexpect,decoder)\
 if(tagnum > (tagexpect)) clean_return(ASN1_MISSING_FIELD);\
 if(tagnum < (tagexpect)) clean_return(ASN1_MISPLACED_FIELD);\
+if(class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\
+  clean_return(ASN1_BAD_ID);\
 get_lenfield_body(len,var,decoder)
 
 /* decode an optional field w/ length */
 #define opt_lenfield(len,var,tagexpect,decoder)\
+if(class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\
+  clean_return(ASN1_BAD_ID);\
 if(tagnum == (tagexpect)){\
   get_lenfield_body(len,var,decoder);\
 }
index 2f74235fbe1bd1c4a1a6b61c6bde8c6786a03619..695ccc789552f3c467a669ab4f9f5017cd6771af 100644 (file)
@@ -1,3 +1,37 @@
+2000-09-12     Alexandra Ellwood <lxs@mit.edu>
+
+        * ccdefops.c: created #define for USE_CCAPI now that both Mac OS 9 and
+        Mac OS 10 use ccapi.
+
+2000-5-31      Alexandra Ellwood <lxs@mit.edu>
+
+       * ccdefault.c: Changed kerberosPrincipal_V5 to kerberosVersion_V5 to reflect 
+       the new constant name.
+
+2000-5-19      Alexandra Ellwood <lxs@mit.edu>
+
+       * ccdefault.c: Added krb5int_cc_default.  This function 
+       supports the Kerberos Login Library and pops up a dialog if the cache does 
+       not contain valid tickets.  This is used to automatically get a tgt before
+       obtaining service tickets.  Note that this should be an internal function
+       because callers don't expect krb5_cc_default to pop up a dialog!
+       (We found this out the hard way :-)
+
+2000-4-26      Alexandra Ellwood <lxs@mit.edu>
+
+       * ccdefault.c: Added version number to internal Kerberos Login Library 
+       routine.
+
+2000-4-13      Alexandra Ellwood <lxs@mit.edu>
+
+       * ccdefault.c: Added Kerberos Login library support (with ifdefs to control 
+       whether or not it is on.  Also added support to store a krb5_principal in the
+       os_context along with the default ccache name (if known, this principal is 
+       the same as the last time we looked at the ccache.
+       * ccdefname.c: Added support to store a krb5_principal in the os_context 
+       along with the default ccache name (if known, this principal is the same 
+       as the last time we looked at the ccache.
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index e4dac98dd84becd97f750dac4c20f6d21a4bcee2..17b8b4cef659933a84324e8e1b3fa9cd49f20f6f 100644 (file)
@@ -1,3 +1,70 @@
+2000-10-02     Alexandra Ellwood <lxs@mit.edu>
+
+        * stdcc_util.c: now Mac OS X uses get_time_offsets to store offset time
+        like Mac OS 9.
+
+2000-09-12     Alexandra Ellwood <lxs@mit.edu>
+
+        * stdcc.h, stdcc_util.h: created #define for USE_CCAPI now that 
+        both Mac OS 9 and Mac OS 10 use ccapi.
+
+2000-06-08  Alexandra Ellwood  <lxs@mit.edu>
+
+       * stdcc_util.c (dupCCtoK5, dupK5toCC): 
+               Fixed code that stores times in localtime, not in kdc time.
+
+2000-05-18  Danilo Almeida  <dalmeida@mit.edu>
+
+       * stdcc_util.c (dupK5toCC): Remove unused variables.
+
+       * stdcc_util.c: Reindent to krb5 coding style.  Remove whitespace
+       at end of lines.  Replace C++ comments with C comments.
+
+       * stdcc_util.h: Replace C++ comments with C comments.
+
+       * winccld.h: Define CC_API_VER2 for all Windows code using ccapi.
+       Update dynamic loading declarations to use CC_API_VER2.
+
+       * winccld.h: Do not define or try to load cc_lock_request, which is
+       not actually used anywhere in the code.
+
+       * stdcc.c: Define CC_API_VER2 if not defined rather than just if
+       not Windows.
+
+       * winccld.c (LoadFuncs): Get error on DLL load failure even though
+       we do not use it in case we are doing source-level debugging.
+
+2000-05-04  Miro Jurisic  <meeroh@mit.edu>
+
+       * stdcc_util.c (dupCCtoK5, dupK5toCC): 
+               Conditionalized local/KDC time conversions for Mac-only
+               until we figure out what to do about that
+
+2000-04-07  Jeffrey Altman <jaltman@columbia.edu>
+
+       * stdcc_util.c (copyCCDataArrayToK5, copyCCDataArrayToK5): 
+       * stdcc_util.c (dupCCtoK5, dupK5toCC): 
+
+          memory was being allocated as   (sizeof(foo) * count + 1)
+          instead of                      (sizeof(foo) * (count + 1))
+
+2000-04-03  Jeffrey Altman <jaltman@columbia.edu>
+
+       * stdcc_util.c (copyCCDataArrayToK5, copyCCDataArrayToK5): 
+       * stdcc_util.c (dupCCtoK5, dupK5toCC): 
+
+          Changed all references to the type UInt32 to unsigned int
+          since UInt32 is not a standard type on Unix or Win32    
+
+2000-03-24  Alexandra Ellwood  <lxs@mit.edu>
+
+       * stdcc_util.c (copyCCDataArrayToK5, copyCCDataArrayToK5): 
+               Modified to copy authdata as well... this code may have 
+               bugs since I couldn't get a good case where authdata != NULL
+       
+       * stdcc_util.c (dupCCtoK5, dupK5toCC): 
+               Added code to store times in localtime, not in kdc time.
+
 2000-03-15  Danilo Almeida  <dalmeida@mit.edu>
 
        * stdcc.c (krb5_stdcc_destroy): Do not mask KRB5_FCC_NOFILE error
index a17cd02650791b0d0c4cb9fec7bb0d14c78f8fd2..849a906c89c082b82ceca7ba86a94485bb032937 100644 (file)
@@ -40,7 +40,7 @@ apiCB *gCntrlBlock = NULL;
 #include "winccld.h"   
 #endif
 
-#if !defined(_MSDOS) && !defined(_WIN32)
+#ifndef CC_API_VER2
 #define CC_API_VER2
 #endif
 
index 109c4fc77b6d57692f661a624ff597e57970023b..c7ede06630da483d2d888572dd7be1830d92f928 100644 (file)
@@ -1,6 +1,6 @@
 #include "krb5.h"
        
-#if defined(macintosh)
+#if defined(USE_CCAPI)
 #include "CCache2.h"
 #endif
 
index 4262eeddd034311b5e89f1259090d59e1d7c6fc9..a5975f7e7cd0fd4775194360ad4ed29d4b1bb3f9 100644 (file)
  * - copy and translate the null terminated arrays of data records
  *      used in k5 tickets
  */
-int copyCCDataArrayToK5(cc_creds *cc, krb5_creds *kc, char whichArray) {
-
-       cc_data *ccAdr, **cbase;
-       krb5_address *kAdr, **kbase, **constKBase;
-       int numRecords = 0;
-               
-       
-       if (whichArray == kAddressArray) {
-               /* check pointer */
-               if (cc->addresses == NULL) {
-                       kc->addresses = NULL;
-                       return 0;
-               }
-       } else if (whichArray == kAuthDataArray) {
-               /* check pointer */
-               if (cc->authdata == NULL) {
-                       kc->authdata = NULL;
-                       return 0;
-               }
-       } else
-               return -1;
-       
-
-       cbase = (whichArray == kAddressArray) ? cc->addresses : cc->authdata;
-       /* calc number of records */
-       while (*cbase++ != NULL) numRecords++;
-       /* allocate new array */
-       constKBase = kbase = (krb5_address **)malloc((numRecords+1)*sizeof(char *));
-       //reset base
-       cbase = (whichArray == kAddressArray) ? cc->addresses : cc->authdata;
-               
-               
-       //copy records
-       while (*cbase != NULL) {
-               *kbase = (krb5_address *)malloc(sizeof(krb5_address));
-               kAdr = *kbase;
-               ccAdr = *cbase;
-               kAdr->magic = (whichArray == kAddressArray) ? KV5M_ADDRESS : KV5M_AUTHDATA;
-               kAdr->addrtype = ccAdr->type;
-               kAdr->length = ccAdr->length;
-               kAdr->contents = (krb5_octet *)malloc(kAdr->length);
-               memcpy(kAdr->contents, ccAdr->data, kAdr->length);
-               //next element please
-               kbase++; cbase++;
+int copyCCDataArrayToK5(cc_creds *ccCreds, krb5_creds *v5Creds, char whichArray) {
+
+    if (whichArray == kAddressArray) {
+       if (ccCreds->addresses == NULL) {
+           v5Creds->addresses = NULL;
+       } else {
+
+           krb5_address        **addrPtr, *addr;
+           cc_data                     **dataPtr, *data;
+           unsigned int                numRecords = 0;
+
+           /* Allocate the array of pointers: */
+           for (dataPtr = ccCreds->addresses; *dataPtr != NULL; numRecords++, dataPtr++) {}
+
+           v5Creds->addresses = (krb5_address **) malloc (sizeof(krb5_address *) * (numRecords + 1));
+           if (v5Creds->addresses == NULL)
+               return ENOMEM;
+
+           /* Fill in the array, allocating the address structures: */
+           for (dataPtr = ccCreds->addresses, addrPtr = v5Creds->addresses; *dataPtr != NULL; addrPtr++, dataPtr++) {
+
+               *addrPtr = (krb5_address *) malloc (sizeof(krb5_address));
+               if (*addrPtr == NULL)
+                   return ENOMEM;
+               data = *dataPtr;
+               addr = *addrPtr;
+
+               addr->addrtype = data->type;
+               addr->magic    = KV5M_ADDRESS;
+               addr->length   = data->length;
+               addr->contents = (krb5_octet *) malloc (sizeof(krb5_octet) * addr->length);
+               if (addr->contents == NULL)
+                   return ENOMEM;
+               memmove(addr->contents, data->data, addr->length); /* copy contents */
+           }
+
+           /* Write terminator: */
+           *addrPtr = NULL;
+       }
+    }
+
+    if (whichArray == kAuthDataArray) {
+       if (ccCreds->authdata == NULL) {
+           v5Creds->authdata = NULL;
+       } else {
+           krb5_authdata       **authPtr, *auth;
+           cc_data                     **dataPtr, *data;
+           unsigned int                numRecords = 0;
+
+           /* Allocate the array of pointers: */
+           for (dataPtr = ccCreds->authdata; *dataPtr != NULL; numRecords++, dataPtr++) {}
+
+           v5Creds->authdata = (krb5_authdata **) malloc (sizeof(krb5_authdata *) * (numRecords + 1));
+           if (v5Creds->authdata == NULL)
+               return ENOMEM;
+
+           /* Fill in the array, allocating the address structures: */
+           for (dataPtr = ccCreds->authdata, authPtr = v5Creds->authdata; *dataPtr != NULL; authPtr++, dataPtr++) {
+
+               *authPtr = (krb5_authdata *) malloc (sizeof(krb5_authdata));
+               if (*authPtr == NULL)
+                   return ENOMEM;
+               data = *dataPtr;
+               auth = *authPtr;
+
+               auth->ad_type  = data->type;
+               auth->magic    = KV5M_AUTHDATA;
+               auth->length   = data->length;
+               auth->contents = (krb5_octet *) malloc (sizeof(krb5_octet) * auth->length);
+               if (auth->contents == NULL)
+                   return ENOMEM;
+               memmove(auth->contents, data->data, auth->length); /* copy contents */
+           }
+
+           /* Write terminator: */
+           *authPtr = NULL;
        }
-       
-       //write terminator
-       *kbase = NULL;
-       if (whichArray == kAddressArray) kc->addresses = constKBase;
-       else kc->authdata = (krb5_authdata **)constKBase;
+    }
 
-       return 0;
+    return 0;
 }
 
 /*
  * copyK5DataArrayToCC
  * - analagous to above, but in the other direction
  */
-int copyK5DataArrayToCC(krb5_creds *kc, cc_creds *cc, char whichArray) {
-
-       cc_data *ccAdr, **cbase, **constCBase;
-       krb5_address *kAdr, **kbase;
-       int numRecords = 0;
-               
-       
-       if (whichArray == kAddressArray) {
-               //check pointer
-               if (kc->addresses == NULL) {
-                       cc->addresses = NULL;
-                       return 0; }
-       } else if (whichArray == kAuthDataArray) {
-               //check pointer
-               if (kc->authdata == NULL) {
-                       cc->authdata = NULL;
-                       return 0; }
-       } else return -1;
-       
-
-       kbase = (whichArray == kAddressArray) ? kc->addresses : (krb5_address **)kc->authdata;
-       //calc number of records
-       while (*kbase++ != NULL) numRecords++;
-       //allocate new array
-       constCBase = cbase = (cc_data **)malloc((numRecords+1)*sizeof(char *));
-       //reset base
-       kbase = (whichArray == kAddressArray) ? kc->addresses : (krb5_address **)kc->authdata;
-               
-               
-       //copy records
-       while (*kbase != NULL) {
-               *cbase = (cc_data *)malloc(sizeof(krb5_address));
-               kAdr = *kbase;
-               ccAdr = *cbase;
-               ccAdr->type = kAdr->addrtype;
-               ccAdr->length = kAdr->length;
-               ccAdr->data = (unsigned char *)malloc(ccAdr->length);
-               memcpy(ccAdr->data, kAdr->contents, kAdr->length);
-               //next element please
-               kbase++; cbase++;
+int copyK5DataArrayToCC(krb5_creds *v5Creds, cc_creds *ccCreds, char whichArray)
+{
+    if (whichArray == kAddressArray) {
+       if (v5Creds->addresses == NULL) {
+           ccCreds->addresses = NULL;
+       } else {
+
+           krb5_address        **addrPtr, *addr;
+           cc_data                     **dataPtr, *data;
+           unsigned int                        numRecords = 0;
+
+           /* Allocate the array of pointers: */
+           for (addrPtr = v5Creds->addresses; *addrPtr != NULL; numRecords++, addrPtr++) {}
+
+           ccCreds->addresses = (cc_data **) malloc (sizeof(cc_data *) * (numRecords + 1));
+           if (ccCreds->addresses == NULL)
+               return ENOMEM;
+
+           /* Fill in the array, allocating the address structures: */
+           for (dataPtr = ccCreds->addresses, addrPtr = v5Creds->addresses; *addrPtr != NULL; addrPtr++, dataPtr++) {
+
+               *dataPtr = (cc_data *) malloc (sizeof(cc_data));
+               if (*dataPtr == NULL)
+                   return ENOMEM;
+               data = *dataPtr;
+               addr = *addrPtr;
+
+               data->type   = addr->addrtype;
+               data->length = addr->length;
+               data->data   = malloc (sizeof(char) * data->length);
+               if (data->data == NULL)
+                   return ENOMEM;
+               memmove(data->data, addr->contents, data->length); /* copy contents */
+           }
+
+           /* Write terminator: */
+           *dataPtr = NULL;
+       }
+    }
+
+    if (whichArray == kAuthDataArray) {
+       if (v5Creds->authdata == NULL) {
+           ccCreds->authdata = NULL;
+       } else {
+           krb5_authdata       **authPtr, *auth;
+           cc_data                     **dataPtr, *data;
+           unsigned int                        numRecords = 0;
+
+           /* Allocate the array of pointers: */
+           for (authPtr = v5Creds->authdata; *authPtr != NULL; numRecords++, authPtr++) {}
+
+           ccCreds->authdata = (cc_data **) malloc (sizeof(cc_data *) * (numRecords + 1));
+           if (ccCreds->authdata == NULL)
+               return ENOMEM;
+
+           /* Fill in the array, allocating the address structures: */
+           for (dataPtr = ccCreds->authdata, authPtr = v5Creds->authdata; *authPtr != NULL; authPtr++, dataPtr++) {
+
+               *dataPtr = (cc_data *) malloc (sizeof(cc_data));
+               if (*dataPtr == NULL)
+                   return ENOMEM;
+               data = *dataPtr;
+               auth = *authPtr;
+
+               data->type   = auth->ad_type;
+               data->length = auth->length;
+               data->data   = malloc (sizeof(char) * data->length);
+               if (data->data == NULL)
+                   return ENOMEM;
+               memmove(data->data, auth->contents, data->length); /* copy contents */
+           }
+
+           /* Write terminator: */
+           *dataPtr = NULL;
        }
-       
-       //write terminator
-       *cbase = NULL;
-       if (whichArray == kAddressArray) cc->addresses = (cc_data **)constCBase;
-       else cc->authdata = (cc_data **)constCBase;
+    }
 
-       return 0;
+    return 0;
 }
 
 /*
@@ -136,52 +194,56 @@ int copyK5DataArrayToCC(krb5_creds *kc, cc_creds *cc, char whichArray) {
  * - allocate an empty k5 style ticket and copy info from the cc_creds ticket
  */
 
-void dupCCtoK5(krb5_context context, cc_creds *src, krb5_creds *dest) {
-
-       int err;
-       
-       /*
-        * allocate and copy
-        * copy all of those damn fields back
-        */
-       err = krb5_parse_name(context, src->client, &(dest->client));
-       err = krb5_parse_name(context, src->server, &(dest->server));
-       if (err) return; //parsename fails w/o krb5.ini for example
-       
-       /* copy keyblock */
-       dest->keyblock.enctype = src->keyblock.type;
-       dest->keyblock.length = src->keyblock.length;
-       dest->keyblock.contents = (krb5_octet *)malloc(dest->keyblock.length);
-       memcpy(dest->keyblock.contents, src->keyblock.data, dest->keyblock.length);
-       
-       /* copy times */
-       dest->times.authtime = src->authtime;
-       dest->times.starttime = src->starttime;
-       dest->times.endtime = src->endtime;
-       dest->times.renew_till = src->renew_till;
-       dest->is_skey = src->is_skey;
-       dest->ticket_flags = src->ticket_flags;
-       
-       /* more branching fields */
-       copyCCDataArrayToK5(src, dest, kAddressArray);
-       dest->ticket.length = src->ticket.length;
-       dest->ticket.data = (char *)malloc(src->ticket.length);
-       memcpy(dest->ticket.data, src->ticket.data, src->ticket.length);
-       dest->second_ticket.length = src->second_ticket.length;
-       (dest->second_ticket).data = ( char *)malloc(src->second_ticket.length);
-       memcpy(dest->second_ticket.data, src->second_ticket.data, src->second_ticket.length);
-       
-       /* zero out magic number */
-       dest->magic = 0;
-       /*
-        * later
-        * copyCCDataArrayToK5(src, dest, kAuthDataArray);
-        * krb5 docs say that authdata can be nulled out if we 
-        * only want default behavior
-        */
-       dest->authdata = NULL;
-       
-       return;
+void dupCCtoK5(krb5_context context, cc_creds *src, krb5_creds *dest)
+{
+    krb5_int32 offset_seconds = 0, offset_microseconds = 0;
+    int err;
+
+    /*
+     * allocate and copy
+     * copy all of those damn fields back
+     */
+    err = krb5_parse_name(context, src->client, &(dest->client));
+    err = krb5_parse_name(context, src->server, &(dest->server));
+    if (err) return; /* parsename fails w/o krb5.ini for example */
+
+    /* copy keyblock */
+    dest->keyblock.enctype = src->keyblock.type;
+    dest->keyblock.length = src->keyblock.length;
+    dest->keyblock.contents = (krb5_octet *)malloc(dest->keyblock.length);
+    memcpy(dest->keyblock.contents, src->keyblock.data, dest->keyblock.length);
+
+    /* copy times */
+#if defined(macintosh) || defined(__MACH__)
+    err = krb5_get_time_offsets(context, &offset_seconds, &offset_microseconds);
+    if (err) return;
+#endif
+    dest->times.authtime   = src->authtime     + offset_seconds;
+    dest->times.starttime  = src->starttime    + offset_seconds;
+    dest->times.endtime    = src->endtime      + offset_seconds;
+    dest->times.renew_till = src->renew_till   + offset_seconds;
+    dest->is_skey          = src->is_skey;
+    dest->ticket_flags     = src->ticket_flags;
+
+    /* more branching fields */
+    err = copyCCDataArrayToK5(src, dest, kAddressArray);
+    if (err) return;
+
+    dest->ticket.length = src->ticket.length;
+    dest->ticket.data = (char *)malloc(src->ticket.length);
+    memcpy(dest->ticket.data, src->ticket.data, src->ticket.length);
+    dest->second_ticket.length = src->second_ticket.length;
+    (dest->second_ticket).data = ( char *)malloc(src->second_ticket.length);
+    memcpy(dest->second_ticket.data, src->second_ticket.data, src->second_ticket.length);
+
+    /* zero out magic number */
+    dest->magic = 0;
+
+    /* authdata */
+    err = copyCCDataArrayToK5(src, dest, kAuthDataArray);
+    if (err) return;
+
+    return;
 }
 
 /*
@@ -190,90 +252,97 @@ void dupCCtoK5(krb5_context context, cc_creds *src, krb5_creds *dest) {
  */
 void dupK5toCC(krb5_context context, krb5_creds *creds, cred_union **cu)
 {
-       cc_creds *c;
-       int err;
+    cc_creds *c;
+    int err;
+    krb5_int32 offset_seconds = 0, offset_microseconds = 0;
 #ifdef macintosh
-       char *tempname = NULL;
+    char *tempname = NULL;
 #endif
-         
-       if (cu == NULL) return;
-               
-       /* allocate the cred_union */
-       *cu = (cred_union *)malloc(sizeof(cred_union));
-       if ((*cu) == NULL)
-               return;
-               
-       (*cu)->cred_type = CC_CRED_V5;
-               
-       /* allocate creds structure (and install) */
-       c  = (cc_creds *)malloc(sizeof(cc_creds));
-       if (c == NULL) return;
-       (*cu)->cred.pV5Cred = c;
-               
-       /* convert krb5 principals to flat principals */
+
+    if (cu == NULL) return;
+
+    /* allocate the cred_union */
+    *cu = (cred_union *)malloc(sizeof(cred_union));
+    if ((*cu) == NULL)
+       return;
+
+    (*cu)->cred_type = CC_CRED_V5;
+
+    /* allocate creds structure (and install) */
+    c  = (cc_creds *)malloc(sizeof(cc_creds));
+    if (c == NULL) return;
+    (*cu)->cred.pV5Cred = c;
+
+    /* convert krb5 principals to flat principals */
 #ifdef macintosh
-       /*
-        * and make sure the memory for c->client and c->server is on
-        * the system heap with NewPtr for the Mac (krb5_unparse_name
-        * puts it in appl heap with malloc)
-        */
-       err = krb5_unparse_name(context, creds->client, &tempname);
-       c->client = malloc(strlen(tempname)+1);
-       if (c->client != NULL)
-               strcpy(c->client,tempname);
-       free(tempname);
-       tempname = NULL;
-               
-       err = krb5_unparse_name(context, creds->server, &tempname);
-       c->server = malloc(strlen(tempname)+1);
-       if (c->server != NULL)
-               strcpy(c->server,tempname);
-       free(tempname);
+    /*
+     * and make sure the memory for c->client and c->server is on
+     * the system heap with NewPtr for the Mac (krb5_unparse_name
+     * puts it in appl heap with malloc)
+     */
+    err = krb5_unparse_name(context, creds->client, &tempname);
+    c->client = malloc(strlen(tempname)+1);
+    if (c->client != NULL)
+       strcpy(c->client,tempname);
+    free(tempname);
+    tempname = NULL;
+
+    err = krb5_unparse_name(context, creds->server, &tempname);
+    c->server = malloc(strlen(tempname)+1);
+    if (c->server != NULL)
+       strcpy(c->server,tempname);
+    free(tempname);
 #else
-       err = krb5_unparse_name(context, creds->client, &(c->client));
-       err = krb5_unparse_name(context, creds->server, &(c->server));
+    err = krb5_unparse_name(context, creds->client, &(c->client));
+    err = krb5_unparse_name(context, creds->server, &(c->server));
 #endif
-       if (err) return;
-               
-       /* copy more fields */
-       c->keyblock.type = creds->keyblock.enctype;
-       c->keyblock.length = creds->keyblock.length;
-               
-       if (creds->keyblock.contents != NULL) {
-               c->keyblock.data = (unsigned char *)malloc(creds->keyblock.length);
-               memcpy(c->keyblock.data, creds->keyblock.contents, creds->keyblock.length);
-       } else {
-               c->keyblock.data = NULL;
-       }
-               
-       c->authtime = creds->times.authtime;
-       c->starttime = creds->times.starttime;
-       c->endtime = creds->times.endtime;
-       c->renew_till = creds->times.renew_till;
-       c->is_skey = creds->is_skey;
-       c->ticket_flags = creds->ticket_flags;
-
-       copyK5DataArrayToCC(creds, c, kAddressArray);   
-
-       c->ticket.length = creds->ticket.length;
-       if (creds->ticket.data != NULL) {
-               c->ticket.data = (unsigned char *)malloc(creds->ticket.length);
-               memcpy(c->ticket.data, creds->ticket.data, creds->ticket.length);
-       } else {
-               c->ticket.data = NULL;
-       }
-               
-       c->second_ticket.length = creds->second_ticket.length;
-       if (creds->second_ticket.data != NULL) {
-               c->second_ticket.data = (unsigned char *)malloc(creds->second_ticket.length);
-               memcpy(c->second_ticket.data, creds->second_ticket.data, creds->second_ticket.length);
-       } else {
-               c->second_ticket.data = NULL;
-       }
-               
-       c->authdata = NULL;
-       
-       return;
+    if (err) return;
+
+    /* copy more fields */
+    c->keyblock.type = creds->keyblock.enctype;
+    c->keyblock.length = creds->keyblock.length;
+
+    if (creds->keyblock.contents != NULL) {
+       c->keyblock.data = (unsigned char *)malloc(creds->keyblock.length);
+       memcpy(c->keyblock.data, creds->keyblock.contents, creds->keyblock.length);
+    } else {
+       c->keyblock.data = NULL;
+    }
+
+#if defined(macintosh) || defined(__MACH__)
+    err = krb5_get_time_offsets(context, &offset_seconds, &offset_microseconds);
+    if (err) return;
+#endif
+    c->authtime     = creds->times.authtime   - offset_seconds;
+    c->starttime    = creds->times.starttime  - offset_seconds;
+    c->endtime      = creds->times.endtime    - offset_seconds;
+    c->renew_till   = creds->times.renew_till - offset_seconds;
+    c->is_skey      = creds->is_skey;
+    c->ticket_flags = creds->ticket_flags;
+
+    err = copyK5DataArrayToCC(creds, c, kAddressArray);
+    if (err) return;
+
+    c->ticket.length = creds->ticket.length;
+    if (creds->ticket.data != NULL) {
+       c->ticket.data = (unsigned char *)malloc(creds->ticket.length);
+       memcpy(c->ticket.data, creds->ticket.data, creds->ticket.length);
+    } else {
+       c->ticket.data = NULL;
+    }
+
+    c->second_ticket.length = creds->second_ticket.length;
+    if (creds->second_ticket.data != NULL) {
+       c->second_ticket.data = (unsigned char *)malloc(creds->second_ticket.length);
+       memcpy(c->second_ticket.data, creds->second_ticket.data, creds->second_ticket.length);
+    } else {
+       c->second_ticket.data = NULL;
+    }
+
+    err = copyK5DataArrayToCC(creds, c, kAuthDataArray);
+    if (err) return;
+
+    return;
 }
 
 /*
@@ -281,7 +350,7 @@ void dupK5toCC(krb5_context context, krb5_creds *creds, cred_union **cu)
  */
 static krb5_boolean
 times_match(t1, t2)
-register const krb5_ticket_times *t1;
+    register const krb5_ticket_times *t1;
 register const krb5_ticket_times *t2;
 {
     if (t1->renew_till) {
@@ -308,7 +377,7 @@ times_match_exact (t1, t2)
 
 static krb5_boolean
 standard_fields_match(context, mcreds, creds)
-   krb5_context context;
+    krb5_context context;
 register const krb5_creds *mcreds, *creds;
 {
     return (krb5_principal_compare(context, mcreds->client,creds->client) &&
@@ -319,12 +388,12 @@ register const krb5_creds *mcreds, *creds;
 
 static krb5_boolean
 srvname_match(context, mcreds, creds)
-   krb5_context context;
+    krb5_context context;
 register const krb5_creds *mcreds, *creds;
 {
     krb5_boolean retval;
     krb5_principal_data p1, p2;
-    
+
     retval = krb5_principal_compare(context, mcreds->client,creds->client);
     if (retval != TRUE)
        return retval;
@@ -368,7 +437,7 @@ authdata_match(mdata, data)
 
 static krb5_boolean
 data_match(data1, data2)
-register const krb5_data *data1, *data2;
+    register const krb5_data *data1, *data2;
 {
     if (!data1) {
        if (!data2)
@@ -396,117 +465,113 @@ register const krb5_data *data1, *data2;
 int stdccCredsMatch(krb5_context context, krb5_creds *base,
                    krb5_creds *match, int whichfields)
 {
-       krb5_ticket_times b, m;
-       krb5_authdata **bp, **mp;
-       krb5_boolean retval;
-
-       if (((MATCH_SET(KRB5_TC_MATCH_SRV_NAMEONLY) &&
-             srvname_match(context, match, base)) ||
-            standard_fields_match(context, match, base))
-           &&
-           (! MATCH_SET(KRB5_TC_MATCH_IS_SKEY) ||
-            match->is_skey == base->is_skey)
-           &&
-           (! MATCH_SET(KRB5_TC_MATCH_FLAGS_EXACT) ||
-            match->ticket_flags == base->ticket_flags)
-           &&
-           (! MATCH_SET(KRB5_TC_MATCH_FLAGS) ||
-            flags_match(match->ticket_flags, base->ticket_flags))
-           &&
-           (! MATCH_SET(KRB5_TC_MATCH_TIMES_EXACT) ||
-            times_match_exact(&match->times, &base->times))
-           &&
-           (! MATCH_SET(KRB5_TC_MATCH_TIMES) ||
-            times_match(&match->times, &base->times))
-           &&
-           (! MATCH_SET(KRB5_TC_MATCH_AUTHDATA) ||
-            authdata_match (match->authdata, base->authdata))
-           &&
-           (! MATCH_SET(KRB5_TC_MATCH_2ND_TKT) ||
-            data_match (&match->second_ticket, &base->second_ticket))
-           &&
-           ((! MATCH_SET(KRB5_TC_MATCH_KTYPE))||
-            (match->keyblock.enctype == base->keyblock.enctype))
-           )
-               return TRUE;
-       return FALSE;
-       
+    if (((MATCH_SET(KRB5_TC_MATCH_SRV_NAMEONLY) &&
+         srvname_match(context, match, base)) ||
+        standard_fields_match(context, match, base))
+       &&
+       (! MATCH_SET(KRB5_TC_MATCH_IS_SKEY) ||
+        match->is_skey == base->is_skey)
+       &&
+       (! MATCH_SET(KRB5_TC_MATCH_FLAGS_EXACT) ||
+        match->ticket_flags == base->ticket_flags)
+       &&
+       (! MATCH_SET(KRB5_TC_MATCH_FLAGS) ||
+        flags_match(match->ticket_flags, base->ticket_flags))
+       &&
+       (! MATCH_SET(KRB5_TC_MATCH_TIMES_EXACT) ||
+        times_match_exact(&match->times, &base->times))
+       &&
+       (! MATCH_SET(KRB5_TC_MATCH_TIMES) ||
+        times_match(&match->times, &base->times))
+       &&
+       (! MATCH_SET(KRB5_TC_MATCH_AUTHDATA) ||
+        authdata_match (match->authdata, base->authdata))
+       &&
+       (! MATCH_SET(KRB5_TC_MATCH_2ND_TKT) ||
+        data_match (&match->second_ticket, &base->second_ticket))
+       &&
+       ((! MATCH_SET(KRB5_TC_MATCH_KTYPE))||
+        (match->keyblock.enctype == base->keyblock.enctype))
+       )
+       return TRUE;
+    return FALSE;
 }
 
-// ----- free_cc_cred_union, etc --------------
+/* ----- free_cc_cred_union, etc -------------- */
 /*
-   Since the Kerberos5 library allocates a credentials cache structure
-   (in dupK5toCC() above) with its own memory allocation routines - which
-   may be different than how the CCache allocates memory - the Kerb5 library
-   must have its own version of cc_free_creds() to deallocate it.  These
-   functions do that.  The top-level function to substitue for cc_free_creds()
-   is krb5_free_cc_cred_union().
-   
-   If the CCache library wants to use a cred_union structure created by
-   the Kerb5 library, it should make a deep copy of it to "translate" to its
-   own memory allocation space.
+  Since the Kerberos5 library allocates a credentials cache structure
+  (in dupK5toCC() above) with its own memory allocation routines - which
+  may be different than how the CCache allocates memory - the Kerb5 library
+  must have its own version of cc_free_creds() to deallocate it.  These
+  functions do that.  The top-level function to substitue for cc_free_creds()
+  is krb5_free_cc_cred_union().
+
+  If the CCache library wants to use a cred_union structure created by
+  the Kerb5 library, it should make a deep copy of it to "translate" to its
+  own memory allocation space.
 */
-static void deep_free_cc_data (cc_data data) {
-       
-       if (data.data != NULL)
-               free (data.data);
+static void deep_free_cc_data (cc_data data)
+{
+    if (data.data != NULL)
+       free (data.data);
 }
 
 static void deep_free_cc_data_array (cc_data** data) {
-       
-       unsigned int    index;
-       
-       if (data == NULL)
-               return;
-               
-       for (index = 0; data [index] != NULL; index++) {
-               deep_free_cc_data (*(data [index]));
-               free (data [index]);
-       }
-       
-       free (data);
+
+    unsigned int       index;
+
+    if (data == NULL)
+       return;
+
+    for (index = 0; data [index] != NULL; index++) {
+       deep_free_cc_data (*(data [index]));
+       free (data [index]);
+    }
+
+    free (data);
 }
 
-static void deep_free_cc_v5_creds (cc_creds* creds) {
-       
-       if (creds == NULL)
-               return;
-               
-       if (creds -> client != NULL)
-               free (creds -> client);
-       if (creds -> server != NULL)
-               free (creds -> server);
-       
-       deep_free_cc_data (creds -> keyblock);
-       deep_free_cc_data (creds -> ticket);
-       deep_free_cc_data (creds -> second_ticket);
-       
-       deep_free_cc_data_array (creds -> addresses);
-       deep_free_cc_data_array (creds -> authdata);
-       
-       free(creds);
+static void deep_free_cc_v5_creds (cc_creds* creds)
+{
+    if (creds == NULL)
+       return;
+
+    if (creds -> client != NULL)
+       free (creds -> client);
+    if (creds -> server != NULL)
+       free (creds -> server);
+
+    deep_free_cc_data (creds -> keyblock);
+    deep_free_cc_data (creds -> ticket);
+    deep_free_cc_data (creds -> second_ticket);
+
+    deep_free_cc_data_array (creds -> addresses);
+    deep_free_cc_data_array (creds -> authdata);
+
+    free(creds);
 }
 
-static void deep_free_cc_creds (cred_union creds) {
-       
-       if (creds.cred_type == CC_CRED_V4) {  // we shouldn't get this, of course
-               free (creds.cred.pV4Cred);
-       } else if (creds.cred_type == CC_CRED_V5) {
-               deep_free_cc_v5_creds (creds.cred.pV5Cred);
-       }
+static void deep_free_cc_creds (cred_union creds)
+{
+    if (creds.cred_type == CC_CRED_V4) {
+       /* we shouldn't get this, of course */
+       free (creds.cred.pV4Cred);
+    } else if (creds.cred_type == CC_CRED_V5) {
+       deep_free_cc_v5_creds (creds.cred.pV5Cred);
+    }
 }
 
-// top-level exported function
-cc_int32 krb5_free_cc_cred_union (cred_union** creds) {
-               
-       if (creds == NULL)
-               return CC_BAD_PARM;
-       
-       if (*creds != NULL) {
-               deep_free_cc_creds (**creds);
-               free (*creds);
-               *creds = NULL;
-       }
-               
-       return CC_NOERROR;
+/* top-level exported function */
+cc_int32 krb5_free_cc_cred_union (cred_union** creds)
+{
+    if (creds == NULL)
+       return CC_BAD_PARM;
+
+    if (*creds != NULL) {
+       deep_free_cc_creds (**creds);
+       free (*creds);
+       *creds = NULL;
+    }
+
+    return CC_NOERROR;
 }
index 93538bf29d924fcd7cdebe94e9cef4fce565da1b..f74eb5d5c7d8cf4c34c18e46b1f784a0a0486f26 100644 (file)
@@ -1,8 +1,9 @@
-//stdcc_util.h
-// 
-// Frank Dabek, July 1998
+/* stdcc_util.h
+ *
+ * Frank Dabek, July 1998
+ */
 
-#if defined(macintosh)
+#if defined(USE_CCAPI)
 #include "CCache2.h"
 #endif
 
@@ -12,7 +13,7 @@
 
 #include "krb5.h"
 
-//protoypes for private functions declared in stdcc_util.c
+/* protoypes for private functions declared in stdcc_util.c */
 int copyCCDataArrayToK5(cc_creds *cc, krb5_creds *kc, char whichArray);
 int copyK5DataArrayToCC(krb5_creds *kc, cc_creds *cc, char whichArray);
 void dupCCtoK5(krb5_context context, cc_creds *src, krb5_creds *dest);
index 2792ceeda4f01f25c6791c40afe523620273d9dd..4fded76d874f1884e6e00d641de1ac455d66d83b 100644 (file)
@@ -45,6 +45,8 @@ static int LoadFuncs(const char* dll_name, FUNC_INFO fi[],
     }
 
     if (!(h = LoadLibrary(dll_name))) {
+       /* Get error for source debugging purposes. */
+       error = (int)GetLastError();
        return LF_NODLL;
     }
 
index 09a7ef5cdeb0917d0cf86f26545353ad5da2d55b..e285d1faf66e99efe6c950e185f5c0d8e6208ff4 100644 (file)
@@ -6,6 +6,10 @@
 #ifndef KRB5_WINCCLD_H_
 #define KRB5_WINCCLD_H_
 
+#ifndef CC_API_VER2
+#define CC_API_VER2
+#endif
+
 #include "cacheapi.h"
 
 typedef cc_int32 (*FP_cc_initialize)(apiCB**, const cc_int32, 
@@ -19,6 +23,9 @@ typedef cc_int32 (*FP_cc_open)(apiCB*, const char*, const enum cc_cred_vers,
 typedef cc_int32 (*FP_cc_close)(apiCB*, ccache_p**);
 typedef cc_int32 (*FP_cc_destroy)(apiCB*, ccache_p**);
 typedef cc_int32 (*FP_cc_seq_fetch_NCs)(apiCB*, ccache_p**, ccache_cit**);
+typedef cc_int32 (*FP_cc_seq_fetch_NCs_begin)(apiCB*, ccache_cit**);
+typedef cc_int32 (*FP_cc_seq_fetch_NCs_next)(apiCB*, ccache_p**, ccache_cit*);
+typedef cc_int32 (*FP_cc_seq_fetch_NCs_end)(apiCB*, ccache_cit**);
 typedef cc_int32 (*FP_cc_get_NC_info)(apiCB*, struct _infoNC***);
 typedef cc_int32 (*FP_cc_free_NC_info)(apiCB*, struct _infoNC***);
 typedef cc_int32 (*FP_cc_get_name)(apiCB*, const ccache_p*, char**);
@@ -34,6 +41,11 @@ typedef cc_int32 (*FP_cc_remove_cred)(apiCB*, const ccache_p*,
                        const cred_union);
 typedef cc_int32 (*FP_cc_seq_fetch_creds)(apiCB*, const ccache_p*, 
                        cred_union**, ccache_cit**);
+typedef cc_int32 (*FP_cc_seq_fetch_creds_begin)(apiCB*, const ccache_p*, 
+                       ccache_cit**);
+typedef cc_int32 (*FP_cc_seq_fetch_creds_next)(apiCB*, cred_union**, 
+                       ccache_cit*);
+typedef cc_int32 (*FP_cc_seq_fetch_creds_end)(apiCB*, ccache_cit**);
 typedef cc_int32 (*FP_cc_free_principal)(apiCB*, char**);
 typedef cc_int32 (*FP_cc_free_name)(apiCB*, char** name);
 typedef cc_int32 (*FP_cc_free_creds)(apiCB*, cred_union** pCred);
@@ -58,17 +70,33 @@ DECL_FUNC_PTR(cc_create);
 DECL_FUNC_PTR(cc_open);
 DECL_FUNC_PTR(cc_close);
 DECL_FUNC_PTR(cc_destroy);
+#if 0 /* Not used */
+#ifdef CC_API_VER2
+DECL_FUNC_PTR(cc_seq_fetch_NCs_begin);
+DECL_FUNC_PTR(cc_seq_fetch_NCs_next);
+DECL_FUNC_PTR(cc_seq_fetch_NCs_end);
+#else
 DECL_FUNC_PTR(cc_seq_fetch_NCs);
+#endif
 DECL_FUNC_PTR(cc_get_NC_info);
 DECL_FUNC_PTR(cc_free_NC_info);
+#endif
 DECL_FUNC_PTR(cc_get_name);
 DECL_FUNC_PTR(cc_set_principal);
 DECL_FUNC_PTR(cc_get_principal);
 DECL_FUNC_PTR(cc_get_cred_version);
+#if 0 /* Not used */
 DECL_FUNC_PTR(cc_lock_request);
+#endif
 DECL_FUNC_PTR(cc_store);
 DECL_FUNC_PTR(cc_remove_cred);
+#ifdef CC_API_VER2
+DECL_FUNC_PTR(cc_seq_fetch_creds_begin);
+DECL_FUNC_PTR(cc_seq_fetch_creds_next);
+DECL_FUNC_PTR(cc_seq_fetch_creds_end);
+#else
 DECL_FUNC_PTR(cc_seq_fetch_creds);
+#endif
 DECL_FUNC_PTR(cc_free_principal);
 DECL_FUNC_PTR(cc_free_name);
 DECL_FUNC_PTR(cc_free_creds);
@@ -82,17 +110,27 @@ FUNC_INFO krbcc_fi[] = {
     MAKE_FUNC_INFO(cc_open),
     MAKE_FUNC_INFO(cc_close),
     MAKE_FUNC_INFO(cc_destroy),
+#if 0 /* Not used */
     MAKE_FUNC_INFO(cc_seq_fetch_NCs),
     MAKE_FUNC_INFO(cc_get_NC_info),
     MAKE_FUNC_INFO(cc_free_NC_info),
+#endif
     MAKE_FUNC_INFO(cc_get_name),
     MAKE_FUNC_INFO(cc_set_principal),
     MAKE_FUNC_INFO(cc_get_principal),
     MAKE_FUNC_INFO(cc_get_cred_version),
+#if 0 /* Not used */
     MAKE_FUNC_INFO(cc_lock_request),
+#endif
     MAKE_FUNC_INFO(cc_store),
     MAKE_FUNC_INFO(cc_remove_cred),
+#ifdef CC_API_VER2
+    MAKE_FUNC_INFO(cc_seq_fetch_creds_begin),
+    MAKE_FUNC_INFO(cc_seq_fetch_creds_next),
+    MAKE_FUNC_INFO(cc_seq_fetch_creds_end),
+#else
     MAKE_FUNC_INFO(cc_seq_fetch_creds),
+#endif
     MAKE_FUNC_INFO(cc_free_principal),
     MAKE_FUNC_INFO(cc_free_name),
     MAKE_FUNC_INFO(cc_free_creds),
@@ -109,17 +147,33 @@ FUNC_INFO krbcc_fi[] = {
 #define cc_open pcc_open
 #define cc_close pcc_close
 #define cc_destroy pcc_destroy
+#if 0 /* Not used */
+#ifdef CC_API_VER2
+#define cc_seq_fetch_NCs_begin pcc_seq_fetch_NCs_begin
+#define cc_seq_fetch_NCs_next pcc_seq_fetch_NCs_next
+#define cc_seq_fetch_NCs_end pcc_seq_fetch_NCs_end
+#else
 #define cc_seq_fetch_NCs pcc_seq_fetch_NCs
+#endif
 #define cc_get_NC_info pcc_get_NC_info
 #define cc_free_NC_info pcc_free_NC_info
+#endif /* End of Not used */
 #define cc_get_name pcc_get_name
 #define cc_set_principal pcc_set_principal
 #define cc_get_principal pcc_get_principal
 #define cc_get_cred_version pcc_get_cred_version
+#if 0 /* Not used */
 #define cc_lock_request pcc_lock_request
+#endif
 #define cc_store pcc_store
 #define cc_remove_cred pcc_remove_cred
+#ifdef CC_API_VER2
+#define cc_seq_fetch_creds_begin pcc_seq_fetch_creds_begin
+#define cc_seq_fetch_creds_next pcc_seq_fetch_creds_next
+#define cc_seq_fetch_creds_end pcc_seq_fetch_creds_end
+#else
 #define cc_seq_fetch_creds pcc_seq_fetch_creds
+#endif
 #define cc_free_principal pcc_free_principal
 #define cc_free_name pcc_free_name
 #define cc_free_creds pcc_free_creds
index 3e2699c56c845717e813e83068bce1f981c3976d..964f6f9ad980a18ccb51fa69e26cfed5240716eb 100644 (file)
 
 #include "k5-int.h"
 
+#ifdef USE_LOGIN_LIBRARY
+#include <KerberosLoginInternal.h>
+#endif
+
 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
 krb5_cc_default(context, ccache)
    krb5_context context;
    krb5_ccache FAR *ccache;
 {
-    return krb5_cc_resolve(context, krb5_cc_default_name(context), ccache);
+    krb5_error_code retval;
+       krb5_os_context os_ctx;
+
+       if (!context || context->magic != KV5M_CONTEXT)
+               return KV5M_CONTEXT;
+       
+       os_ctx = context->os_context;
+       
+    retval = krb5_cc_resolve(context, krb5_cc_default_name(context), ccache);
+    if (!retval && ccache && !os_ctx->default_ccprincipal) {
+       /* We got a ccache... remember what principal is associated with it */
+       if (krb5_cc_get_principal (context, *ccache, &os_ctx->default_ccprincipal) != 0)
+               os_ctx->default_ccprincipal = 0;
+    }
+    return retval; 
 }
+
+/* This is the internal function which opens the default ccache.  On platforms supporting
+   the login library's automatic popup dialog to get tickets, this function also updated the
+   library's internal view of the current principal associated with this cache. 
+   
+   All krb5 and GSS functions which need to open a cache to get a tgt to obtain service tickets
+   should call this function, not krb5_cc_default() */
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5int_cc_default(context, ccache)
+       krb5_context context;
+       krb5_ccache FAR *ccache;
+{
+#ifdef USE_LOGIN_LIBRARY
+       {
+               /* make sure the default cache has tix before you open it */
+               char                            *outCacheName;
+               KLPrincipal                     desiredPrincipal = nil;
+               krb5_principal          desiredKrb5Principal;
+               krb5_error_code         err;
+               krb5_os_context         os_ctx;
+
+               if (!context || context->magic != KV5M_CONTEXT)
+                       return KV5M_CONTEXT;
+       
+               os_ctx = context->os_context;
+                               
+               desiredKrb5Principal = os_ctx->default_ccprincipal;
+               
+               /* do we want a specific client principal? */
+               if (desiredKrb5Principal != NULL) {
+                       char            *desiredName;
+                       
+                       err = krb5_unparse_name (context, desiredKrb5Principal, &desiredName);
+                       if (!err) {
+                               err = KLCreatePrincipalFromString (desiredName, 
+                                                               kerberosVersion_V5, &desiredPrincipal);
+                               krb5_free_unparsed_name (context, desiredName);
+                               if (err != klNoErr)
+                                       desiredPrincipal = nil;
+                       }
+               }
+               
+               /* Try to make sure a krb5 tgt is in the cache */
+               err = __KLInternalAcquireTicketsForCache (desiredPrincipal, krb5_cc_default_name(context), 
+                                                                                                       kerberosVersion_V5, nil, &outCacheName);
+               if (err == klNoErr) {
+                       /* This function tries to get tickets and put them in the specified 
+                          cache, however, if the cache does not exist, it may choose to put 
+                          them elsewhere (ie: the system default) so we set that here */
+                       if (strcmp (krb5_cc_default_name (context), outCacheName) != 0) {
+                               krb5_cc_set_default_name (context, outCacheName);
+                       }
+                       KLDisposeString (outCacheName);
+               }
+               
+               if (desiredPrincipal != nil)
+                       KLDisposePrincipal (desiredPrincipal);
+       }
+#endif
+
+    return krb5_cc_default (context, ccache);
+}
\ No newline at end of file
index 2651273bec8ee3b49d5ac556959a71a1419ed670..092503e9983f531802dce59b00e31f76095ba4f2 100644 (file)
@@ -30,7 +30,7 @@
 
 #include "k5-int.h"
 
-#if defined(macintosh) 
+#if defined(USE_CCAPI)
 
 /*
  * Macs use the shared, memory based credentials cache
index d93bf5edfd8046ed096451820ce33958cafe6333..0c16d91ff3322293a77e96b47c241946d60ea669 100644 (file)
@@ -1,3 +1,8 @@
+2001-01-31  Tom Yu  <tlyu@mit.edu>
+
+       * asn1_err.et: Add error codes MISMATCH_INDEF and MISSING_EOC.
+       [pullup from trunk]
+
 1999-12-01  Ken Raeburn  <raeburn@mit.edu>
 
        * krb5_err.et (KRB5_OBSOLETE_FN): New error code.
index f0136cf4176b9f6cc45b1d5efd8ec489a5b53541..06078ffbc5d5192f735b5dceb255b55a27d41036 100644 (file)
@@ -10,4 +10,6 @@ error_code ASN1_BAD_LENGTH, "ASN.1 length doesn't match expected value"
 error_code ASN1_BAD_FORMAT, "ASN.1 badly-formatted encoding"
 error_code ASN1_PARSE_ERROR, "ASN.1 parse error"
 error_code ASN1_BAD_GMTIME, "ASN.1 bad return from gmtime"
+error_code ASN1_MISMATCH_INDEF, "ASN.1 non-constructed indefinite encoding"
+error_code ASN1_MISSING_EOC, "ASN.1 missing expected EOC"
 end
index 59d8765aa697e72d3e1c99afb62920be2d2a2bd3..8ae5f8d4c9e6fc1dff1ae956ea6751bc43e1a572 100644 (file)
@@ -1,3 +1,200 @@
+2001-01-30  Tom Yu  <tlyu@mit.edu>
+
+       * preauth.c (krb5_obtain_padata): Don't dereference a NULL pointer
+       if we receive an empty ETYPE_INFO preauth. [krb5-libs/903 from
+       craziboy77@hotmail.com]
+
+       * preauth2.c (krb5_do_preauth): Don't dereference a NULL pointer
+       if we receive an empty ETYPE_INFO preauth. [krb5-libs/903 from
+       craziboy77@hotmail.com]
+
+2001-01-30  Ezra Peisach  <epeisach@mit.edu>
+
+       * rd_req_dec.c (krb5_rd_req_decrypt_tkt_part): Free
+       krb5_keytab_entry if call to krb5_decrypt_tkt_part()
+       fails. [krb5-libs/855 reported by guy@packeteer.com]
+
+2001-01-30  Ken Raeburn  <raeburn@mit.edu>
+
+       * mk_safe.c (krb5_mk_safe): Only use safe_cksumtype from the
+       auth_context (derived from the config file or hardcoded default)
+       if it's suitable for the enctype of the key we're going to use.
+
+2001-01-29     Alexandra Ellwood <lxs@mit.edu>
+
+       * conv_princ.c (krb5_524_conv_principal): Fixed strncmp bug where principals 
+       which are left substrings of "changepw" were being remapped into "changepw".  
+       Added length check to if() statement.
+
+2001-01-29  Ken Raeburn  <raeburn@mit.edu>
+
+       * preauth2.c (pa_sam): Check for a null prompter function pointer,
+       and return an error for that case rather than crashing.
+
+2000-10-02     Alexandra Ellwood <lxs@mit.edu>
+
+       * init_ctx.c: Added #defines for Mac OS X (__MACH__) 
+
+2000-06-29  Tom Yu  <tlyu@mit.edu>
+
+       * conv_princ.c (krb5_425_conv_principal): NULL, not nil.
+
+2000-06-28  Miro Jurisic  <meeroh@mit.edu>
+
+       * conv_princ.c (krb5_425_conv_principal): Fixed a memory leak
+
+2000-06-17  Miro Jurisic  <meeroh@mit.edu>
+
+       * conv_princ.c (krb5_425_conv_principal): Fixed v4->v5 realm
+       name conversion
+
+2000-06-17  Miro Jurisic  <meeroh@mit.edu>
+
+       * conv_princ.c (krb5_425_conv_principal): Honor v4/v5 realm name
+       differences when convertion from v4 principals to v5.
+
+2000-06-07  Tom Yu  <tlyu@mit.edu>
+
+       * get_creds.c (krb5_get_credentials): Translate KRB5_CC_NOTFOUND
+       returned from krb5_get_cred_from_kdc() if a prior call to
+       krb5_cc_retrieve_cred() returned KRB5_CC_NOT_KTYPE.
+
+2000-06-03  Tom Yu  <tlyu@mit.edu>
+
+       * rd_priv.c (krb5_rd_priv_basic): Delete code that was incorrectly
+       doing explicit ivec chaining; c_decrypt() does it now.
+
+       * mk_priv.c (krb5_mk_priv_basic): Delete code that was incorrectly
+       doing explicit ivec chaining; c_encrypt() does it now.
+
+2000-06-03  Ken Raeburn  <raeburn@mit.edu>
+
+       * get_in_tkt.c (krb5_get_in_tkt): If enctypes are specified, send
+       the server the intersection of that list and the supported types,
+       in the order requested.
+
+2000-06-02  Danilo Almeida  <dalmeida@mit.edu>
+
+       * init_ctx.c (krb5_get_tgs_ktypes, krb5_free_ktypes): Fix linkage to
+       be KRB5_CALLCONV.
+
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * recvauth.c (krb5_recvauth_version): New routine, takes a
+       krb5_data in which to store the client's application version
+       string.
+       (recvauth_common): Renamed from krb5_recvauth, added above
+       functionality depending on extra argument values.
+       (krb5_recvauth): New stub, calls above routine with extra dummy
+       values.
+
+2000-5-19      Alexandra Ellwood <lxs@mit.edu>
+
+       * sendauth.c, fwd_tgt.c: Changed to use krb5int_cc_default.  This function 
+       supports the Kerberos Login Library and pops up a dialog if the cache does 
+       not contain valid tickets.  This is used to automatically get a tgt before
+       obtaining service tickets.  Note that this should be an internal function
+       because callers don't expect krb5_cc_default to pop up a dialog!
+       (We found this out the hard way :-)
+
+2000-05-16  Ken Raeburn  <raeburn@mit.edu>
+            Nalin Dahyabhai  <nalin@redhat.com>
+
+       * conv_princ.c (krb5_524_conv_principal): Return an error if name
+       is too long.  Use memcpy for character data since we already know
+       the length.
+
+2000-05-16  Ken Raeburn  <raeburn@mit.edu>
+
+       * kfree.c: Remove unneeded "return" statements at the end of many
+       functions.
+       (krb5_free_*_content, krb5_free_*_contents,
+       krb5_free_cred_enc_part, krb5_free_pwd_sequences): Set freed
+       pointer members to null when containing structure isn't being
+       freed.
+
+2000-05-16  Tom Yu  <tlyu@mit.edu>
+
+       * conv_princ.c (krb5_524_conv_principal): Make a copy of the krb5
+       realm that is nul-terminated to avoid falling off the end of the
+       krb5 realm, which is not necessarily nul-terminated.
+
+2000-05-16  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kfree.c (krb5_free_keyblock_contents): Set contents pointer to
+       null after freeing.
+
+2000-05-15      Jeffrey Altman          <jaltman@columbia.edu>
+
+        * Added new source file appdefault.c
+          Implements new public functions
+
+               krb5_appdefault_string
+               krb5_appdefault_boolean
+
+2000-05-12  Ken Raeburn  <raeburn@mit.edu>
+
+       * t_kerb.c (test_524_conv_principal): New test code, to exercise
+       yesterday's code addition.
+       (main, usage): Updated.
+       * t_krb5.conf: Added stanford.edu->IR.STANFORD.EDU mapping, and a
+       test case for improperly long v4 realm names.
+       * Makefile.in (check-unix): Run 524 conversion test for some test
+       Athena and Stanford names.
+       * t_ref_kerb.out: Updated.
+
+       * init_ctx.c (init_common): Feed current-microsecond time and
+       process-id into PRNG, instead of just current-second time.
+       * mk_req_ext.c (krb5_mk_req_extended): Feed current time into
+       PRNG if a subkey will be generated.
+       * sendauth.c (krb5_sendauth): Feed local and remote addresses of
+       socket, if they can be determined, into the PRNG if a subkey will
+       be used.
+
+2000-05-11  Ken Raeburn  <raeburn@mit.edu>
+           Booker C. Bense  <bbense@networking.stanford.edu>
+
+       * conv_princ.c (krb5_524_conv_principal): Look up v4_realm in
+       config file, in case site's krb4 realm name isn't the same as the
+       krb5 realm name.
+
+2000-04-28  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * chk_trans.c (krb5_check_transited_list): Don't overflow buffers
+       "prev" and "next".
+       * conv_princ.c (krb5_425_conv_principal): Don't overflow buffer
+       "buf".
+
+2000-04-28     Alexandra Ellwood       <lxs@mit.edu>
+
+       * gic_pwd.c (krb5_init_creds_password) added code to return to
+       login library if the password is expired (login library handles
+       this error appropriately).
+
+2000-04-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * init_ctx.c (krb5_free_ktypes): New routine, to free values
+       returned by krb5_get_tgs_ktypes, krb5_get_permitted_enctypes, and
+       krb5_get_default_in_tkt_ktypes.
+       (krb5_set_default_tgs_ktypes, krb5_is_permitted_enctype): Use it.
+       (get_profile_etype_list): Use passed-in enctype list if the
+       passed-in count is non-zero, instead of checking the
+       in_tkt_ktype_count value in the context.
+
+2000-04-08  Tom Yu  <tlyu@mit.edu>
+
+       * vfy_increds.c (krb5_verify_init_creds): appdefault_boolean ->
+       libdefault_boolean; it somehow got missed earlier.
+
+2000-04-07  Jeffrey Altman  <jaltman@columbia.edu>
+
+       * gic_pwd.c (krb5_get_init_creds_keytab), gic_pwd.c
+       (krb5_get_init_creds_password) when determining whether or not to
+       retry with a "master kdc" do not retry if the return value from
+       the first attempt was KRB5_REALM_CANT_RESOLV.  Also, do not
+       overwrite the return code if the return value from the access to
+       the "master kdc" was KRB5_REALM_CANT_RESOLV.
+
 2000-03-15  Danilo Almeida  <dalmeida@mit.edu>
 
        * init_ctx.c (init_common), gic_pwd.c (krb5_get_as_key_password,
index ba7666247c7a73458d43e12aeb747b1b16432a2c..19c1da40cd7bef41d60b80f648cb8ea03c4dca16 100644 (file)
@@ -15,6 +15,7 @@ STLIBOBJS= \
        addr_comp.o     \
        addr_order.o    \
        addr_srch.o     \
+       appdefault.o    \
        auth_con.o      \
        bld_pr_ext.o    \
        bld_princ.o     \
@@ -99,6 +100,7 @@ STLIBOBJS= \
 OBJS=  $(OUTPRE)addr_comp.$(OBJEXT)    \
        $(OUTPRE)addr_order.$(OBJEXT)   \
        $(OUTPRE)addr_srch.$(OBJEXT)    \
+       $(OUTPRE)appdefault.$(OBJEXT)   \
        $(OUTPRE)auth_con.$(OBJEXT)     \
        $(OUTPRE)bld_pr_ext.$(OBJEXT)   \
        $(OUTPRE)bld_princ.$(OBJEXT)    \
@@ -183,6 +185,7 @@ OBJS=       $(OUTPRE)addr_comp.$(OBJEXT)    \
 SRCS=  $(srcdir)/addr_comp.c   \
        $(srcdir)/addr_order.c  \
        $(srcdir)/addr_srch.c   \
+       $(srcdir)/appdefault.c  \
        $(srcdir)/auth_con.c    \
        $(srcdir)/bld_pr_ext.c  \
        $(srcdir)/bld_princ.c   \
@@ -324,6 +327,8 @@ check-unix:: $(TEST_PROGS)
                425_conv_principal rcmd uunet UU.NET \
                425_conv_principal zephyr zephyr ATHENA.MIT.EDU \
                425_conv_principal kadmin ATHENA.MIT.EDU ATHENA.MIT.EDU \
+               524_conv_principal host/e40-po.mit.edu@ATHENA.MIT.EDU \
+               524_conv_principal host/foobar.stanford.edu@stanford.edu \
                set_realm marc@MIT.EDU CYGNUS.COM \
                > test.out
        cmp test.out $(srcdir)/t_ref_kerb.out
diff --git a/src/lib/krb5/krb/appdefault.c b/src/lib/krb5/krb/appdefault.c
new file mode 100644 (file)
index 0000000..17183d8
--- /dev/null
@@ -0,0 +1,183 @@
+/*
+ * appdefault - routines designed to be called from applications to
+ *              handle the [appdefaults] profile section
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <k5-int.h>
+
+
+
+ /*xxx Duplicating this is annoying; try to work on a better way.*/
+static char *conf_yes[] = {
+       "y", "yes", "true", "t", "1", "on",
+       0,
+};
+
+static char *conf_no[] = {
+       "n", "no", "false", "nil", "0", "off",
+       0,
+};
+
+static int conf_boolean(s)
+       char *s;
+{
+       char **p;
+       for(p=conf_yes; *p; p++) {
+               if (!strcasecmp(*p,s))
+                       return 1;
+       }
+       for(p=conf_no; *p; p++) {
+               if (!strcasecmp(*p,s))
+               return 0;
+       }
+       /* Default to "no" */
+       return 0;
+}
+
+static krb5_error_code appdefault_get(context, appname, realm, option,
+                               ret_value)
+        krb5_context context;
+       const char *appname, *option;
+        const krb5_data *realm;
+       char **ret_value;
+{
+        profile_t profile;
+        const char *names[5];
+       char **nameval = NULL;
+       krb5_error_code retval;
+       const char * realmstr =  realm?realm->data:NULL;
+
+           if (!context || (context->magic != KV5M_CONTEXT)) 
+           return KV5M_CONTEXT;
+
+           profile = context->profile;
+           
+       /*
+        * Try number one:
+        *
+        * [appdefaults]
+        *      app = {
+        *              SOME.REALM = {
+        *                      option = <boolean>
+        *              }
+        *      }
+        */
+
+       names[0] = "appdefaults";
+       names[1] = appname;
+
+       if (realmstr) {
+               names[2] = realmstr;
+               names[3] = option;
+               names[4] = 0;
+               retval = profile_get_values(profile, names, &nameval);
+               if (retval == 0 && nameval && nameval[0]) {
+                       *ret_value = strdup(nameval[0]);
+                       goto goodbye;
+               }
+       }
+
+       /*
+        * Try number two:
+        *
+        * [appdefaults]
+        *      app = {
+        *              option = <boolean>
+        *      }
+        */
+
+       names[2] = option;
+       names[3] = 0;
+       retval = profile_get_values(profile, names, &nameval);
+       if (retval == 0 && nameval && nameval[0]) {
+               *ret_value = strdup(nameval[0]);
+               goto goodbye;
+       }
+
+       /*
+        * Try number three:
+        *
+        * [appdefaults]
+        *      realm = {
+        *              option = <boolean>
+        */
+       
+       if (realmstr) {
+               names[1] = realmstr;
+               names[2] = option;
+               names[3] = 0;
+               retval = profile_get_values(profile, names, &nameval);
+               if (retval == 0 && nameval && nameval[0]) {
+                       *ret_value = strdup(nameval[0]);
+                       goto goodbye;
+               }
+       }
+
+       /*
+        * Try number four:
+        *
+        * [appdefaults]
+        *      option = <boolean>
+        */
+
+       names[1] = option;
+       names[2] = 0;
+       retval = profile_get_values(profile, names, &nameval);
+       if (retval == 0 && nameval && nameval[0]) {
+               *ret_value = strdup(nameval[0]);
+       } else {
+               return retval;
+       }
+
+goodbye:
+       if (nameval) {
+               char **cpp;
+               for (cpp = nameval; *cpp; cpp++)
+                       free(*cpp);
+               free(nameval);
+       }
+       return 0;
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV 
+krb5_appdefault_boolean(context, appname, realm, option,
+                       default_value, ret_value)
+        krb5_context context;
+       const char *appname,  *option;
+        const krb5_data *realm;
+       int default_value;
+       int *ret_value;
+{
+       char *string = NULL;
+       krb5_error_code retval;
+
+       retval = appdefault_get(context, appname, realm, option, &string);
+
+       if (! retval && string) {
+               *ret_value = conf_boolean(string);
+               free(string);
+       } else
+               *ret_value = default_value;
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV 
+krb5_appdefault_string(context, appname, realm, option, default_value,
+                      ret_value)
+     krb5_context context;
+       const char *appname, *option, *default_value;
+       char **ret_value;
+     const krb5_data *realm;
+       {
+       krb5_error_code retval;
+       char *string;
+
+       retval = appdefault_get(context, appname, realm, option, &string);
+
+       if (! retval && string) {
+               *ret_value = string;
+       } else {
+               *ret_value = strdup(default_value);
+       }
+}
index c2ac716c880f096c2072c81b0ae33a208eb77d22..eee55c8c543ce04c0c268e2a2fd989508caf00a3 100644 (file)
@@ -56,13 +56,13 @@ krb5_data      *realm2;
     return(retval);
   }
 
-  memset(prev, 0, MAX_REALM_LN + 1);
-  memset(next, 0, MAX_REALM_LN + 1), nextp = next;
+  memset(prev, 0, sizeof(prev));
+  memset(next, 0, sizeof(next)), nextp = next;
   for (i = 0; i < trans_length; i++) {
     if (i < trans_length-1 && trans->data[i] == '\\') {
       i++;
       *nextp++ = trans->data[i];
-      if (nextp - next > MAX_REALM_LN) {
+      if (nextp - next >= sizeof(next)) {
        retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
        goto finish;
       }
@@ -70,16 +70,17 @@ krb5_data      *realm2;
     }
     if (i < trans_length && trans->data[i] != ',') {
       *nextp++ = trans->data[i];
-      if (nextp - next > MAX_REALM_LN) {
+      if (nextp - next >= sizeof(next)) {
        retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
        goto finish;
       }
       continue;
     }
+    next[sizeof(next) - 1] = '\0';
     if (strlen(next) > 0) {
       if (next[0] != '/') {
         if (*(nextp-1) == '.' && strlen(next) + strlen(prev) <= MAX_REALM_LN)
-         strcat(next, prev);
+         strncat(next, prev, sizeof(next) - 1 - strlen(next));
         retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
         for (j = 0; tgs_list[j]; j++) {
           if (strlen(next) == (size_t) krb5_princ_realm(context, tgs_list[j])->length &&
@@ -93,12 +94,12 @@ krb5_data      *realm2;
       }
       if (i+1 < trans_length && trans->data[i+1] == ' ') {
         i++;
-        memset(next, 0, MAX_REALM_LN + 1), nextp = next;
+        memset(next, 0, sizeof(next)), nextp = next;
         continue;
       }
       if (i+1 < trans_length && trans->data[i+1] != '/') {
-        strcpy(prev, next);
-        memset(next, 0, MAX_REALM_LN + 1), nextp = next;
+        strncpy(prev, next, sizeof(prev) - 1);
+        memset(next, 0, sizeof(next)), nextp = next;
         continue;
       }
     }
index b90289ab5a5ecb7299e2160948cad52f09f98a7e..6fc877246bb891be148634884f33863c69792836 100644 (file)
@@ -137,7 +137,8 @@ krb5_524_conv_principal(context, princ, name, inst, realm)
 {
      const struct krb_convert *p;
      krb5_data *compo;
-     char *c;
+     char *c, *tmp_realm, *tmp_prealm;
+     int tmp_realm_len, retval; 
 
      *name = *inst = '\0';
      switch (krb5_princ_size(context, princ)) {
@@ -146,19 +147,24 @@ krb5_524_conv_principal(context, princ, name, inst, realm)
          compo = krb5_princ_component(context, princ, 0);
          p = sconv_list;
          while (p->v4_str) {
-              if (strncmp(p->v5_str, compo->data, compo->length) == 0) {
-                   /* It is, so set the new name now, and chop off */
-                   /* instance's domain name if requested */
-                   strcpy(name, p->v4_str);
-                   if (p->flags & DO_REALM_CONVERSION) {
-                        compo = krb5_princ_component(context, princ, 1);
-                        c = strnchr(compo->data, '.', compo->length);
-                        if (!c || (c - compo->data) > INST_SZ - 1)
-                             return KRB5_INVALID_PRINCIPAL;
-                        strncpy(inst, compo->data, c - compo->data);
-                        inst[c - compo->data] = '\0';
-                   }
-                   break;
+              if (strncmp(p->v5_str, compo->data, compo->length) == 0 && 
+                  strlen(p->v5_str) == compo->length) {
+                  /*
+                   * It is, so set the new name now, and chop off
+                   * instance's domain name if requested.
+                   */
+                  if (strlen (p->v4_str) > ANAME_SZ - 1)
+                      return KRB5_INVALID_PRINCIPAL;
+                  strcpy(name, p->v4_str);
+                  if (p->flags & DO_REALM_CONVERSION) {
+                      compo = krb5_princ_component(context, princ, 1);
+                      c = strnchr(compo->data, '.', compo->length);
+                      if (!c || (c - compo->data) >= INST_SZ - 1)
+                          return KRB5_INVALID_PRINCIPAL;
+                      memcpy(inst, compo->data, c - compo->data);
+                      inst[c - compo->data] = '\0';
+                  }
+                  break;
               }
               p++;
          }
@@ -168,7 +174,7 @@ krb5_524_conv_principal(context, princ, name, inst, realm)
               compo = krb5_princ_component(context, princ, 1);
               if (compo->length >= INST_SZ - 1)
                    return KRB5_INVALID_PRINCIPAL;
-              strncpy(inst, compo->data, compo->length);
+              memcpy(inst, compo->data, compo->length);
               inst[compo->length] = '\0';
          }
          /* fall through */
@@ -178,7 +184,7 @@ krb5_524_conv_principal(context, princ, name, inst, realm)
               compo = krb5_princ_component(context, princ, 0);
               if (compo->length >= ANAME_SZ)
                    return KRB5_INVALID_PRINCIPAL;
-              strncpy(name, compo->data, compo->length);
+              memcpy(name, compo->data, compo->length);
               name[compo->length] = '\0';
          }
          break;
@@ -187,11 +193,39 @@ krb5_524_conv_principal(context, princ, name, inst, realm)
      }
 
      compo = krb5_princ_realm(context, princ);
-     if (compo->length > REALM_SZ - 1)
-         return KRB5_INVALID_PRINCIPAL;
-     strncpy(realm, compo->data, compo->length);
-     realm[compo->length] = '\0';
 
+     tmp_prealm = malloc(compo->length + 1);
+     if (tmp_prealm == NULL)
+        return ENOMEM;
+     strncpy(tmp_prealm, compo->data, compo->length);
+     tmp_prealm[compo->length] = '\0';
+
+     /* Ask for v4_realm corresponding to 
+       krb5 principal realm from krb5.conf realms stanza */
+
+     if (context->profile == 0)
+       return KRB5_CONFIG_CANTOPEN;
+     retval = profile_get_string(context->profile, "realms",
+                                tmp_prealm, "v4_realm", 0,
+                                &tmp_realm);
+     free(tmp_prealm);
+     if (retval) { 
+        return retval;
+     } else {
+        if (tmp_realm == 0) {
+            if (compo->length > REALM_SZ - 1)
+                return KRB5_INVALID_PRINCIPAL;
+            strncpy(realm, compo->data, compo->length);
+            realm[compo->length] = '\0';
+        } else {
+            tmp_realm_len =  strlen(tmp_realm);
+            if (tmp_realm_len > REALM_SZ - 1)
+                return KRB5_INVALID_PRINCIPAL;
+            strncpy(realm, tmp_realm, tmp_realm_len);
+            realm[tmp_realm_len] = '\0';
+            profile_release_string(tmp_realm);
+        }
+     }
      return 0;
 }
 
@@ -209,6 +243,45 @@ krb5_425_conv_principal(context, name, instance, realm, princ)
      char *domain, *cp;
      char **full_name = 0, **cpp;
      const char *names[5];
+     void*     iterator = NULL;
+     char** v4realms = NULL;
+     char* realm_name = NULL;
+     char* dummy_value = NULL;
+     
+     /* First, convert the realm, since the v4 realm is not necessarily the same as the v5 realm
+        To do that, iterate over all the realms in the config file, looking for a matching 
+        v4_realm line */
+     names [0] = "realms";
+     names [1] = NULL;
+     retval = profile_iterator_create (context -> profile, names, PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY, &iterator);
+     while (retval == 0) {
+       retval = profile_iterator (&iterator, &realm_name, &dummy_value);
+       if ((retval == 0) && (realm_name != NULL)) {
+               names [0] = "realms";
+               names [1] = realm_name;
+               names [2] = "v4_realm";
+               names [3] = NULL;
+
+               retval = profile_get_values (context -> profile, names, &v4realms);
+               if ((retval == 0) && (v4realms != NULL) && (v4realms [0] != NULL) && (strcmp (v4realms [0], realm) == 0)) {
+                       realm = realm_name;
+                       break;
+               } else if (retval == PROF_NO_RELATION) {
+                       /* If it's not found, just keep going */
+                       retval = 0;
+               }
+       } else if ((retval == 0) && (realm_name == NULL)) {
+               break;
+       }
+       if (realm_name != NULL) {
+               profile_release_string (realm_name);
+               realm_name = NULL;
+       }
+       if (dummy_value != NULL) {
+               profile_release_string (dummy_value);
+               dummy_value = NULL;
+       }
+     }
      
      if (instance) {
          if (instance[0] == '\0') {
@@ -234,7 +307,8 @@ krb5_425_conv_principal(context, name, instance, realm, princ)
              if (retval == 0 && full_name && full_name[0]) {
                  instance = full_name[0];
              } else {
-                 strcpy(buf, instance);
+                 strncpy(buf, instance, sizeof(buf));
+                 buf[sizeof(buf) - 1] = '\0';
                  retval = krb5_get_realm_domain(context, realm, &domain);
                  if (retval)
                      return retval;
@@ -242,8 +316,8 @@ krb5_425_conv_principal(context, name, instance, realm, princ)
                      for (cp = domain; *cp; cp++)
                          if (isupper(*cp))
                              *cp = tolower(*cp);
-                     strcat(buf, ".");
-                     strcat(buf, domain);
+                     strncat(buf, ".", sizeof(buf) - 1 - strlen(buf));
+                     strncat(buf, domain, sizeof(buf) - 1 - strlen(buf));
                      krb5_xfree(domain);
                  }
                  instance = buf;
@@ -254,6 +328,10 @@ krb5_425_conv_principal(context, name, instance, realm, princ)
 not_service:   
      retval = krb5_build_principal(context, princ, strlen(realm), realm, name,
                                   instance, 0);
+     profile_iterator_free (&iterator);
      profile_free_list(full_name);
+     profile_free_list(v4realms);
+     profile_release_string (realm_name);
+     profile_release_string (dummy_value);
      return retval;
 }
index 814195a79b3b6374442b6359ecfb2339942fd226..769b20be8674cda75b942496bedf6a8ceec0106e 100644 (file)
@@ -90,7 +90,7 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc,
        goto errout;
        
     if (cc == 0) {
-       if ((retval = krb5_cc_default(context, &cc)))
+       if ((retval = krb5int_cc_default(context, &cc)))
            goto errout;
        close_cc = 1;
     }
index 3bcaa0be2b3b5d066c4f1ed4bdffe0c5a0381f2d..6d764d3290bb32201fb36295d5398b8273075344 100644 (file)
@@ -102,6 +102,7 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds)
     krb5_creds *ncreds;
     krb5_creds **tgts;
     krb5_flags fields;
+    int not_ktype;
 
     retval = krb5_get_credentials_core(context, options, ccache, 
                                       in_creds, out_creds,
@@ -128,6 +129,11 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds)
        || options & KRB5_GC_CACHED)
        return retval;
 
+    if (retval == KRB5_CC_NOT_KTYPE)
+       not_ktype = 1;
+    else
+       not_ktype = 0;
+
     retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts);
     if (tgts) {
        register int i = 0;
@@ -141,6 +147,21 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds)
        }
        krb5_free_tgt_creds(context, tgts);
     }
+    /*
+     * Translate KRB5_CC_NOTFOUND if we previously got
+     * KRB5_CC_NOT_KTYPE from krb5_cc_retrieve_cred(), in order to
+     * handle the case where there is no TGT in the ccache and the
+     * input enctype didn't match.  This handling is necessary because
+     * some callers, such as GSSAPI, iterate through enctypes and
+     * KRB5_CC_NOTFOUND passed through from the
+     * krb5_get_cred_from_kdc() is semantically incorrect, since the
+     * actual failure was the non-existence of a ticket of the correct
+     * enctype rather than the missing TGT.
+     */
+    if ((retval == KRB5_CC_NOTFOUND || retval == KRB5_CC_NOT_KTYPE)
+       && not_ktype)
+       retval = KRB5_CC_NOT_KTYPE;
+
     if (!retval)
        retval = krb5_cc_store_cred(context, ccache, *out_creds);
     return retval;
index c1c6df1606abd81e4910f5bdefc100e15f0e8665..298f1528f025f8a5fb6861d941a8c7a0f2fc29f6 100644 (file)
@@ -84,13 +84,13 @@ static krb5_error_code make_preauth_list PROTOTYPE((krb5_context,
  */
 static krb5_error_code
 send_as_request(context, request, time_now, ret_err_reply, ret_as_reply,
-               master)
+               use_master)
     krb5_context               context;
     krb5_kdc_req               *request;
     krb5_timestamp             *time_now;
     krb5_error **              ret_err_reply;
     krb5_kdc_rep **            ret_as_reply;
-    int *                      master;
+    int                        use_master;
 {
     krb5_kdc_rep *as_reply = 0;
     krb5_error_code retval;
@@ -116,7 +116,7 @@ send_as_request(context, request, time_now, ret_err_reply, ret_as_reply,
     k4_version = packet->data[0];
     retval = krb5_sendto_kdc(context, packet, 
                             krb5_princ_realm(context, request->client),
-                            &reply, master);
+                            &reply, use_master);
     krb5_free_data(context, packet);
     if (retval)
        goto cleanup;
@@ -457,12 +457,35 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed,
     request.from = creds->times.starttime;
     request.till = creds->times.endtime;
     request.rtime = creds->times.renew_till;
-    if (ktypes)
-       request.ktype = ktypes;
-    else
-       if ((retval = krb5_get_default_in_tkt_ktypes(context, &request.ktype)))
-           goto cleanup;
+    if ((retval = krb5_get_default_in_tkt_ktypes(context, &request.ktype)))
+       goto cleanup;
     for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++);
+    if (ktypes) {
+       int i, req, next = 0;
+       for (req = 0; ktypes[req]; req++) {
+           if (ktypes[req] == request.ktype[next]) {
+               next++;
+               continue;
+           }
+           for (i = next + 1; i < request.nktypes; i++)
+               if (ktypes[req] == request.ktype[i]) {
+                   /* Found the enctype we want, but not in the
+                      position we want.  Move it, but keep the old
+                      one from the desired slot around in case it's
+                      later in our requested-ktypes list.  */
+                   krb5_enctype t;
+                   t = request.ktype[next];
+                   request.ktype[next] = request.ktype[i];
+                   request.ktype[i] = t;
+                   next++;
+                   break;
+               }
+           /* If we didn't find it, don't do anything special, just
+              drop it.  */
+       }
+       request.ktype[next] = 0;
+       request.nktypes = next;
+    }
     request.authorization_data.ciphertext.length = 0;
     request.authorization_data.ciphertext.data = 0;
     request.unenc_authdata = 0;
@@ -538,7 +561,7 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed,
        goto cleanup;
 
 cleanup:
-    if (!ktypes && request.ktype)
+    if (request.ktype)
        free(request.ktype);
     if (!addrs && request.addresses)
        krb5_free_addresses(context, request.addresses);
@@ -559,7 +582,7 @@ cleanup:
     return (retval);
 }
 
-/* begin appdefaults parsing code.  This should almost certainly move
+/* begin libdefaults parsing code.  This should almost certainly move
    somewhere else, but I don't know where the correct somewhere else
    is yet. */
 
@@ -595,7 +618,7 @@ _krb5_conf_boolean(s)
 }
 
 static krb5_error_code
-krb5_appdefault_string(context, realm, option, ret_value)
+krb5_libdefault_string(context, realm, option, ret_value)
      krb5_context context;
      const krb5_data *realm;
      const char *option;
@@ -673,7 +696,7 @@ goodbye:
 /* as well as the DNS code */
 
 krb5_error_code
-krb5_appdefault_boolean(context, realm, option, ret_value)
+krb5_libdefault_boolean(context, realm, option, ret_value)
      krb5_context context;
      const char *option;
      const krb5_data *realm;
@@ -682,7 +705,7 @@ krb5_appdefault_boolean(context, realm, option, ret_value)
     char *string = NULL;
     krb5_error_code retval;
 
-    retval = krb5_appdefault_string(context, realm, option, &string);
+    retval = krb5_libdefault_string(context, realm, option, &string);
 
     if (retval)
        return(retval);
@@ -696,7 +719,7 @@ krb5_appdefault_boolean(context, realm, option, ret_value)
 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds(context, creds, client, prompter, prompter_data,
                    start_time, in_tkt_service, options, gak_fct, gak_data,
-                   master, as_reply)
+                   use_master, as_reply)
      krb5_context context;
      krb5_creds *creds;
      krb5_principal client;
@@ -707,7 +730,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
      krb5_get_init_creds_opt *options;
      krb5_gic_get_as_key_fct gak_fct;
      void *gak_data;
-     int *master;
+     int  use_master;
      krb5_kdc_rep **as_reply;
 {
     krb5_error_code ret;
@@ -751,7 +774,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
 
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE))
        tempint = options->forwardable;
-    else if ((ret = krb5_appdefault_boolean(context, &client->realm,
+    else if ((ret = krb5_libdefault_boolean(context, &client->realm,
                                            "forwardable", &tempint)) == 0)
            ;
     else
@@ -763,7 +786,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
 
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE))
        tempint = options->proxiable;
-    else if ((ret = krb5_appdefault_boolean(context, &client->realm,
+    else if ((ret = krb5_libdefault_boolean(context, &client->realm,
                                            "proxiable", &tempint)) == 0)
            ;
     else
@@ -775,7 +798,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
 
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) {
        renew_life = options->renew_life;
-    } else if ((ret = krb5_appdefault_string(context, &client->realm,
+    } else if ((ret = krb5_libdefault_string(context, &client->realm,
                                             "renew_lifetime", &tempstr))
               == 0) {
        if (ret = krb5_string_to_deltat(tempstr, &renew_life)) {
@@ -868,7 +891,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
     }
     /* it would be nice if this parsed out an address list, but
        that would be work. */
-    else if (((ret = krb5_appdefault_boolean(context, &client->realm,
+    else if (((ret = krb5_libdefault_boolean(context, &client->realm,
                                            "noaddresses", &tempint)) == 0)
             && tempint) {
            ;
@@ -923,7 +946,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
        err_reply = 0;
        local_as_reply = 0;
        if ((ret = send_as_request(context, &request, &time_now, &err_reply,
-                                  &local_as_reply, master)))
+                                  &local_as_reply, use_master)))
            goto cleanup;
 
        if (err_reply) {
index 8b6f23199e75e7486483061794519fedf28adc88..98bbbd0f8339a74c611d386b1704dc7817a54fa4 100644 (file)
@@ -61,7 +61,7 @@ krb5_get_init_creds_keytab(context, creds, client, arg_keytab,
      krb5_get_init_creds_opt *options;
 {
    krb5_error_code ret, ret2;
-   int master;
+   int use_master;
    krb5_keytab keytab;
 
    if (arg_keytab == NULL) {
@@ -71,14 +71,14 @@ krb5_get_init_creds_keytab(context, creds, client, arg_keytab,
        keytab = arg_keytab;
    }
 
-   master = 0;
+   use_master = 0;
 
    /* first try: get the requested tkt from any kdc */
 
    ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
                             start_time, in_tkt_service, options,
                             krb5_get_as_key_keytab, (void *) keytab,
-                            &master, NULL);
+                            use_master,NULL);
 
    /* check for success */
 
@@ -87,19 +87,19 @@ krb5_get_init_creds_keytab(context, creds, client, arg_keytab,
 
    /* If all the kdc's are unavailable fail */
 
-   if (ret == KRB5_KDC_UNREACH)
+   if ((ret == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE))
       goto cleanup;
 
    /* if the reply did not come from the master kdc, try again with
       the master kdc */
 
-   if (!master) {
-      master = 1;
+   if (!use_master) {
+      use_master = 1;
 
       ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
                                 start_time, in_tkt_service, options,
                                 krb5_get_as_key_keytab, (void *) keytab,
-                                &master, NULL);
+                                use_master, NULL);
       
       if (ret2 == 0) {
         ret = 0;
@@ -109,7 +109,7 @@ krb5_get_init_creds_keytab(context, creds, client, arg_keytab,
       /* if the master is unreachable, return the error from the
         slave we were able to contact */
 
-      if (ret2 == KRB5_KDC_UNREACH)
+      if ((ret2 == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE))
         goto cleanup;
 
       ret = ret2;
index 7ca43430e8b83d52da3aae634edf069761851276..eeb3f03ff2df6a04e628f749f0ef0a273e5e776e 100644 (file)
@@ -97,7 +97,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
      krb5_get_init_creds_opt *options;
 {
    krb5_error_code ret, ret2;
-   int master;
+   int use_master;
    krb5_kdc_rep *as_reply;
    int tries;
    krb5_creds chpw_creds;
@@ -107,7 +107,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
    krb5_prompt prompt[2];
    krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])];
 
-   master = 0;
+   use_master = 0;
    as_reply = NULL;
    memset(&chpw_creds, 0, sizeof(chpw_creds));
 
@@ -133,7 +133,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
    ret = krb5_get_init_creds(context, creds, client, prompter, data,
                             start_time, in_tkt_service, options,
                             krb5_get_as_key_password, (void *) &pw0,
-                            &master, &as_reply);
+                            use_master, &as_reply);
 
    /* check for success */
 
@@ -144,19 +144,20 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
       user interrupt, fail */
 
    if ((ret == KRB5_KDC_UNREACH) ||
-       (ret == KRB5_LIBOS_PWDINTR))
+       (ret == KRB5_LIBOS_PWDINTR) ||
+          (ret == KRB5_REALM_CANT_RESOLVE))
       goto cleanup;
 
    /* if the reply did not come from the master kdc, try again with
       the master kdc */
 
-   if (!master) {
-      master = 1;
+   if (!use_master) {
+      use_master = 1;
 
       ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
                                 start_time, in_tkt_service, options,
                                 krb5_get_as_key_password, (void *) &pw0,
-                                &master, &as_reply);
+                                use_master, &as_reply);
       
       if (ret2 == 0) {
         ret = 0;
@@ -166,12 +167,18 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
       /* if the master is unreachable, return the error from the
         slave we were able to contact */
 
-      if (ret2 == KRB5_KDC_UNREACH)
+      if ((ret2 == KRB5_KDC_UNREACH) ||
+                 (ret2 == KRB5_REALM_CANT_RESOLVE))
         goto cleanup;
 
       ret = ret2;
    }
 
+#ifdef USE_LOGIN_LIBRARY
+       if (ret == KRB5KDC_ERR_KEY_EXP)
+               goto cleanup;   /* Login library will deal appropriately with this error */
+#endif
+
    /* at this point, we have an error from the master.  if the error
       is not password expired, or if it is but there's no prompter,
       return this error */
@@ -195,7 +202,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
                                  prompter, data,
                                  start_time, "kadmin/changepw", &chpw_opts,
                                  krb5_get_as_key_password, (void *) &pw0,
-                                 &master, NULL)))
+                                 use_master, NULL)))
       goto cleanup;
 
    prompt[0].prompt = "Enter new password";
@@ -282,7 +289,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
    ret = krb5_get_init_creds(context, creds, client, prompter, data,
                             start_time, in_tkt_service, options,
                             krb5_get_as_key_password, (void *) &pw0,
-                            &master, &as_reply);
+                            use_master, &as_reply);
 
 cleanup:
    krb5int_set_prompt_types(context, 0);
index e2eccc4021fab5c0c66a4a2f398c6373c5a02bf7..c9a7e8f0519e3e710fcf4131c45fbc827084175c 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/krb/init_ctx.c
  *
- * Copyright 1994 by the Massachusetts Institute of Technology.
+ * Copyright 1994,1999,2000 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -84,7 +84,10 @@ init_common (context, secure)
 {
        krb5_context ctx = 0;
        krb5_error_code retval;
-       krb5_timestamp now;
+       struct {
+           krb5_int32 now, now_usec;
+           long pid;
+       } seed_data;
        krb5_data seed;
        int tmp;
 
@@ -129,10 +132,11 @@ init_common (context, secure)
                goto cleanup;
 
        /* initialize the prng (not well, but passable) */
-       if ((retval = krb5_timeofday(ctx, &now)))
+       if ((retval = krb5_crypto_us_timeofday(&seed_data.now, &seed_data.now_usec)))
                goto cleanup;
-       seed.length = sizeof(now);
-       seed.data = (char *) &now;
+       seed_data.pid = getpid ();
+       seed.length = sizeof(seed_data);
+       seed.data = (char *) &seed_data;
        if ((retval = krb5_c_random_seed(ctx, &seed)))
                goto cleanup;
 
@@ -169,7 +173,7 @@ init_common (context, secure)
                            "kdc_default_options", 0,
                            KDC_OPT_RENEWABLE_OK, &tmp);
        ctx->kdc_default_options = KDC_OPT_RENEWABLE_OK;
-#ifdef macintosh
+#if defined(macintosh) || defined(__MACH__)
 #define DEFAULT_KDC_TIMESYNC 1
 #else
 #define DEFAULT_KDC_TIMESYNC 0
@@ -187,7 +191,7 @@ init_common (context, secure)
         * Note: DCE 1.0.3a only supports a cache type of 1
         *      DCE 1.1 supports a cache type of 2.
         */
-#ifdef macintosh
+#if defined(macintosh) || defined(__MACH__)
 #define DEFAULT_CCACHE_TYPE 4
 #else
 #define DEFAULT_CCACHE_TYPE 3
@@ -281,7 +285,7 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
 {
     krb5_enctype *old_ktypes;
 
-    if (context->in_tkt_ktype_count) {
+    if (ctx_count) {
        /* application-set defaults */
        if ((old_ktypes = 
             (krb5_enctype *)malloc(sizeof(krb5_enctype) *
@@ -396,13 +400,23 @@ krb5_set_default_tgs_ktypes(context, ktypes)
     }
 
     if (context->tgs_ktypes) 
-        free(context->tgs_ktypes);
+        krb5_free_ktypes(context, context->tgs_ktypes);
     context->tgs_ktypes = new_ktypes;
     context->tgs_ktype_count = i;
     return 0;
 }
 
+void
+KRB5_CALLCONV
+krb5_free_ktypes (context, val)
+     krb5_context context;
+     krb5_enctype FAR *val;
+{
+    free (val);
+}
+
 krb5_error_code
+KRB5_CALLCONV
 krb5_get_tgs_ktypes(context, princ, ktypes)
     krb5_context context;
     krb5_const_principal princ;
@@ -441,7 +455,7 @@ krb5_is_permitted_enctype(context, etype)
        if (*ptr == etype)
            ret = 1;
 
-    krb5_xfree(list);
+    krb5_free_ktypes (context, list);
 
     return(ret);
 }
index 24d8aaff9044892bd6e457142696088926729caf..8e57f8391743470f4b85f0c2c7a69c564b02d47f 100644 (file)
@@ -36,7 +36,6 @@ krb5_free_address(context, val)
     if (val->contents)
        krb5_xfree(val->contents);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -52,7 +51,6 @@ krb5_free_addresses(context, val)
        krb5_xfree(*temp);
     }
     krb5_xfree(val);
-    return;
 }
 
 
@@ -64,7 +62,6 @@ krb5_free_ap_rep(context, val)
     if (val->enc_part.ciphertext.data)
        krb5_xfree(val->enc_part.ciphertext.data);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -77,7 +74,6 @@ krb5_free_ap_req(context, val)
     if (val->authenticator.ciphertext.data)
        krb5_xfree(val->authenticator.ciphertext.data);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -88,7 +84,6 @@ krb5_free_ap_rep_enc_part(context, val)
     if (val->subkey)
        krb5_free_keyblock(context, val->subkey);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -96,15 +91,22 @@ krb5_free_authenticator_contents(context, val)
     krb5_context context;
     krb5_authenticator FAR *val;
 {
-    if (val->checksum)
+    if (val->checksum) {
        krb5_free_checksum(context, val->checksum);
-    if (val->client)
+       val->checksum = 0;
+    }
+    if (val->client) {
        krb5_free_principal(context, val->client);
-    if (val->subkey)
+       val->client = 0;
+    }
+    if (val->subkey) {
        krb5_free_keyblock(context, val->subkey);
-    if (val->authorization_data)        
-       krb5_free_authdata(context, val->authorization_data);
-    return;
+       val->subkey = 0;
+    }
+    if (val->authorization_data) {
+       krb5_free_authdata(context, val->authorization_data);
+       val->authorization_data = 0;
+    }
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -120,7 +122,6 @@ krb5_free_authdata(context, val)
        krb5_xfree(*temp);
     }
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -128,16 +129,8 @@ krb5_free_authenticator(context, val)
     krb5_context context;
     krb5_authenticator FAR *val;
 {
-    if (val->checksum)
-       krb5_free_checksum(context, val->checksum);
-    if (val->client)
-       krb5_free_principal(context, val->client);
-    if (val->subkey)
-       krb5_free_keyblock(context, val->subkey);
-    if (val->authorization_data)        
-       krb5_free_authdata(context, val->authorization_data);
+    krb5_free_authenticator_contents(context, val);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -145,10 +138,8 @@ krb5_free_checksum(context, val)
     krb5_context context;
     register krb5_checksum *val;
 {
-    if (val->contents)
-       krb5_xfree(val->contents);
+    krb5_free_checksum_contents(context, val);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -156,9 +147,10 @@ krb5_free_checksum_contents(context, val)
     krb5_context context;
     register krb5_checksum *val;
 {
-    if (val->contents)
+    if (val->contents) {
        krb5_xfree(val->contents);
-    return;
+       val->contents = 0;
+    }
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -171,7 +163,6 @@ krb5_free_cred(context, val)
     if (val->enc_part.ciphertext.data)
        krb5_xfree(val->enc_part.ciphertext.data);
     krb5_xfree(val);
-    return;
 }
 
 /*
@@ -184,23 +175,35 @@ krb5_free_cred_contents(context, val)
     krb5_context context;
     krb5_creds FAR *val;
 {
-    if (val->client)
+    if (val->client) {
        krb5_free_principal(context, val->client);
-    if (val->server)
+       val->client = 0;
+    }
+    if (val->server) {
        krb5_free_principal(context, val->server);
+       val->server = 0;
+    }
     if (val->keyblock.contents) {
        memset((char *)val->keyblock.contents, 0, val->keyblock.length);
        krb5_xfree(val->keyblock.contents);
+       val->keyblock.contents = 0;
     }
-    if (val->ticket.data)
+    if (val->ticket.data) {
        krb5_xfree(val->ticket.data);
-    if (val->second_ticket.data)
+       val->ticket.data = 0;
+    }
+    if (val->second_ticket.data) {
        krb5_xfree(val->second_ticket.data);
-    if (val->addresses)
+       val->second_ticket.data = 0;
+    }
+    if (val->addresses) {
        krb5_free_addresses(context, val->addresses);
-    if (val->authdata)
+       val->addresses = 0;
+    }
+    if (val->authdata) {
        krb5_free_authdata(context, val->authdata);
-    return;
+       val->authdata = 0;
+    }
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV 
@@ -210,10 +213,14 @@ krb5_free_cred_enc_part(context, val)
 {
     register krb5_cred_info **temp;
     
-    if (val->r_address)
-      krb5_free_address(context, val->r_address);
-    if (val->s_address)
-      krb5_free_address(context, val->s_address);
+    if (val->r_address) {
+       krb5_free_address(context, val->r_address);
+       val->r_address = 0;
+    }
+    if (val->s_address) {
+       krb5_free_address(context, val->s_address);
+       val->s_address = 0;
+    }
 
     if (val->ticket_info) {
        for (temp = val->ticket_info; *temp; temp++) {
@@ -228,8 +235,8 @@ krb5_free_cred_enc_part(context, val)
            krb5_xfree((*temp));
        }
        krb5_xfree(val->ticket_info);
+       val->ticket_info = 0;
     }
-    return;
 }
 
 
@@ -240,7 +247,6 @@ krb5_free_creds(context, val)
 {
     krb5_free_cred_contents(context, val);
     krb5_xfree(val);
-    return;
 }
 
 
@@ -252,7 +258,6 @@ krb5_free_data(context, val)
     if (val->data)
        krb5_xfree(val->data);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -260,9 +265,10 @@ krb5_free_data_contents(context, val)
     krb5_context context;
     krb5_data FAR * val;
 {
-    if (val->data)
+    if (val->data) {
        krb5_xfree(val->data);
-    return;
+       val->data = 0;
+    }
 }
 
 void krb5_free_etype_info(context, info)
@@ -294,7 +300,6 @@ krb5_free_enc_kdc_rep_part(context, val)
     if (val->caddrs)
        krb5_free_addresses(context, val->caddrs);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -313,7 +318,6 @@ krb5_free_enc_tkt_part(context, val)
     if (val->authorization_data)
        krb5_free_authdata(context, val->authorization_data);
     krb5_xfree(val);
-    return;
 }
 
 
@@ -331,7 +335,6 @@ krb5_free_error(context, val)
     if (val->e_data.data)
        krb5_xfree(val->e_data.data);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -350,7 +353,6 @@ krb5_free_kdc_rep(context, val)
     if (val->enc_part2)
        krb5_free_enc_kdc_rep_part(context, val->enc_part2);
     krb5_xfree(val);
-    return;
 }
 
 
@@ -376,7 +378,6 @@ krb5_free_kdc_req(context, val)
     if (val->second_ticket)
        krb5_free_tickets(context, val->second_ticket);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -387,8 +388,8 @@ krb5_free_keyblock_contents(context, key)
      if (key->contents) {
          memset(key->contents, 0, key->length);
          krb5_xfree(key->contents);
+         key->contents = 0;
      }
-     return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -398,7 +399,6 @@ krb5_free_keyblock(context, val)
 {
     krb5_free_keyblock_contents(context, val);
     krb5_xfree(val);
-    return;
 }
 
 
@@ -413,7 +413,6 @@ krb5_free_last_req(context, val)
     for (temp = val; *temp; temp++)
        krb5_xfree(*temp);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -429,7 +428,6 @@ krb5_free_pa_data(context, val)
        krb5_xfree(*temp);
     }
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -451,7 +449,6 @@ krb5_free_principal(context, val)
     if (val->realm.data)
        krb5_xfree(val->realm.data);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -462,7 +459,6 @@ krb5_free_priv(context, val)
     if (val->enc_part.ciphertext.data)
        krb5_xfree(val->enc_part.ciphertext.data);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -477,7 +473,6 @@ krb5_free_priv_enc_part(context, val)
     if (val->s_address)
        krb5_free_address(context, val->s_address);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -488,7 +483,6 @@ krb5_free_pwd_data(context, val)
     if (val->element)
        krb5_free_pwd_sequences(context, val->element);
     krb5_xfree(val);
-    return;
 }
 
 
@@ -497,11 +491,14 @@ krb5_free_pwd_sequences(context, val)
     krb5_context context;
     passwd_phrase_element FAR * FAR *val;
 {
-    if ((*val)->passwd)
+    if ((*val)->passwd) {
        krb5_xfree((*val)->passwd);
-    if ((*val)->phrase)
+       (*val)->passwd = 0;
+    }
+    if ((*val)->phrase) {
        krb5_xfree((*val)->phrase);
-    return;
+       (*val)->phrase = 0;
+    }
 }
 
 
@@ -519,7 +516,6 @@ krb5_free_safe(context, val)
     if (val->checksum)
        krb5_free_checksum(context, val->checksum);
     krb5_xfree(val);
-    return;
 }
 
 
@@ -535,7 +531,6 @@ krb5_free_ticket(context, val)
     if (val->enc_part2)
        krb5_free_enc_tkt_part(context, val->enc_part2);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -548,7 +543,6 @@ krb5_free_tickets(context, val)
     for (temp = val; *temp; temp++)
         krb5_free_ticket(context, *temp);
     krb5_xfree(val);
-    return;
 }
 
 
@@ -573,7 +567,6 @@ krb5_free_tkt_authent(context, val)
     if (val->authenticator)
            krb5_free_authenticator(context, val->authenticator);
     krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -583,7 +576,6 @@ krb5_free_unparsed_name(context, val)
 {
     if (val)
        krb5_xfree(val);
-    return;
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -612,8 +604,10 @@ krb5_free_sam_challenge_contents(krb5_context ctx, krb5_sam_challenge FAR *sc)
        krb5_free_data_contents(ctx, &sc->sam_response_prompt);
     if (sc->sam_pk_for_sad.data)
        krb5_free_data_contents(ctx, &sc->sam_pk_for_sad);
-    if (sc->sam_cksum.contents)
+    if (sc->sam_cksum.contents) {
        krb5_xfree(sc->sam_cksum.contents);
+       sc->sam_cksum.contents = 0;
+    }
 }
 
 KRB5_DLLIMP void KRB5_CALLCONV
@@ -656,8 +650,10 @@ krb5_free_predicted_sam_response_contents(krb5_context ctx,
        return;
     if (psr->sam_key.contents)
        krb5_free_keyblock_contents(ctx, &psr->sam_key);
-    if (psr->client)
+    if (psr->client) {
        krb5_free_principal(ctx, psr->client);
+       psr->client = 0;
+    }
     if (psr->msd.data)
        krb5_free_data_contents(ctx, &psr->msd);
 }
@@ -689,4 +685,3 @@ krb5_free_pa_enc_ts(krb5_context ctx, krb5_pa_enc_ts FAR *pa_enc_ts)
        return;
     krb5_xfree(pa_enc_ts);
 }
-
index 76858175089c15154888551b4eab38c286c7b7ba..d72f6b2aca710eaaf39bca32a824751d686df06b 100644 (file)
@@ -93,14 +93,6 @@ krb5_mk_priv_basic(context, userdata, keyblock, replaydata, local_addr,
                                 scratch1, &privmsg.enc_part)))
        goto clean_encpart;
 
-    /* put last block into the i_vector */
-
-    if (i_vector)
-       memcpy(i_vector,
-              privmsg.enc_part.ciphertext.data +
-              (privmsg.enc_part.ciphertext.length - blocksize),
-              blocksize);
-          
     if ((retval = encode_krb5_priv(&privmsg, &scratch2)))
         goto clean_encpart;
 
index a8b20ebcb877b87b8aa5e9590b71bcd26b97c9d2..88daab56704bd2d734af8da6004204e412a30260 100644 (file)
@@ -126,10 +126,24 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds,
        
 
     /* generate subkey if needed */
-    if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->local_subkey))
+    if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->local_subkey)) {
+       /* Provide some more fodder for random number code.
+          This isn't strong cryptographically; the point here is not
+          to guarantee randomness, but to make it less likely that multiple
+          sessions could pick the same subkey.  */
+       struct {
+           krb5_int32 sec, usec;
+       } rnd_data;
+       krb5_data d;
+       krb5_crypto_us_timeofday (&rnd_data.sec, &rnd_data.usec);
+       d.length = sizeof (rnd_data);
+       d.data = (char *) &rnd_data;
+       (void) krb5_c_random_seed (context, &d);
+
        if ((retval = krb5_generate_subkey(context, &(in_creds)->keyblock, 
                                           &(*auth_context)->local_subkey)))
            goto cleanup;
+    }
 
     if (in_data) {
        if ((*auth_context)->req_cksumtype == 0x8003) {
index 781e256c914ab1bb6d9d68ad8a9fdaaf6aa83a8e..f0b7e7cf6726bcefd65082a04f6d3412c56f60fe 100644 (file)
@@ -169,6 +169,7 @@ krb5_mk_safe(context, auth_context, userdata, outbuf, outdata)
     krb5_address * plocal_fulladdr = NULL;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
+    krb5_cksumtype sumtype;
 
     CLEANUP_INIT(2);
 
@@ -204,9 +205,33 @@ krb5_mk_safe(context, auth_context, userdata, outbuf, outdata)
         }
     }
 
+    {
+       unsigned int nsumtypes;
+       unsigned int i;
+       krb5_cksumtype *sumtypes;
+       retval = krb5_c_keyed_checksum_types (context, keyblock->enctype,
+                                             &nsumtypes, &sumtypes);
+       if (retval) {
+           CLEANUP_DONE ();
+           goto error;
+       }
+       if (nsumtypes == 0) {
+               retval = KRB5_BAD_ENCTYPE;
+               krb5_free_cksumtypes (context, sumtypes);
+               CLEANUP_DONE ();
+               goto error;
+       }
+       for (i = 0; i < nsumtypes; i++)
+               if (auth_context->safe_cksumtype == sumtypes[i])
+                       break;
+       if (i == nsumtypes)
+               i = 0;
+       sumtype = sumtypes[i];
+       krb5_free_cksumtypes (context, sumtypes);
+    }
     if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata, 
                                     plocal_fulladdr, premote_fulladdr,
-                                    auth_context->safe_cksumtype, outbuf))) {
+                                    sumtype, outbuf))) {
        CLEANUP_DONE();
        goto error;
     }
index 9f301dafd2af2022bb89aa40800707265f7e6015..c155366e48451bd109e3b18c076a5fb3cc3ac18e 100644 (file)
@@ -172,6 +172,10 @@ krb5_error_code krb5_obtain_padata(context, preauth_to_use, key_proc,
            retval = decode_krb5_etype_info(&scratch, &etype_info);
            if (retval)
                return retval;
+           if (etype_info[0] == NULL) {
+               krb5_free_etype_info(context, etype_info);
+               etype_info = NULL;
+           }
        }
     }
 
index 5ea61c9dc018d68b5ef6d9672ee51282a9f47a76..78afab9d7a4cfe0a493119dd6d459d291ebd433d 100644 (file)
@@ -256,6 +256,9 @@ krb5_error_code pa_sam(krb5_context context,
     krb5_data *                        scratch;
     krb5_pa_data *             pa;
 
+    if (prompter == NULL)
+       return KRB5_LIBOS_CANTREADPWD;
+
     tmpsam.length = in_padata->length;
     tmpsam.data = (char *) in_padata->contents;
     if (ret = decode_krb5_sam_challenge(&tmpsam, &sam_challenge))
@@ -530,6 +533,11 @@ krb5_do_preauth(krb5_context context,
                    }
                    return ret;
                }
+               if (etype_info[0] == NULL) {
+                   krb5_free_etype_info(context, etype_info);
+                   etype_info = NULL;
+                   break;
+               }
                salt->data = (char *) etype_info[0]->salt;
                salt->length = etype_info[0]->length;
                *etype = etype_info[0]->etype;
index 9629b0c1947ea02ca84fdfe654b68f40b25c1d86..ab6a5312d71b6f1400f6ae260c0b220abc5190b0 100644 (file)
@@ -101,13 +101,6 @@ krb5_rd_priv_basic(context, inbuf, keyblock, local_addr, remote_addr,
                                 &privmsg->enc_part, &scratch)))
        goto cleanup_scratch;
 
-    /* if i_vector is set, put last block into the i_vector */
-    if (i_vector)
-       memcpy(i_vector,
-              privmsg->enc_part.ciphertext.data +
-              (privmsg->enc_part.ciphertext.length - blocksize),
-              blocksize);
-
     /*  now decode the decrypted stuff */
     if ((retval = decode_krb5_enc_priv_part(&scratch, &privmsg_enc_part)))
         goto cleanup_scratch;
index 442e78b2d836a3f37d6898b31bf08c92b47b50f2..4e9f44ea0f85abe8521c09b360d9e2ae6bc8c1dd 100644 (file)
@@ -83,8 +83,8 @@ krb5_rd_req_decrypt_tkt_part(context, req, keytab)
                                    enctype, &ktent)))
        return retval;
 
-    if ((retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket)))
-       return retval;
+    retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket);
+    /* Upon error, Free keytab entry first, then return */
 
     (void) krb5_kt_free_entry(context, &ktent);
     return retval;
index 3d5bce4917e5ec3275cb4a4e4eecbc7ab98b67d9..f74041c59c2490a927a35251c92e1e222000e0ae 100644 (file)
 
 static char *sendauth_version = "KRB5_SENDAUTH_V1.0";
 
-KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
-krb5_recvauth(context, auth_context,
-             /* IN */
-             fd, appl_version, server, flags, keytab,
-             /* OUT */
-             ticket)
-    krb5_context         context;
-    krb5_auth_context   FAR * auth_context;
-    krb5_pointer         fd;
-    char               FAR * appl_version;
-    krb5_principal       server;
-    krb5_int32           flags;
-    krb5_keytab                  keytab;
-    krb5_ticket               FAR * FAR * ticket;
+krb5_error_code
+recvauth_common(krb5_context context,
+               krb5_auth_context FAR * auth_context,
+               /* IN */
+               krb5_pointer fd,
+               char FAR *appl_version,
+               krb5_principal server,
+               krb5_int32 flags,
+               krb5_keytab keytab,
+               /* OUT */
+               krb5_ticket FAR * FAR * ticket,
+               krb5_data FAR *version)
 {
     krb5_auth_context    new_auth_context;
     krb5_flags           ap_option;
@@ -91,12 +89,15 @@ krb5_recvauth(context, auth_context,
         */
        if ((retval = krb5_read_message(context, fd, &inbuf)))
                return(retval);
-       if (strcmp(inbuf.data, appl_version)) {
+       if (appl_version && strcmp(inbuf.data, appl_version)) {
                krb5_xfree(inbuf.data);
                if (!problem)
                        problem = KRB5_SENDAUTH_BADAPPLVERS;
        }
-       krb5_xfree(inbuf.data);
+       if (version && !problem)
+           *version = inbuf;
+       else
+           krb5_xfree(inbuf.data);
        /*
         * OK, now check the problem variable.  If it's zero, we're
         * fine and we can continue.  Otherwise, we have to signal an
@@ -243,3 +244,38 @@ cleanup:;
     }
     return retval;
 }
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_recvauth(context, auth_context,
+             /* IN */
+             fd, appl_version, server, flags, keytab,
+             /* OUT */
+             ticket)
+    krb5_context         context;
+    krb5_auth_context   FAR * auth_context;
+    krb5_pointer         fd;
+    char               FAR * appl_version;
+    krb5_principal       server;
+    krb5_int32           flags;
+    krb5_keytab                  keytab;
+    krb5_ticket               FAR * FAR * ticket;
+{
+    return recvauth_common (context, auth_context, fd, appl_version,
+                           server, flags, keytab, ticket, 0);
+}
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_recvauth_version(krb5_context context,
+                     krb5_auth_context FAR *auth_context,
+                     /* IN */
+                     krb5_pointer fd,
+                     krb5_principal server,
+                     krb5_int32 flags,
+                     krb5_keytab keytab,
+                     /* OUT */
+                     krb5_ticket FAR * FAR *ticket,
+                     krb5_data FAR *version)
+{
+    return recvauth_common (context, auth_context, fd, 0,
+                           server, flags, keytab, ticket, version);
+}
index 4e7c3a7c62ac193d3078c7b697a9f59c8d358552..b19afdb7ed1ef342bc2eb9551fa30c0d6178eb70 100644 (file)
@@ -119,7 +119,7 @@ krb5_sendauth(context, auth_context,
        if (!in_creds || !in_creds->ticket.length) {
                if (ccache)
                        use_ccache = ccache;
-               else if ((retval = krb5_cc_default(context, &use_ccache)))
+               else if ((retval = krb5int_cc_default(context, &use_ccache)))
                        goto error_return;
        }
        if (!in_creds) {
@@ -152,9 +152,32 @@ krb5_sendauth(context, auth_context,
            credsp = in_creds;
        }
 
-    if ((retval = krb5_mk_req_extended(context, auth_context, ap_req_options,
-                                      in_data, credsp, &outbuf)))
-       goto error_return;
+       if (ap_req_options & AP_OPTS_USE_SUBKEY) {
+           /* Provide some more fodder for random number code.
+              This isn't strong cryptographically; the point here is
+              not to guarantee randomness, but to make it less likely
+              that multiple sessions could pick the same subkey.  */
+           char rnd_data[1024];
+           size_t len;
+           krb5_data d;
+           d.length = sizeof (rnd_data);
+           d.data = rnd_data;
+           len = sizeof (rnd_data);
+           if (getpeername (*(int*)fd, (struct sockaddr *) rnd_data, &len) == 0) {
+               d.length = len;
+               (void) krb5_c_random_seed (context, &d);
+           }
+           len = sizeof (rnd_data);
+           if (getsockname (*(int*)fd, (struct sockaddr *) rnd_data, &len) == 0) {
+               d.length = len;
+               (void) krb5_c_random_seed (context, &d);
+           }
+       }
+
+       if ((retval = krb5_mk_req_extended(context, auth_context,
+                                          ap_req_options, in_data, credsp,
+                                          &outbuf)))
+           goto error_return;
 
        /*
         * First write the length of the AP_REQ message, then write
index 2feef39dd6e0f57d87e5abb90c5f62c13ae0b802..458015d1c665a9be2d957ac6466c8184fd1878af 100644 (file)
@@ -4,6 +4,7 @@
  */
 
 #include "krb5.h"
+#include "kerberosIV/krb.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -56,6 +57,32 @@ void test_425_conv_principal(ctx, name, inst, realm)
     krb5_free_principal(ctx, princ);
 }
 
+void test_524_conv_principal(ctx, name)
+     krb5_context ctx;
+     char *name;
+{
+    krb5_principal princ = 0;
+    krb5_error_code retval;
+    char aname[ANAME_SZ+1], inst[INST_SZ+1], realm[REALM_SZ+1];
+
+    aname[ANAME_SZ] = inst[INST_SZ] = realm[REALM_SZ] = 0;
+    retval = krb5_parse_name(ctx, name, &princ);
+    if (retval) {
+       com_err("krb5_parse_name", retval, 0);
+       goto fail;
+    }
+    retval = krb5_524_conv_principal(ctx, princ, aname, inst, realm);
+    if (retval) {
+       com_err("krb5_524_conv_principal", retval, 0);
+       goto fail;
+    }
+    printf("524_converted_principal(%s): '%s' '%s' '%s'\n",
+          name, aname, inst, realm);
+ fail:
+    if (princ)
+       krb5_free_principal (ctx, princ);
+}
+
 void test_parse_name(ctx, name)
        krb5_context ctx;
        const char *name;
@@ -131,6 +158,7 @@ void usage(progname)
 {
        fprintf(stderr, "%s: Usage: %s 425_conv_principal <name> <inst> <realm\n",
                progname, progname);
+       fprintf(stderr, "\t%s 524_conv_principal <name>\n", progname);
        fprintf(stderr, "\t%s parse_name <name>\n", progname);
        fprintf(stderr, "\t%s set_realm <name> <realm>\n", progname);
        fprintf(stderr, "\t%s string_to_timestamp <time>\n", progname);
@@ -186,6 +214,10 @@ main(argc, argv)
                  argc--; argv++;
                  if (!argc) usage(progname);
                  test_string_to_timestamp(ctx, *argv);
+         } else if (strcmp(*argv, "524_conv_principal") == 0) {
+             argc--; argv++;
+             if (!argc) usage(progname);
+             test_524_conv_principal(ctx, *argv);
          }
          else
              usage(progname);
index 5882d9770a9ad6fcf6f9ae4c8061e6c77f3bdbfd..8d7a4d9759f925635cfa91a4acdbdb50e96c01f5 100644 (file)
                kdc = KERBEROS.CYGNUS.COM
                admin_server = KERBEROS.MIT.EDU
        }
+       stanford.edu = {
+               v4_realm = IR.STANFORD.EDU
+       }
+       LONGNAMES.COM = {
+               v4_realm = SOME-REALLY-LONG-REALM-NAME-V4-CANNOT-HANDLE.COM
+       }
 
 [domain_realm]
        .mit.edu = ATHENA.MIT.EDU
index 9423944534ff08b22ed4d4c899234fc599896cc8..08a53343fcb6b88fb6a010a3c3eee354ae7d8aca 100644 (file)
@@ -14,4 +14,6 @@ parsed (and unparsed) principal(\/slash/\@atsign/octa\/thorpe@\/slash\@at\/sign)
 425_converted principal(rcmd, uunet, UU.NET): 'host/uunet.uu.net@UU.NET'
 425_converted principal(zephyr, zephyr, ATHENA.MIT.EDU): 'zephyr/zephyr@ATHENA.MIT.EDU'
 425_converted principal(kadmin, ATHENA.MIT.EDU, ATHENA.MIT.EDU): 'kadmin/ATHENA.MIT.EDU@ATHENA.MIT.EDU'
+524_converted_principal(host/e40-po.mit.edu@ATHENA.MIT.EDU): 'rcmd' 'e40-po' 'ATHENA.MIT.EDU'
+524_converted_principal(host/foobar.stanford.edu@stanford.edu): 'rcmd' 'foobar' 'IR.STANFORD.EDU'
 old principal: marc@MIT.EDU, modified principal: marc@CYGNUS.COM
index 85a8465030975202066e62d2c5516c6959761416..f046ab5ea3716ccab4df357a517a7c9e9a69ca5f 100644 (file)
@@ -109,7 +109,7 @@ krb5_verify_init_creds(krb5_context context,
           (options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL)) {
           if (options->ap_req_nofail)
               goto cleanup;
-       } else if ((ret2 = krb5_appdefault_boolean(context,
+       } else if ((ret2 = krb5_libdefault_boolean(context,
                                                  &creds->client->realm,
                                                  "verify_ap_req_nofail",
                                                  &nofail))
index beeb06dbbc9c328c556c7a5b2e9373eed2f3acd6..bc690439f188990cdb10acd180b3af4fecbbe7b3 100644 (file)
@@ -20,6 +20,9 @@ krb5_error_code krb5int_initialize_library (void)
            add_error_table(&et_kv5m_error_table);
            add_error_table(&et_kdb5_error_table);
            add_error_table(&et_asn1_error_table);
+#ifdef macintosh
+               InstallSleepNotification ();
+#endif
 
                initialized = 1;
        }
@@ -35,10 +38,13 @@ void krb5int_cleanup_library (void)
 {
        assert (initialized);
 
-#if defined(_MSDOS) || defined(_WIN32) || defined(macintosh)
+#if defined(_MSDOS) || defined(_WIN32) || defined(macintosh) || defined(__MACH__)
        krb5_stdcc_shutdown();
 #endif
        
+#ifdef macintosh
+       RemoveSleepNotification ();
+#endif
        remove_error_table(&et_krb5_error_table);
        remove_error_table(&et_kv5m_error_table);
        remove_error_table(&et_kdb5_error_table);
index 8f8c018214b2fbe5b969989ef6682bf61e450109..2e434e8571874450ec38d496d1d89c476629ee83 100644 (file)
@@ -1,3 +1,148 @@
+2001-02-05  Tom Yu  <tlyu@mit.edu>
+
+       * prompter.c (krb5_prompter_posix): Fix up terminal modes if we're
+       interrupted. [reported by Booker Bense] [pullup from trunk]
+
+2001-02-02  Ken Raeburn  <raeburn@mit.edu>
+
+       * localaddr.c (foreach_localaddr): Increase buffer space initially
+       allocated.  Add more slop space at the end that must remain unused
+       before we stop growing the buffer.  Impose a maximum size on the
+       buffer.  Handle possibility of returned ifc_len being larger than
+       the supplied buffer.
+
+2001-01-30  Ken Raeburn  <raeburn@mit.edu>
+
+       * changepw.c (fixup_ports): New function, uses correct level of
+       indirection for elements of socket address array.
+       (krb5_locate_kpasswd): Call fixup_ports.
+
+2001-01-24     Miro Jurisic <meeroh@mit.edu>
+
+       * c_us_time.c: Fix the sleep queue notification code to
+               avoid denying sleep requests
+
+2000-12-19     Miro Jurisic <meeroh@mit.edu>
+
+       * c_us_time.c: Fix the sleep queue notification code to
+               build with Universal Headers 3.3
+
+2000-11-29     Miro Jurisic <meeroh@mit.edu>
+
+       * c_us_time.c: Install a callback in the Mac OS sleep
+       queue to get notification of the machine coming out
+       of sleep, in order to refresh the cached uptime to
+       real time offset
+
+2000-10-28     Miro Jurisic <meeroh@mit.edu>
+
+       * c_ustime.c: Fixed epoch calculation under Mac OS 9 Carbon and Mac OS X
+
+2000-10-16     Miro Jurisic <meeroh@mit.edu>
+
+       * init_os_ctx.c: Use PreferencesLib to discover config files on Mac OS X
+
+2000-10-02     Alexandra Ellwood <lxs@mit.edu>
+
+       * ccdefname.c, init_os_ctx.c, prompter.c, prompterusr.c. read_pwd.c
+        timeofday.c: Added #defines for Mac OS X (__MACH__) to mimic macintosh
+        behavior
+
+2000-09-28  Miro Jurisic  <meeroh@mit.edu>
+
+       * c_us_time.c: Fixed Mac code to use the correct epoch
+
+2000-09-23  Miro Jurisic  <meeroh@mit.edu>
+
+       * c_us_time.c: Added modifications to Mac OS Microseconds timing
+       to work properly under Carbon.
+
+2000-06-19  Ken Raeburn  <raeburn@mit.edu>
+
+       * localaddr.c (foreach_localaddr): Use SIOCGSIZIFCONF ioctl if
+       available to get the buffer size needed for SIOCGIFCONF, and skip
+       the silly heuristics if it returns a reasonable value.
+
+2000-06-14  Miro Jurisic  <meeroh@mit.edu>
+
+       * init_os_ctx.c (os_get_default_config_files):  
+       Return ENOENT when file is not found on MacOS (not ENFILE)
+
+2000-06-09  Miro Jurisic  <meeroh@mit.edu>
+
+       * init_os_ctx.c (os_get_default_config_files):  
+       Eliminated some dead code
+
+2000-06-09  Miro Jurisic  <meeroh@mit.edu>
+
+       * init_os_ctx.c (os_get_default_config_files):  Use Kerberos
+       Preferences library to locate the config files on Mac OS
+
+2000-05-17  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * an_to_ln.c (do_replacement):  Don't overflow buffers "in" or "out".
+       * hst_realm.c (krb5_try_realm_txt_rr):  Don't overfill "host" when
+       malformed DNS responses are received.
+
+2000-05-15  Jeffrey Altman <jaltman@columbia.edu>
+
+        * hst_realm.c (krb5_get_host_realm)
+          remove the searchlist and defaultrealm _kerberos queries
+
+2000-05-09     Alexandra Ellwood <lxs@mit.edu>
+
+       *localaddr.c: Fixed the local_addr_fallback_kludge so that it actually does something.
+       Before that the error code it was handling was blowing it away in cleanup.
+
+2000-04-28  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * ccdefname.c (get_from_os): Don't overflow buffer "name_buf".
+       * kuserok.c (krb5_kuserok): Don't overflow buffer "pbuf".
+
+2000-04-22  Ken Raeburn  <raeburn@mit.edu>
+
+       * localaddr.c: Include stddef.h.
+       (foreach_localaddr): Check each address against previously used
+       addresses, and skip duplicates, in case multiple interfaces have
+       the same address.  If called functions fail, drop out of loop and
+       return nonzero.
+       (krb5_os_localaddr): Increment count of addresses to include null
+       pointer terminator.  Delete check for zero count.
+
+2000-04-18  Danilo Almeida  <dalmeida@mit.edu>
+
+       * prompter.c (krb5int_set_prompt_types): Set to actual value
+       intead of 0.
+
+2000-4-13      Alexandra Ellwood <lxs@mit.edu>
+
+       * init_os_ctx.c: Added support to store a krb5_principal in the os_context 
+       along with the default ccache name (if known, this principal is the same 
+       as the last time we looked at the ccache.
+       * ccdefname.c: Added support to store a krb5_principal in the os_context 
+       along with the default ccache name (if known, this principal is the same 
+       as the last time we looked at the ccache.
+
+2000-04-04  Ken Raeburn  <raeburn@mit.edu>
+
+       * locate_kdc.c (maybe_use_dns): Renamed from _krb5_use_dns.  Now
+       takes an arg to indicate a key to look up in krb5.conf, falling
+       back to "dns_fallback", and an arg indicating the default value if
+       no config file entries match.
+       (_krb5_use_dns_realm): New routine; use "dns_lookup_realm" and
+       KRB5_DNS_LOOKUP_REALM setting.
+       (_krb5_use_dns_kdc): New routine; use "dns_lookup_kdc" and
+       KRB5_DNS_LOOKUP_KDC.
+       (krb5_locate_kdc): Call _krb5_use_dns_kdc.
+       * changepw.c (krb5_locate_kpasswd): Call _krb5_use_dns_kdc.
+       * def_realm.c (krb5_get_default_realm): Call _krb5_use_dns_realm.
+       * hst_realm.c (krb5_get_host_realm): Call _krb5_use_dns_realm.
+
+2000-03-20  Miro Jurisic  <meeroh@mit.edu>
+
+       * def_realm.c (krb5_free_default_realm): Added, use to free
+       result of krb5_get_default_realm
+
 2000-03-15  Danilo Almeida  <dalmeida@mit.edu>
 
        * prompter.c: Add krb5int_set_prompt_types() and
index 3c721fb879356eb4af3c84a83b96517789c74d6c..02e68fb04da985f51e99a610dc59c21915e1ce9c 100644 (file)
@@ -298,15 +298,15 @@ do_replacement(regexp, repl, doall, in, out)
                    strncpy(op, cp, match_match.rm_so);
                    op += match_match.rm_so;
                }
-               strcpy(op, repl);
-               op += strlen(repl);
+               strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out));
+               op += strlen(op);
                cp += match_match.rm_eo;
                if (!doall)
-                   strcpy(op, cp);
+                   strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
                matched = 1;
            }
            else {
-               strcpy(op, cp);
+               strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
                matched = 0;
            }
        } while (doall && matched);
@@ -333,20 +333,20 @@ do_replacement(regexp, repl, doall, in, out)
                strncpy(op, cp, sdispl);
                op += sdispl;
            }
-           strcpy(op, repl);
+           strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out));
            op += strlen(repl);
            cp += edispl;
            if (!doall)
-               strcpy(op, cp);
+               strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
            matched = 1;
        }
        else {
-           strcpy(op, cp);
+           strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
            matched = 0;
        }
     } while (doall && matched);
 #else  /* HAVE_REGEXP_H */
-    strcpy(out, in);
+    memcpy(out, in, MAX_FORMAT_BUFFER);
 #endif /* HAVE_REGCOMP */
 }
 
@@ -379,7 +379,8 @@ aname_replacer(string, contextp, result)
         * Prime the buffers.  Copy input string to "out" to simulate it
         * being the result of an initial iteration.
         */
-       strcpy(out, string);
+       strncpy(out, string, MAX_FORMAT_BUFFER - 1);
+       out[MAX_FORMAT_BUFFER - 1] = '\0';
        in[0] = '\0';
        kret = 0;
        /*
@@ -421,6 +422,7 @@ aname_replacer(string, contextp, result)
                    out = ep;
 
                    /* Do the replacemenbt */
+                   memset(out, '\0', MAX_FORMAT_BUFFER);
                    do_replacement(rule, repl, doglobal, in, out);
                    free(rule);
                    free(repl);
index 5f735871a59845d718cf8a3ceff4d332f98e94fd..a8049e66d363f664da7ee3f5b875b1269103e917 100644 (file)
 #include <DriverServices.h> /* Nanosecond timing */
 #include <CodeFragments.h>     /* Check for presence of UpTime */
 #include <Math64.h>                    /* 64-bit integer math */
+#include <Utilities.h>         /* Mac time -> UNIX time conversion */
+#include <Power.h>                     /* Sleep queue */
 
 /* Mac Cincludes */
 #include <string.h>
 #include <stddef.h>
 
 static krb5_int32 last_sec = 0, last_usec = 0;
+static int gResetCachedDifference = 0;
+static SleepQRec gSleepQRecord;
+static SleepQUPP gSleepQUPP;
 
 /* Check for availability of microseconds or better timer */
 Boolean HaveAccurateTime ();
@@ -68,6 +73,21 @@ void AbsoluteToSecsNanosecs (
       UInt32                   *residualNanoseconds    /* Fractional second  */
    );
 
+/* Convert Microseconds to date and time */
+void MicrosecondsToSecsMicrosecs (
+      UnsignedWide             eventTime,              /* Value to convert   */
+      UInt32                   *eventSeconds,         /* Result goes here   */
+      UInt32                   *residualMicroseconds    /* Fractional second  */
+   );
+
+/* Sleep notification callback in needed to reset cached
+difference when the machine goes to sleep */
+void InstallSleepNotification ();
+void RemoveSleepNotification ();
+pascal long SleepNotification (
+       SInt32 message,
+       SleepQRecPtr qRecPtr);
+
 /*
  * The Unix epoch is 1/1/70, the Mac epoch is 1/1/04.
  *
@@ -116,15 +136,10 @@ krb5_crypto_us_timeofday(seconds, microseconds)
     krb5_int32 sec, usec;
     time_t the_time;
 
-    GetDateTime (&the_time);
-
-    sec = the_time - 
-       ((66 * 365 * 24 * 60 * 60) + (17 *  24 * 60 * 60) + 
-       (getTimeZoneOffset() * 60 * 60));
-
 #if TARGET_CPU_PPC                                                     /* Only PPC has accurate time */
     if (HaveAccurateTime ()) {                                 /* Does hardware support accurate time? */
     
+    #if !TARGET_API_MAC_CARBON
        AbsoluteTime    absoluteTime;
        UInt32                  nanoseconds;
        
@@ -132,6 +147,12 @@ krb5_crypto_us_timeofday(seconds, microseconds)
        AbsoluteToSecsNanosecs (absoluteTime, &sec, &nanoseconds);
        
        usec = nanoseconds / 1000;
+    #else
+       UnsignedWide    currentMicroseconds;
+               Microseconds (&currentMicroseconds);
+       
+       MicrosecondsToSecsMicrosecs (currentMicroseconds, &sec, &usec);
+    #endif
     } else
 #endif /* TARGET_CPU_PPC */
     {
@@ -141,9 +162,8 @@ krb5_crypto_us_timeofday(seconds, microseconds)
        
        /* Fix secs to UNIX epoch */
        
-    sec -= ((66 * 365 * 24 * 60 * 60) + (17 *  24 * 60 * 60) + 
-       (getTimeZoneOffset() * 60 * 60));
-
+       mac_time_to_unix_time (&sec);
+       
        /* Make sure that we are _not_ repeating */
        
        if (sec < last_sec) {   /* Seconds should be at least equal to last seconds */
@@ -180,13 +200,15 @@ Boolean HaveAccurateTime ()
        if (!alreadyChecked) {
                alreadyChecked = true;
                haveAccurateTime = false;
-#if TARGET_CPU_PPC
+#if TARGET_CPU_PPC && !TARGET_API_MAC_CARBON
                if ((Ptr) UpTime != (Ptr) kUnresolvedCFragSymbolAddress) {
                        UInt32  minAbsoluteTimeDelta;
                        UInt32  theAbsoluteTimeToNanosecondNumerator;
                        UInt32  theAbsoluteTimeToNanosecondDenominator;
                        UInt32  theProcessorToAbsoluteTimeNumerator;
                        UInt32  theProcessorToAbsoluteTimeDenominator;
+                       UInt64  lhs;
+                       UInt64  rhs;
 
                        GetTimeBaseInfo (
                                &minAbsoluteTimeDelta,
@@ -198,11 +220,15 @@ Boolean HaveAccurateTime ()
                        /* minAbsoluteTimeDelta is the period in which Uptime is updated, in absolute time */
                        /* We convert it to nanoseconds and compare it with .5 microsecond */
                        
-                       if (minAbsoluteTimeDelta * theAbsoluteTimeToNanosecondNumerator <
-                               500 * theAbsoluteTimeToNanosecondDenominator) {
+                       lhs = (UInt64) minAbsoluteTimeDelta * (UInt64) theAbsoluteTimeToNanosecondNumerator;
+                       rhs = (UInt64) theAbsoluteTimeToNanosecondDenominator * 500;
+                       
+                       if (lhs < rhs) {
                                haveAccurateTime = true;
                        }
                }
+#else if TARGET_CPU_PPC && TARGET_API_MAC_CARBON
+               haveAccurateTime = true;
 #endif /* TARGET_CPU_PPC */
        }
        
@@ -226,7 +252,7 @@ void AbsoluteToSecsNanosecs (
     * If this is the first call, compute the offset between
     * GetDateTime and UpTime.
     */
-   if (U64Compare (gNanosecondsAtStart, U64SetU (0)) == 0) {
+   if (gResetCachedDifference || U64Compare (gNanosecondsAtStart, U64SetU (0)) == 0) {
       UInt32                           secondsAtStart;
       AbsoluteTime                     absoluteTimeAtStart;
       UInt64                           upTimeAtStart;
@@ -254,6 +280,76 @@ void AbsoluteToSecsNanosecs (
    *eventSeconds = (UInt64ToUnsignedWide (eventSeconds64)).lo;
    *residualNanoseconds = (UInt64ToUnsignedWide (eventNanoseconds)).lo;
 }
+
+/* Convert microseconds to date and time */
+
+void MicrosecondsToSecsMicrosecs (
+      UnsignedWide             eventTime,              /* Value to convert   */
+      UInt32                   *eventSeconds,         /* Result goes here   */
+      UInt32                   *residualMicroseconds    /* Fractional second  */
+   )
+{
+   UInt64                                      eventMicroseconds;
+   static const UInt64         kTenE6 = U64SetU (1000000);
+   static UInt64                       gMicrosecondsAtStart = U64SetU (0);
+
+   /*
+    * If this is the first call, compute the offset between
+    * GetDateTime and Microseconds.
+    */
+   if (gResetCachedDifference || U64Compare (gMicrosecondsAtStart, U64SetU (0)) == 0) {
+      UInt32                           secondsAtStart;
+      UnsignedWide                     microsecondsAtStart;
+
+      GetDateTime (&secondsAtStart);
+      Microseconds (&microsecondsAtStart);
+         gMicrosecondsAtStart = U64Subtract (U64Multiply (U64SetU (1000000), U64SetU (secondsAtStart)), UnsignedWideToUInt64 (microsecondsAtStart));
+   }
+   /*
+    * Add the local time epoch to the event time
+    */
+   eventMicroseconds = gMicrosecondsAtStart + UnsignedWideToUInt64 (eventTime);
+
+   /*
+    * eventSeconds = eventMicroseconds / 10e6;
+    * residualMicroseconds = eventMicroseconds % 10e6;
+    * Finally, compute the local time (seconds) and fraction.
+    */
+   *eventSeconds = eventMicroseconds / 1000000;
+   *residualMicroseconds = eventMicroseconds - *eventSeconds * 1000000;
+}
+
+void InstallSleepNotification ()
+{
+       gSleepQUPP = NewSleepQProc (SleepNotification);
+       gSleepQRecord.sleepQLink = nil;
+       gSleepQRecord.sleepQType = slpQType;
+       gSleepQRecord.sleepQProc = gSleepQUPP;
+       gSleepQRecord.sleepQFlags = 0;
+       SleepQInstall (&gSleepQRecord);
+}
+
+void RemoveSleepNotification ()
+{
+       SleepQRemove (&gSleepQRecord);
+#if TARGET_API_MAC_CARBON
+       DisposeSleepQUPP (gSleepQUPP);
+#else
+       DisposeRoutineDescriptor (gSleepQUPP);
+#endif
+}
+
+pascal long SleepNotification (
+       SInt32 message,
+       SleepQRecPtr qRecPtr)
+{
+       if (message == sleepWakeUp) {
+               gResetCachedDifference = 1;
+       }
+       
+       return 0;
+}
+
 #elif defined(_WIN32)
 
    /* Microsoft Windows NT and 95   (32bit)  */
index 53e788859113e1c68ff8ee949e1b40250db53e3f..dd933033b8c6404309e985805d142b56ed7e6f3e 100644 (file)
@@ -31,7 +31,7 @@
 #include "k5-int.h"
 #include <stdio.h>
 
-#ifdef macintosh
+#if defined(macintosh) || defined(__MACH__)
 #include "CCache.h"
 #endif
 
@@ -160,7 +160,7 @@ static krb5_error_code get_from_os(char *name_buf, int name_size)
        if (get_from_registry_indirect(name_buf, name_size) != 0)
                return 0;
 
-        strncpy(name_buf, prefix, name_size);       
+        strncpy(name_buf, prefix, name_size - 1);
         name_buf[name_size - 1] = 0;
         size = name_size - strlen(prefix);
         if (size > 0)
@@ -186,7 +186,7 @@ static krb5_error_code get_from_os(char *name_buf, int name_size)
 }
 #endif
 
-#if defined (macintosh)
+#if defined (macintosh) || defined(__MACH__)
 
 static krb5_error_code get_from_os(char *name_buf, int name_size)
 {
@@ -261,6 +261,13 @@ krb5_cc_set_default_name(context, name)
                return ENOMEM;
        strcpy(new_name, name_buf);
        
+       if (!os_ctx->default_ccname || (strcmp(os_ctx->default_ccname, new_name) != 0)) {
+               /* the ccache changed... forget the old principal */
+               if (os_ctx->default_ccprincipal)
+                       krb5_free_principal (context, os_ctx->default_ccprincipal);
+               os_ctx->default_ccprincipal = 0;  /* we don't care until we use it */
+       }
+       
        if (os_ctx->default_ccname)
                free(os_ctx->default_ccname);
 
index 6ed95bce7fd606fcadf45e1244fb3c217842e7c1..406a586ff690335fa1b407bb33aa483fa933f3e9 100644 (file)
  * Wrapper function for the two backends
  */
 
+static void
+fixup_ports (struct sockaddr *addr_p, int naddrs, int port)
+{
+    /* Ick: In this version of krb5_locate_foo, we have a pointer to a
+       pointer to an array of sockaddr_in structures -- NOT an array
+       of pointers like we should have.  */
+    int i;
+    port = htons (port);
+    if (addr_p->sa_family != AF_INET)
+       abort ();
+    for (i = 0; i < naddrs; i++) {
+       struct sockaddr_in *sinp = (struct sockaddr_in *) &addr_p[i];
+       sinp->sin_port = port;
+    }
+}
+
 static krb5_error_code
-krb5_locate_kpasswd(context, realm, addr_pp, naddrs, master_index, nmasters)
+krb5_locate_kpasswd(context, realm, addr_pp, naddrs)
     krb5_context context;
     const krb5_data *realm;
     struct sockaddr **addr_pp;
     int *naddrs;
-    int *master_index;
-    int *nmasters;
 {
     krb5_error_code code;
     int i;
-#ifdef KRB5_DNS_LOOKUP
-    struct sockaddr *admin_addr_p, *kdc_addr_p;
-    int nadmin_addrs, nkdc_addrs;
-    int j;
-#endif /* KRB5_DNS_LOOKUP */
 
     /*
      * We always try the local file first
      */
 
-    code = krb5_locate_srv_conf(context, realm, "kpasswd_server", addr_pp, naddrs,
-                                 master_index, nmasters);
+    code = krb5_locate_srv_conf(context, realm, "kpasswd_server",
+                                 addr_pp, naddrs, 0);
     if (code) {
-        code = krb5_locate_srv_conf(context, realm, "admin_server", addr_pp, naddrs,
-                                     master_index, nmasters);
+        code = krb5_locate_srv_conf(context, realm, "admin_server", 
+                                     addr_pp, naddrs, 0);
         if ( !code ) {
-            /* success with admin_server but now we need to change the port */
-            /* number to use DEFAULT_KPASSWD_PORT.                          */
-            for ( i=0;i<*naddrs;i++ ) {
-                struct sockaddr_in *sin = (struct sockaddr_in *) addr_pp[i];
-                sin->sin_port = htons(DEFAULT_KPASSWD_PORT);
-            }
+            /* Success with admin_server but now we need to change the
+              port number to use DEFAULT_KPASSWD_PORT.  */
+           fixup_ports (*addr_pp, *naddrs, DEFAULT_KPASSWD_PORT);
         }
     }
 
 #ifdef KRB5_DNS_LOOKUP
     if (code) {
-        int use_dns = _krb5_use_dns(context);
+        int use_dns = _krb5_use_dns_kdc(context);
         if ( use_dns ) {
             code = krb5_locate_srv_dns(realm, "_kpasswd", "_udp",
                                         addr_pp, naddrs);
@@ -100,18 +106,12 @@ krb5_locate_kpasswd(context, realm, addr_pp, naddrs, master_index, nmasters)
                                             "_tcp",
                                             addr_pp, naddrs);
                 if ( !code ) {
-                    /* success with admin_server but now we need to change the port */
-                    /* number to use DEFAULT_KPASSWD_PORT.                          */
-                    for ( i=0;i<*naddrs;i++ ) {
-                        struct sockaddr_in *sin = (struct sockaddr_in *) addr_pp[i];
-                        sin->sin_port = htons(DEFAULT_KPASSWD_PORT);
-                    }
+                    /* Success with admin_server but now we need to
+                      change the port number to use
+                      DEFAULT_KPASSWD_PORT.  */
+                   fixup_ports (*addr_pp, *naddrs, DEFAULT_KPASSWD_PORT);
                 }
             }
-            if ( !code && master_index && nmasters ) {
-                *master_index = 1;
-                *nmasters = *naddrs;
-            }
         }
     }
 #endif /* KRB5_DNS_LOOKUP */
@@ -158,7 +158,7 @@ krb5_change_password(context, creds, newpw, result_code,
 
     if (code = krb5_locate_kpasswd(context, 
                                     krb5_princ_realm(context, creds->client), 
-                                    &addr_p, &naddr_p,NULL,NULL))
+                                    &addr_p, &naddr_p))
         goto cleanup;
 
     /* this is really obscure.  s1 is used for all communications.  it
index 8647f898467dd17dee11449ebbae26b4ab289d9e..d9bd017ad472fc86999585535959b53c76de3202 100644 (file)
@@ -24,7 +24,8 @@
  * or implied warranty.
  * 
  *
- * krb5_get_default_realm() function.
+ * krb5_get_default_realm(), krb5_set_default_realm(),
+ * krb5_free_default_realm() functions.
  */
 
 #include "k5-int.h"
@@ -103,7 +104,7 @@ krb5_get_default_realm(context, lrealm)
 
 #ifdef KRB5_DNS_LOOKUP
         if (context->default_realm == 0) {
-            int use_dns =  _krb5_use_dns(context);
+            int use_dns =  _krb5_use_dns_realm(context);
             if ( use_dns ) {
                /*
                 * Since this didn't appear in our config file, try looking
@@ -202,3 +203,11 @@ krb5_set_default_realm(context, lrealm)
     return(0);
 
 }
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_default_realm(context, lrealm)
+       krb5_context context;
+       char FAR* lrealm;
+{
+       free (lrealm);
+}
\ No newline at end of file
index 3c0005caf91ea69152a6412c41e5767bc040b135..5a30001659d2b31c622a7743ec19a27d6b7e29a5 100644 (file)
@@ -117,6 +117,8 @@ krb5_try_realm_txt_rr(prefix, name, realm)
      */
 
     if (name == NULL || name[0] == '\0') {
+       if (strlen (prefix) >= sizeof(host)-1)
+           return KRB5_ERR_HOST_REALM_UNKNOWN;
         strcpy(host,prefix);
     } else {
         if ( strlen(prefix) + strlen(name) + 3 > MAX_DNS_NAMELEN )
@@ -134,7 +136,7 @@ krb5_try_realm_txt_rr(prefix, name, realm)
         */
 
         h = host + strlen (host);
-        if (h > host && h[-1] != '.')
+        if ((h > host) && (h[-1] != '.') && ((h - host + 1) < sizeof(host)))
             strcpy (h, ".");
     }
     size = res_search(host, C_IN, T_TXT, answer.bytes, sizeof(answer.bytes));
@@ -312,7 +314,7 @@ krb5_get_host_realm(context, host, realmsp)
 
 #ifdef KRB5_DNS_LOOKUP
     if (realm == (char *)NULL) {
-        int use_dns = _krb5_use_dns(context);
+        int use_dns = _krb5_use_dns_realm(context);
         if ( use_dns ) {
             /*
              * Since this didn't appear in our config file, try looking
@@ -330,17 +332,6 @@ krb5_get_host_realm(context, host, realmsp)
                 if (cp) 
                     cp++;
             } while (retval && cp && cp[0]);
-            if (retval)
-                retval = krb5_try_realm_txt_rr("_kerberos", "", &realm);
-            if (retval && default_realm) {
-                cp = default_realm;
-                do {
-                    retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm);
-                    cp = strchr(cp,'.');
-                    if (cp) 
-                        cp++;
-                } while (retval && cp && cp[0]);
-            }
         }
     }
 #endif /* KRB5_DNS_LOOKUP */
index 48d8bc2ada4cef00c11218d680d254155300e7cb..942362d36019b0cb286a98edf37fb503740d2acd 100644 (file)
 #define NEED_WINDOWS
 #include "k5-int.h"
 
-#ifdef macintosh
-OSErr
-GetMacProfileFileSpec (FSSpec* outFileSpec, StringPtr inName, UInt32 whichFolder)
-{
-       OSErr err;
-       
-       
-       
-       err = FindFolder (kOnSystemDisk, whichFolder, kCreateFolder,
-               &(outFileSpec -> vRefNum) , &(outFileSpec -> parID));
-       
-       if (err == noErr) {
-               BlockMoveData (inName, &(outFileSpec -> name), strlen (inName) + 1);
-       }
-
-       return err;
-}
+#ifdef TARGET_OS_MAC
+#include <PreferencesLib.h>
 #endif /* macintosh */
 
 #if defined(_MSDOS) || defined(_WIN32)
@@ -185,7 +170,7 @@ static void
 free_filespecs(files)
        profile_filespec_t *files;
 {
-#ifndef macintosh
+#if !TARGET_OS_MAC
     char **cp;
 
     if (files == 0)
@@ -202,45 +187,98 @@ os_get_default_config_files(pfiles, secure)
        profile_filespec_t ** pfiles;
        krb5_boolean secure;
 {
-    profile_filespec_t* files;
-#ifdef macintosh
-       files = malloc(7 * sizeof(FSSpec));
-
-    if (files != 0) {
-       OSErr err = GetMacProfileFileSpec(&(files [3]), "\pKerberos Preferences", kApplicationSupportFolderType);
-               if (err == noErr) {
-                       err = GetMacProfileFileSpec( &(files [4]), "\pkrb5.ini", kApplicationSupportFolderType);
-               }
-               if (err == noErr) {
-                       err = GetMacProfileFileSpec( &(files [5]), "\pKerberos5 Configuration", kApplicationSupportFolderType);
-               }
-
-       if (err == noErr) {
-                       files[6].vRefNum = 0;
-                       files[6].parID = 0;
-                       files[6].name[0] = '\0';
-               } else {
-                       files[3].vRefNum = 0;
-                       files[3].parID = 0;
-                       files[3].name[0] = '\0';
+#ifdef TARGET_OS_MAC
+        FSSpec*        files = nil;
+       FSSpec* preferencesFiles = nil;
+       UInt32  numPreferencesFiles;
+       FSSpec* preferencesFilesToInit = nil;
+       UInt32  numPreferencesFilesToInit;
+       UInt32 i;
+       Boolean foundPreferences = false;
+       Boolean writtenPreferences = false;
+       SInt16 refNum = -1;
+       SInt32 length = 0;
+       
+       OSErr err = KPGetListOfPreferencesFiles (
+               secure ? kpSystemPreferences : kpUserPreferences | kpSystemPreferences,
+               &preferencesFiles,
+               &numPreferencesFiles);
+
+       if (err == noErr) {             
+               /* After we get the list of files, check whether any of them contain any useful information */
+               for (i = 0; i < numPreferencesFiles; i++) {
+                       if (KPPreferencesFileIsReadable (&preferencesFiles [i]) == noErr) {
+                               /* It's readable, check if it has anything in the data fork */
+                               err = FSpOpenDF (&preferencesFiles [i], fsRdPerm, &refNum);
+                               if (err == noErr) {
+                                       err = GetEOF (refNum, &length);
+                               }
+                               
+                               if (refNum != -1) {
+                                       FSClose (refNum);
+                               }
+                               
+                               if (length != 0) {
+                                       foundPreferences = true;
+                                       break;
+                               }
+                       }
                }
 
-               err = GetMacProfileFileSpec(&(files [0]), "\pKerberos Preferences", kPreferencesFolderType);
-               if (err == noErr) {
-                       err = GetMacProfileFileSpec( &(files [1]), "\pkrb5.ini", kPreferencesFolderType);
-               }
-               if (err == noErr) {
-                       err = GetMacProfileFileSpec( &(files [2]), "\pKerberos5 Configuration", kPreferencesFolderType);
+               if (!foundPreferences) {
+                       /* We found no profile data in any of those files; try to initialize one */
+                       /* If we are running "secure" do not try to initialize preferences */
+                       if (!secure) {
+                               err = KPGetListOfPreferencesFiles (kpUserPreferences, &preferencesFilesToInit, &numPreferencesFilesToInit);
+                               if (err == noErr) {
+                                       for (i = 0; i < numPreferencesFilesToInit; i++) {
+                                               if (KPPreferencesFileIsWritable (&preferencesFilesToInit [i]) == noErr) {
+                                                       err = noErr;
+                                                       /* If not readable, create it */
+                                                       if (KPPreferencesFileIsReadable (&preferencesFilesToInit [i]) != noErr) {
+                                                               err = KPCreatePreferencesFile (&preferencesFilesToInit [i]);
+                                                       }
+                                                       /* Initialize it */
+                                                       if (err == noErr) {
+                                                               err = KPInitializeWithDefaultKerberosLibraryPreferences (&preferencesFilesToInit [i]);
+                                                       }
+                                                       break;
+                                               }
+                                       }
+                               }
+                       }
                }
+       }
+       
+       if (err == noErr) {
+               files = malloc ((numPreferencesFiles + 1) * sizeof (FSSpec));
+               if (files == NULL)
+                       err = memFullErr;
+       }
+       
+       if (err == noErr) {
+       for (i = 0; i < numPreferencesFiles; i++) {
+               files [i] = preferencesFiles [i];
+       }
+       
+       files [numPreferencesFiles].vRefNum = 0;
+       files [numPreferencesFiles].parID = 0;
+       files [numPreferencesFiles].name[0] = '\0';
+       }
+       
+       if (preferencesFiles != nil)
+               KPFreeListOfPreferencesFiles (preferencesFiles);
+       
+       if (preferencesFilesToInit != nil) 
+               KPFreeListOfPreferencesFiles (preferencesFilesToInit);
                
-               if (err != noErr) {
-                       free (files);
-                       return ENFILE;
-               }
-       } else {
+       if (err == memFullErr)
                return ENOMEM;
-       }
+       else if (err != noErr)
+               return ENOENT;
+       
 #else /* !macintosh */
+    profile_filespec_t* files;
 #if defined(_MSDOS) || defined(_WIN32)
     krb5_error_code retval = 0;
     char *name = 0;
@@ -349,10 +387,16 @@ os_init_paths(ctx)
 #endif /* KRB5_DNS_LOOKUP */
 
     retval = os_get_default_config_files(&files, secure);
-
+    
     if (!retval) {
+#if TARGET_OS_MAC
+        retval = FSp_profile_init_path(files,
+                             &ctx->profile);
+#else
         retval = profile_init((const_profile_filespec_t *) files,
                              &ctx->profile);
+#endif
+
 #ifdef KRB5_DNS_LOOKUP
         /* if none of the filenames can be opened use an empty profile */
         if (retval == ENOENT) {
@@ -404,6 +448,7 @@ krb5_os_init_context(ctx)
        os_ctx->usec_offset = 0;
        os_ctx->os_flags = 0;
        os_ctx->default_ccname = 0;
+       os_ctx->default_ccprincipal = 0;
 
        krb5_cc_set_default_name(ctx, NULL);
 
@@ -427,8 +472,15 @@ krb5_get_profile (ctx, profile)
 
     retval = os_get_default_config_files(&files, ctx->profile_secure);
 
-    if (!retval)
-        retval = profile_init((const_profile_filespec_t *) files, profile);
+    if (!retval) {
+#if TARGET_OS_MAC
+        retval = FSp_profile_init_path(files,
+                             profile);
+#else
+        retval = profile_init((const_profile_filespec_t *) files,
+                             profile);
+#endif
+    }
 
     if (files)
         free_filespecs(files);
@@ -446,7 +498,7 @@ krb5_get_profile (ctx, profile)
     return retval;
 }      
 
-#ifndef macintosh
+#if !TARGET_OS_MAC
 
 krb5_error_code
 krb5_set_config_files(ctx, filenames)
@@ -524,6 +576,11 @@ krb5_os_free_context(ctx)
                 os_ctx->default_ccname = 0;
         }
 
+       if (os_ctx->default_ccprincipal) {
+               krb5_free_principal (ctx, os_ctx->default_ccprincipal);
+               os_ctx->default_ccprincipal = 0;
+       }
+
        os_ctx->magic = 0;
        free(os_ctx);
        ctx->os_context = 0;
index ef080374495ea5eeb0f465a8e0c0ddc2a5372e79..6d2adb126e9790beb6dd1f48f4473dc64a5112a5 100644 (file)
@@ -80,8 +80,9 @@ krb5_kuserok(context, principal, luser)
     if ((pwd = getpwnam(luser)) == NULL) {
        return(FALSE);
     }
-    (void) strcpy(pbuf, pwd->pw_dir);
-    (void) strcat(pbuf, "/.k5login");
+    (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1);
+    pbuf[sizeof(pbuf) - 1] = '\0';
+    (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf));
 
     if (access(pbuf, F_OK)) {   /* not accessible */
        /*
index 9079500e153b30cfb7d3ac38591b42e7ea6aca93..d2755902329284e44fb8cb1b5419e4ffc346a9e7 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/os/localaddr.c
  *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2000 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -39,6 +39,7 @@
 #include <sys/ioctl.h>
 #include <sys/time.h>
 #include <errno.h>
+#include <stddef.h>
 
 /*
  * The SIOCGIF* ioctls require a socket.
@@ -248,6 +249,45 @@ add_addr (void *P_data, struct sockaddr *a)
 #define ifreq_size(i) sizeof(struct ifreq)
 #endif /* HAVE_SA_LEN*/
 
+/* SIOCGIFCONF:
+
+   The behavior of this ioctl varies across systems.
+
+   NetBSD 1.5-alpha: The returned ifc_len is the desired amount of
+   space, always.  The returned list may be truncated if there isn't
+   enough room; no overrun.
+
+   Solaris 2.7: Return EINVAL if the buffer space is too small,
+   including ifc_len==0.  (Not sure if this is "too small for a single
+   entry" or "too small for the entire list"; my Sun has only one
+   interface.)  Solaris is the only system I've found so far that
+   actually returns an error.
+
+   AIX 4.3.3: Sometimes the returned ifc_len is bigger than the
+   supplied one, but it may not be big enough for *all* the
+   interfaces.  Sometimes it's smaller than the supplied value, even
+   if the returned list is truncated.  The list is filled in with as
+   many entries as will fit; no overrun.
+
+   Linux 2.2.12 (RH 6.1 dist, x86): The buffer is filled in with as
+   many entries as will fit, and the size used is returned in ifc_len.
+   The list is truncated if needed, with no indication.
+
+   IRIX 6.5: The buffer is filled in with as many entries as will fit
+   in N-1 bytes, and the size used is returned in ifc_len.  Providing
+   exactly the desired number of bytes is inadequate; the buffer must
+   be *bigger* than needed.  (E.g., 32->0, 33->32.)  The returned
+   ifc_len is always less than the supplied one.
+
+   Digital UNIX 4.0F: If input ifc_len is zero, return an ifc_len
+   that's big enough to include all entries.  (Actually, on our
+   system, it appears to be larger than that by 32.)  If input ifc_len
+   is nonzero, fill in as many entries as will fit, and set ifc_len
+   accordingly.
+
+   Using this ioctl is going to be messy.  Let's just hope that
+   getifaddrs() catches on quickly....  */
+
 static int
 foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
     void *data;
@@ -255,13 +295,17 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
     int (*betweenfn) (void *);
     int (*pass2fn) (void *, struct sockaddr *);
 {
-    struct ifreq *ifr, ifreq;
+    struct ifreq *ifr, ifreq, *ifr2;
     struct ifconf ifc;
-    int s, code, n, i;
+    int s, code, n, i, j;
     int est_if_count = 8, est_ifreq_size;
     char *buf = 0;
     size_t current_buf_size = 0;
-    
+    int fail = 0;
+#ifdef SIOCGSIZIFCONF
+    int ifconfsize = -1;
+#endif
+
     s = socket (USE_AF, USE_TYPE, USE_PROTO);
     if (s < 0)
        return SOCKET_ERRNO;
@@ -269,8 +313,17 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
     /* At least on NetBSD, an ifreq can hold an IPv4 address, but
        isn't big enough for an IPv6 or ethernet address.  So add a
        little more space.  */
-    est_ifreq_size = sizeof (struct ifreq) + 8;
-    current_buf_size = est_ifreq_size * est_if_count;
+    est_ifreq_size = sizeof (struct ifreq) + 16;
+#ifdef SIOCGSIZIFCONF
+    code = ioctl (s, SIOCGSIZIFCONF, &ifconfsize);
+    if (!code) {
+       current_buf_size = ifconfsize;
+       est_if_count = ifconfsize / est_ifreq_size;
+    }
+#endif
+    if (current_buf_size == 0) {
+       current_buf_size = est_ifreq_size * est_if_count;
+    }
     buf = malloc (current_buf_size);
 
  ask_again:
@@ -284,12 +337,35 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
        closesocket (s);
        return retval;
     }
-    /* Test that the buffer was big enough that another ifreq could've
+    /* BSD 4.4 and similar systems truncate the address list if the
+       supplied buffer isn't big enough.
+
+       Test that the buffer was big enough that another ifreq could've
        fit easily, if the OS wanted to provide one.  That seems to be
        the only indication we get, complicated by the fact that the
        associated address may make the required storage a little
        bigger than the size of an ifreq.  */
-    if (current_buf_size - ifc.ifc_len < sizeof (struct ifreq) + 40) {
+#define SLOP (sizeof (struct ifreq) + 128)
+    if ((current_buf_size - ifc.ifc_len < sizeof (struct ifreq) + SLOP
+       /* On AIX 4.3.3, ifc.ifc_len may be set to a larger size than
+          provided under some circumstances.  On my test system, a
+          supplied value of 32..112 gets me 112, but with no data
+          filled in even at 112.  But larger input ifc_len values get
+          me larger output values, so it's not necessarily the full
+          desired output buffer size.  And as near as I can tell, the
+          ifc_len output has little to do with the offset of the last
+          byte in the buffer actually modified, except that both
+          input and output ifc_len values are higher (i.e., no buffer
+          overrun takes place in my testing).  */
+        || current_buf_size < ifc.ifc_len)
+       /* But let's let SIOCGSIZIFCONF dominate, unless we discover
+          it's broken somewhere.  */
+#ifdef SIOCGSIZIFCONF
+       && ifconfsize <= 0
+#endif
+       /* And we need *some* sort of bounds.  */
+       && current_buf_size <= 100000
+       ) {
        int new_size;
        char *newbuf;
 
@@ -307,31 +383,62 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
     }
 
     n = ifc.ifc_len;
-
+    if (n > current_buf_size)
+       n = current_buf_size;
+
+    /* Note: Apparently some systems put the size (used or wanted?)
+       into the start of the buffer, just none that I'm actually
+       using.  Fix this when there's such a test system available.
+       The Samba mailing list archives mention that NTP looks for the
+       size on these systems: *-fujitsu-uxp* *-ncr-sysv4*
+       *-univel-sysv*.  [raeburn:20010201T2226-05]  */
     for (i = 0; i < n; i+= ifreq_size(*ifr) ) {
        ifr = (struct ifreq *)((caddr_t) ifc.ifc_buf+i);
 
        strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name));
-       if (ioctl (s, SIOCGIFFLAGS, (char *)&ifreq) < 0
-#ifdef IFF_LOOPBACK
-           /* None of the current callers want loopback addresses.  */
-           || (ifreq.ifr_flags & IFF_LOOPBACK)
-#endif
-           /* Ignore interfaces that are down.  */
-           || !(ifreq.ifr_flags & IFF_UP)) {
+       if (ioctl (s, SIOCGIFFLAGS, (char *)&ifreq) < 0) {
+       skip:
            /* mark for next pass */
            ifr->ifr_name[0] = 0;
 
            continue;
        }
 
+#ifdef IFF_LOOPBACK
+           /* None of the current callers want loopback addresses.  */
+       if (ifreq.ifr_flags & IFF_LOOPBACK)
+           goto skip;
+#endif
+       /* Ignore interfaces that are down.  */
+       if (!(ifreq.ifr_flags & IFF_UP))
+           goto skip;
+
+       /* Make sure we didn't process this address already.  */
+       for (j = 0; j < i; j += ifreq_size(*ifr2)) {
+           ifr2 = (struct ifreq *)((caddr_t) ifc.ifc_buf+j);
+           if (ifr2->ifr_name[0] == 0)
+               continue;
+           if (ifr2->ifr_addr.sa_family == ifr->ifr_addr.sa_family
+               && ifreq_size (*ifr) == ifreq_size (*ifr2)
+               /* Compare address info.  If this isn't good enough --
+                  i.e., if random padding bytes turn out to differ
+                  when the addresses are the same -- then we'll have
+                  to do it on a per address family basis.  */
+               && !memcmp (&ifr2->ifr_addr.sa_data, &ifr->ifr_addr.sa_data,
+                           (ifreq_size (*ifr)
+                            - offsetof (struct ifreq, ifr_addr.sa_data))))
+               goto skip;
+       }
+
        if ((*pass1fn) (data, &ifr->ifr_addr)) {
-           abort ();
+           fail = 1;
+           goto punt;
        }
     }
 
     if (betweenfn && (*betweenfn)(data)) {
-       abort ();
+       fail = 1;
+       goto punt;
     }
 
     if (pass2fn)
@@ -343,13 +450,15 @@ foreach_localaddr (data, pass1fn, betweenfn, pass2fn)
                continue;
 
            if ((*pass2fn) (data, &ifr->ifr_addr)) {
-               abort ();
+               fail = 1;
+               goto punt;
            }
        }
+ punt:
     closesocket(s);
     free (buf);
 
-    return 0;
+    return fail;
 }
 
 
@@ -376,10 +485,9 @@ krb5_os_localaddr(context, addr)
            return r;
     }
 
+    data.cur_idx++; /* null termination */
     if (data.mem_err)
        return ENOMEM;
-    else if (data.cur_idx == 0)
-       abort ();
     else if (data.cur_idx == data.count)
        *addr = data.addr_temp;
     else {
@@ -473,6 +581,8 @@ krb5_os_localaddr (krb5_context context, krb5_address ***addr) {
            hostrec = local_addr_fallback_kludge();
            if (!hostrec)
                    return err;
+               else
+                       err = 0;  /* otherwise we will die at cleanup */
     }
 
     for (count = 0; hostrec->h_addr_list[count]; count++);
index fcdfa03f25aff966c0a1c011ee56e0f76490dea7..2cabf84c28100592dd80b61b7d1a50166820fd85 100644 (file)
 #define KPASSWD_PORTNAME "kpasswd"
 #endif
 
-int
-_krb5_use_dns(context)
-    krb5_context context;
+#if KRB5_DNS_LOOKUP_KDC
+#define DEFAULT_LOOKUP_KDC 1
+#else
+#define DEFAULT_LOOKUP_KDC 0
+#endif
+#if KRB5_DNS_LOOKUP_REALM
+#define DEFAULT_LOOKUP_REALM 1
+#else
+#define DEFAULT_LOOKUP_REALM 0
+#endif
+
+static int
+maybe_use_dns (context, name, defalt)
+     krb5_context context;
+     const char *name;
+     int defalt;
 {
     krb5_error_code code;
     char * value = NULL;
     int use_dns = 0;
 
     code = profile_get_string(context->profile, "libdefaults",
-                              "dns_fallback", 0, 
-                              context->profile_in_memory?"1":"0",
-                              &value);
+                              name, 0, 0, &value);
+    if (value == 0 && code == 0)
+       code = profile_get_string(context->profile, "libdefaults",
+                                 "dns_fallback", 0, 0, &value);
     if (code)
-        return(code);
+        return defalt;
 
-    if (value) {
-        use_dns = _krb5_conf_boolean(value);
-        profile_release_string(value);
-    }
+    if (value == 0)
+       return defalt;
 
+    use_dns = _krb5_conf_boolean(value);
+    profile_release_string(value);
     return use_dns;
 }
 
+int
+_krb5_use_dns_kdc(context)
+    krb5_context context;
+{
+    return maybe_use_dns (context, "dns_lookup_kdc", DEFAULT_LOOKUP_KDC);
+}
+
+int
+_krb5_use_dns_realm(context)
+    krb5_context context;
+{
+    return maybe_use_dns (context, "dns_lookup_realm", DEFAULT_LOOKUP_REALM);
+}
+
 #endif /* KRB5_DNS_LOOKUP */
 
 /*
@@ -85,14 +113,13 @@ _krb5_use_dns(context)
  */
 
 krb5_error_code
-krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, master_index, nmasters)
+krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, get_masters)
     krb5_context context;
     const krb5_data *realm;
     const char * name;
     struct sockaddr **addr_pp;
     int *naddrs;
-    int *master_index;
-    int *nmasters;
+    int get_masters;
 {
     const char *realm_srv_names[4];
     char **masterlist, **hostlist, *host, *port, *cp;
@@ -162,10 +189,7 @@ krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, master_index, nmaste
        return 0;
     }
     
-    if (master_index) {
-        *master_index = 0;
-       *nmasters = 0;
-
+    if (get_masters) {
        realm_srv_names[0] = "realms";
        realm_srv_names[1] = host;
        realm_srv_names[2] = "admin_server";
@@ -209,8 +233,10 @@ krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, master_index, nmaste
 
     addr_p = (struct sockaddr *)malloc (sizeof (struct sockaddr) * count);
     if (addr_p == NULL) {
-        profile_free_list(hostlist);
-        profile_free_list(masterlist);
+        if (hostlist)
+            profile_free_list(hostlist);
+        if (masterlist)
+            profile_free_list(masterlist);
        return ENOMEM;
     }
 
@@ -239,12 +265,12 @@ krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, master_index, nmaste
        if (masterlist) {
            for (j=0; masterlist[j]; j++) {
                if (strcasecmp(hostlist[i], masterlist[j]) == 0) {
-                   *master_index = out;
                    ismaster = 1;
                }
            }
        }
 
+        if ( !get_masters || ismaster ) {
        switch (hp->h_addrtype) {
 
 #ifdef HAVE_NETINET_IN_H
@@ -263,8 +289,10 @@ krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, master_index, nmaste
                        realloc ((char *)addr_p,
                                 sizeof(struct sockaddr) * count);
                    if (addr_p == NULL) {
-                        profile_free_list(hostlist);
-                        profile_free_list(masterlist);
+                        if (hostlist)
+                            profile_free_list(hostlist);
+                        if (masterlist)
+                            profile_free_list(masterlist);
                        return ENOMEM;
                     }
                }
@@ -279,12 +307,13 @@ krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, master_index, nmaste
        default:
            break;
        }
-       if (ismaster)
-           *nmasters = out - *master_index;
+        }
     }
 
-    profile_free_list(hostlist);
-    profile_free_list(masterlist);
+    if (hostlist)
+        profile_free_list(hostlist);
+    if (masterlist)
+        profile_free_list(masterlist);
 
     if (out == 0) {     /* Couldn't resolve any KDC names */
         free (addr_p);
@@ -564,78 +593,29 @@ krb5_locate_srv_dns(realm, service, protocol, addr_pp, naddrs)
  */
 
 krb5_error_code
-krb5_locate_kdc(context, realm, addr_pp, naddrs, master_index, nmasters)
+krb5_locate_kdc(context, realm, addr_pp, naddrs, get_masters)
     krb5_context context;
     const krb5_data *realm;
     struct sockaddr **addr_pp;
     int *naddrs;
-    int *master_index;
-    int *nmasters;
+    int get_masters;
 {
     krb5_error_code code;
-#ifdef KRB5_DNS_LOOKUP
-    struct sockaddr *admin_addr_p, *kdc_addr_p;
-    int nadmin_addrs, nkdc_addrs;
-    int i,j;
-#endif /* KRB5_DNS_LOOKUP */
 
     /*
      * We always try the local file first
      */
 
     code = krb5_locate_srv_conf(context, realm, "kdc", addr_pp, naddrs,
-                                 master_index, nmasters);
+                                 get_masters);
 
 #ifdef KRB5_DNS_LOOKUP
     if (code) {
-        int use_dns = _krb5_use_dns(context);
+        int use_dns = _krb5_use_dns_kdc(context);
         if ( use_dns ) {
-            code = krb5_locate_srv_dns(realm, "_kerberos", "_udp",
-                                        addr_pp, naddrs);
-            if ( master_index && nmasters ) {
-
-                code = krb5_locate_srv_dns(realm, "_kerberos-adm", "_tcp",
-                                            &admin_addr_p, &nadmin_addrs);
-                if ( code ) {
-                    free(*addr_pp);
-                    *addr_pp = NULL;
-                    *naddrs = 0;
-                    return(code);
-                } 
-
-                kdc_addr_p = *addr_pp;
-                nkdc_addrs = *naddrs;
-
-                *naddrs = 0;
-                *addr_pp = (struct sockaddr *) malloc(sizeof(*kdc_addr_p));
-                if ( *addr_pp == NULL ) {
-                    free(kdc_addr_p);
-                    free(admin_addr_p);
-                    return ENOMEM;
-                }
-
-                for ( i=0; i<nkdc_addrs; i++ ) {
-                    for ( j=0 ; j<nadmin_addrs; j++) {
-                        if ( !memcmp(&kdc_addr_p[i].sa_data[2],&admin_addr_p[j].sa_data[2],4) ) {
-                            memcpy(&(*addr_pp)[(*naddrs)],&kdc_addr_p[i],
-                                    sizeof(struct sockaddr));
-                            (*naddrs)++;
-                            break;
-                        }
-                    }
-                }
-
-                free(kdc_addr_p);
-                free(admin_addr_p);
-
-                if ( *naddrs == 0 ) {
-                    free(*addr_pp);
-                    *addr_pp = NULL;
-                    return KRB5_REALM_CANT_RESOLVE;
-                }
-                *master_index = 1;
-                *nmasters = *naddrs;
-            }
+            code = krb5_locate_srv_dns(realm, 
+                                        get_masters ? "_kerberos-master" : "_kerberos",
+                                        "_udp", addr_pp, naddrs);
         }
     }
 #endif /* KRB5_DNS_LOOKUP */
index fed7a81db0d3aac5cbb3983df615afb92df4a596..a6b67f15e83257df7dfc54febf48f2fdf074340b 100644 (file)
@@ -36,8 +36,7 @@ krb5_error_code krb5_locate_kdc
               const krb5_data *,
               struct sockaddr **,
               int *,
-              int *,
-              int *));
+              int));
 #endif
 
 #ifdef HAVE_NETINET_IN_H
index 933ff2ceaf577efcc6b38afc953da6c40a549434..dd0a2d089874e72092d331fb9acfe0be2812ae95 100644 (file)
@@ -1,5 +1,5 @@
 #include "k5-int.h"
-#if !defined(_MSDOS) && (!defined(_WIN32) || (defined(_WIN32) && defined(__CYGWIN32__))) && !defined(macintosh)
+#if !defined(_MSDOS) && (!defined(_WIN32) || (defined(_WIN32) && defined(__CYGWIN32__))) && !defined(macintosh) && !defined(__MACH__)
 #include <stdio.h>
 #include <errno.h>
 #include <signal.h>
@@ -117,6 +117,18 @@ krb5_prompter_posix(krb5_context context,
 
 cleanup:
     (void) signal(SIGINT, ointrfunc);
+#ifndef ECHO_PASSWORD
+    if (i < num_prompts) {
+       if (prompts[i].hidden) {
+           (void)putchar('\n');
+           if (isatty(fd) == 1) {
+               if ((tcsetattr(fd, TCSANOW, &save_control) == -1
+                    && errcode == 0))
+                   return errno;
+           }
+       }
+    }
+#endif
     return(errcode);
 }
 #else /* MSDOS */
@@ -235,7 +247,7 @@ krb5int_set_prompt_types(context, types)
     krb5_context context;
     krb5_prompt_type *types;
 {
-    context->prompt_types = 0;
+    context->prompt_types = types;
 }
 
 KRB5_DLLIMP
index 3ac3d4f08f1d9cd4621dd8210395cdde56aa4d7c..9d01b17024190d674c3d8d78e0013dfdaee60706 100644 (file)
@@ -3,7 +3,7 @@
  */
 
 #include "k5-int.h"
-#if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh)
+#if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh) && !defined(__MACH__)
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -162,4 +162,4 @@ main(int argc, char **argv)
 
 #endif
        
-#endif /* !_MSODS || _!MACINTOSH */
+#endif /* !_MSDOS || _!MACINTOSH */
index 4adee3dc4f45569ca368700fbcd47af6c364776d..0a4ffa9a40fd8d65100634094636c1840d9a2908 100644 (file)
@@ -29,7 +29,7 @@
 
 #include "k5-int.h"
 
-#if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh)
+#if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh) && !defined(__MACH__)
 #define DEFINED_KRB5_READ_PASSWORD
 #include <stdio.h>
 #include <errno.h>
index 01b797e701baff7cee91a8144604f140c4dee45c..47f2408b3157602bac60acccb9e9c9aec1988fac 100644 (file)
@@ -60,16 +60,16 @@ extern int krb5_skdc_timeout_shift;
 extern int krb5_skdc_timeout_1;
 
 krb5_error_code
-krb5_sendto_kdc (context, message, realm, reply, master)
+krb5_sendto_kdc (context, message, realm, reply, use_master)
     krb5_context context;
     const krb5_data * message;
     const krb5_data * realm;
     krb5_data * reply;
-    int *master;
+    int use_master;
 {
     register int timeout, host, i;
     struct sockaddr *addr;
-    int naddr, master_index, nmasters;
+    int naddr;
     int sent, nready;
     krb5_error_code retval;
     SOCKET *socklist;
@@ -81,14 +81,10 @@ krb5_sendto_kdc (context, message, realm, reply, master)
      * find KDC location(s) for realm
      */
 
-    if (retval = krb5_locate_kdc (context, realm, &addr, &naddr,
-                                 master?&master_index:NULL,
-                                 master?&nmasters:NULL))
+    if (retval = krb5_locate_kdc (context, realm, &addr, &naddr, use_master))
        return retval;
     if (naddr == 0)
-       return KRB5_REALM_UNKNOWN;
-    if (master && (*master == 1) && (nmasters == 0))
-       return KRB5_KDC_UNREACH;
+       return (use_master ? KRB5_KDC_UNREACH : KRB5_REALM_UNKNOWN);
 
     socklist = (SOCKET *)malloc(naddr * sizeof(SOCKET));
     if (socklist == NULL) {
@@ -128,12 +124,6 @@ krb5_sendto_kdc (context, message, realm, reply, master)
         timeout <<= krb5_skdc_timeout_shift) {
        sent = 0;
        for (host = 0; host < naddr; host++) {
-           /* if a master kdc is required, skip the non-master kdc's */
-
-           if (master && (*master == 1) &&
-               ((host < master_index) || (host >= (master_index+nmasters))))
-               continue;
-
            /* send to the host, wait timeout seconds for a response,
               then move on. */
            /* cache some sockets for each host */
@@ -211,12 +201,6 @@ krb5_sendto_kdc (context, message, realm, reply, master)
                reply->length = cc;
                retval = 0;
 
-               /* if the caller asked to be informed if it
-                  got a master kdc, tell it */
-               if (master)
-                   *master = ((host >= master_index) &&
-                              (host < (master_index+nmasters)));
-
                goto out;
            } else if (nready == 0) {
                /* timeout */
index 0846b1c223ee1b3ba29e9dd208161101d520c6d1..a95c67ad5475a280960080cf7b11e5d824a2b57b 100644 (file)
@@ -110,14 +110,14 @@ void test_locate_kdc(ctx, realm)
        struct sockaddr *addrs;
        struct sockaddr_in *sin;
        int     i, naddrs;
-       int     master_index, nmasters;
+       int     get_masters=0;
        krb5_data rlm;
        krb5_error_code retval;
 
        rlm.data = realm;
        rlm.length = strlen(realm);
        retval = krb5_locate_kdc(ctx, &rlm, &addrs, &naddrs,
-                                &master_index, &nmasters);
+                                get_masters);
        if (retval) {
                com_err("krb5_get_krbhst", retval, 0);
                return;
index 11dffd732fe51ef16863cbb233520326f3c1bc29..eb638598503fe7aef80f7a582fc0c8f424670a96 100644 (file)
@@ -48,7 +48,7 @@ krb5_timeofday(context, timeret)
            *timeret = os_ctx->time_offset;
            return 0;
     }
-#ifdef macintosh
+#if defined(macintosh) || defined(__MACH__)
 {
        long usecs;
        krb5_error_code kret;
index e90e47b489aa06c7e1651c3e06c716f8ea0c28a8..6f9a5ef7addde58888262c548b44cec096574436 100644 (file)
@@ -1,3 +1,10 @@
+2000-04-28  Ken Raeburn  <raeburn@mit.edu>
+           Nalin Dahyabhai  <nalin@redhat.com>
+
+       * syslog.c (vsyslog): Use strncpy and strncat instead of strcpy
+       and strcat when adding to buffer "tbuf".  If calling vsprintf,
+       abort if it appears to have overrun the buffer.
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 31e787493e2034004588eace49686fbc2009b269..f7ddbff16c6ba2d37920f9040321b5a5ab209fa6 100644 (file)
@@ -115,7 +115,7 @@ vsyslog(pri, fmt, ap)
        (void)sprintf(tbuf, "<%d>%.15s ", pri, ctime(&now) + 4);
        for (p = tbuf; *p; ++p);
        if (LogTag) {
-               (void)strcpy(p, LogTag);
+               (void)strncpy(p, LogTag, sizeof(tbuf) - 1 - (p - tbuf));
                for (; *p; ++p);
        }
        if (LogStat & LOG_PID) {
@@ -146,6 +146,11 @@ vsyslog(pri, fmt, ap)
        }
 
        (void)vsprintf(p, fmt_cpy, ap);
+       /* Bounds checking??  If a system doesn't have syslog, we
+          probably can't rely on it having vsnprintf either.  Try not
+          to let a buffer overrun be exploited.  */
+       if (strlen (tbuf) >= sizeof (tbuf))
+         abort ();
 
        /* output the message to the local logger */
        if (send(LogFile, tbuf, cnt = strlen(tbuf), 0) >= 0 ||
@@ -169,7 +174,8 @@ vsyslog(pri, fmt, ap)
                if ((fd = open(CONSOLE, O_WRONLY, 0)) < 0)
                        return;
                (void)alarm((u_int)0);
-               (void)strcat(tbuf, "\r");
+               tbuf[sizeof(tbuf) - 1] = '\0';
+               (void)strncat(tbuf, "\r", sizeof(tbuf) - 1 - strlen(tbuf));
                p = strchr(tbuf, '>') + 1;
                (void)write(fd, p, cnt + 1 - (p - tbuf));
                (void)close(fd);
index a3b8b4fb963b3f0664c66030a3f036ab81a0f5e1..56ea0e92c648ab8b9923cf2dc921e65e00decc49 100644 (file)
@@ -1,3 +1,21 @@
+2001-01-23  Tom Yu  <tlyu@mit.edu>
+
+       * rc_io.c (getdir, krb5_rc_io_creat): Undo prior fudge; dirlen
+       will now not include trailing NUL character.
+
+2001-01-17  Tom Yu  <tlyu@mit.edu>
+
+       * rc_io.c (krb5_rc_io_creat): Fudge for dirlen including trailing
+       NUL character.
+       (krb5_rc_io_move): When renaming OLD to NEW, don't copy the
+       filename.  This was causing temporary files to get leaked.
+       (krb5_rc_io_close): Don't FREE if d->fn is NULL.
+
+2000-04-28  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * rc_io.c (getdir): Don't check dirlen again, the call sites
+       always do.  Fix dirlen calculation.
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index d45c7a1fb53407d020c9c5224cef7d8056840e36..1cd27651319a8dd8ab9edfbfa8b22e8252ab4169 100644 (file)
@@ -57,13 +57,11 @@ static char *dir;
 
 static void getdir()
 {
- if (!dirlen)
-  {
    if (!(dir = getenv("KRB5RCACHEDIR")))
 #if defined(_MSDOS) || defined(_WIN32)
      if (!(dir = getenv("TEMP")))
         if (!(dir = getenv("TMP")))
-            dir = "C:\\";
+            dir = "C:";
 #else
      if (!(dir = getenv("TMPDIR")))
 #ifdef RCTMPDIR
@@ -72,8 +70,7 @@ static void getdir()
        dir = "/tmp";
 #endif
 #endif
-   dirlen = strlen(dir) + 1;
-  }
+   dirlen = strlen(dir) + sizeof(PATH_SEPARATOR) - 1;
 }
 
 krb5_error_code krb5_rc_io_creat (context, d, fn)
@@ -245,33 +242,32 @@ krb5_error_code krb5_rc_io_move (context, new, old)
     krb5_rc_iostuff *new;
     krb5_rc_iostuff *old;
 {
+    char *fn = NULL;
+
 #if defined(_MSDOS) || defined(_WIN32)
     /*
      * Work around provided by Tom Sanfilippo to work around poor
      * Windows emulation of POSIX functions.  Rename and dup has
      * different semantics!
      */
-    char *fn = NULL;
     GETDIR;
     close(new->fd);
     unlink(new->fn);
     close(old->fd);
     if (rename(old->fn,new->fn) == -1) /* MUST be atomic! */
        return KRB5_RC_IO_UNKNOWN;
-    if (!(fn = malloc(strlen(new->fn) - dirlen + 1)))
-       return KRB5_RC_IO_MALLOC;
-    strcpy(fn, new->fn + dirlen);
+    fn = new->fn;
+    new->fn = NULL;            /* avoid clobbering */
     krb5_rc_io_close(context, new);
     krb5_rc_io_open(context, new, fn);
     free(fn);
 #else
     if (rename(old->fn,new->fn) == -1) /* MUST be atomic! */
        return KRB5_RC_IO_UNKNOWN;
+    fn = new->fn;
+    new->fn = NULL;            /* avoid clobbering */
     (void) krb5_rc_io_close(context, new);
-    new->fn = malloc(strlen(old->fn)+1);
-    if (new->fn == 0)
-       return ENOMEM;
-    strcpy(new->fn, old->fn);
+    new->fn = fn;
 #ifdef macintosh
     new->fd = fcntl(old->fd, F_DUPFD);
 #else
@@ -342,7 +338,8 @@ krb5_error_code krb5_rc_io_close (context, d)
     krb5_context context;
     krb5_rc_iostuff *d;
 {
- FREE(d->fn);
+ if (d->fn != NULL)
+   FREE(d->fn);
  d->fn = NULL;
  if (close(d->fd) == -1) /* can't happen */
    return KRB5_RC_IO_UNKNOWN;
index 4c5f271b25203d397f4dff038c063f1600b484b9..5506c422ef904147ff654e897ca94b39a1540a2d 100644 (file)
 ; !CALLCONV - entrypoint that should have used KRB5_CALLCONV, but did not due
 ;             developer error
 
-;LIBRARY               KRB5
-DESCRIPTION    'DLL for Kerberos 5'
-HEAPSIZE       8192
-
 EXPORTS
 ; Kerberos 5
        krb5_build_principal
@@ -42,7 +38,7 @@ EXPORTS
        krb5_free_authenticator
        krb5_free_authenticator_contents
        krb5_free_checksum
-        krb5_free_config_files
+       krb5_free_config_files
        krb5_free_context
        krb5_free_cred
        krb5_free_cred_contents
@@ -76,7 +72,7 @@ EXPORTS
        krb5_get_credentials
        krb5_get_credentials_renew
        krb5_get_credentials_validate
-        krb5_get_default_config_files
+       krb5_get_default_config_files
        krb5_get_default_realm
        krb5_get_host_realm
        krb5_get_realm_domain
@@ -208,46 +204,49 @@ EXPORTS
 
        krb5_change_password
 ;
-        krb5_write_message
-        krb5_read_message
-        krb5_net_write
-        krb5_net_read
-        krb5_encrypt
-        krb5_decrypt
-        krb5_encrypt_size
+       krb5_write_message
+       krb5_read_message
+       krb5_net_write
+       krb5_net_read
+       krb5_encrypt
+       krb5_decrypt
+       krb5_encrypt_size
 ;
 ; Added for Kermit 95
-        krb5_address_search    ; !CALLCONV
-        krb5_auth_con_getrcache        ; !CALLCONV
-        krb5_c_enctype_compare
+       krb5_address_search     ; !CALLCONV
+       krb5_auth_con_getrcache ; !CALLCONV
+       krb5_c_enctype_compare
 ;
        krb5_kuserok
 ;
 ; Added for 1.2:
        krb5_decode_ticket
+        krb5_appdefault_string
+        krb5_appdefault_boolean
 ;
 ; Temporary exports (DO NOT USE)
-;      decode_krb5_ticket      -- no longer in library
        des_ecb_encrypt
        des_new_random_key
        des_key_sched
        des_pcbc_encrypt
        des_quad_cksum
        des_string_to_key
-;      des_set_random_generator_seed     -- no longer in library
        des_init_random_number_generator
        krb5_random_confounder
-       krb5_size_opaque
-       krb5_internalize_opaque
-       krb5_externalize_opaque
-       krb5_ser_pack_int32
-       krb5_ser_unpack_int32
-       krb5_ser_pack_bytes
-       krb5_ser_unpack_bytes
-       krb5_ser_auth_context_init
-       krb5_ser_context_init
-       krb5_ser_ccache_init
-       krb5_ser_keytab_init
-       krb5_ser_rcache_init
+       krb5_size_opaque        ; gssapi
+       krb5_internalize_opaque ; gssapi
+       krb5_externalize_opaque ; gssapi
+       krb5_ser_pack_int32     ; gssapi
+       krb5_ser_unpack_int32   ; gssapi
+       krb5_ser_pack_bytes     ; gssapi
+       krb5_ser_unpack_bytes   ; gssapi
+       krb5_ser_auth_context_init      ; gssapi
+       krb5_ser_context_init   ; gssapi
+       krb5_ser_ccache_init    ; gssapi
+       krb5_ser_keytab_init    ; gssapi
+       krb5_ser_rcache_init    ; gssapi
        decode_krb5_ap_req      ; gssapi
-       krb5_mcc_ops
+       krb5_mcc_ops            ; gssapi
+       krb5_get_tgs_ktypes     ; gssapi
+       krb5_free_ktypes        ; gssapi
+       krb5int_cc_default      ; gssapi
index ec629cb91446c34fc5755e490140dbda77e20a4d..8f671a08e3af557d004a3077483669b7811af87d 100644 (file)
@@ -1,3 +1,8 @@
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * compat_recv.c (krb5_compat_recvauth_version): Variant of
+       krb5_compat_recvauth, similar to krb5_recvauth_version.
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index ec6b151149a6999be9203f2d6d0406c6d72e7b11..ee7df24340906b197302eb8154c862ba954ba21f 100644 (file)
@@ -193,6 +193,151 @@ krb5_compat_recvauth(context, auth_context,
        return retval;
 }
 
+krb5_error_code
+krb5_compat_recvauth_version(context, auth_context,
+                            /* IN */
+                            fdp, server, flags, keytab,
+                            v4_options, v4_service, v4_instance, v4_faddr,
+                            v4_laddr,
+                            v4_filename, 
+                            /* OUT */
+                            ticket,
+                            auth_sys, v4_kdata, v4_schedule,
+                            version)
+    krb5_context context;
+    krb5_auth_context  *auth_context;
+       krb5_pointer    fdp;
+       krb5_principal  server;
+       krb5_int32      flags;
+       krb5_keytab     keytab;
+       krb5_ticket  ** ticket;
+        krb5_int32      *auth_sys;
+
+       /*
+        * Version 4 arguments
+        */
+       krb5_int32 v4_options;   /* bit-pattern of options */
+       char *v4_service;        /* service expected */
+       char *v4_instance;       /* inst expected (may be filled in) */
+       struct sockaddr_in *v4_faddr; /* foreign address */
+       struct sockaddr_in *v4_laddr; /* local address */
+       AUTH_DAT **v4_kdata;     /* kerberos data (returned) */
+       char *v4_filename;       /* name of file with service keys */
+       Key_schedule v4_schedule; /* key schedule (return) */
+    krb5_data *version;                /* application version filled in */
+{
+       union verslen {
+               krb5_int32      len;
+               char            vers[4];
+       } vers;
+       char    *buf;
+       int     len, length;
+       krb5_int32      retval;
+       int             fd = *( (int *) fdp);
+#ifdef KRB5_KRB4_COMPAT
+       KTEXT           v4_ticket;       /* storage for client's ticket */
+#endif
+               
+       if ((retval = krb5_net_read(context, fd, vers.vers, 4)) != 4)
+               return((retval < 0) ? errno : ECONNABORTED);
+
+#ifdef KRB5_KRB4_COMPAT
+       if (!strncmp(vers.vers, KRB_V4_SENDAUTH_VERS, 4)) {
+               /*
+                * We must be talking to a V4 sendauth; read in the
+                * rest of the version string and make sure.
+                */
+               if ((retval = krb5_net_read(context, fd, vers.vers, 4)) != 4)
+                       return((retval < 0) ? errno : ECONNABORTED);
+               
+               if (strncmp(vers.vers, KRB_V4_SENDAUTH_VERS+4, 4))
+                       return KRB5_SENDAUTH_BADAUTHVERS;
+
+               *auth_sys = KRB5_RECVAUTH_V4;
+
+               *v4_kdata = (AUTH_DAT *) malloc( sizeof(AUTH_DAT) );
+               v4_ticket = (KTEXT) malloc(sizeof(KTEXT_ST));
+
+               version->length = KRB_SENDAUTH_VLEN; /* no trailing \0! */
+               version->data = malloc (KRB_SENDAUTH_VLEN + 1);
+               version->data[KRB_SENDAUTH_VLEN] = 0;
+               if (version->data == 0)
+                   return errno;
+               retval = krb_v4_recvauth(v4_options, fd, v4_ticket,
+                                        v4_service, v4_instance, v4_faddr,
+                                        v4_laddr, *v4_kdata, v4_filename,
+                                        v4_schedule, version->data);
+               krb5_xfree(v4_ticket);
+               /*
+                * XXX error code translation?
+                */
+               switch (retval) {
+               case RD_AP_OK:
+                   return 0;
+               case RD_AP_TIME:
+                   return KRB5KRB_AP_ERR_SKEW;
+               case RD_AP_EXP:
+                   return KRB5KRB_AP_ERR_TKT_EXPIRED;
+               case RD_AP_NYV:
+                   return KRB5KRB_AP_ERR_TKT_NYV;
+               case RD_AP_NOT_US:
+                   return KRB5KRB_AP_ERR_NOT_US;
+               case RD_AP_UNDEC:
+                   return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+               case RD_AP_REPEAT:
+                   return KRB5KRB_AP_ERR_REPEAT;
+               case RD_AP_MSG_TYPE:
+                   return KRB5KRB_AP_ERR_MSG_TYPE;
+               case RD_AP_MODIFIED:
+                   return KRB5KRB_AP_ERR_MODIFIED;
+               case RD_AP_ORDER:
+                   return KRB5KRB_AP_ERR_BADORDER;
+               case RD_AP_BADD:
+                   return KRB5KRB_AP_ERR_BADADDR;
+               default:
+                   return KRB5_SENDAUTH_BADRESPONSE;
+               }
+       }
+#endif
+
+       /*
+        * Assume that we're talking to a V5 recvauth; read in the
+        * the version string, and make sure it matches.
+        */
+       
+       len = (int) ntohl(vers.len);
+
+       if (len < 0 || len > 255)
+               return KRB5_SENDAUTH_BADAUTHVERS;
+
+       buf = malloc(len);
+       if (!buf)
+               return ENOMEM;
+       
+       length = krb5_net_read(context, fd, buf, len);
+       if (len != length) {
+               krb5_xfree(buf);
+               if (len < 0)
+                       return errno;
+               else
+                       return ECONNABORTED;
+       }
+
+       if (strcmp(buf, KRB_V5_SENDAUTH_VERS)) {
+               krb5_xfree(buf);
+               return KRB5_SENDAUTH_BADAUTHVERS;
+       }
+       krb5_xfree(buf);
+
+       *auth_sys = KRB5_RECVAUTH_V5;
+       
+       retval = krb5_recvauth_version(context, auth_context, fdp, server,
+                                      flags | KRB5_RECVAUTH_SKIP_VERSION, 
+                                      keytab, ticket, version);
+
+       return retval;
+}
+
 
 #ifndef max
 #define        max(a,b) (((a) > (b)) ? (a) : (b))
index 846726733c20f407c05c037e5f5e986bea9ab338..8a077c8c9a6e48182025230e1abd5087abba623c 100644 (file)
@@ -1,3 +1,41 @@
+2000-06-21  Tom Yu  <tlyu@mit.edu>
+
+       * svc_auth_gssapi.c (_svcauth_gssapi): Missed a rename.  From
+       Nathan Neulinger.
+
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * pmap_rmt.c (GIFCONF_BUFSIZE): New macro.
+       (getbroadcastnets): Use it for buffer size.
+       (clnt_broadcast): Make buffer at least that big.
+
+       * get_myaddress.c (get_myaddress): Increase buffer size.
+
+2000-05-18  Ken Raeburn  <raeburn@mit.edu>
+
+       * auth_gssapi_misc.c (auth_gssapi_display_status_1): Don't pass a
+       gss_buffer_desc to fprintf.
+
+       * clnt_tcp.c (clnttcp_create): Initialize "ct".
+       * clnt_udp.c (clntudp_bufcreate): Initialize "cu".
+
+       * svc_auth_gssapi.c (_svcauth_gssapi, create_client,
+       destroy_client, dump_db, clean_client): Use %p format for
+       displaying pointers.  Remove unused variables.
+
+2000-05-17  Ken Raeburn  <raeburn@mit.edu>
+            Nalin Dahyabhai  <nalin@redhat.com>
+
+       * clnt_perror.c (clnt_sperror): Don't overflow buffer "str" beyond
+       known allocation size.
+       * clnt_simple.c (gssrpc_callrpc): Don't overfill buffer "crp->oldhost".
+
+2000-05-03  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * clnt_perror.c (_buf): Use bigger buffer.
+       (clnt_spcreateerror): Don't overflow buffer "buf" beyond known
+       allocation size.
+
 2000-02-22  Donn Cave  <donn@u.washington.edu>
 
        * Makefile.in (includes): Extract basename of header file to be
index fd9393c3278a9c63c889c5e818a56965b2a31fab..e7c38a8208a1a520290e742580f1a861a91871c0 100644 (file)
@@ -162,15 +162,17 @@ static void auth_gssapi_display_status_1(m, code, type, rec)
                    auth_gssapi_display_status_1(m,gssstat,GSS_C_GSS_CODE,1); 
                    auth_gssapi_display_status_1(m, minor_stat,
                                                 GSS_C_MECH_CODE, 1);
-              } else
-                   fprintf(stderr,
-                           "GSS-API authentication error %s: recursive failure!\n",
-                           msg);
+              } else {
+                  fputs ("GSS-API authentication error ", stderr);
+                  fwrite (msg.value, msg.length, 1, stderr);
+                  fputs (": recursive failure!\n", stderr);
+              }
               return;
          }
-         
-         fprintf(stderr, "GSS-API authentication error %s: %s\n", m,
-                 (char *)msg.value); 
+
+         fprintf (stderr, "GSS-API authentication error %s: ", m);
+         fwrite (msg.value, msg.length, 1, stderr);
+         putc ('\n', stderr);
          (void) gss_release_buffer(&minor_stat, &msg);
          
          if (!msg_ctx)
index 560cb27b79ab602061c15ce49aecfc3f529d11f3..06dd22e962cbd48be0dc4e62e9a60fbca3eb6e6a 100644 (file)
@@ -57,9 +57,8 @@ static char *buf;
 static char *
 _buf()
 {
-
-       if (buf == 0)
-               buf = (char *)malloc(256);
+       if (buf == NULL)
+               buf = (char *)malloc(BUFSIZ);
        return (buf);
 }
 
@@ -74,17 +73,20 @@ clnt_sperror(rpch, s)
        struct rpc_err e;
        void clnt_perrno();
        char *err;
-       char *str = _buf();
+       char *bufstart = _buf();
+       char *str = bufstart;
        char *strstart = str;
 
        if (str == 0)
                return (0);
        CLNT_GETERR(rpch, &e);
 
-       (void) sprintf(str, "%s: ", s);  
+       strncpy (str, s, BUFSIZ - 1);
+       str[BUFSIZ - 1] = 0;
+       strncat (str, ": ", BUFSIZ - 1 - strlen (bufstart));
        str += strlen(str);
-
-       (void) strcpy(str, clnt_sperrno(e.re_status));  
+       strncat (str, clnt_sperrno(e.re_status), BUFSIZ - 1 - strlen (bufstart));
+       str[BUFSIZ - 1] = '\0';
        str += strlen(str);
 
        switch (e.re_status) {
@@ -105,47 +107,64 @@ clnt_sperror(rpch, s)
 
        case RPC_CANTSEND:
        case RPC_CANTRECV:
-               (void) sprintf(str, "; errno = %s",
-                   sys_errlist[e.re_errno]); 
+               /* 10 for the string */
+               if(str - bufstart + 10 + strlen(sys_errlist[e.re_errno]) < BUFSIZ)
+                   (void) sprintf(str, "; errno = %s",
+                                  sys_errlist[e.re_errno]); 
                str += strlen(str);
                break;
 
        case RPC_VERSMISMATCH:
-               (void) sprintf(str,
-                       "; low version = %lu, high version = %lu", 
-                       e.re_vers.low, e.re_vers.high);
+               /* 33 for the string, 22 for the numbers */
+               if(str - bufstart + 33 + 22 < BUFSIZ)
+                   (void) sprintf(str,
+                                  "; low version = %lu, high version = %lu", 
+                                  (unsigned long) e.re_vers.low,
+                                  (unsigned long) e.re_vers.high);
                str += strlen(str);
                break;
 
        case RPC_AUTHERROR:
                err = auth_errmsg(e.re_why);
-               (void) sprintf(str,"; why = ");
+               /* 8 for the string */
+               if(str - bufstart + 8 < BUFSIZ)
+                   (void) sprintf(str,"; why = ");
                str += strlen(str);
                if (err != NULL) {
-                       (void) sprintf(str, "%s",err);
+                       if(str - bufstart + strlen(err) < BUFSIZ)
+                           (void) sprintf(str, "%s",err);
                } else {
+                   /* 33 for the string, 11 for the number */
+                   if(str - bufstart + 33 + 11 < BUFSIZ)
                        (void) sprintf(str,
-                               "(unknown authentication error - %d)",
-                               (int) e.re_why);
+                                      "(unknown authentication error - %d)",
+                                      (int) e.re_why);
                }
                str += strlen(str);
                break;
 
        case RPC_PROGVERSMISMATCH:
-               (void) sprintf(str, 
-                       "; low version = %lu, high version = %lu", 
-                       e.re_vers.low, e.re_vers.high);
+               /* 33 for the string, 22 for the numbers */
+               if(str - bufstart + 33 + 22 < BUFSIZ)
+                   (void) sprintf(str,
+                                  "; low version = %lu, high version = %lu",
+                                  (unsigned long) e.re_vers.low,
+                                  (unsigned long) e.re_vers.high);
                str += strlen(str);
                break;
 
        default:        /* unknown */
-               (void) sprintf(str, 
-                       "; s1 = %lu, s2 = %lu", 
-                       e.re_lb.s1, e.re_lb.s2);
+               /* 14 for the string, 22 for the numbers */
+               if(str - bufstart + 14 + 22 < BUFSIZ)
+                   (void) sprintf(str,
+                                  "; s1 = %lu, s2 = %lu",
+                                  (unsigned long) e.re_lb.s1,
+                                  (unsigned long) e.re_lb.s2);
                str += strlen(str);
                break;
        }
-       (void) sprintf(str, "\n");
+       if(str - bufstart + 1 < BUFSIZ)
+           (void) sprintf(str, "\n");
        return(strstart) ;
 }
 
@@ -238,26 +257,29 @@ clnt_spcreateerror(s)
        if (str == 0)
                return(0);
        (void) sprintf(str, "%s: ", s);
-       (void) strcat(str, clnt_sperrno(rpc_createerr.cf_stat));
+       str[BUFSIZ - 1] = '\0';
+       (void) strncat(str, clnt_sperrno(rpc_createerr.cf_stat), BUFSIZ - 1);
        switch (rpc_createerr.cf_stat) {
        case RPC_PMAPFAILURE:
-               (void) strcat(str, " - ");
-               (void) strcat(str,
-                   clnt_sperrno(rpc_createerr.cf_error.re_status));
+               (void) strncat(str, " - ", BUFSIZ - 1 - strlen(str));
+               (void) strncat(str,
+                   clnt_sperrno(rpc_createerr.cf_error.re_status),
+                   BUFSIZ - 1 - strlen(str));
                break;
 
        case RPC_SYSTEMERROR:
-               (void) strcat(str, " - ");
+               (void) strncat(str, " - ", BUFSIZ - 1 - strlen(str));
                if (rpc_createerr.cf_error.re_errno > 0
                    && rpc_createerr.cf_error.re_errno < sys_nerr)
-                       (void) strcat(str,
-                           sys_errlist[rpc_createerr.cf_error.re_errno]);
+                       (void) strncat(str,
+                           sys_errlist[rpc_createerr.cf_error.re_errno],
+                           BUFSIZ - 1 - strlen(str));
                else
                        (void) sprintf(&str[strlen(str)], "Error %d",
                            rpc_createerr.cf_error.re_errno);
                break;
        }
-       (void) strcat(str, "\n");
+       (void) strncat(str, "\n", BUFSIZ - 1 - strlen(str));
        return (str);
 }
 
index b3d2eb33042f080c7447938e35cbbefd1932a3f3..2f203d73fc9248e7d1dbb580a768f5ac55b724d0 100644 (file)
@@ -70,6 +70,8 @@ gssrpc_callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out)
        }
        if (crp->oldhost == NULL) {
                crp->oldhost = mem_alloc(256);
+               if (crp->oldhost == 0)
+                   return 0;
                crp->oldhost[0] = 0;
                crp->socket = RPC_ANYSOCK;
        }
@@ -98,7 +100,8 @@ gssrpc_callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out)
                crp->valid = 1;
                crp->oldprognum = prognum;
                crp->oldversnum = versnum;
-               (void) strcpy(crp->oldhost, host);
+               (void) strncpy(crp->oldhost, host, 255);
+               crp->oldhost[255] = '\0';
        }
        tottimeout.tv_sec = 25;
        tottimeout.tv_usec = 0;
index 4e10a489f75eb859f155ab6c93575391bd98af80..f87da78b1988af2ecb77402c9b17a192c8591ff4 100644 (file)
@@ -116,7 +116,7 @@ clnttcp_create(raddr, prog, vers, sockp, sendsz, recvsz)
        unsigned int recvsz;
 {
        CLIENT *h;
-       register struct ct_data *ct;
+       register struct ct_data *ct = 0;
        struct timeval now;
        struct rpc_msg call_msg;
 
index 60469429dd046c1fb8c4cafcab02368e9bf5eb02..df3945a4868cbc79033832d8c0d8dea01bf5bd8c 100644 (file)
@@ -117,7 +117,7 @@ clntudp_bufcreate(raddr, program, version, wait, sockp, sendsz, recvsz)
        unsigned int recvsz;
 {
        CLIENT *cl;
-       register struct cu_data *cu;
+       register struct cu_data *cu = 0;
        struct timeval now;
        struct rpc_msg call_msg;
 
index 4c9bf29ac0ccaaf23ad04b38aea8e4d6836828a8..13bafa00917e0d7d3c0f95b3ee1339d89a7cc06b 100644 (file)
@@ -81,7 +81,7 @@ get_myaddress(addr)
        struct sockaddr_in *addr;
 {
        int s;
-       char buf[BUFSIZ];
+       char buf[256 * sizeof (struct ifconf)];
        struct ifconf ifc;
        struct ifreq ifreq, *ifr;
        int len;
index 7cafe6e012ea92157a07dd1f4ccb2eec272e6b2f..dc9735d846deab93ee1c0711d682854073595928 100644 (file)
@@ -165,6 +165,8 @@ xdr_rmtcallres(xdrs, crp)
  * routines which only support udp/ip .
  */
 
+#define GIFCONF_BUFSIZE (256 * sizeof (struct ifconf))
+
 static int
 getbroadcastnets(addrs, sock, buf)
        struct in_addr *addrs;
@@ -176,8 +178,9 @@ getbroadcastnets(addrs, sock, buf)
        struct sockaddr_in *sin;
         int n, i;
 
-        ifc.ifc_len = UDPMSGSIZE;
+        ifc.ifc_len = GIFCONF_BUFSIZE;
         ifc.ifc_buf = buf;
+       memset (buf, 0, GIFCONF_BUFSIZE);
         if (ioctl(sock, SIOCGIFCONF, (char *)&ifc) < 0) {
                 perror("broadcast: ioctl (get interface configuration)");
                 return (0);
@@ -255,7 +258,11 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult)
        struct rmtcallres r;
        struct rpc_msg msg;
        struct timeval t; 
-       char outbuf[MAX_BROADCAST_SIZE], inbuf[UDPMSGSIZE];
+       char outbuf[MAX_BROADCAST_SIZE];
+#ifndef MAX
+#define MAX(A,B) ((A)<(B)?(B):(A))
+#endif
+       char inbuf[MAX (UDPMSGSIZE, GIFCONF_BUFSIZE)];
 
        /*
         * initialization: create a socket, a broadcast address, and
index 827596a3b6f0a8137ebf68e9579f0f3b10c91484..9d831ad0deca33e36a7837d88e75e3d2f44a0e6b 100644 (file)
@@ -134,7 +134,6 @@ enum auth_stat _svcauth_gssapi(rqst, msg, no_dispatch)
      svc_auth_gssapi_data *client_data;
      int ret_flags, ret, i;
      rpc_u_int32 seq_num;
-     int flag;
 
      PRINTF(("svcauth_gssapi: starting\n"));
      
@@ -307,8 +306,6 @@ enum auth_stat _svcauth_gssapi(rqst, msg, no_dispatch)
 #endif
 
          if (call_arg.version >= 3) {
-              int len;
-
               memset(&bindings, 0, sizeof(bindings));
               bindings.application_data.length = 0;
               bindings.initiator_addrtype = GSS_C_AF_INET;
@@ -551,7 +548,7 @@ enum auth_stat _svcauth_gssapi(rqst, msg, no_dispatch)
                                      &call_arg)) {
                         PRINTF(("svcauth_gssapi: cannot decode args\n"));
                         LOG_MISCERR("protocol error in call arguments");
-                        xdr_free(xdr_authgssapi_init_arg, &call_arg);
+                        gssrpc_xdr_free(xdr_authgssapi_init_arg, &call_arg);
                         ret = AUTH_BADCRED;
                         goto error;
                    }
@@ -657,7 +654,6 @@ static svc_auth_gssapi_data *create_client()
      client_list *c;
      svc_auth_gssapi_data *client_data;
      static int client_key = 1;
-     int ret;
      
      PRINTF(("svcauth_gssapi: empty creds, creating\n"));
 
@@ -665,7 +661,7 @@ static svc_auth_gssapi_data *create_client()
      if (client_data == NULL)
          return NULL;
      memset((char *) client_data, 0, sizeof(*client_data));
-     L_PRINTF(2, ("create_client: new client_data = %#x\n", client_data));
+     L_PRINTF(2, ("create_client: new client_data = %p\n", client_data));
      
      /* set up client data structure */
      client_data->established = 0;
@@ -783,10 +779,9 @@ static void destroy_client(client_data)
      OM_uint32 gssstat, minor_stat;
      gss_buffer_desc out_buf;
      client_list *c, *c2;
-     int ret;
 
      PRINTF(("destroy_client: destroying client_data\n"));
-     L_PRINTF(2, ("destroy_client: client_data = %#x\n", client_data));
+     L_PRINTF(2, ("destroy_client: client_data = %p\n", client_data));
 
 #ifdef DEBUG_GSSAPI
      if (svc_debug_gssapi >= 3)
@@ -852,7 +847,7 @@ static void dump_db(msg)
      c = clients;
      while (c) {
          client_data = c->client;
-         L_PRINTF(3, ("\tclient_data = %#x, exp = %d\n",
+         L_PRINTF(3, ("\tclient_data = %p, exp = %d\n",
                       client_data, client_data->expiration));
          c = c->next;
      }
@@ -871,7 +866,7 @@ static void clean_client()
      while (c) {
          client_data = c->client;
          
-         L_PRINTF(2, ("clean_client: client_data = %#x\n",
+         L_PRINTF(2, ("clean_client: client_data = %p\n",
                       client_data));
          
          if (client_data->expiration < time(0)) {
@@ -884,7 +879,6 @@ static void clean_client()
          }
      }
 
-done:
      PRINTF(("clean_client: done\n"));
 }
 
index 1c3d4018669e1b8251233802eb9ce3e156ec54a7..5e69764ca19cfa7f610fb5716454ef2699c37906 100644 (file)
@@ -1,3 +1,14 @@
+2000-06-21  Tom Yu  <tlyu@mit.edu>
+
+       * server.c: Include gssrpc/pmap_clnt.h in order to get renaming of
+       pmap_unset().  From Nathan Neulinger.
+
+2000-06-08  Tom Yu  <tlyu@mit.edu>
+
+       * lib/helpers.exp (kinit): Move "expect eof" into the commands
+       that send the prompt.  Don't "expect eof" outside of the main
+       expect, as the main expect may have already read eof.
+
 2000-02-15  Tom Yu  <tlyu@mit.edu>
 
        * server.c: Add code to set a signal handler for SIGHUP and a few
index 3d7b167fc50ee0cc3c6cefe4fa8a95fb98102245..c4b76aa0ce2fb36188e1bf35a408098688a34dba 100644 (file)
@@ -23,10 +23,10 @@ proc kinit {princ pass lifetime} {
 
        spawn -noecho $kinit -5 -l $lifetime $princ
        expect {
-               -re "Password for $princ.*: " { send "$pass\n" }
+               -re "Password for $princ.*: " { send "$pass\n"; expect eof }
                timeout { perror "Timeout waiting for kinit"; close }
+               eof
        }
-       expect { eof {} }
 
        set ret [wait]
        if {[lindex $ret $wait_error_index] == -1} {
@@ -117,7 +117,7 @@ proc wait_client {testname ccname id status} {
 
        set env(KRB5CCNAME) FILE:/tmp/krb5cc_rpc_test_$ccname
        if {[catch "exec $kdestroy -5"] != 0} {
-               error "$testname: cannot destroy client $ccname ccache"
+               perror "$testname: cannot destroy client $ccname ccache"
        }
 
        unset env(KRB5CCNAME)
index 7270ea40d8071fef51128151adc90ce1772f1f38..32f5de349fb8fe21c6bf4025b484e0d874028340 100644 (file)
@@ -14,6 +14,7 @@ static char *rcsid = "$Header$";
 #include <string.h>
 #include <signal.h>
 #include <gssrpc/rpc.h>
+#include <gssrpc/pmap_clnt.h>
 #include <arpa/inet.h>  /* inet_ntoa */
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_generic.h>
index ab3e1a1be10b5a4460256b5f89ef822b0709a04a..6dc9e101422e0cbbf7e3442df6d566bec17a1e65 100644 (file)
@@ -90,8 +90,13 @@ extern void krb5_stdcc_shutdown();
  * arbitrary third party applications.  If there is an error, or we
  * decide that we should not version check the calling application
  * then VSflag will be FALSE when the function returns.
+ *
+ * The buffers passed into this function must be at least
+ * APPVERINFO_SIZE bytes long.
  */
-       
+
+#define APPVERINFO_SIZE 256
+
 void GetCallingAppVerInfo( char *AppTitle, char *AppVer, char *AppIni,
                          BOOL *VSflag)
 {
@@ -187,11 +192,15 @@ void GetCallingAppVerInfo( char *AppTitle, char *AppVer, char *AppIni,
         * We don't have a way to determine that INI file of the
         * application at the moment so let's just use krb5.ini
         */
-       strcpy( locAppIni, KERBEROS_INI );
+       strncpy( locAppIni, KERBEROS_INI, sizeof(locAppIni) - 1 );
+       locAppIni[ sizeof(locAppIni) - 1 ] = '\0';
 
-       strcpy( AppTitle, locAppTitle);
-       strcpy( AppVer, locAppVer);
-       strcpy( AppIni, locAppIni);
+       strncpy( AppTitle, locAppTitle, APPVERINFO_SIZE);
+       AppTitle[APPVERINFO_SIZE - 1] = '\0';
+       strncpy( AppVer, locAppVer, APPVERINFO_SIZE);
+       AppVer[APPVERINFO_SIZE - 1] = '\0';
+       strncpy( AppIni, locAppIni, APPVERINFO_SIZE);
+       AppIni[APPVERINFO_SIZE - 1] = '\0';
 
        /*
         * We also need to determine if we want to suppress version
@@ -271,9 +280,10 @@ static krb5_error_code do_timebomb()
                if (first_time) {
                        sprintf(buf, "Your version of %s has expired.\n",
                                TIMEBOMB_PRODUCT);
-                       strcat(buf, "Please upgrade it.");
+                       buf[sizeof(buf) - 1] = '\0';
+                       strncat(buf, "Please upgrade it.", sizeof(buf) - 1 - strlen(buf));
 #ifdef TIMEBOMB_INFO
-                       strcat(buf, TIMEBOMB_INFO);
+                       strncat(buf, TIMEBOMB_INFO, sizeof(buf) - 1 - strlen(buf));
 #endif
                        MessageBox(NULL, buf, "", MB_OK);
                        first_time = 0;
@@ -285,9 +295,9 @@ static krb5_error_code do_timebomb()
                if (first_time) {
                        sprintf(buf, "Your version of %s will expire in %ld days.\n",
                                TIMEBOMB_PRODUCT, timeleft);
-                       strcat(buf, "Please upgrade it soon.");
+                       strncat(buf, "Please upgrade it soon.", sizeof(buf) - 1 - strlen(buf));
 #ifdef TIMEBOMB_INFO
-                       strcat(buf, TIMEBOMB_INFO);
+                       strncat(buf, TIMEBOMB_INFO, sizeof(buf) - 1 - strlen(buf));
 #endif
                        MessageBox(NULL, buf, "", MB_OK);
                        first_time = 0;
@@ -323,9 +333,9 @@ krb5_error_code krb5_vercheck()
                if (CallVersionServer(APP_TITLE, APP_VER, APP_INI, NULL))
                        return VERSERV_ERROR;
 #else
-               char AppTitle[256];
-               char AppVer[256];
-               char AppIni[256];
+               char AppTitle[APPVERINFO_SIZE];
+               char AppVer[APPVERINFO_SIZE];
+               char AppIni[APPVERINFO_SIZE];
                BOOL VSflag=TRUE;
 
                GetCallingAppVerInfo( AppTitle, AppVer, AppIni, &VSflag);
index f6386bb806f3fff1ef89d057e70e9e91c515e2cc..cf6fb9c22efba3e59dc9fa122ba87ec93b5e394a 100644 (file)
@@ -1,5 +1,3 @@
-#!/usr/local/bin/perl -w
-
 use strict; # Turn on careful syntax checking
 use 5.002;  # Require Perl 5.002 or later
 
diff --git a/src/mac/DylibStub.c b/src/mac/DylibStub.c
new file mode 100644 (file)
index 0000000..e1d3725
--- /dev/null
@@ -0,0 +1,5 @@
+/*
+ * This file here is because ProjectBuilder won't let me link a dylib without
+ * a .c file. Oddly enough, it doesn't need to contain any symbols...
+ */
diff --git a/src/mac/ErrorTables.jam b/src/mac/ErrorTables.jam
new file mode 100644 (file)
index 0000000..dc6411f
--- /dev/null
@@ -0,0 +1,91 @@
+#include "$(JAMBASE_DIR)/Jambase" ;
+include "/Developer/Makefiles/pbx_jamfiles/Jambase" ;
+
+SED = /usr/bin/sed ;
+AWK = /usr/bin/awk ;
+
+COMERR_DIR = "$(SRCROOT)/../util/et" ;
+COMPILE_ET_SH = "$(COMERR_DIR)/compile_et.sh" ;
+COMPILE_ET_SCRIPT = "$(COMERR_DIR)/compile_et" ;
+
+PROFILE_DIR = "$(SRCROOT)/../util/profile" ;
+ERROR_TABLES_DIR = "$(SRCROOT)/../lib/krb5/error_tables" ;
+GSS_GENERIC_DIR = "$(SRCROOT)/../lib/gssapi/generic" ;
+GSS_KRB5_DIR = "$(SRCROOT)/../lib/gssapi/krb5" ;
+
+DEPENDS all : 
+    "$(PROFILE_DIR)/prof_err.c"
+    "$(PROFILE_DIR)/prof_err.h"
+    "$(ERROR_TABLES_DIR)/adm_err.c"
+    "$(ERROR_TABLES_DIR)/adm_err.h"
+    "$(ERROR_TABLES_DIR)/asn1_err.c"
+    "$(ERROR_TABLES_DIR)/asn1_err.h"
+    "$(ERROR_TABLES_DIR)/kdb5_err.c"
+    "$(ERROR_TABLES_DIR)/kdb5_err.h"
+    "$(ERROR_TABLES_DIR)/krb5_err.c"
+    "$(ERROR_TABLES_DIR)/krb5_err.h"
+    "$(ERROR_TABLES_DIR)/kv5m_err.c"
+    "$(ERROR_TABLES_DIR)/kv5m_err.h"
+    "$(GSS_GENERIC_DIR)/gssapi_err_generic.c"
+    "$(GSS_GENERIC_DIR)/gssapi_err_generic.h"
+    "$(GSS_KRB5_DIR)/gssapi_err_krb5.c"
+    "$(GSS_KRB5_DIR)/gssapi_err_krb5.h"
+;
+
+DEPENDS install : all ;
+
+Clean.Remove clean : 
+    "$(PROFILE_DIR)/prof_err.c"
+    "$(PROFILE_DIR)/prof_err.h"
+    "$(ERROR_TABLES_DIR)/adm_err.c"
+    "$(ERROR_TABLES_DIR)/adm_err.h"
+    "$(ERROR_TABLES_DIR)/asn1_err.c"
+    "$(ERROR_TABLES_DIR)/asn1_err.h"
+    "$(ERROR_TABLES_DIR)/kdb5_err.c"
+    "$(ERROR_TABLES_DIR)/kdb5_err.h"
+    "$(ERROR_TABLES_DIR)/krb5_err.c"
+    "$(ERROR_TABLES_DIR)/krb5_err.h"
+    "$(ERROR_TABLES_DIR)/kv5m_err.c"
+    "$(ERROR_TABLES_DIR)/kv5m_err.h"
+    "$(GSS_GENERIC_DIR)/gssapi_err_generic.c"
+    "$(GSS_GENERIC_DIR)/gssapi_err_generic.h"
+    "$(GSS_KRB5_DIR)/gssapi_err_krb5.c"
+    "$(GSS_KRB5_DIR)/gssapi_err_krb5.h"
+    "$(COMPILE_ET_SCRIPT)"
+;
+
+rule CompileEt
+{
+    DEPENDS "$(1)" : "$(2)" ;
+    DEPENDS "$(1)" : "$(COMPILE_ET_SCRIPT)" ;
+}
+
+actions CompileEt
+{
+    (cd "$(2:D)" && "$(COMPILE_ET_SCRIPT)" "$(2)" ) ;
+    mv "$(2:S=.c)" "$(1[1])" ;
+    mv "$(2:S=.h)" "$(1[2])" ;
+}
+
+CompileEt "$(PROFILE_DIR)/prof_err.c" "$(PROFILE_DIR)/prof_err.h" : "$(PROFILE_DIR)/prof_err.et" ;
+CompileEt "$(ERROR_TABLES_DIR)/adm_err.c" "$(ERROR_TABLES_DIR)/adm_err.h" : "$(ERROR_TABLES_DIR)/adm_err.et" ;
+CompileEt "$(ERROR_TABLES_DIR)/asn1_err.c" "$(ERROR_TABLES_DIR)/asn1_err.h" : "$(ERROR_TABLES_DIR)/asn1_err.et" ;
+CompileEt "$(ERROR_TABLES_DIR)/kdb5_err.c" "$(ERROR_TABLES_DIR)/kdb5_err.h" : "$(ERROR_TABLES_DIR)/kdb5_err.et" ;
+CompileEt "$(ERROR_TABLES_DIR)/krb5_err.c" "$(ERROR_TABLES_DIR)/krb5_err.h" : "$(ERROR_TABLES_DIR)/krb5_err.et" ;
+CompileEt "$(ERROR_TABLES_DIR)/kv5m_err.c" "$(ERROR_TABLES_DIR)/kv5m_err.h" : "$(ERROR_TABLES_DIR)/kv5m_err.et" ;
+CompileEt "$(GSS_GENERIC_DIR)/gssapi_err_generic.c" "$(GSS_GENERIC_DIR)/gssapi_err_generic.h" : "$(GSS_GENERIC_DIR)/gssapi_err_generic.et" ;
+CompileEt "$(GSS_KRB5_DIR)/gssapi_err_krb5.c" "$(GSS_KRB5_DIR)/gssapi_err_krb5.h" : "$(GSS_KRB5_DIR)/gssapi_err_krb5.et" ;
+
+rule GenerateCompileEt
+{
+    DEPENDS "$(1)" : "$(2)" ;
+}
+
+actions GenerateCompileEt
+{
+    "$(2)" "$(AWK)" "$(SED)" > "$(1)";
+    chmod 755 "$(1)" ;
+}
+
+GenerateCompileEt "$(COMPILE_ET_SCRIPT)" : "$(COMERR_DIR)/config_script" "$(COMPILE_ET_SH)" ;
+
index 985ccd24043a89a8266798ad592c11451980f48c..7b5f5a06272dcd2765f25d24dd9108eac7ee7366 100644 (file)
  
 #include "gss_libinit.h"
 
+#ifdef macintosh
 OSErr __initializeGSS(CFragInitBlockPtr ibp);
 void __terminateGSS(void);
 
 OSErr __initializeGSS(CFragInitBlockPtr ibp)
 {
        OSErr   err = noErr;
-       
+        
        /* Do normal init of the shared library */
        err = __initialize();
-       
+#else
+#define noErr  0
+void __initializeGSS(void);
+void __initializeGSS(void)
+{
+        int    err = noErr;
+#endif
+
        /* Initialize the error tables */
        if (err == noErr) {
                err = gssint_initialize_library ();
        }
-       
+
+#ifdef macintosh       
        return err;
+#endif
 }
 
+#ifdef macintosh
 void __terminateGSS(void)
 {
        gssint_cleanup_library ();
 
        __terminate();
 }
+#endif
diff --git a/src/mac/GSSKerberos5.pbproj/project.pbxproj b/src/mac/GSSKerberos5.pbproj/project.pbxproj
new file mode 100644 (file)
index 0000000..8eed797
--- /dev/null
@@ -0,0 +1,10833 @@
+{
+       archiveVersion = 1;
+       classes = {
+       };
+       objectVersion = 30;
+       objects = {
+               00CFB46AFF6D81A212120111 = {
+                       isa = PBXFileReference;
+                       path = krb5_libinit.c;
+                       refType = 4;
+               };
+               00CFB46BFF6D81A212120111 = {
+                       isa = PBXFileReference;
+                       path = krb5_libinit.h;
+                       refType = 4;
+               };
+               00CFB46CFF6D81A212120111 = {
+                       fileRef = 00CFB46BFF6D81A212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00CFB46DFF6D81A212120111 = {
+                       fileRef = 00CFB46AFF6D81A212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00CFB46EFF6D85D612120111 = {
+                       isa = PBXFileReference;
+                       path = util_canonhost.c;
+                       refType = 4;
+               };
+               00CFB46FFF6D85D612120111 = {
+                       fileRef = 00CFB46EFF6D85D612120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00CFB470FF6D8BB312120111 = {
+                       isa = PBXFileReference;
+                       name = "port-sockets.h";
+                       path = "../include/port-sockets.h";
+                       refType = 2;
+               };
+               00CFB471FF6D8BB412120111 = {
+                       fileRef = 00CFB470FF6D8BB312120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00CFB472FF6EA33F12120111 = {
+                       children = (
+                               00CFB473FF6EA33F12120111,
+                               00CFB474FF6EA33F12120111,
+                               00CFB475FF6EA33F12120111,
+                               00CFB476FF6EA33F12120111,
+                       );
+                       isa = PBXGroup;
+                       path = ccapi;
+                       refType = 4;
+               };
+               00CFB473FF6EA33F12120111 = {
+                       isa = PBXFileReference;
+                       path = stdcc.c;
+                       refType = 4;
+               };
+               00CFB474FF6EA33F12120111 = {
+                       isa = PBXFileReference;
+                       path = stdcc.h;
+                       refType = 4;
+               };
+               00CFB475FF6EA33F12120111 = {
+                       isa = PBXFileReference;
+                       path = stdcc_util.c;
+                       refType = 4;
+               };
+               00CFB476FF6EA33F12120111 = {
+                       isa = PBXFileReference;
+                       path = stdcc_util.h;
+                       refType = 4;
+               };
+               00CFB477FF6EA33F12120111 = {
+                       fileRef = 00CFB474FF6EA33F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00CFB478FF6EA33F12120111 = {
+                       fileRef = 00CFB476FF6EA33F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00CFB479FF6EA33F12120111 = {
+                       fileRef = 00CFB473FF6EA33F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00CFB47AFF6EA33F12120111 = {
+                       fileRef = 00CFB475FF6EA33F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00CFB47BFF6EA3C312120111 = {
+                       isa = PBXFrameworkReference;
+                       name = CCache.framework;
+                       path = /System/Library/Frameworks/Kerberos.framework/Frameworks/CCache.framework;
+                       refType = 0;
+               };
+               00CFB47CFF6EA3C312120111 = {
+                       fileRef = 00CFB47BFF6EA3C312120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F24292FFB75B2612120156 = {
+                       isa = PBXLibraryReference;
+                       path = libkrb5.dylib;
+                       refType = 3;
+               };
+               00F24293FFB75B2612120156 = {
+                       buildPhases = (
+                               00F24294FFB75B2612120156,
+                               00F24295FFB75B2612120156,
+                               00F24296FFB75B2612120156,
+                               00F24297FFB75B2612120156,
+                               00F242BAFFB76A1512120156,
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               FRAMEWORK_SEARCH_PATHS = /System/Library/Frameworks/Kerberos.framework/Frameworks/;
+                               LIBRARY_STYLE = DYNAMIC;
+                               OPTIMIZATION_CFLAGS = "";
+                               OTHER_CFLAGS = "";
+                               OTHER_LDFLAGS = "";
+                               OTHER_LIBTOOL_FLAGS = "";
+                               OTHER_REZFLAGS = "";
+                               REZ_EXECUTABLE = YES;
+                               SECTORDER_FLAGS = "";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       conditionalBuildSettings = {
+                       };
+                       dependencies = (
+                               00F242B4FFB7612912120156,
+                       );
+                       isa = PBXLibraryTarget;
+                       name = libkrb5;
+                       productInstallPath = /usr/lib;
+                       productName = libkrb5.dylib;
+                       productReference = 00F24292FFB75B2612120156;
+                       shouldUseHeadermap = 0;
+               };
+               00F24294FFB75B2612120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               00F242C5FFB7717D12120156,
+                               00F242C6FFB7717D12120156,
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       name = Headers;
+               };
+               00F24295FFB75B2612120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               00F2429CFFB75DFF12120156,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       name = Sources;
+               };
+               00F24296FFB75B2612120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               00F24298FFB75CAB12120156,
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       name = "Frameworks & Libraries";
+               };
+               00F24297FFB75B2612120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       name = "ResourceManager Resources";
+               };
+               00F24298FFB75CAB12120156 = {
+                       fileRef = 012574A7FF7A9C8212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F24299FFB75CD112120156 = {
+                       children = (
+                               00F24292FFB75B2612120156,
+                               00F2429DFFB75F1512120156,
+                               00F242A4FFB75FA712120156,
+                               00F242ACFFB760BC12120156,
+                               00F2429AFFB75D5D12120156,
+                       );
+                       isa = PBXGroup;
+                       name = Dylibs;
+                       refType = 4;
+               };
+               00F2429AFFB75D5D12120156 = {
+                       isa = PBXFileReference;
+                       path = DylibStub.c;
+                       refType = 4;
+               };
+               00F2429CFFB75DFF12120156 = {
+                       fileRef = 00F2429AFFB75D5D12120156;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F2429DFFB75F1512120156 = {
+                       isa = PBXLibraryReference;
+                       path = libk5crypto.dylib;
+                       refType = 3;
+               };
+               00F2429EFFB75F1512120156 = {
+                       buildPhases = (
+                               00F2429FFFB75F1512120156,
+                               00F242A0FFB75F1512120156,
+                               00F242A2FFB75F1512120156,
+                               00F242A3FFB75F1512120156,
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               FRAMEWORK_SEARCH_PATHS = /System/Library/Frameworks/Kerberos.framework/Frameworks;
+                               LIBRARY_STYLE = DYNAMIC;
+                               OPTIMIZATION_CFLAGS = "";
+                               OTHER_CFLAGS = "";
+                               OTHER_LDFLAGS = "";
+                               OTHER_LIBTOOL_FLAGS = "";
+                               OTHER_REZFLAGS = "";
+                               REZ_EXECUTABLE = YES;
+                               SECTORDER_FLAGS = "";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       conditionalBuildSettings = {
+                       };
+                       dependencies = (
+                       );
+                       isa = PBXLibraryTarget;
+                       name = libk5crypto;
+                       productInstallPath = /usr/lib;
+                       productName = libk5crypto.dylib;
+                       productReference = 00F2429DFFB75F1512120156;
+                       shouldUseHeadermap = 0;
+               };
+               00F2429FFFB75F1512120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       name = Headers;
+               };
+               00F242A0FFB75F1512120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               00F242A1FFB75F1512120156,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       name = Sources;
+               };
+               00F242A1FFB75F1512120156 = {
+                       fileRef = 00F2429AFFB75D5D12120156;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242A2FFB75F1512120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       name = "Frameworks & Libraries";
+               };
+               00F242A3FFB75F1512120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       name = "ResourceManager Resources";
+               };
+               00F242A4FFB75FA712120156 = {
+                       isa = PBXLibraryReference;
+                       path = libcom_err.dylib;
+                       refType = 3;
+               };
+               00F242A5FFB75FA712120156 = {
+                       buildPhases = (
+                               00F242A6FFB75FA712120156,
+                               00F242A7FFB75FA712120156,
+                               00F242A9FFB75FA712120156,
+                               00F242ABFFB75FA712120156,
+                               00F242B7FFB7698D12120156,
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               FRAMEWORK_SEARCH_PATHS = /System/Library/Frameworks/Kerberos.framework/Frameworks;
+                               LIBRARY_STYLE = DYNAMIC;
+                               OPTIMIZATION_CFLAGS = "";
+                               OTHER_CFLAGS = "";
+                               OTHER_LDFLAGS = "";
+                               OTHER_LIBTOOL_FLAGS = "";
+                               OTHER_REZFLAGS = "";
+                               REZ_EXECUTABLE = YES;
+                               SECTORDER_FLAGS = "";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       conditionalBuildSettings = {
+                       };
+                       dependencies = (
+                               00F242B5FFB7612912120156,
+                       );
+                       isa = PBXLibraryTarget;
+                       name = libcom_err;
+                       productInstallPath = /usr/lib;
+                       productName = libcom_err.dylib;
+                       productReference = 00F242A4FFB75FA712120156;
+                       shouldUseHeadermap = 0;
+               };
+               00F242A6FFB75FA712120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       name = Headers;
+               };
+               00F242A7FFB75FA712120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               00F242A8FFB75FA712120156,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       name = Sources;
+               };
+               00F242A8FFB75FA712120156 = {
+                       fileRef = 00F2429AFFB75D5D12120156;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242A9FFB75FA712120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               00F242AAFFB75FA712120156,
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       name = "Frameworks & Libraries";
+               };
+               00F242AAFFB75FA712120156 = {
+                       fileRef = 012574A5FF7A9C8212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242ABFFB75FA712120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       name = "ResourceManager Resources";
+               };
+               00F242ACFFB760BC12120156 = {
+                       isa = PBXLibraryReference;
+                       path = libgssapi_krb5.dylib;
+                       refType = 3;
+               };
+               00F242ADFFB760BC12120156 = {
+                       buildPhases = (
+                               00F242AEFFB760BC12120156,
+                               00F242AFFFB760BC12120156,
+                               00F242B1FFB760BC12120156,
+                               00F242B3FFB760BC12120156,
+                               00F242C0FFB7705612120156,
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               FRAMEWORK_SEARCH_PATHS = /System/Library/Frameworks/Kerberos.framework/Frameworks;
+                               LIBRARY_STYLE = DYNAMIC;
+                               OPTIMIZATION_CFLAGS = "";
+                               OTHER_CFLAGS = "";
+                               OTHER_LDFLAGS = "";
+                               OTHER_LIBTOOL_FLAGS = "";
+                               OTHER_REZFLAGS = "";
+                               REZ_EXECUTABLE = YES;
+                               SECTORDER_FLAGS = "";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       conditionalBuildSettings = {
+                       };
+                       dependencies = (
+                               00F242B6FFB7612912120156,
+                       );
+                       isa = PBXLibraryTarget;
+                       name = libgssapi_krb5;
+                       productInstallPath = /usr/lib;
+                       productName = libgssapi_krb5.dylib;
+                       productReference = 00F242ACFFB760BC12120156;
+                       shouldUseHeadermap = 0;
+               };
+               00F242AEFFB760BC12120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               00F242BFFFB7705612120156,
+                               00F242C2FFB7706712120156,
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       name = Headers;
+               };
+               00F242AFFFB760BC12120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               00F242B0FFB760BC12120156,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       name = Sources;
+               };
+               00F242B0FFB760BC12120156 = {
+                       fileRef = 00F2429AFFB75D5D12120156;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242B1FFB760BC12120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               00F242B2FFB760BC12120156,
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       name = "Frameworks & Libraries";
+               };
+               00F242B2FFB760BC12120156 = {
+                       fileRef = 012574A8FF7A9C8212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242B3FFB760BC12120156 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       name = "ResourceManager Resources";
+               };
+               00F242B4FFB7612912120156 = {
+                       isa = PBXTargetDependency;
+                       target = 1744760CFF5FF8DB12120111;
+               };
+               00F242B5FFB7612912120156 = {
+                       isa = PBXTargetDependency;
+                       target = 174475D2FF5EF33612120111;
+               };
+               00F242B6FFB7612912120156 = {
+                       isa = PBXTargetDependency;
+                       target = 5C1372EBFF6546C412120111;
+               };
+               00F242B7FFB7698D12120156 = {
+                       buildActionMask = 8;
+                       dstPath = /usr/include;
+                       dstSubfolderSpec = 0;
+                       files = (
+                               00F242B9FFB769B812120156,
+                       );
+                       isa = PBXCopyFilesBuildPhase;
+                       name = "Copy Files";
+               };
+               00F242B9FFB769B812120156 = {
+                       fileRef = 174475DDFF5EF35112120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242BAFFB76A1512120156 = {
+                       buildActionMask = 8;
+                       dstPath = /usr/include;
+                       dstSubfolderSpec = 0;
+                       files = (
+                               00F242C7FFB7717D12120156,
+                               00F242C8FFB7717D12120156,
+                       );
+                       isa = PBXCopyFilesBuildPhase;
+                       name = "Copy Files";
+               };
+               00F242BFFFB7705612120156 = {
+                       fileRef = 5C1372FCFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242C0FFB7705612120156 = {
+                       buildActionMask = 8;
+                       dstPath = /usr/include;
+                       dstSubfolderSpec = 0;
+                       files = (
+                               00F242C1FFB7705612120156,
+                               00F242C3FFB7707D12120156,
+                       );
+                       isa = PBXCopyFilesBuildPhase;
+                       name = "Copy Files";
+               };
+               00F242C1FFB7705612120156 = {
+                       fileRef = 5C1372FCFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242C2FFB7706712120156 = {
+                       fileRef = 5C13731AFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242C3FFB7707D12120156 = {
+                       fileRef = 5C13731AFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242C5FFB7717D12120156 = {
+                       fileRef = 174476B9FF5FFFA512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242C6FFB7717D12120156 = {
+                       fileRef = 174475FFFF5EFBEA12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242C7FFB7717D12120156 = {
+                       fileRef = 174476B9FF5FFFA512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               00F242C8FFB7717D12120156 = {
+                       fileRef = 174475FFFF5EFBEA12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               0101EC5DFF8FDD1B7F000001 = {
+                       isa = PBXFileReference;
+                       path = ErrorTables.jam;
+                       refType = 4;
+               };
+               0101EC5EFF8FE67C7F000001 = {
+                       isa = PBXFileReference;
+                       path = HeaderFiles.jam;
+                       refType = 4;
+               };
+               012574A5FF7A9C8212120111 = {
+                       isa = PBXFrameworkReference;
+                       path = ComErr.framework;
+                       refType = 3;
+               };
+               012574A6FF7A9C8212120111 = {
+                       isa = PBXFrameworkReference;
+                       path = Profile.framework;
+                       refType = 3;
+               };
+               012574A7FF7A9C8212120111 = {
+                       isa = PBXFrameworkReference;
+                       path = Kerberos5.framework;
+                       refType = 3;
+               };
+               012574A8FF7A9C8212120111 = {
+                       isa = PBXFrameworkReference;
+                       path = GSS.framework;
+                       refType = 3;
+               };
+               0F80148EFF9A7E33126500C7 = {
+                       isa = PBXFrameworkReference;
+                       name = Carbon.framework;
+                       path = /System/Library/Frameworks/Carbon.framework;
+                       refType = 0;
+               };
+               0F80148FFF9A7E33126500C7 = {
+                       fileRef = 0F80148EFF9A7E33126500C7;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               0F801490FF9A7E5D126500C7 = {
+                       isa = PBXFrameworkReference;
+                       name = KerberosSupport.framework;
+                       path = /System/Library/Frameworks/Kerberos.framework/Frameworks/KerberosSupport.framework;
+                       refType = 0;
+               };
+               0F801491FF9A7E5D126500C7 = {
+                       fileRef = 0F801490FF9A7E5D126500C7;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               0F801492FF9A8D33126500C7 = {
+                       isa = PBXFrameworkReference;
+                       name = Preferences.framework;
+                       path = /System/Library/Frameworks/Kerberos.framework/Frameworks/Preferences.framework;
+                       refType = 0;
+               };
+               0F801493FF9A8D33126500C7 = {
+                       fileRef = 0F801492FF9A8D33126500C7;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475CAFF5EEEE312120111 = {
+                       isa = PBXFileReference;
+                       path = GenerateErrorTables.sh;
+                       refType = 4;
+               };
+               174475CBFF5EEEE312120111 = {
+                       buildArgumentsString = "-f $(SRCROOT)/ErrorTables.jam $(ACTION)";
+                       buildPhases = (
+                       );
+                       buildSettings = {
+                               FRAMEWORK_SEARCH_PATHS = "";
+                               HEADER_SEARCH_PATHS = "";
+                               LIBRARY_SEARCH_PATHS = "";
+                               OPTIMIZATION_CFLAGS = "";
+                               OTHER_CFLAGS = "";
+                               OTHER_LDFLAGS = "";
+                               OTHER_REZFLAGS = "";
+                               SECTORDER_FLAGS = "";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       buildToolPath = /usr/bin/jam;
+                       conditionalBuildSettings = {
+                       };
+                       dependencies = (
+                       );
+                       isa = PBXLegacyTarget;
+                       name = "Error Tables";
+                       productName = "Error Tables";
+                       settingsToExpand = 6;
+                       settingsToPassInEnvironment = 25;
+                       settingsToPassOnCommandLine = 280;
+                       shouldUseHeadermap = 0;
+               };
+               174475CDFF5EF33612120111 = {
+                       children = (
+                               012574A5FF7A9C8212120111,
+                               4E933A40FF828AEA12120111,
+                               174475CEFF5EF33612120111,
+                               174475CFFF5EF33612120111,
+                               174475D0FF5EF33612120111,
+                               174475D1FF5EF33612120111,
+                               174475DDFF5EF35112120111,
+                               174475DFFF5EF78012120111,
+                               4E933A44FF82905F12120111,
+                               4E933A45FF82905F12120111,
+                       );
+                       isa = PBXGroup;
+                       name = ComErr;
+                       path = ../util/et;
+                       refType = 2;
+               };
+               174475CEFF5EF33612120111 = {
+                       isa = PBXFileReference;
+                       path = com_err.c;
+                       refType = 4;
+               };
+               174475CFFF5EF33612120111 = {
+                       isa = PBXFileReference;
+                       path = error_message.c;
+                       refType = 4;
+               };
+               174475D0FF5EF33612120111 = {
+                       isa = PBXFileReference;
+                       path = et_name.c;
+                       refType = 4;
+               };
+               174475D1FF5EF33612120111 = {
+                       isa = PBXFileReference;
+                       path = init_et.c;
+                       refType = 4;
+               };
+               174475D2FF5EF33612120111 = {
+                       buildPhases = (
+                               174475D4FF5EF33612120111,
+                               174475D5FF5EF33612120111,
+                               174475D6FF5EF33612120111,
+                               174475DBFF5EF33612120111,
+                               174475DCFF5EF33612120111,
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               EXPORTED_SYMBOLS_FILE = "$(SRCROOT)/../util/et/et.pbexp";
+                               FRAMEWORK_SEARCH_PATHS = "";
+                               FRAMEWORK_VERSION = A;
+                               HEADER_SEARCH_PATHS = "\"/System/Library/Frameworks/CarbonCore.framework/Headers\"";
+                               LIBRARY_SEARCH_PATHS = "";
+                               OPTIMIZATION_CFLAGS = "";
+                               OTHER_CFLAGS = "";
+                               OTHER_LDFLAGS = "";
+                               OTHER_LIBTOOL_FLAGS = "";
+                               OTHER_REZFLAGS = "";
+                               PRINCIPAL_CLASS = "";
+                               SECTORDER_FLAGS = "";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                               WRAPPER_EXTENSION = framework;
+                       };
+                       conditionalBuildSettings = {
+                       };
+                       dependencies = (
+                               174475D3FF5EF33612120111,
+                       );
+                       isa = PBXFrameworkTarget;
+                       name = ComErr;
+                       productInstallPath = /System/Library/Frameworks/Kerberos.framework/Frameworks;
+                       productName = ComErr;
+                       productReference = 012574A5FF7A9C8212120111;
+                       productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
+<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
+<plist version=\"0.9\">
+<dict>
+       <key>CFBundleDevelopmentRegion</key>
+       <string>English</string>
+       <key>CFBundleExecutable</key>
+       <string></string>
+       <key>CFBundleGetInfoString</key>
+       <string></string>
+       <key>CFBundleIconFile</key>
+       <string></string>
+       <key>CFBundleIdentifier</key>
+       <string></string>
+       <key>CFBundleInfoDictionaryVersion</key>
+       <string>6.0</string>
+       <key>CFBundleName</key>
+       <string></string>
+       <key>CFBundlePackageType</key>
+       <string>FMWK</string>
+       <key>CFBundleShortVersionString</key>
+       <string></string>
+       <key>CFBundleSignature</key>
+       <string>????</string>
+       <key>CFBundleVersion</key>
+       <string>0.0.1d1</string>
+</dict>
+</plist>
+";
+                       shouldUseHeadermap = 0;
+               };
+               174475D3FF5EF33612120111 = {
+                       isa = PBXTargetDependency;
+                       target = 174475CBFF5EEEE312120111;
+               };
+               174475D4FF5EF33612120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               174475DEFF5EF35112120111,
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       name = Headers;
+               };
+               174475D5FF5EF33612120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               4E933A41FF828AEA12120111,
+                       );
+                       isa = PBXResourcesBuildPhase;
+                       name = "Bundle Resources";
+               };
+               174475D6FF5EF33612120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               174475D7FF5EF33612120111,
+                               174475D8FF5EF33612120111,
+                               174475D9FF5EF33612120111,
+                               174475DAFF5EF33612120111,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       name = Sources;
+               };
+               174475D7FF5EF33612120111 = {
+                       fileRef = 174475CFFF5EF33612120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475D8FF5EF33612120111 = {
+                       fileRef = 174475D0FF5EF33612120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475D9FF5EF33612120111 = {
+                       fileRef = 174475D1FF5EF33612120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475DAFF5EF33612120111 = {
+                       fileRef = 174475CEFF5EF33612120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475DBFF5EF33612120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       name = "Frameworks & Libraries";
+               };
+               174475DCFF5EF33612120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       name = "ResourceManager Resources";
+               };
+               174475DDFF5EF35112120111 = {
+                       isa = PBXFileReference;
+                       path = com_err.h;
+                       refType = 4;
+               };
+               174475DEFF5EF35112120111 = {
+                       fileRef = 174475DDFF5EF35112120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Public,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475DFFF5EF78012120111 = {
+                       isa = PBXFileReference;
+                       path = compile_et;
+                       refType = 4;
+               };
+               174475E2FF5EF80312120111 = {
+                       buildPhases = (
+                               174475E3FF5EF80312120111,
+                               174475E4FF5EF80312120111,
+                               174475E5FF5EF80312120111,
+                               174475E6FF5EF80312120111,
+                               174475E7FF5EF80312120111,
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               EXPORTED_SYMBOLS_FILE = "$(SRCROOT)/../util/profile/profile.pbexp";
+                               FRAMEWORK_SEARCH_PATHS = /System/Library/Frameworks/Kerberos.framework/Frameworks;
+                               FRAMEWORK_VERSION = A;
+                               HEADER_SEARCH_PATHS = "/System/Library/Frameworks/CarbonCore.framework/Headers \"$(SYMROOT)/ComErr.framework/Headers\" /System/Library/Frameworks/Kerberos.framework/Frameworks/KerberosSupport.framework/Headers";
+                               LIBRARY_SEARCH_PATHS = "";
+                               OPTIMIZATION_CFLAGS = "";
+                               OTHER_CFLAGS = "-imacros \"$(SRCROOT)/GSSKerberosPrefix.h\"";
+                               OTHER_LDFLAGS = "-init ___InitializeProfileLib";
+                               OTHER_LIBTOOL_FLAGS = "";
+                               OTHER_REZFLAGS = "";
+                               PRINCIPAL_CLASS = "";
+                               SECTORDER_FLAGS = "";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                               WRAPPER_EXTENSION = framework;
+                       };
+                       conditionalBuildSettings = {
+                       };
+                       dependencies = (
+                               17447600FF5EFBEA12120111,
+                               17447602FF5EFC2312120111,
+                       );
+                       isa = PBXFrameworkTarget;
+                       name = Profile;
+                       productInstallPath = /System/Library/Frameworks/Kerberos.framework/Frameworks;
+                       productName = Profile;
+                       productReference = 012574A6FF7A9C8212120111;
+                       productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
+<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
+<plist version=\"0.9\">
+<dict>
+       <key>CFBundleDevelopmentRegion</key>
+       <string>English</string>
+       <key>CFBundleExecutable</key>
+       <string></string>
+       <key>CFBundleGetInfoString</key>
+       <string></string>
+       <key>CFBundleIconFile</key>
+       <string></string>
+       <key>CFBundleIdentifier</key>
+       <string></string>
+       <key>CFBundleInfoDictionaryVersion</key>
+       <string>6.0</string>
+       <key>CFBundleName</key>
+       <string></string>
+       <key>CFBundlePackageType</key>
+       <string>FMWK</string>
+       <key>CFBundleShortVersionString</key>
+       <string></string>
+       <key>CFBundleSignature</key>
+       <string>????</string>
+       <key>CFBundleVersion</key>
+       <string>0.0.1d1</string>
+</dict>
+</plist>
+";
+                       shouldUseHeadermap = 0;
+               };
+               174475E3FF5EF80312120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               174475F8FF5EF9C012120111,
+                               174475F9FF5EF9C012120111,
+                               17447608FF5F046812120111,
+                               5C137381FF67E3E112120111,
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       name = Headers;
+               };
+               174475E4FF5EF80312120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               4E933A43FF828B8612120111,
+                       );
+                       isa = PBXResourcesBuildPhase;
+                       name = "Bundle Resources";
+               };
+               174475E5FF5EF80312120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               174475EFFF5EF8A512120111,
+                               174475F0FF5EF8A512120111,
+                               174475F1FF5EF8A512120111,
+                               174475F2FF5EF8A512120111,
+                               174475F3FF5EF8A512120111,
+                               174475F4FF5EF8A512120111,
+                               174475FAFF5EF9C012120111,
+                               61622FDDFF8535E112120111,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       name = Sources;
+               };
+               174475E6FF5EF80312120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               17447604FF5EFCC612120111,
+                               0F80148FFF9A7E33126500C7,
+                               0F801491FF9A7E5D126500C7,
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       name = "Frameworks & Libraries";
+               };
+               174475E7FF5EF80312120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       name = "ResourceManager Resources";
+               };
+               174475E8FF5EF8A512120111 = {
+                       children = (
+                               012574A6FF7A9C8212120111,
+                               17447603FF5EFCC612120111,
+                               0F80148EFF9A7E33126500C7,
+                               0F801490FF9A7E5D126500C7,
+                               61622FDCFF8535E112120111,
+                               4E933A42FF828B8512120111,
+                               174475E9FF5EF8A512120111,
+                               174475EAFF5EF8A512120111,
+                               174475EBFF5EF8A512120111,
+                               174475ECFF5EF8A512120111,
+                               174475EDFF5EF8A512120111,
+                               174475EEFF5EF8A512120111,
+                               174475F5FF5EF9C012120111,
+                               174475F6FF5EF9C012120111,
+                               174475F7FF5EF9C012120111,
+                               174475FFFF5EFBEA12120111,
+                       );
+                       isa = PBXGroup;
+                       name = Profile;
+                       path = ../util/profile;
+                       refType = 2;
+               };
+               174475E9FF5EF8A512120111 = {
+                       isa = PBXFileReference;
+                       path = prof_file.c;
+                       refType = 4;
+               };
+               174475EAFF5EF8A512120111 = {
+                       isa = PBXFileReference;
+                       path = prof_get.c;
+                       refType = 4;
+               };
+               174475EBFF5EF8A512120111 = {
+                       isa = PBXFileReference;
+                       path = prof_init.c;
+                       refType = 4;
+               };
+               174475ECFF5EF8A512120111 = {
+                       isa = PBXFileReference;
+                       path = prof_parse.c;
+                       refType = 4;
+               };
+               174475EDFF5EF8A512120111 = {
+                       isa = PBXFileReference;
+                       path = prof_set.c;
+                       refType = 4;
+               };
+               174475EEFF5EF8A512120111 = {
+                       isa = PBXFileReference;
+                       path = prof_tree.c;
+                       refType = 4;
+               };
+               174475EFFF5EF8A512120111 = {
+                       fileRef = 174475E9FF5EF8A512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475F0FF5EF8A512120111 = {
+                       fileRef = 174475EAFF5EF8A512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475F1FF5EF8A512120111 = {
+                       fileRef = 174475EBFF5EF8A512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475F2FF5EF8A512120111 = {
+                       fileRef = 174475ECFF5EF8A512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475F3FF5EF8A512120111 = {
+                       fileRef = 174475EDFF5EF8A512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475F4FF5EF8A512120111 = {
+                       fileRef = 174475EEFF5EF8A512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475F5FF5EF9C012120111 = {
+                       isa = PBXFileReference;
+                       path = prof_err.c;
+                       refType = 4;
+               };
+               174475F6FF5EF9C012120111 = {
+                       isa = PBXFileReference;
+                       path = prof_err.h;
+                       refType = 4;
+               };
+               174475F7FF5EF9C012120111 = {
+                       isa = PBXFileReference;
+                       path = prof_int.h;
+                       refType = 4;
+               };
+               174475F8FF5EF9C012120111 = {
+                       fileRef = 174475F6FF5EF9C012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475F9FF5EF9C012120111 = {
+                       fileRef = 174475F7FF5EF9C012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475FAFF5EF9C012120111 = {
+                       fileRef = 174475F5FF5EF9C012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174475FDFF5EFB1212120111 = {
+                       buildArgumentsString = "-f $(SRCROOT)/HeaderFiles.jam $(ACTION)";
+                       buildPhases = (
+                       );
+                       buildSettings = {
+                               FRAMEWORK_SEARCH_PATHS = "";
+                               HEADER_SEARCH_PATHS = "";
+                               LIBRARY_SEARCH_PATHS = "";
+                               OPTIMIZATION_CFLAGS = "";
+                               OTHER_CFLAGS = "";
+                               OTHER_LDFLAGS = "";
+                               OTHER_REZFLAGS = "";
+                               SECTORDER_FLAGS = "";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                       };
+                       buildToolPath = /usr/bin/jam;
+                       conditionalBuildSettings = {
+                       };
+                       dependencies = (
+                               17447609FF5FF54A12120111,
+                       );
+                       isa = PBXLegacyTarget;
+                       name = "Header Files";
+                       productName = "Header Files";
+                       settingsToExpand = 6;
+                       settingsToPassInEnvironment = 287;
+                       settingsToPassOnCommandLine = 280;
+                       shouldUseHeadermap = 0;
+               };
+               174475FEFF5EFBEA12120111 = {
+                       isa = PBXFileReference;
+                       path = GenerateHeaderFiles.sh;
+                       refType = 4;
+               };
+               174475FFFF5EFBEA12120111 = {
+                       isa = PBXFileReference;
+                       path = profile.h;
+                       refType = 4;
+               };
+               17447600FF5EFBEA12120111 = {
+                       isa = PBXTargetDependency;
+                       target = 174475FDFF5EFB1212120111;
+               };
+               17447602FF5EFC2312120111 = {
+                       isa = PBXTargetDependency;
+                       target = 174475D2FF5EF33612120111;
+               };
+               17447603FF5EFCC612120111 = {
+                       isa = PBXFrameworkReference;
+                       path = ComErr.framework;
+                       refType = 3;
+               };
+               17447604FF5EFCC612120111 = {
+                       fileRef = 17447603FF5EFCC612120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447607FF5F046812120111 = {
+                       isa = PBXFileReference;
+                       path = GSSKerberosPrefix.h;
+                       refType = 2;
+               };
+               17447608FF5F046812120111 = {
+                       fileRef = 17447607FF5F046812120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447609FF5FF54A12120111 = {
+                       isa = PBXTargetDependency;
+                       target = 174475CBFF5EEEE312120111;
+               };
+               1744760AFF5FF8DB12120111 = {
+                       children = (
+                               012574A7FF7A9C8212120111,
+                               174476CCFF60088512120111,
+                               174476CDFF60088512120111,
+                               00CFB47BFF6EA3C312120111,
+                               0F801492FF9A8D33126500C7,
+                               41D6B5480029FA1112120111,
+                               61622FDAFF85346F12120111,
+                               61622FD1FF82A36412120111,
+                               174476B8FF5FFFA512120111,
+                               174476B9FF5FFFA512120111,
+                               174476BDFF6001C412120111,
+                               174476BFFF60027612120111,
+                               174476C1FF60031B12120111,
+                               174476C3FF60070212120111,
+                               17447616FF5FFA3A12120111,
+                       );
+                       isa = PBXGroup;
+                       name = Kerberos5;
+                       path = "";
+                       refType = 2;
+               };
+               1744760CFF5FF8DB12120111 = {
+                       buildPhases = (
+                               17447611FF5FF8DB12120111,
+                               17447612FF5FF8DB12120111,
+                               17447613FF5FF8DB12120111,
+                               17447614FF5FF8DB12120111,
+                               17447615FF5FF8DB12120111,
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               EXPORTED_SYMBOLS_FILE = "$(SRCROOT)/Kerberos5Lib.pbexp";
+                               FRAMEWORK_SEARCH_PATHS = "\"/System/Library/Frameworks/Kerberos.framework/Frameworks\"";
+                               FRAMEWORK_VERSION = A;
+                               HEADER_SEARCH_PATHS = "/System/Library/Frameworks/CarbonCore.framework/Headers \"$(SYMROOT)/ComErr.framework/Headers\" \"$(SYMROOT)/Profile.framework/Headers\" /System/Library/Frameworks/Kerberos.framework/Frameworks/CCache.framework/Headers /System/Library/Frameworks/Kerberos.framework/Frameworks/Preferences.framework/Headers /System/Library/Frameworks/Kerberos.framework/Frameworks/KerberosSupport.framework/Headers /System/Library/Frameworks/Kerberos.framework/Frameworks/Login.framework/Headers";
+                               LIBRARY_SEARCH_PATHS = "";
+                               OPTIMIZATION_CFLAGS = "";
+                               OTHER_CFLAGS = "-imacros \"$(SRCROOT)/GSSKerberosPrefix.h\"";
+                               OTHER_LDFLAGS = "-init ___initializeK5";
+                               OTHER_LIBTOOL_FLAGS = "";
+                               OTHER_REZFLAGS = "";
+                               PRINCIPAL_CLASS = "";
+                               SECTORDER_FLAGS = "";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                               WRAPPER_EXTENSION = framework;
+                       };
+                       conditionalBuildSettings = {
+                       };
+                       dependencies = (
+                               1744760DFF5FF8DB12120111,
+                               1744760EFF5FF8DB12120111,
+                               1744760FFF5FF8DB12120111,
+                               17447610FF5FF8DB12120111,
+                       );
+                       isa = PBXFrameworkTarget;
+                       name = Kerberos5;
+                       productInstallPath = /System/Library/Frameworks/Kerberos.framework/Frameworks;
+                       productName = Kerberos5;
+                       productReference = 012574A7FF7A9C8212120111;
+                       productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
+<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
+<plist version=\"0.9\">
+<dict>
+       <key>CFBundleDevelopmentRegion</key>
+       <string>English</string>
+       <key>CFBundleExecutable</key>
+       <string></string>
+       <key>CFBundleGetInfoString</key>
+       <string></string>
+       <key>CFBundleIconFile</key>
+       <string></string>
+       <key>CFBundleIdentifier</key>
+       <string></string>
+       <key>CFBundleInfoDictionaryVersion</key>
+       <string>6.0</string>
+       <key>CFBundleName</key>
+       <string></string>
+       <key>CFBundlePackageType</key>
+       <string>FMWK</string>
+       <key>CFBundleShortVersionString</key>
+       <string></string>
+       <key>CFBundleSignature</key>
+       <string>????</string>
+       <key>CFBundleVersion</key>
+       <string>0.0.1d1</string>
+</dict>
+</plist>
+";
+                       shouldUseHeadermap = 0;
+               };
+               1744760DFF5FF8DB12120111 = {
+                       isa = PBXTargetDependency;
+                       target = 174475CBFF5EEEE312120111;
+               };
+               1744760EFF5FF8DB12120111 = {
+                       isa = PBXTargetDependency;
+                       target = 174475FDFF5EFB1212120111;
+               };
+               1744760FFF5FF8DB12120111 = {
+                       isa = PBXTargetDependency;
+                       target = 174475D2FF5EF33612120111;
+               };
+               17447610FF5FF8DB12120111 = {
+                       isa = PBXTargetDependency;
+                       target = 174475E2FF5EF80312120111;
+               };
+               17447611FF5FF8DB12120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               1744763FFF5FFA3A12120111,
+                               17447640FF5FFA3A12120111,
+                               17447641FF5FFA3A12120111,
+                               17447679FF5FFBE212120111,
+                               1744767AFF5FFBE212120111,
+                               1744767BFF5FFBE212120111,
+                               1744767CFF5FFBE212120111,
+                               1744767DFF5FFBE212120111,
+                               1744767EFF5FFBE212120111,
+                               1744769AFF5FFC2C12120111,
+                               174476ABFF5FFF5B12120111,
+                               174476ACFF5FFF5B12120111,
+                               174476ADFF5FFF5B12120111,
+                               174476AEFF5FFF5B12120111,
+                               174476AFFF5FFF5B12120111,
+                               174476BAFF5FFFA512120111,
+                               174476BBFF5FFFA512120111,
+                               174476BCFF5FFFDB12120111,
+                               174476BEFF6001C412120111,
+                               174476C0FF60027612120111,
+                               174476C2FF60031B12120111,
+                               174476EFFF60088512120111,
+                               174476F0FF60088512120111,
+                               174476F1FF60088512120111,
+                               174476F2FF60088512120111,
+                               174476F3FF60088512120111,
+                               174476F4FF60088512120111,
+                               174476F5FF60088512120111,
+                               174476F6FF60088512120111,
+                               174476F7FF60088512120111,
+                               174476F8FF60088512120111,
+                               174476F9FF60088512120111,
+                               174476FAFF60088512120111,
+                               174476FBFF60088512120111,
+                               174476FCFF60088512120111,
+                               174476FDFF60088512120111,
+                               17447726FF6024DB12120111,
+                               1744779DFF60261D12120111,
+                               1744779EFF60261D12120111,
+                               1744779FFF60261D12120111,
+                               174477A0FF60261D12120111,
+                               17447807FF60269512120111,
+                               17447808FF60269512120111,
+                               17447809FF60269512120111,
+                               1744783AFF60313B12120111,
+                               5C1373B3FF68306D12120111,
+                               5C1373B4FF68306D12120111,
+                               5C1373F1FF683B8012120111,
+                               5C1373F2FF683B8012120111,
+                               5C1373F3FF683B8012120111,
+                               5C1373F4FF683B8012120111,
+                               00CFB46CFF6D81A212120111,
+                               00CFB477FF6EA33F12120111,
+                               00CFB478FF6EA33F12120111,
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       name = Headers;
+               };
+               17447612FF5FF8DB12120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               61622FD2FF82A36412120111,
+                       );
+                       isa = PBXResourcesBuildPhase;
+                       name = "Bundle Resources";
+               };
+               17447613FF5FF8DB12120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               17447642FF5FFA3A12120111,
+                               17447643FF5FFA3A12120111,
+                               17447644FF5FFA3A12120111,
+                               17447645FF5FFA3A12120111,
+                               17447646FF5FFA3A12120111,
+                               17447647FF5FFA3A12120111,
+                               17447648FF5FFA3A12120111,
+                               17447649FF5FFA3A12120111,
+                               1744764AFF5FFA3A12120111,
+                               1744764BFF5FFA3A12120111,
+                               1744764CFF5FFA3A12120111,
+                               1744764DFF5FFA3A12120111,
+                               1744764EFF5FFA3A12120111,
+                               1744764FFF5FFA3A12120111,
+                               17447650FF5FFA3A12120111,
+                               17447651FF5FFA3A12120111,
+                               17447652FF5FFA3A12120111,
+                               17447653FF5FFA3A12120111,
+                               17447654FF5FFA3A12120111,
+                               17447655FF5FFA3A12120111,
+                               17447656FF5FFA3A12120111,
+                               17447657FF5FFA3A12120111,
+                               17447658FF5FFA3A12120111,
+                               17447659FF5FFA3A12120111,
+                               1744765AFF5FFA3A12120111,
+                               1744765BFF5FFA3A12120111,
+                               1744767FFF5FFBE212120111,
+                               17447680FF5FFBE212120111,
+                               17447681FF5FFBE212120111,
+                               17447682FF5FFBE212120111,
+                               17447683FF5FFBE212120111,
+                               17447684FF5FFBE212120111,
+                               17447685FF5FFBE212120111,
+                               17447686FF5FFBE212120111,
+                               17447687FF5FFBE212120111,
+                               17447688FF5FFBE212120111,
+                               17447689FF5FFBE212120111,
+                               1744768AFF5FFBE212120111,
+                               1744768BFF5FFBE212120111,
+                               1744768CFF5FFBE212120111,
+                               1744768DFF5FFBE212120111,
+                               1744768EFF5FFBE212120111,
+                               1744768FFF5FFBE212120111,
+                               17447690FF5FFBE212120111,
+                               17447691FF5FFBE212120111,
+                               17447692FF5FFBE212120111,
+                               17447693FF5FFBE212120111,
+                               17447694FF5FFBE212120111,
+                               17447695FF5FFBE212120111,
+                               1744769BFF5FFC2C12120111,
+                               1744769CFF5FFC2C12120111,
+                               1744769DFF5FFC2C12120111,
+                               174476B0FF5FFF5B12120111,
+                               174476B1FF5FFF5B12120111,
+                               174476B2FF5FFF5B12120111,
+                               174476B3FF5FFF5B12120111,
+                               174476B4FF5FFF5B12120111,
+                               174476B5FF5FFF5B12120111,
+                               174476B6FF5FFF5B12120111,
+                               174476B7FF5FFF5B12120111,
+                               174476FEFF60088512120111,
+                               174476FFFF60088512120111,
+                               17447700FF60088512120111,
+                               17447701FF60088512120111,
+                               17447702FF60088512120111,
+                               17447703FF60088512120111,
+                               17447704FF60088512120111,
+                               17447705FF60088512120111,
+                               17447706FF60088512120111,
+                               17447707FF60088512120111,
+                               17447708FF60088512120111,
+                               17447709FF60088512120111,
+                               1744770AFF60088512120111,
+                               1744770BFF60088512120111,
+                               1744770CFF60088512120111,
+                               1744770DFF60088512120111,
+                               17447727FF6024DB12120111,
+                               17447728FF6024DB12120111,
+                               17447729FF6024DB12120111,
+                               1744772AFF6024DB12120111,
+                               1744772BFF6024DB12120111,
+                               1744772CFF6024DB12120111,
+                               1744772DFF6024DB12120111,
+                               1744772EFF6024DB12120111,
+                               1744772FFF6024DB12120111,
+                               17447730FF6024DB12120111,
+                               17447731FF6024DB12120111,
+                               17447732FF6024DB12120111,
+                               17447733FF6024DB12120111,
+                               17447734FF6024DB12120111,
+                               17447735FF6024DB12120111,
+                               17447736FF6024DB12120111,
+                               17447737FF6024DB12120111,
+                               17447738FF6024DB12120111,
+                               17447739FF6024DB12120111,
+                               1744773AFF6024DB12120111,
+                               1744773BFF6024DB12120111,
+                               174477A1FF60261D12120111,
+                               174477A2FF60261D12120111,
+                               174477A3FF60261D12120111,
+                               174477A4FF60261D12120111,
+                               174477A5FF60261D12120111,
+                               174477A6FF60261D12120111,
+                               174477A7FF60261D12120111,
+                               174477A8FF60261D12120111,
+                               174477A9FF60261D12120111,
+                               174477AAFF60261D12120111,
+                               174477ABFF60261D12120111,
+                               174477ACFF60261D12120111,
+                               174477ADFF60261D12120111,
+                               174477AEFF60261D12120111,
+                               174477AFFF60261D12120111,
+                               174477B0FF60261D12120111,
+                               174477B1FF60261D12120111,
+                               174477B2FF60261D12120111,
+                               174477B3FF60261D12120111,
+                               174477B4FF60261D12120111,
+                               174477B5FF60261D12120111,
+                               174477B6FF60261D12120111,
+                               174477B7FF60261D12120111,
+                               174477B8FF60261D12120111,
+                               174477B9FF60261D12120111,
+                               174477BAFF60261D12120111,
+                               174477BBFF60261D12120111,
+                               174477BCFF60261D12120111,
+                               174477BDFF60261D12120111,
+                               174477BEFF60261D12120111,
+                               174477BFFF60261D12120111,
+                               174477C0FF60261D12120111,
+                               174477C1FF60261D12120111,
+                               174477C2FF60261D12120111,
+                               174477C3FF60261D12120111,
+                               174477C4FF60261D12120111,
+                               174477C5FF60261D12120111,
+                               174477C6FF60261D12120111,
+                               174477C7FF60261D12120111,
+                               174477C8FF60261D12120111,
+                               174477C9FF60261D12120111,
+                               174477CAFF60261D12120111,
+                               174477CBFF60261D12120111,
+                               174477CCFF60261D12120111,
+                               174477CDFF60261D12120111,
+                               174477CEFF60261D12120111,
+                               174477CFFF60261D12120111,
+                               174477D0FF60261D12120111,
+                               174477D1FF60261D12120111,
+                               174477D2FF60261D12120111,
+                               174477D3FF60261D12120111,
+                               174477D4FF60261D12120111,
+                               174477D5FF60261D12120111,
+                               174477D6FF60261D12120111,
+                               174477D7FF60261D12120111,
+                               174477D8FF60261D12120111,
+                               174477D9FF60261D12120111,
+                               174477DAFF60261D12120111,
+                               174477DBFF60261D12120111,
+                               174477DCFF60261D12120111,
+                               174477DDFF60261D12120111,
+                               174477DEFF60261D12120111,
+                               174477DFFF60261D12120111,
+                               174477E0FF60261D12120111,
+                               174477E1FF60261D12120111,
+                               174477E2FF60261D12120111,
+                               174477E3FF60261D12120111,
+                               174477E4FF60261D12120111,
+                               174477E5FF60261D12120111,
+                               174477E6FF60261D12120111,
+                               174477E7FF60261D12120111,
+                               174477E8FF60261D12120111,
+                               174477E9FF60261D12120111,
+                               174477EAFF60261D12120111,
+                               174477EBFF60261D12120111,
+                               174477ECFF60261D12120111,
+                               174477EDFF60261D12120111,
+                               174477EEFF60261D12120111,
+                               174477EFFF60261D12120111,
+                               174477F0FF60261D12120111,
+                               174477F1FF60261D12120111,
+                               174477F2FF60261D12120111,
+                               174477F3FF60261D12120111,
+                               174477F4FF60261D12120111,
+                               174477F5FF60261D12120111,
+                               174477F6FF60261D12120111,
+                               174477F7FF60261D12120111,
+                               174477F8FF60261D12120111,
+                               174477F9FF60261D12120111,
+                               174477FAFF60261D12120111,
+                               174477FBFF60261D12120111,
+                               174477FCFF60261D12120111,
+                               174477FDFF60261D12120111,
+                               1744780AFF60269512120111,
+                               1744780BFF60269512120111,
+                               1744780CFF60269512120111,
+                               1744780DFF60269512120111,
+                               1744780EFF60269512120111,
+                               1744780FFF60269512120111,
+                               1744783CFF60313B12120111,
+                               1744783DFF60313B12120111,
+                               1744783EFF60313B12120111,
+                               1744783FFF60313B12120111,
+                               17447840FF60313B12120111,
+                               17447841FF60313B12120111,
+                               17447842FF60313B12120111,
+                               17447843FF60313B12120111,
+                               17447844FF60313B12120111,
+                               17447845FF60313B12120111,
+                               17447846FF60313B12120111,
+                               17447847FF60313B12120111,
+                               17447848FF60313B12120111,
+                               17447849FF60313B12120111,
+                               1744784AFF60313B12120111,
+                               1744784BFF60313B12120111,
+                               1744784CFF60313B12120111,
+                               1744784DFF60313B12120111,
+                               1744784EFF60313B12120111,
+                               1744784FFF60313B12120111,
+                               17447850FF60313B12120111,
+                               17447851FF60313B12120111,
+                               17447852FF60313B12120111,
+                               17447853FF60313B12120111,
+                               17447854FF60313B12120111,
+                               17447855FF60313B12120111,
+                               17447856FF60313B12120111,
+                               17447857FF60313B12120111,
+                               17447858FF60313B12120111,
+                               17447859FF60313B12120111,
+                               1744785AFF60313B12120111,
+                               1744785BFF60313B12120111,
+                               1744785CFF60313B12120111,
+                               1744785DFF60313B12120111,
+                               1744785EFF60313B12120111,
+                               1744785FFF60313B12120111,
+                               17447860FF60313B12120111,
+                               17447861FF60313B12120111,
+                               17447862FF60313B12120111,
+                               17447863FF60313B12120111,
+                               17447873FF60323212120111,
+                               17447874FF60323212120111,
+                               17447875FF60323212120111,
+                               17447876FF60323212120111,
+                               17447877FF60323212120111,
+                               1744787BFF60323212120111,
+                               1744787DFF60323212120111,
+                               5C1373B5FF68306D12120111,
+                               5C1373B6FF68306D12120111,
+                               5C1373B7FF68306D12120111,
+                               5C1373B8FF68306D12120111,
+                               5C1373B9FF68306D12120111,
+                               5C1373BAFF68306D12120111,
+                               5C1373BBFF68306D12120111,
+                               5C1373BCFF68306D12120111,
+                               5C1373BDFF68306D12120111,
+                               5C1373BEFF68306D12120111,
+                               5C1373BFFF68306D12120111,
+                               5C1373C0FF68306D12120111,
+                               5C1373C1FF68306D12120111,
+                               5C1373C2FF68306D12120111,
+                               5C1373C3FF68306D12120111,
+                               5C1373C4FF68306D12120111,
+                               5C1373C5FF68306D12120111,
+                               5C1373C6FF68306D12120111,
+                               5C1373C7FF68306D12120111,
+                               5C1373C8FF68306D12120111,
+                               5C1373F5FF683B8012120111,
+                               5C1373F6FF683B8012120111,
+                               5C1373F7FF683B8012120111,
+                               5C1373F8FF683B8012120111,
+                               5C1373F9FF683B8012120111,
+                               5C1373FAFF683B8012120111,
+                               5C1373FBFF683B8012120111,
+                               5C1373FCFF683B8012120111,
+                               5C1373FDFF683B8012120111,
+                               5C1373FEFF683B8012120111,
+                               5C1373FFFF683B8012120111,
+                               5C137400FF683B8012120111,
+                               5C137401FF683B8012120111,
+                               5C137402FF683B8012120111,
+                               5C137403FF683B8012120111,
+                               5C137404FF683B8012120111,
+                               5C137405FF683B8012120111,
+                               5C137406FF683B8012120111,
+                               5C137407FF683B8012120111,
+                               5C137408FF683B8012120111,
+                               5C137409FF683B8012120111,
+                               5C13740AFF683B8012120111,
+                               5C13740BFF683B8012120111,
+                               5C13740CFF683B8012120111,
+                               5C13740DFF683B8012120111,
+                               5C13740EFF683B8012120111,
+                               5C13740FFF683B8012120111,
+                               5C137410FF683B8012120111,
+                               5C137411FF683B8012120111,
+                               5C137412FF683B8012120111,
+                               5C137413FF683B8012120111,
+                               5C137414FF683B8012120111,
+                               5C137415FF683B8012120111,
+                               5C137416FF683B8012120111,
+                               00CFB46DFF6D81A212120111,
+                               00CFB479FF6EA33F12120111,
+                               00CFB47AFF6EA33F12120111,
+                               61622FDBFF85346F12120111,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       name = Sources;
+               };
+               17447614FF5FF8DB12120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               1744770EFF60088512120111,
+                               1744770FFF60088512120111,
+                               00CFB47CFF6EA3C312120111,
+                               0F801493FF9A8D33126500C7,
+                               41D6B54A0029FA1112120111,
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       name = "Frameworks & Libraries";
+               };
+               17447615FF5FF8DB12120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       name = "ResourceManager Resources";
+               };
+               17447616FF5FFA3A12120111 = {
+                       children = (
+                               17447617FF5FFA3A12120111,
+                               17447618FF5FFA3A12120111,
+                               17447619FF5FFA3A12120111,
+                               1744761AFF5FFA3A12120111,
+                               1744761BFF5FFA3A12120111,
+                               1744761CFF5FFA3A12120111,
+                               1744761DFF5FFA3A12120111,
+                               1744761EFF5FFA3A12120111,
+                               1744761FFF5FFA3A12120111,
+                               17447620FF5FFA3A12120111,
+                               17447621FF5FFA3A12120111,
+                               17447622FF5FFA3A12120111,
+                               17447623FF5FFA3A12120111,
+                               17447624FF5FFA3A12120111,
+                               17447625FF5FFA3A12120111,
+                               17447626FF5FFA3A12120111,
+                               17447627FF5FFA3A12120111,
+                               17447628FF5FFA3A12120111,
+                               17447629FF5FFA3A12120111,
+                               1744762AFF5FFA3A12120111,
+                               1744762BFF5FFA3A12120111,
+                               1744762CFF5FFA3A12120111,
+                               1744762DFF5FFA3A12120111,
+                               1744762EFF5FFA3A12120111,
+                               1744762FFF5FFA3A12120111,
+                               17447630FF5FFA3A12120111,
+                               17447631FF5FFA3A12120111,
+                               17447632FF5FFA3A12120111,
+                               17447633FF5FFA3A12120111,
+                               17447634FF5FFA3A12120111,
+                               17447635FF5FFA3A12120111,
+                               17447636FF5FFA3A12120111,
+                               17447637FF5FFA3A12120111,
+                               17447638FF5FFA3A12120111,
+                               17447639FF5FFA3A12120111,
+                               1744763AFF5FFA3A12120111,
+                               1744763BFF5FFA3A12120111,
+                               1744763CFF5FFA3A12120111,
+                               1744763DFF5FFA3A12120111,
+                               1744763EFF5FFA3A12120111,
+                       );
+                       isa = PBXGroup;
+                       name = crypto;
+                       path = ../lib/crypto;
+                       refType = 2;
+               };
+               17447617FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = block_size.c;
+                       refType = 4;
+               };
+               17447618FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = checksum_length.c;
+                       refType = 4;
+               };
+               17447619FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = cksumtypes.c;
+                       refType = 4;
+               };
+               1744761AFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = cksumtypes.h;
+                       refType = 4;
+               };
+               1744761BFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = cksumtype_to_string.c;
+                       refType = 4;
+               };
+               1744761CFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = coll_proof_cksum.c;
+                       refType = 4;
+               };
+               1744761DFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = crypto_libinit.c;
+                       refType = 4;
+               };
+               1744761EFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = crypto_libinit.h;
+                       refType = 4;
+               };
+               1744761FFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = decrypt.c;
+                       refType = 4;
+               };
+               17447620FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = encrypt.c;
+                       refType = 4;
+               };
+               17447621FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = encrypt_length.c;
+                       refType = 4;
+               };
+               17447622FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = enctype_compare.c;
+                       refType = 4;
+               };
+               17447623FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = enctype_to_string.c;
+                       refType = 4;
+               };
+               17447624FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = etypes.c;
+                       refType = 4;
+               };
+               17447625FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = etypes.h;
+                       refType = 4;
+               };
+               17447626FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = hmac.c;
+                       refType = 4;
+               };
+               17447627FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = keyed_checksum_types.c;
+                       refType = 4;
+               };
+               17447628FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = keyed_cksum.c;
+                       refType = 4;
+               };
+               17447629FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = make_checksum.c;
+                       refType = 4;
+               };
+               1744762AFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = make_random_key.c;
+                       refType = 4;
+               };
+               1744762BFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = nfold.c;
+                       refType = 4;
+               };
+               1744762CFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = old_api_glue.c;
+                       refType = 4;
+               };
+               1744762DFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = prng.c;
+                       refType = 4;
+               };
+               1744762EFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = string_to_cksumtype.c;
+                       refType = 4;
+               };
+               1744762FFF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = string_to_enctype.c;
+                       refType = 4;
+               };
+               17447630FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = string_to_key.c;
+                       refType = 4;
+               };
+               17447631FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = valid_cksumtype.c;
+                       refType = 4;
+               };
+               17447632FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = valid_enctype.c;
+                       refType = 4;
+               };
+               17447633FF5FFA3A12120111 = {
+                       isa = PBXFileReference;
+                       path = verify_checksum.c;
+                       refType = 4;
+               };
+               17447634FF5FFA3A12120111 = {
+                       children = (
+                               1744765CFF5FFBE212120111,
+                               1744765DFF5FFBE212120111,
+                       );
+                       isa = PBXGroup;
+                       path = crc32;
+                       refType = 4;
+               };
+               17447635FF5FFA3A12120111 = {
+                       children = (
+                               1744765EFF5FFBE212120111,
+                               1744765FFF5FFBE212120111,
+                               17447660FF5FFBE212120111,
+                               17447661FF5FFBE212120111,
+                               17447662FF5FFBE212120111,
+                               17447663FF5FFBE212120111,
+                               17447664FF5FFBE212120111,
+                               17447665FF5FFBE212120111,
+                               17447666FF5FFBE212120111,
+                               17447667FF5FFBE212120111,
+                               17447668FF5FFBE212120111,
+                               17447669FF5FFBE212120111,
+                               1744766AFF5FFBE212120111,
+                       );
+                       isa = PBXGroup;
+                       path = des;
+                       refType = 4;
+               };
+               17447636FF5FFA3A12120111 = {
+                       children = (
+                               1744766BFF5FFBE212120111,
+                               1744766CFF5FFBE212120111,
+                               1744766DFF5FFBE212120111,
+                               1744766EFF5FFBE212120111,
+                               1744766FFF5FFBE212120111,
+                               17447670FF5FFBE212120111,
+                       );
+                       isa = PBXGroup;
+                       path = dk;
+                       refType = 4;
+               };
+               17447637FF5FFA3A12120111 = {
+                       children = (
+                               17447671FF5FFBE212120111,
+                               17447672FF5FFBE212120111,
+                               17447673FF5FFBE212120111,
+                       );
+                       isa = PBXGroup;
+                       path = enc_provider;
+                       refType = 4;
+               };
+               17447638FF5FFA3A12120111 = {
+                       children = (
+                               17447674FF5FFBE212120111,
+                               17447675FF5FFBE212120111,
+                               17447676FF5FFBE212120111,
+                               17447677FF5FFBE212120111,
+                               17447678FF5FFBE212120111,
+                       );
+                       isa = PBXGroup;
+                       path = hash_provider;
+                       refType = 4;
+               };
+               17447639FF5FFA3A12120111 = {
+                       children = (
+                               17447696FF5FFC2C12120111,
+                               17447697FF5FFC2C12120111,
+                               17447698FF5FFC2C12120111,
+                               17447699FF5FFC2C12120111,
+                       );
+                       isa = PBXGroup;
+                       path = keyhash_provider;
+                       refType = 4;
+               };
+               1744763AFF5FFA3A12120111 = {
+                       children = (
+                               1744769EFF5FFF5B12120111,
+                               1744769FFF5FFF5B12120111,
+                       );
+                       isa = PBXGroup;
+                       path = md4;
+                       refType = 4;
+               };
+               1744763BFF5FFA3A12120111 = {
+                       children = (
+                               174476A0FF5FFF5B12120111,
+                               174476A1FF5FFF5B12120111,
+                       );
+                       isa = PBXGroup;
+                       path = md5;
+                       refType = 4;
+               };
+               1744763CFF5FFA3A12120111 = {
+                       children = (
+                               174476A2FF5FFF5B12120111,
+                               174476A3FF5FFF5B12120111,
+                               174476A4FF5FFF5B12120111,
+                               174476A5FF5FFF5B12120111,
+                       );
+                       isa = PBXGroup;
+                       path = old;
+                       refType = 4;
+               };
+               1744763DFF5FFA3A12120111 = {
+                       children = (
+                               174476A6FF5FFF5B12120111,
+                               174476A7FF5FFF5B12120111,
+                               174476A8FF5FFF5B12120111,
+                       );
+                       isa = PBXGroup;
+                       path = raw;
+                       refType = 4;
+               };
+               1744763EFF5FFA3A12120111 = {
+                       children = (
+                               174476A9FF5FFF5B12120111,
+                               174476AAFF5FFF5B12120111,
+                       );
+                       isa = PBXGroup;
+                       path = sha1;
+                       refType = 4;
+               };
+               1744763FFF5FFA3A12120111 = {
+                       fileRef = 1744761AFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447640FF5FFA3A12120111 = {
+                       fileRef = 1744761EFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447641FF5FFA3A12120111 = {
+                       fileRef = 17447625FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447642FF5FFA3A12120111 = {
+                       fileRef = 17447617FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447643FF5FFA3A12120111 = {
+                       fileRef = 17447618FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447644FF5FFA3A12120111 = {
+                       fileRef = 17447619FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447645FF5FFA3A12120111 = {
+                       fileRef = 1744761BFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447646FF5FFA3A12120111 = {
+                       fileRef = 1744761CFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447647FF5FFA3A12120111 = {
+                       fileRef = 1744761DFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447648FF5FFA3A12120111 = {
+                       fileRef = 1744761FFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447649FF5FFA3A12120111 = {
+                       fileRef = 17447620FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744764AFF5FFA3A12120111 = {
+                       fileRef = 17447621FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744764BFF5FFA3A12120111 = {
+                       fileRef = 17447622FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744764CFF5FFA3A12120111 = {
+                       fileRef = 17447623FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744764DFF5FFA3A12120111 = {
+                       fileRef = 17447624FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744764EFF5FFA3A12120111 = {
+                       fileRef = 17447626FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744764FFF5FFA3A12120111 = {
+                       fileRef = 17447627FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447650FF5FFA3A12120111 = {
+                       fileRef = 17447628FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447651FF5FFA3A12120111 = {
+                       fileRef = 17447629FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447652FF5FFA3A12120111 = {
+                       fileRef = 1744762AFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447653FF5FFA3A12120111 = {
+                       fileRef = 1744762BFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447654FF5FFA3A12120111 = {
+                       fileRef = 1744762CFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447655FF5FFA3A12120111 = {
+                       fileRef = 1744762DFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447656FF5FFA3A12120111 = {
+                       fileRef = 1744762EFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447657FF5FFA3A12120111 = {
+                       fileRef = 1744762FFF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447658FF5FFA3A12120111 = {
+                       fileRef = 17447630FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447659FF5FFA3A12120111 = {
+                       fileRef = 17447631FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744765AFF5FFA3A12120111 = {
+                       fileRef = 17447632FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744765BFF5FFA3A12120111 = {
+                       fileRef = 17447633FF5FFA3A12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744765CFF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = crc32.c;
+                       refType = 4;
+               };
+               1744765DFF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = "crc-32.h";
+                       refType = 4;
+               };
+               1744765EFF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = afsstring2key.c;
+                       refType = 4;
+               };
+               1744765FFF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = d3_cbc.c;
+                       refType = 4;
+               };
+               17447660FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = d3_kysched.c;
+                       refType = 4;
+               };
+               17447661FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = des_int.h;
+                       refType = 4;
+               };
+               17447662FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = f_cbc.c;
+                       refType = 4;
+               };
+               17447663FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = f_cksum.c;
+                       refType = 4;
+               };
+               17447664FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = f_parity.c;
+                       refType = 4;
+               };
+               17447665FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = f_sched.c;
+                       refType = 4;
+               };
+               17447666FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = f_tables.c;
+                       refType = 4;
+               };
+               17447667FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = f_tables.h;
+                       refType = 4;
+               };
+               17447668FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = key_sched.c;
+                       refType = 4;
+               };
+               17447669FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = string2key.c;
+                       refType = 4;
+               };
+               1744766AFF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = weak_key.c;
+                       refType = 4;
+               };
+               1744766BFF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = checksum.c;
+                       refType = 4;
+               };
+               1744766CFF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = derive.c;
+                       refType = 4;
+               };
+               1744766DFF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = dk.h;
+                       refType = 4;
+               };
+               1744766EFF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = dk_decrypt.c;
+                       refType = 4;
+               };
+               1744766FFF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = dk_encrypt.c;
+                       refType = 4;
+               };
+               17447670FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = stringtokey.c;
+                       refType = 4;
+               };
+               17447671FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = des.c;
+                       refType = 4;
+               };
+               17447672FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = des3.c;
+                       refType = 4;
+               };
+               17447673FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = enc_provider.h;
+                       refType = 4;
+               };
+               17447674FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = hash_crc32.c;
+                       refType = 4;
+               };
+               17447675FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = hash_md4.c;
+                       refType = 4;
+               };
+               17447676FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = hash_md5.c;
+                       refType = 4;
+               };
+               17447677FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = hash_provider.h;
+                       refType = 4;
+               };
+               17447678FF5FFBE212120111 = {
+                       isa = PBXFileReference;
+                       path = hash_sha1.c;
+                       refType = 4;
+               };
+               17447679FF5FFBE212120111 = {
+                       fileRef = 1744765DFF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744767AFF5FFBE212120111 = {
+                       fileRef = 17447661FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744767BFF5FFBE212120111 = {
+                       fileRef = 17447667FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744767CFF5FFBE212120111 = {
+                       fileRef = 1744766DFF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744767DFF5FFBE212120111 = {
+                       fileRef = 17447673FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744767EFF5FFBE212120111 = {
+                       fileRef = 17447677FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744767FFF5FFBE212120111 = {
+                       fileRef = 1744765CFF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447680FF5FFBE212120111 = {
+                       fileRef = 1744765EFF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447681FF5FFBE212120111 = {
+                       fileRef = 1744765FFF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447682FF5FFBE212120111 = {
+                       fileRef = 17447660FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447683FF5FFBE212120111 = {
+                       fileRef = 17447662FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447684FF5FFBE212120111 = {
+                       fileRef = 17447663FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447685FF5FFBE212120111 = {
+                       fileRef = 17447664FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447686FF5FFBE212120111 = {
+                       fileRef = 17447665FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447687FF5FFBE212120111 = {
+                       fileRef = 17447666FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447688FF5FFBE212120111 = {
+                       fileRef = 17447668FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447689FF5FFBE212120111 = {
+                       fileRef = 17447669FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744768AFF5FFBE212120111 = {
+                       fileRef = 1744766AFF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744768BFF5FFBE212120111 = {
+                       fileRef = 1744766BFF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744768CFF5FFBE212120111 = {
+                       fileRef = 1744766CFF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744768DFF5FFBE212120111 = {
+                       fileRef = 1744766EFF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744768EFF5FFBE212120111 = {
+                       fileRef = 1744766FFF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744768FFF5FFBE212120111 = {
+                       fileRef = 17447670FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447690FF5FFBE212120111 = {
+                       fileRef = 17447671FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447691FF5FFBE212120111 = {
+                       fileRef = 17447672FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447692FF5FFBE212120111 = {
+                       fileRef = 17447674FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447693FF5FFBE212120111 = {
+                       fileRef = 17447675FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447694FF5FFBE212120111 = {
+                       fileRef = 17447676FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447695FF5FFBE212120111 = {
+                       fileRef = 17447678FF5FFBE212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447696FF5FFC2C12120111 = {
+                       isa = PBXFileReference;
+                       path = descbc.c;
+                       refType = 4;
+               };
+               17447697FF5FFC2C12120111 = {
+                       isa = PBXFileReference;
+                       path = k5_md4des.c;
+                       refType = 4;
+               };
+               17447698FF5FFC2C12120111 = {
+                       isa = PBXFileReference;
+                       path = k5_md5des.c;
+                       refType = 4;
+               };
+               17447699FF5FFC2C12120111 = {
+                       isa = PBXFileReference;
+                       path = keyhash_provider.h;
+                       refType = 4;
+               };
+               1744769AFF5FFC2C12120111 = {
+                       fileRef = 17447699FF5FFC2C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744769BFF5FFC2C12120111 = {
+                       fileRef = 17447696FF5FFC2C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744769CFF5FFC2C12120111 = {
+                       fileRef = 17447697FF5FFC2C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744769DFF5FFC2C12120111 = {
+                       fileRef = 17447698FF5FFC2C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744769EFF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = md4.c;
+                       refType = 4;
+               };
+               1744769FFF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = "rsa-md4.h";
+                       refType = 4;
+               };
+               174476A0FF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = md5.c;
+                       refType = 4;
+               };
+               174476A1FF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = "rsa-md5.h";
+                       refType = 4;
+               };
+               174476A2FF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = des_stringtokey.c;
+                       refType = 4;
+               };
+               174476A3FF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = old.h;
+                       refType = 4;
+               };
+               174476A4FF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = old_decrypt.c;
+                       refType = 4;
+               };
+               174476A5FF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = old_encrypt.c;
+                       refType = 4;
+               };
+               174476A6FF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = raw.h;
+                       refType = 4;
+               };
+               174476A7FF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = raw_decrypt.c;
+                       refType = 4;
+               };
+               174476A8FF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = raw_encrypt.c;
+                       refType = 4;
+               };
+               174476A9FF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = shs.c;
+                       refType = 4;
+               };
+               174476AAFF5FFF5B12120111 = {
+                       isa = PBXFileReference;
+                       path = shs.h;
+                       refType = 4;
+               };
+               174476ABFF5FFF5B12120111 = {
+                       fileRef = 174476A1FF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476ACFF5FFF5B12120111 = {
+                       fileRef = 1744769FFF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476ADFF5FFF5B12120111 = {
+                       fileRef = 174476A3FF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476AEFF5FFF5B12120111 = {
+                       fileRef = 174476A6FF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476AFFF5FFF5B12120111 = {
+                       fileRef = 174476AAFF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476B0FF5FFF5B12120111 = {
+                       fileRef = 1744769EFF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476B1FF5FFF5B12120111 = {
+                       fileRef = 174476A0FF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476B2FF5FFF5B12120111 = {
+                       fileRef = 174476A2FF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476B3FF5FFF5B12120111 = {
+                       fileRef = 174476A4FF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476B4FF5FFF5B12120111 = {
+                       fileRef = 174476A5FF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476B5FF5FFF5B12120111 = {
+                       fileRef = 174476A7FF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476B6FF5FFF5B12120111 = {
+                       fileRef = 174476A8FF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476B7FF5FFF5B12120111 = {
+                       fileRef = 174476A9FF5FFF5B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476B8FF5FFFA512120111 = {
+                       isa = PBXFileReference;
+                       name = "k5-int.h";
+                       path = "../include/k5-int.h";
+                       refType = 2;
+               };
+               174476B9FF5FFFA512120111 = {
+                       isa = PBXFileReference;
+                       name = krb5.h;
+                       path = ../include/krb5.h;
+                       refType = 2;
+               };
+               174476BAFF5FFFA512120111 = {
+                       fileRef = 174476B8FF5FFFA512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476BBFF5FFFA512120111 = {
+                       fileRef = 174476B9FF5FFFA512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Public,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476BCFF5FFFDB12120111 = {
+                       fileRef = 17447607FF5F046812120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476BDFF6001C412120111 = {
+                       isa = PBXFileReference;
+                       name = kdb.h;
+                       path = ../include/krb5/kdb.h;
+                       refType = 2;
+               };
+               174476BEFF6001C412120111 = {
+                       fileRef = 174476BDFF6001C412120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476BFFF60027612120111 = {
+                       isa = PBXFileReference;
+                       name = osconf.h;
+                       path = ../include/krb5/stock/osconf.h;
+                       refType = 2;
+               };
+               174476C0FF60027612120111 = {
+                       fileRef = 174476BFFF60027612120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476C1FF60031B12120111 = {
+                       isa = PBXFileReference;
+                       name = autoconf.h;
+                       path = ../include/autoconf.h;
+                       refType = 2;
+               };
+               174476C2FF60031B12120111 = {
+                       fileRef = 174476C1FF60031B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476C3FF60070212120111 = {
+                       children = (
+                               00CFB46AFF6D81A212120111,
+                               00CFB46BFF6D81A212120111,
+                               174476C4FF60076112120111,
+                               174476C5FF60076112120111,
+                               174476C6FF60076112120111,
+                               174476C7FF60076112120111,
+                               174476C8FF60076112120111,
+                               174476C9FF60076112120111,
+                               174476CAFF60076112120111,
+                               174476CBFF60076112120111,
+                       );
+                       isa = PBXGroup;
+                       name = krb5;
+                       path = ../lib/krb5;
+                       refType = 2;
+               };
+               174476C4FF60076112120111 = {
+                       children = (
+                               174476CEFF60088512120111,
+                               174476CFFF60088512120111,
+                               174476D0FF60088512120111,
+                               174476D1FF60088512120111,
+                               174476D2FF60088512120111,
+                               174476D3FF60088512120111,
+                               174476D4FF60088512120111,
+                               174476D5FF60088512120111,
+                               174476D6FF60088512120111,
+                               174476D7FF60088512120111,
+                               174476D8FF60088512120111,
+                       );
+                       isa = PBXGroup;
+                       path = error_tables;
+                       refType = 4;
+               };
+               174476C5FF60076112120111 = {
+                       children = (
+                               174476D9FF60088512120111,
+                               174476DAFF60088512120111,
+                               174476DBFF60088512120111,
+                               174476DCFF60088512120111,
+                               174476DDFF60088512120111,
+                               174476DEFF60088512120111,
+                               174476DFFF60088512120111,
+                               174476E0FF60088512120111,
+                               174476E1FF60088512120111,
+                               174476E2FF60088512120111,
+                               174476E3FF60088512120111,
+                               174476E4FF60088512120111,
+                               174476E5FF60088512120111,
+                               174476E6FF60088512120111,
+                               174476E7FF60088512120111,
+                               174476E8FF60088512120111,
+                               174476E9FF60088512120111,
+                               174476EAFF60088512120111,
+                               174476EBFF60088512120111,
+                               174476ECFF60088512120111,
+                       );
+                       isa = PBXGroup;
+                       path = asn.1;
+                       refType = 4;
+               };
+               174476C6FF60076112120111 = {
+                       children = (
+                               00CFB472FF6EA33F12120111,
+                               5C1373C9FF683B8012120111,
+                               5C1373DAFF683B8012120111,
+                               5C137387FF682C2F12120111,
+                               17447864FF60323212120111,
+                               17447865FF60323212120111,
+                               17447866FF60323212120111,
+                               17447867FF60323212120111,
+                               1744786BFF60323212120111,
+                               1744786FFF60323212120111,
+                       );
+                       isa = PBXGroup;
+                       path = ccache;
+                       refType = 4;
+               };
+               174476C7FF60076112120111 = {
+                       children = (
+                               17447710FF6024DB12120111,
+                               17447711FF6024DB12120111,
+                               17447712FF6024DB12120111,
+                               17447713FF6024DB12120111,
+                               17447714FF6024DB12120111,
+                               17447715FF6024DB12120111,
+                               174476EDFF60088512120111,
+                               174476EEFF60088512120111,
+                       );
+                       isa = PBXGroup;
+                       path = keytab;
+                       refType = 4;
+               };
+               174476C8FF60076112120111 = {
+                       children = (
+                               17447746FF60261D12120111,
+                               17447747FF60261D12120111,
+                               17447748FF60261D12120111,
+                               17447749FF60261D12120111,
+                               1744774AFF60261D12120111,
+                               1744774BFF60261D12120111,
+                               1744774CFF60261D12120111,
+                               1744774DFF60261D12120111,
+                               1744774EFF60261D12120111,
+                               1744774FFF60261D12120111,
+                               17447750FF60261D12120111,
+                               17447751FF60261D12120111,
+                               17447752FF60261D12120111,
+                               17447753FF60261D12120111,
+                               17447754FF60261D12120111,
+                               17447755FF60261D12120111,
+                               17447756FF60261D12120111,
+                               17447757FF60261D12120111,
+                               17447758FF60261D12120111,
+                               17447759FF60261D12120111,
+                               1744775AFF60261D12120111,
+                               1744775BFF60261D12120111,
+                               1744775CFF60261D12120111,
+                               1744775DFF60261D12120111,
+                               1744775EFF60261D12120111,
+                               1744775FFF60261D12120111,
+                               17447760FF60261D12120111,
+                               17447761FF60261D12120111,
+                               17447762FF60261D12120111,
+                               17447763FF60261D12120111,
+                               17447764FF60261D12120111,
+                               17447765FF60261D12120111,
+                               17447766FF60261D12120111,
+                               17447767FF60261D12120111,
+                               17447768FF60261D12120111,
+                               17447769FF60261D12120111,
+                               1744776AFF60261D12120111,
+                               1744776BFF60261D12120111,
+                               1744776CFF60261D12120111,
+                               1744776DFF60261D12120111,
+                               1744776EFF60261D12120111,
+                               1744776FFF60261D12120111,
+                               17447770FF60261D12120111,
+                               17447771FF60261D12120111,
+                               17447772FF60261D12120111,
+                               17447773FF60261D12120111,
+                               17447774FF60261D12120111,
+                               17447775FF60261D12120111,
+                               17447776FF60261D12120111,
+                               17447777FF60261D12120111,
+                               17447778FF60261D12120111,
+                               17447779FF60261D12120111,
+                               1744777AFF60261D12120111,
+                               1744777BFF60261D12120111,
+                               1744777CFF60261D12120111,
+                               1744777DFF60261D12120111,
+                               1744777EFF60261D12120111,
+                               1744777FFF60261D12120111,
+                               17447780FF60261D12120111,
+                               17447781FF60261D12120111,
+                               17447782FF60261D12120111,
+                               17447783FF60261D12120111,
+                               17447784FF60261D12120111,
+                               17447785FF60261D12120111,
+                               17447786FF60261D12120111,
+                               17447787FF60261D12120111,
+                               17447788FF60261D12120111,
+                               17447789FF60261D12120111,
+                               1744778AFF60261D12120111,
+                               1744778BFF60261D12120111,
+                               1744778CFF60261D12120111,
+                               1744778DFF60261D12120111,
+                               1744778EFF60261D12120111,
+                               1744778FFF60261D12120111,
+                               17447790FF60261D12120111,
+                               17447791FF60261D12120111,
+                               17447792FF60261D12120111,
+                               17447793FF60261D12120111,
+                               17447794FF60261D12120111,
+                               17447795FF60261D12120111,
+                               17447796FF60261D12120111,
+                               17447797FF60261D12120111,
+                               17447798FF60261D12120111,
+                               17447799FF60261D12120111,
+                               1744779AFF60261D12120111,
+                               1744779BFF60261D12120111,
+                               1744779CFF60261D12120111,
+                       );
+                       isa = PBXGroup;
+                       path = krb;
+                       refType = 4;
+               };
+               174476C9FF60076112120111 = {
+                       children = (
+                               174477FEFF60269512120111,
+                               174477FFFF60269512120111,
+                               17447800FF60269512120111,
+                               17447801FF60269512120111,
+                               17447802FF60269512120111,
+                               17447803FF60269512120111,
+                               17447804FF60269512120111,
+                               17447805FF60269512120111,
+                               17447806FF60269512120111,
+                       );
+                       isa = PBXGroup;
+                       path = rcache;
+                       refType = 4;
+               };
+               174476CAFF60076112120111 = {
+                       children = (
+                               17447811FF60313B12120111,
+                               17447812FF60313B12120111,
+                               17447813FF60313B12120111,
+                               17447814FF60313B12120111,
+                               17447815FF60313B12120111,
+                               17447816FF60313B12120111,
+                               17447817FF60313B12120111,
+                               17447818FF60313B12120111,
+                               17447819FF60313B12120111,
+                               1744781AFF60313B12120111,
+                               1744781BFF60313B12120111,
+                               1744781CFF60313B12120111,
+                               1744781DFF60313B12120111,
+                               1744781EFF60313B12120111,
+                               1744781FFF60313B12120111,
+                               17447820FF60313B12120111,
+                               17447821FF60313B12120111,
+                               17447822FF60313B12120111,
+                               17447823FF60313B12120111,
+                               17447824FF60313B12120111,
+                               17447825FF60313B12120111,
+                               17447826FF60313B12120111,
+                               17447827FF60313B12120111,
+                               17447828FF60313B12120111,
+                               17447829FF60313B12120111,
+                               1744782AFF60313B12120111,
+                               1744782BFF60313B12120111,
+                               1744782CFF60313B12120111,
+                               1744782DFF60313B12120111,
+                               1744782EFF60313B12120111,
+                               1744782FFF60313B12120111,
+                               17447830FF60313B12120111,
+                               17447831FF60313B12120111,
+                               17447832FF60313B12120111,
+                               17447833FF60313B12120111,
+                               17447834FF60313B12120111,
+                               17447835FF60313B12120111,
+                               17447836FF60313B12120111,
+                               17447837FF60313B12120111,
+                               17447838FF60313B12120111,
+                               17447839FF60313B12120111,
+                       );
+                       isa = PBXGroup;
+                       path = os;
+                       refType = 4;
+               };
+               174476CBFF60076112120111 = {
+                       children = (
+                               17447870FF60323212120111,
+                       );
+                       isa = PBXGroup;
+                       path = posix;
+                       refType = 4;
+               };
+               174476CCFF60088512120111 = {
+                       isa = PBXFrameworkReference;
+                       path = ComErr.framework;
+                       refType = 3;
+               };
+               174476CDFF60088512120111 = {
+                       isa = PBXFrameworkReference;
+                       path = Profile.framework;
+                       refType = 3;
+               };
+               174476CEFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = adm_err.c;
+                       refType = 4;
+               };
+               174476CFFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = adm_err.h;
+                       refType = 4;
+               };
+               174476D0FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_err.c;
+                       refType = 4;
+               };
+               174476D1FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_err.h;
+                       refType = 4;
+               };
+               174476D2FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = init_ets.c;
+                       refType = 4;
+               };
+               174476D3FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = kdb5_err.c;
+                       refType = 4;
+               };
+               174476D4FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = kdb5_err.h;
+                       refType = 4;
+               };
+               174476D5FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = krb5_err.c;
+                       refType = 4;
+               };
+               174476D6FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = krb5_err.h;
+                       refType = 4;
+               };
+               174476D7FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = kv5m_err.c;
+                       refType = 4;
+               };
+               174476D8FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = kv5m_err.h;
+                       refType = 4;
+               };
+               174476D9FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1buf.c;
+                       refType = 4;
+               };
+               174476DAFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1buf.h;
+                       refType = 4;
+               };
+               174476DBFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_decode.c;
+                       refType = 4;
+               };
+               174476DCFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_decode.h;
+                       refType = 4;
+               };
+               174476DDFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_encode.c;
+                       refType = 4;
+               };
+               174476DEFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_encode.h;
+                       refType = 4;
+               };
+               174476DFFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_get.c;
+                       refType = 4;
+               };
+               174476E0FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_get.h;
+                       refType = 4;
+               };
+               174476E1FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1glue.h;
+                       refType = 4;
+               };
+               174476E2FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_k_decode.c;
+                       refType = 4;
+               };
+               174476E3FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_k_decode.h;
+                       refType = 4;
+               };
+               174476E4FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_k_encode.c;
+                       refType = 4;
+               };
+               174476E5FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_k_encode.h;
+                       refType = 4;
+               };
+               174476E6FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_make.c;
+                       refType = 4;
+               };
+               174476E7FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_make.h;
+                       refType = 4;
+               };
+               174476E8FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_misc.c;
+                       refType = 4;
+               };
+               174476E9FF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = asn1_misc.h;
+                       refType = 4;
+               };
+               174476EAFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = krb5_decode.c;
+                       refType = 4;
+               };
+               174476EBFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = krb5_encode.c;
+                       refType = 4;
+               };
+               174476ECFF60088512120111 = {
+                       isa = PBXFileReference;
+                       path = krbasn1.h;
+                       refType = 4;
+               };
+               174476EDFF60088512120111 = {
+                       children = (
+                               17447716FF6024DB12120111,
+                               17447717FF6024DB12120111,
+                               17447718FF6024DB12120111,
+                               17447719FF6024DB12120111,
+                               1744771AFF6024DB12120111,
+                               1744771BFF6024DB12120111,
+                               1744771CFF6024DB12120111,
+                               1744771DFF6024DB12120111,
+                               1744771EFF6024DB12120111,
+                               1744771FFF6024DB12120111,
+                               17447720FF6024DB12120111,
+                               17447721FF6024DB12120111,
+                               17447722FF6024DB12120111,
+                               17447723FF6024DB12120111,
+                               17447724FF6024DB12120111,
+                               17447725FF6024DB12120111,
+                       );
+                       isa = PBXGroup;
+                       path = file;
+                       refType = 4;
+               };
+               174476EEFF60088512120111 = {
+                       children = (
+                               1744773CFF60261D12120111,
+                               1744773DFF60261D12120111,
+                               1744773EFF60261D12120111,
+                               1744773FFF60261D12120111,
+                               17447740FF60261D12120111,
+                               17447741FF60261D12120111,
+                               17447742FF60261D12120111,
+                               17447743FF60261D12120111,
+                               17447744FF60261D12120111,
+                               17447745FF60261D12120111,
+                       );
+                       isa = PBXGroup;
+                       path = srvtab;
+                       refType = 4;
+               };
+               174476EFFF60088512120111 = {
+                       fileRef = 174476CFFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476F0FF60088512120111 = {
+                       fileRef = 174476D1FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476F1FF60088512120111 = {
+                       fileRef = 174476D4FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476F2FF60088512120111 = {
+                       fileRef = 174476D6FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476F3FF60088512120111 = {
+                       fileRef = 174476D8FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476F4FF60088512120111 = {
+                       fileRef = 174476DAFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476F5FF60088512120111 = {
+                       fileRef = 174476DCFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476F6FF60088512120111 = {
+                       fileRef = 174476DEFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476F7FF60088512120111 = {
+                       fileRef = 174476E0FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476F8FF60088512120111 = {
+                       fileRef = 174476E1FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476F9FF60088512120111 = {
+                       fileRef = 174476E3FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476FAFF60088512120111 = {
+                       fileRef = 174476E5FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476FBFF60088512120111 = {
+                       fileRef = 174476E7FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476FCFF60088512120111 = {
+                       fileRef = 174476E9FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476FDFF60088512120111 = {
+                       fileRef = 174476ECFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476FEFF60088512120111 = {
+                       fileRef = 174476CEFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174476FFFF60088512120111 = {
+                       fileRef = 174476D0FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447700FF60088512120111 = {
+                       fileRef = 174476D2FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447701FF60088512120111 = {
+                       fileRef = 174476D3FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447702FF60088512120111 = {
+                       fileRef = 174476D5FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447703FF60088512120111 = {
+                       fileRef = 174476D7FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447704FF60088512120111 = {
+                       fileRef = 174476D9FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447705FF60088512120111 = {
+                       fileRef = 174476DBFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447706FF60088512120111 = {
+                       fileRef = 174476DDFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447707FF60088512120111 = {
+                       fileRef = 174476DFFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447708FF60088512120111 = {
+                       fileRef = 174476E2FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447709FF60088512120111 = {
+                       fileRef = 174476E4FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744770AFF60088512120111 = {
+                       fileRef = 174476E6FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744770BFF60088512120111 = {
+                       fileRef = 174476E8FF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744770CFF60088512120111 = {
+                       fileRef = 174476EAFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744770DFF60088512120111 = {
+                       fileRef = 174476EBFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744770EFF60088512120111 = {
+                       fileRef = 174476CCFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744770FFF60088512120111 = {
+                       fileRef = 174476CDFF60088512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447710FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktadd.c;
+                       refType = 4;
+               };
+               17447711FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktbase.c;
+                       refType = 4;
+               };
+               17447712FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktdefault.c;
+                       refType = 4;
+               };
+               17447713FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktfr_entry.c;
+                       refType = 4;
+               };
+               17447714FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktremove.c;
+                       refType = 4;
+               };
+               17447715FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = read_servi.c;
+                       refType = 4;
+               };
+               17447716FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_add.c;
+                       refType = 4;
+               };
+               17447717FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_close.c;
+                       refType = 4;
+               };
+               17447718FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_defops.c;
+                       refType = 4;
+               };
+               17447719FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_endget.c;
+                       refType = 4;
+               };
+               1744771AFF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_g_ent.c;
+                       refType = 4;
+               };
+               1744771BFF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_g_name.c;
+                       refType = 4;
+               };
+               1744771CFF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktfile.h;
+                       refType = 4;
+               };
+               1744771DFF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_next.c;
+                       refType = 4;
+               };
+               1744771EFF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_ops.c;
+                       refType = 4;
+               };
+               1744771FFF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_remove.c;
+                       refType = 4;
+               };
+               17447720FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_resolv.c;
+                       refType = 4;
+               };
+               17447721FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_ssget.c;
+                       refType = 4;
+               };
+               17447722FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_util.c;
+                       refType = 4;
+               };
+               17447723FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_wops.c;
+                       refType = 4;
+               };
+               17447724FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ktf_wreslv.c;
+                       refType = 4;
+               };
+               17447725FF6024DB12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_ktf.c;
+                       refType = 4;
+               };
+               17447726FF6024DB12120111 = {
+                       fileRef = 1744771CFF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447727FF6024DB12120111 = {
+                       fileRef = 17447710FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447728FF6024DB12120111 = {
+                       fileRef = 17447711FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447729FF6024DB12120111 = {
+                       fileRef = 17447712FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744772AFF6024DB12120111 = {
+                       fileRef = 17447713FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744772BFF6024DB12120111 = {
+                       fileRef = 17447714FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744772CFF6024DB12120111 = {
+                       fileRef = 17447715FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744772DFF6024DB12120111 = {
+                       fileRef = 17447716FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744772EFF6024DB12120111 = {
+                       fileRef = 17447717FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744772FFF6024DB12120111 = {
+                       fileRef = 17447718FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447730FF6024DB12120111 = {
+                       fileRef = 17447719FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447731FF6024DB12120111 = {
+                       fileRef = 1744771AFF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447732FF6024DB12120111 = {
+                       fileRef = 1744771BFF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447733FF6024DB12120111 = {
+                       fileRef = 1744771DFF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447734FF6024DB12120111 = {
+                       fileRef = 1744771EFF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447735FF6024DB12120111 = {
+                       fileRef = 1744771FFF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447736FF6024DB12120111 = {
+                       fileRef = 17447720FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447737FF6024DB12120111 = {
+                       fileRef = 17447721FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447738FF6024DB12120111 = {
+                       fileRef = 17447722FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447739FF6024DB12120111 = {
+                       fileRef = 17447723FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744773AFF6024DB12120111 = {
+                       fileRef = 17447724FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744773BFF6024DB12120111 = {
+                       fileRef = 17447725FF6024DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744773CFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kts_close.c;
+                       refType = 4;
+               };
+               1744773DFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kts_endget.c;
+                       refType = 4;
+               };
+               1744773EFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kts_g_ent.c;
+                       refType = 4;
+               };
+               1744773FFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kts_g_name.c;
+                       refType = 4;
+               };
+               17447740FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kts_next.c;
+                       refType = 4;
+               };
+               17447741FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kts_ops.c;
+                       refType = 4;
+               };
+               17447742FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kts_resolv.c;
+                       refType = 4;
+               };
+               17447743FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = ktsrvtab.h;
+                       refType = 4;
+               };
+               17447744FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kts_ssget.c;
+                       refType = 4;
+               };
+               17447745FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kts_util.c;
+                       refType = 4;
+               };
+               17447746FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = addr_comp.c;
+                       refType = 4;
+               };
+               17447747FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = addr_order.c;
+                       refType = 4;
+               };
+               17447748FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = addr_srch.c;
+                       refType = 4;
+               };
+               17447749FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = appdefault.c;
+                       refType = 4;
+               };
+               1744774AFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = auth_con.c;
+                       refType = 4;
+               };
+               1744774BFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = auth_con.h;
+                       refType = 4;
+               };
+               1744774CFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = bld_pr_ext.c;
+                       refType = 4;
+               };
+               1744774DFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = bld_princ.c;
+                       refType = 4;
+               };
+               1744774EFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = chk_trans.c;
+                       refType = 4;
+               };
+               1744774FFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = chpw.c;
+                       refType = 4;
+               };
+               17447750FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = cleanup.h;
+                       refType = 4;
+               };
+               17447751FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = conv_princ.c;
+                       refType = 4;
+               };
+               17447752FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = copy_addrs.c;
+                       refType = 4;
+               };
+               17447753FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = copy_athctr.c;
+                       refType = 4;
+               };
+               17447754FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = copy_auth.c;
+                       refType = 4;
+               };
+               17447755FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = copy_cksum.c;
+                       refType = 4;
+               };
+               17447756FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = copy_creds.c;
+                       refType = 4;
+               };
+               17447757FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = copy_data.c;
+                       refType = 4;
+               };
+               17447758FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = copy_key.c;
+                       refType = 4;
+               };
+               17447759FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = copy_princ.c;
+                       refType = 4;
+               };
+               1744775AFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = copy_tick.c;
+                       refType = 4;
+               };
+               1744775BFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = cp_key_cnt.c;
+                       refType = 4;
+               };
+               1744775CFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = decode_kdc.c;
+                       refType = 4;
+               };
+               1744775DFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = decrypt_tk.c;
+                       refType = 4;
+               };
+               1744775EFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = deltat.c;
+                       refType = 4;
+               };
+               1744775FFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = enc_helper.c;
+                       refType = 4;
+               };
+               17447760FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = encode_kdc.c;
+                       refType = 4;
+               };
+               17447761FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = encrypt_tk.c;
+                       refType = 4;
+               };
+               17447762FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = free_rtree.c;
+                       refType = 4;
+               };
+               17447763FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = fwd_tgt.c;
+                       refType = 4;
+               };
+               17447764FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = gc_frm_kdc.c;
+                       refType = 4;
+               };
+               17447765FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = gc_via_tkt.c;
+                       refType = 4;
+               };
+               17447766FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = gen_seqnum.c;
+                       refType = 4;
+               };
+               17447767FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = gen_subkey.c;
+                       refType = 4;
+               };
+               17447768FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = get_creds.c;
+                       refType = 4;
+               };
+               17447769FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = get_in_tkt.c;
+                       refType = 4;
+               };
+               1744776AFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = gic_keytab.c;
+                       refType = 4;
+               };
+               1744776BFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = gic_opt.c;
+                       refType = 4;
+               };
+               1744776CFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = gic_pwd.c;
+                       refType = 4;
+               };
+               1744776DFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = init_ctx.c;
+                       refType = 4;
+               };
+               1744776EFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = in_tkt_ktb.c;
+                       refType = 4;
+               };
+               1744776FFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = in_tkt_pwd.c;
+                       refType = 4;
+               };
+               17447770FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = in_tkt_sky.c;
+                       refType = 4;
+               };
+               17447771FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = "int-proto.h";
+                       refType = 4;
+               };
+               17447772FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kdc_rep_dc.c;
+                       refType = 4;
+               };
+               17447773FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = kfree.c;
+                       refType = 4;
+               };
+               17447774FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = mk_cred.c;
+                       refType = 4;
+               };
+               17447775FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = mk_error.c;
+                       refType = 4;
+               };
+               17447776FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = mk_priv.c;
+                       refType = 4;
+               };
+               17447777FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = mk_rep.c;
+                       refType = 4;
+               };
+               17447778FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = mk_req.c;
+                       refType = 4;
+               };
+               17447779FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = mk_req_ext.c;
+                       refType = 4;
+               };
+               1744777AFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = mk_safe.c;
+                       refType = 4;
+               };
+               1744777BFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = parse.c;
+                       refType = 4;
+               };
+               1744777CFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = preauth.c;
+                       refType = 4;
+               };
+               1744777DFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = preauth2.c;
+                       refType = 4;
+               };
+               1744777EFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = princ_comp.c;
+                       refType = 4;
+               };
+               1744777FFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = pr_to_salt.c;
+                       refType = 4;
+               };
+               17447780FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = rd_cred.c;
+                       refType = 4;
+               };
+               17447781FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = rd_error.c;
+                       refType = 4;
+               };
+               17447782FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = rd_priv.c;
+                       refType = 4;
+               };
+               17447783FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = rd_rep.c;
+                       refType = 4;
+               };
+               17447784FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = rd_req.c;
+                       refType = 4;
+               };
+               17447785FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = rd_req_dec.c;
+                       refType = 4;
+               };
+               17447786FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = rd_safe.c;
+                       refType = 4;
+               };
+               17447787FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = recvauth.c;
+                       refType = 4;
+               };
+               17447788FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = sendauth.c;
+                       refType = 4;
+               };
+               17447789FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = send_tgs.c;
+                       refType = 4;
+               };
+               1744778AFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_actx.c;
+                       refType = 4;
+               };
+               1744778BFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_adata.c;
+                       refType = 4;
+               };
+               1744778CFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_addr.c;
+                       refType = 4;
+               };
+               1744778DFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_auth.c;
+                       refType = 4;
+               };
+               1744778EFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_cksum.c;
+                       refType = 4;
+               };
+               1744778FFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_ctx.c;
+                       refType = 4;
+               };
+               17447790FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_eblk.c;
+                       refType = 4;
+               };
+               17447791FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = serialize.c;
+                       refType = 4;
+               };
+               17447792FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_key.c;
+                       refType = 4;
+               };
+               17447793FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_princ.c;
+                       refType = 4;
+               };
+               17447794FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = set_realm.c;
+                       refType = 4;
+               };
+               17447795FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = srv_rcache.c;
+                       refType = 4;
+               };
+               17447796FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = str_conv.c;
+                       refType = 4;
+               };
+               17447797FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = tgtname.c;
+                       refType = 4;
+               };
+               17447798FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = unparse.c;
+                       refType = 4;
+               };
+               17447799FF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = valid_times.c;
+                       refType = 4;
+               };
+               1744779AFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = vfy_increds.c;
+                       refType = 4;
+               };
+               1744779BFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = vic_opt.c;
+                       refType = 4;
+               };
+               1744779CFF60261D12120111 = {
+                       isa = PBXFileReference;
+                       path = walk_rtree.c;
+                       refType = 4;
+               };
+               1744779DFF60261D12120111 = {
+                       fileRef = 17447743FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744779EFF60261D12120111 = {
+                       fileRef = 1744774BFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744779FFF60261D12120111 = {
+                       fileRef = 17447750FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477A0FF60261D12120111 = {
+                       fileRef = 17447771FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477A1FF60261D12120111 = {
+                       fileRef = 1744773CFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477A2FF60261D12120111 = {
+                       fileRef = 1744773DFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477A3FF60261D12120111 = {
+                       fileRef = 1744773EFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477A4FF60261D12120111 = {
+                       fileRef = 1744773FFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477A5FF60261D12120111 = {
+                       fileRef = 17447740FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477A6FF60261D12120111 = {
+                       fileRef = 17447741FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477A7FF60261D12120111 = {
+                       fileRef = 17447742FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477A8FF60261D12120111 = {
+                       fileRef = 17447744FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477A9FF60261D12120111 = {
+                       fileRef = 17447745FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477AAFF60261D12120111 = {
+                       fileRef = 17447746FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477ABFF60261D12120111 = {
+                       fileRef = 17447747FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477ACFF60261D12120111 = {
+                       fileRef = 17447748FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477ADFF60261D12120111 = {
+                       fileRef = 17447749FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477AEFF60261D12120111 = {
+                       fileRef = 1744774AFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477AFFF60261D12120111 = {
+                       fileRef = 1744774CFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477B0FF60261D12120111 = {
+                       fileRef = 1744774DFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477B1FF60261D12120111 = {
+                       fileRef = 1744774EFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477B2FF60261D12120111 = {
+                       fileRef = 1744774FFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477B3FF60261D12120111 = {
+                       fileRef = 17447751FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477B4FF60261D12120111 = {
+                       fileRef = 17447752FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477B5FF60261D12120111 = {
+                       fileRef = 17447753FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477B6FF60261D12120111 = {
+                       fileRef = 17447754FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477B7FF60261D12120111 = {
+                       fileRef = 17447755FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477B8FF60261D12120111 = {
+                       fileRef = 17447756FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477B9FF60261D12120111 = {
+                       fileRef = 17447757FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477BAFF60261D12120111 = {
+                       fileRef = 17447758FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477BBFF60261D12120111 = {
+                       fileRef = 17447759FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477BCFF60261D12120111 = {
+                       fileRef = 1744775AFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477BDFF60261D12120111 = {
+                       fileRef = 1744775BFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477BEFF60261D12120111 = {
+                       fileRef = 1744775CFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477BFFF60261D12120111 = {
+                       fileRef = 1744775DFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477C0FF60261D12120111 = {
+                       fileRef = 1744775EFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477C1FF60261D12120111 = {
+                       fileRef = 1744775FFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477C2FF60261D12120111 = {
+                       fileRef = 17447760FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477C3FF60261D12120111 = {
+                       fileRef = 17447761FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477C4FF60261D12120111 = {
+                       fileRef = 17447762FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477C5FF60261D12120111 = {
+                       fileRef = 17447763FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477C6FF60261D12120111 = {
+                       fileRef = 17447764FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477C7FF60261D12120111 = {
+                       fileRef = 17447765FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477C8FF60261D12120111 = {
+                       fileRef = 17447766FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477C9FF60261D12120111 = {
+                       fileRef = 17447767FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477CAFF60261D12120111 = {
+                       fileRef = 17447768FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477CBFF60261D12120111 = {
+                       fileRef = 17447769FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477CCFF60261D12120111 = {
+                       fileRef = 1744776AFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477CDFF60261D12120111 = {
+                       fileRef = 1744776BFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477CEFF60261D12120111 = {
+                       fileRef = 1744776CFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477CFFF60261D12120111 = {
+                       fileRef = 1744776DFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477D0FF60261D12120111 = {
+                       fileRef = 1744776EFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477D1FF60261D12120111 = {
+                       fileRef = 1744776FFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477D2FF60261D12120111 = {
+                       fileRef = 17447770FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477D3FF60261D12120111 = {
+                       fileRef = 17447772FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477D4FF60261D12120111 = {
+                       fileRef = 17447773FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477D5FF60261D12120111 = {
+                       fileRef = 17447774FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477D6FF60261D12120111 = {
+                       fileRef = 17447775FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477D7FF60261D12120111 = {
+                       fileRef = 17447776FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477D8FF60261D12120111 = {
+                       fileRef = 17447777FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477D9FF60261D12120111 = {
+                       fileRef = 17447778FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477DAFF60261D12120111 = {
+                       fileRef = 17447779FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477DBFF60261D12120111 = {
+                       fileRef = 1744777AFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477DCFF60261D12120111 = {
+                       fileRef = 1744777BFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477DDFF60261D12120111 = {
+                       fileRef = 1744777CFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477DEFF60261D12120111 = {
+                       fileRef = 1744777DFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477DFFF60261D12120111 = {
+                       fileRef = 1744777EFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477E0FF60261D12120111 = {
+                       fileRef = 1744777FFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477E1FF60261D12120111 = {
+                       fileRef = 17447780FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477E2FF60261D12120111 = {
+                       fileRef = 17447781FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477E3FF60261D12120111 = {
+                       fileRef = 17447782FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477E4FF60261D12120111 = {
+                       fileRef = 17447783FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477E5FF60261D12120111 = {
+                       fileRef = 17447784FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477E6FF60261D12120111 = {
+                       fileRef = 17447785FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477E7FF60261D12120111 = {
+                       fileRef = 17447786FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477E8FF60261D12120111 = {
+                       fileRef = 17447787FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477E9FF60261D12120111 = {
+                       fileRef = 17447788FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477EAFF60261D12120111 = {
+                       fileRef = 17447789FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477EBFF60261D12120111 = {
+                       fileRef = 1744778AFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477ECFF60261D12120111 = {
+                       fileRef = 1744778BFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477EDFF60261D12120111 = {
+                       fileRef = 1744778CFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477EEFF60261D12120111 = {
+                       fileRef = 1744778DFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477EFFF60261D12120111 = {
+                       fileRef = 1744778EFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477F0FF60261D12120111 = {
+                       fileRef = 1744778FFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477F1FF60261D12120111 = {
+                       fileRef = 17447790FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477F2FF60261D12120111 = {
+                       fileRef = 17447791FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477F3FF60261D12120111 = {
+                       fileRef = 17447792FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477F4FF60261D12120111 = {
+                       fileRef = 17447793FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477F5FF60261D12120111 = {
+                       fileRef = 17447794FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477F6FF60261D12120111 = {
+                       fileRef = 17447795FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477F7FF60261D12120111 = {
+                       fileRef = 17447796FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477F8FF60261D12120111 = {
+                       fileRef = 17447797FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477F9FF60261D12120111 = {
+                       fileRef = 17447798FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477FAFF60261D12120111 = {
+                       fileRef = 17447799FF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477FBFF60261D12120111 = {
+                       fileRef = 1744779AFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477FCFF60261D12120111 = {
+                       fileRef = 1744779BFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477FDFF60261D12120111 = {
+                       fileRef = 1744779CFF60261D12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               174477FEFF60269512120111 = {
+                       isa = PBXFileReference;
+                       path = rc_base.c;
+                       refType = 4;
+               };
+               174477FFFF60269512120111 = {
+                       isa = PBXFileReference;
+                       path = rc_base.h;
+                       refType = 4;
+               };
+               17447800FF60269512120111 = {
+                       isa = PBXFileReference;
+                       path = rc_conv.c;
+                       refType = 4;
+               };
+               17447801FF60269512120111 = {
+                       isa = PBXFileReference;
+                       path = rcdef.c;
+                       refType = 4;
+               };
+               17447802FF60269512120111 = {
+                       isa = PBXFileReference;
+                       path = rc_dfl.c;
+                       refType = 4;
+               };
+               17447803FF60269512120111 = {
+                       isa = PBXFileReference;
+                       path = rc_dfl.h;
+                       refType = 4;
+               };
+               17447804FF60269512120111 = {
+                       isa = PBXFileReference;
+                       path = rc_io.c;
+                       refType = 4;
+               };
+               17447805FF60269512120111 = {
+                       isa = PBXFileReference;
+                       path = rc_io.h;
+                       refType = 4;
+               };
+               17447806FF60269512120111 = {
+                       isa = PBXFileReference;
+                       path = ser_rc.c;
+                       refType = 4;
+               };
+               17447807FF60269512120111 = {
+                       fileRef = 174477FFFF60269512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447808FF60269512120111 = {
+                       fileRef = 17447803FF60269512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447809FF60269512120111 = {
+                       fileRef = 17447805FF60269512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744780AFF60269512120111 = {
+                       fileRef = 174477FEFF60269512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744780BFF60269512120111 = {
+                       fileRef = 17447800FF60269512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744780CFF60269512120111 = {
+                       fileRef = 17447801FF60269512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744780DFF60269512120111 = {
+                       fileRef = 17447802FF60269512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744780EFF60269512120111 = {
+                       fileRef = 17447804FF60269512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744780FFF60269512120111 = {
+                       fileRef = 17447806FF60269512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447811FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = an_to_ln.c;
+                       refType = 4;
+               };
+               17447812FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = ccdefname.c;
+                       refType = 4;
+               };
+               17447813FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = changepw.c;
+                       refType = 4;
+               };
+               17447814FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = c_ustime.c;
+                       refType = 4;
+               };
+               17447815FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = def_realm.c;
+                       refType = 4;
+               };
+               17447816FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = free_hstrl.c;
+                       refType = 4;
+               };
+               17447817FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = free_krbhs.c;
+                       refType = 4;
+               };
+               17447818FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = full_ipadr.c;
+                       refType = 4;
+               };
+               17447819FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = genaddrs.c;
+                       refType = 4;
+               };
+               1744781AFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = gen_port.c;
+                       refType = 4;
+               };
+               1744781BFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = gen_rname.c;
+                       refType = 4;
+               };
+               1744781CFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = get_krbhst.c;
+                       refType = 4;
+               };
+               1744781DFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = gmt_mktime.c;
+                       refType = 4;
+               };
+               1744781EFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = hostaddr.c;
+                       refType = 4;
+               };
+               1744781FFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = hst_realm.c;
+                       refType = 4;
+               };
+               17447820FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = init_os_ctx.c;
+                       refType = 4;
+               };
+               17447821FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = krbfileio.c;
+                       refType = 4;
+               };
+               17447822FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = ktdefname.c;
+                       refType = 4;
+               };
+               17447823FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = kuserok.c;
+                       refType = 4;
+               };
+               17447824FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = localaddr.c;
+                       refType = 4;
+               };
+               17447825FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = locate_kdc.c;
+                       refType = 4;
+               };
+               17447826FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = lock_file.c;
+                       refType = 4;
+               };
+               17447827FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = mk_faddr.c;
+                       refType = 4;
+               };
+               17447828FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = net_read.c;
+                       refType = 4;
+               };
+               17447829FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = net_write.c;
+                       refType = 4;
+               };
+               1744782AFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = osconfig.c;
+                       refType = 4;
+               };
+               1744782BFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = "os-proto.h";
+                       refType = 4;
+               };
+               1744782CFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = port2ip.c;
+                       refType = 4;
+               };
+               1744782DFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = prompter.c;
+                       refType = 4;
+               };
+               1744782EFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = promptusr.c;
+                       refType = 4;
+               };
+               1744782FFF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = read_msg.c;
+                       refType = 4;
+               };
+               17447830FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = read_pwd.c;
+                       refType = 4;
+               };
+               17447831FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = realm_dom.c;
+                       refType = 4;
+               };
+               17447832FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = realm_iter.c;
+                       refType = 4;
+               };
+               17447833FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = sendto_kdc.c;
+                       refType = 4;
+               };
+               17447834FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = sn2princ.c;
+                       refType = 4;
+               };
+               17447835FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = timeofday.c;
+                       refType = 4;
+               };
+               17447836FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = toffset.c;
+                       refType = 4;
+               };
+               17447837FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = unlck_file.c;
+                       refType = 4;
+               };
+               17447838FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = ustime.c;
+                       refType = 4;
+               };
+               17447839FF60313B12120111 = {
+                       isa = PBXFileReference;
+                       path = write_msg.c;
+                       refType = 4;
+               };
+               1744783AFF60313B12120111 = {
+                       fileRef = 1744782BFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744783CFF60313B12120111 = {
+                       fileRef = 17447811FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744783DFF60313B12120111 = {
+                       fileRef = 17447812FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744783EFF60313B12120111 = {
+                       fileRef = 17447813FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744783FFF60313B12120111 = {
+                       fileRef = 17447814FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447840FF60313B12120111 = {
+                       fileRef = 17447815FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447841FF60313B12120111 = {
+                       fileRef = 17447816FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447842FF60313B12120111 = {
+                       fileRef = 17447817FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447843FF60313B12120111 = {
+                       fileRef = 17447818FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447844FF60313B12120111 = {
+                       fileRef = 17447819FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447845FF60313B12120111 = {
+                       fileRef = 1744781AFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447846FF60313B12120111 = {
+                       fileRef = 1744781BFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447847FF60313B12120111 = {
+                       fileRef = 1744781CFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447848FF60313B12120111 = {
+                       fileRef = 1744781DFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447849FF60313B12120111 = {
+                       fileRef = 1744781EFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744784AFF60313B12120111 = {
+                       fileRef = 1744781FFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744784BFF60313B12120111 = {
+                       fileRef = 17447820FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744784CFF60313B12120111 = {
+                       fileRef = 17447821FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744784DFF60313B12120111 = {
+                       fileRef = 17447822FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744784EFF60313B12120111 = {
+                       fileRef = 17447823FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744784FFF60313B12120111 = {
+                       fileRef = 17447824FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447850FF60313B12120111 = {
+                       fileRef = 17447825FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447851FF60313B12120111 = {
+                       fileRef = 17447826FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447852FF60313B12120111 = {
+                       fileRef = 17447827FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447853FF60313B12120111 = {
+                       fileRef = 17447828FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447854FF60313B12120111 = {
+                       fileRef = 17447829FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447855FF60313B12120111 = {
+                       fileRef = 1744782AFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447856FF60313B12120111 = {
+                       fileRef = 1744782CFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447857FF60313B12120111 = {
+                       fileRef = 1744782DFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447858FF60313B12120111 = {
+                       fileRef = 1744782EFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447859FF60313B12120111 = {
+                       fileRef = 1744782FFF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744785AFF60313B12120111 = {
+                       fileRef = 17447830FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744785BFF60313B12120111 = {
+                       fileRef = 17447831FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744785CFF60313B12120111 = {
+                       fileRef = 17447832FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744785DFF60313B12120111 = {
+                       fileRef = 17447833FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744785EFF60313B12120111 = {
+                       fileRef = 17447834FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744785FFF60313B12120111 = {
+                       fileRef = 17447835FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447860FF60313B12120111 = {
+                       fileRef = 17447836FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447861FF60313B12120111 = {
+                       fileRef = 17447837FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447862FF60313B12120111 = {
+                       fileRef = 17447838FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447863FF60313B12120111 = {
+                       fileRef = 17447839FF60313B12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447864FF60323212120111 = {
+                       isa = PBXFileReference;
+                       path = ccbase.c;
+                       refType = 4;
+               };
+               17447865FF60323212120111 = {
+                       isa = PBXFileReference;
+                       path = cccopy.c;
+                       refType = 4;
+               };
+               17447866FF60323212120111 = {
+                       isa = PBXFileReference;
+                       path = ccdefault.c;
+                       refType = 4;
+               };
+               17447867FF60323212120111 = {
+                       isa = PBXFileReference;
+                       path = ccdefops.c;
+                       refType = 4;
+               };
+               1744786BFF60323212120111 = {
+                       isa = PBXFileReference;
+                       path = cc_retr.c;
+                       refType = 4;
+               };
+               1744786FFF60323212120111 = {
+                       isa = PBXFileReference;
+                       path = ser_cc.c;
+                       refType = 4;
+               };
+               17447870FF60323212120111 = {
+                       isa = PBXFileReference;
+                       path = setenv.c;
+                       refType = 4;
+               };
+               17447873FF60323212120111 = {
+                       fileRef = 17447870FF60323212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447874FF60323212120111 = {
+                       fileRef = 17447864FF60323212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447875FF60323212120111 = {
+                       fileRef = 17447865FF60323212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447876FF60323212120111 = {
+                       fileRef = 17447866FF60323212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               17447877FF60323212120111 = {
+                       fileRef = 17447867FF60323212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744787BFF60323212120111 = {
+                       fileRef = 1744786BFF60323212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               1744787DFF60323212120111 = {
+                       fileRef = 1744786FFF60323212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               25C77492FF52D03A12120111 = {
+                       isa = PBXProject;
+                       mainGroup = 25C77493FF52D03A12120111;
+                       productRefGroup = 25C77493FF52D03A12120111;
+                       projectDirPath = .;
+                       targets = (
+                               174475CBFF5EEEE312120111,
+                               174475D2FF5EF33612120111,
+                               174475E2FF5EF80312120111,
+                               174475FDFF5EFB1212120111,
+                               1744760CFF5FF8DB12120111,
+                               5C1372EBFF6546C412120111,
+                               00F24293FFB75B2612120156,
+                               00F2429EFFB75F1512120156,
+                               00F242A5FFB75FA712120156,
+                               00F242ADFFB760BC12120156,
+                       );
+               };
+               25C77493FF52D03A12120111 = {
+                       children = (
+                               174475CAFF5EEEE312120111,
+                               174475FEFF5EFBEA12120111,
+                               17447607FF5F046812120111,
+                               174475CDFF5EF33612120111,
+                               174475E8FF5EF8A512120111,
+                               1744760AFF5FF8DB12120111,
+                               5C1372E8FF6546C412120111,
+                               0101EC5DFF8FDD1B7F000001,
+                               0101EC5EFF8FE67C7F000001,
+                               00F24299FFB75CD112120156,
+                       );
+                       isa = PBXGroup;
+                       refType = 4;
+               };
+               41D6B5480029FA1112120111 = {
+                       isa = PBXFrameworkReference;
+                       name = Login.framework;
+                       path = /System/Library/Frameworks/Kerberos.framework/Frameworks/Login.framework;
+                       refType = 0;
+               };
+               41D6B5490029FA1112120111 = {
+                       isa = PBXFrameworkReference;
+                       name = Login.framework;
+                       path = /System/Library/Frameworks/Kerberos.framework/Frameworks/Login.framework;
+                       refType = 0;
+               };
+               41D6B54A0029FA1112120111 = {
+                       fileRef = 41D6B5480029FA1112120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               41D6B54B0029FA1112120111 = {
+                       fileRef = 174476B8FF5FFFA512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               41D6B54C0029FA1112120111 = {
+                       fileRef = 41D6B5490029FA1112120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               4E933A40FF828AEA12120111 = {
+                       isa = PBXFileReference;
+                       path = et.pbexp;
+                       refType = 4;
+               };
+               4E933A41FF828AEA12120111 = {
+                       fileRef = 4E933A40FF828AEA12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               4E933A42FF828B8512120111 = {
+                       isa = PBXFileReference;
+                       path = profile.pbexp;
+                       refType = 4;
+               };
+               4E933A43FF828B8612120111 = {
+                       fileRef = 4E933A42FF828B8512120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               4E933A44FF82905F12120111 = {
+                       isa = PBXFileReference;
+                       path = et_c.awk;
+                       refType = 4;
+               };
+               4E933A45FF82905F12120111 = {
+                       isa = PBXFileReference;
+                       path = et_h.awk;
+                       refType = 4;
+               };
+               5C1372E8FF6546C412120111 = {
+                       children = (
+                               012574A8FF7A9C8212120111,
+                               5C1372EAFF6546C412120111,
+                               5C137376FF654C0212120111,
+                               5C137384FF6824DB12120111,
+                               41D6B5490029FA1112120111,
+                               61622FDEFF88D9AF12120111,
+                               61622FD8FF85304012120111,
+                               5C1372F4FF65475012120111,
+                               5C1372F5FF65475012120111,
+                               5C1372FCFF654A8C12120111,
+                               5C137379FF659EB012120111,
+                               5C13737BFF65A0CC12120111,
+                               5C13737FFF65A41212120111,
+                               00CFB470FF6D8BB312120111,
+                               5C137382FF67F12E12120111,
+                               5C1372F6FF65475012120111,
+                               5C1372F7FF65475012120111,
+                       );
+                       isa = PBXGroup;
+                       name = GSS;
+                       path = ../lib/gssapi;
+                       refType = 2;
+               };
+               5C1372EAFF6546C412120111 = {
+                       isa = PBXFrameworkReference;
+                       path = Kerberos5.framework;
+                       refType = 3;
+               };
+               5C1372EBFF6546C412120111 = {
+                       buildPhases = (
+                               5C1372EDFF6546C412120111,
+                               5C1372EFFF6546C412120111,
+                               5C1372F0FF6546C412120111,
+                               5C1372F1FF6546C412120111,
+                               5C1372F3FF6546C412120111,
+                       );
+                       buildSettings = {
+                               DYLIB_COMPATIBILITY_VERSION = 1;
+                               DYLIB_CURRENT_VERSION = 1;
+                               EXPORTED_SYMBOLS_FILE = "$(SRCROOT)/GSSLibrary.pbexp";
+                               FRAMEWORK_SEARCH_PATHS = "";
+                               FRAMEWORK_VERSION = A;
+                               HEADER_SEARCH_PATHS = "\"/System/Library/Frameworks/CarbonCore.framework/Headers\" \"$(SYMROOT)/Kerberos5.framework/Headers\" \"$(SYMROOT)/Profile.framework/Headers\" \"$(SYMROOT)/ComErr.framework/Headers\"";
+                               LIBRARY_SEARCH_PATHS = "";
+                               OPTIMIZATION_CFLAGS = "";
+                               OTHER_CFLAGS = "-imacros \"$(SRCROOT)/GSSKerberosPrefix.h\"";
+                               OTHER_LDFLAGS = "-init ___initializeGSS";
+                               OTHER_LIBTOOL_FLAGS = "";
+                               OTHER_REZFLAGS = "";
+                               PRINCIPAL_CLASS = "";
+                               SECTORDER_FLAGS = "";
+                               WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+                               WRAPPER_EXTENSION = framework;
+                       };
+                       conditionalBuildSettings = {
+                       };
+                       dependencies = (
+                               5C137377FF654C0212120111,
+                               5C1372ECFF6546C412120111,
+                               5C137386FF6825B212120111,
+                       );
+                       isa = PBXFrameworkTarget;
+                       name = GSS;
+                       productInstallPath = /System/Library/Frameworks/Kerberos.framework/Frameworks;
+                       productName = GSS;
+                       productReference = 012574A8FF7A9C8212120111;
+                       productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
+<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
+<plist version=\"0.9\">
+<dict>
+       <key>CFBundleDevelopmentRegion</key>
+       <string>English</string>
+       <key>CFBundleExecutable</key>
+       <string></string>
+       <key>CFBundleGetInfoString</key>
+       <string></string>
+       <key>CFBundleIconFile</key>
+       <string></string>
+       <key>CFBundleIdentifier</key>
+       <string></string>
+       <key>CFBundleInfoDictionaryVersion</key>
+       <string>6.0</string>
+       <key>CFBundleName</key>
+       <string></string>
+       <key>CFBundlePackageType</key>
+       <string>FMWK</string>
+       <key>CFBundleShortVersionString</key>
+       <string></string>
+       <key>CFBundleSignature</key>
+       <string>????</string>
+       <key>CFBundleVersion</key>
+       <string>0.0.1d1</string>
+</dict>
+</plist>
+";
+                       shouldUseHeadermap = 0;
+               };
+               5C1372ECFF6546C412120111 = {
+                       isa = PBXTargetDependency;
+                       target = 1744760CFF5FF8DB12120111;
+               };
+               5C1372EDFF6546C412120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               5C1372EEFF6546C412120111,
+                               5C1372F8FF65475012120111,
+                               5C137336FF654A8C12120111,
+                               5C137337FF654A8C12120111,
+                               5C137338FF654A8C12120111,
+                               5C137339FF654A8C12120111,
+                               5C137374FF654AE912120111,
+                               5C13737EFF65A0CC12120111,
+                               5C137380FF65A41212120111,
+                               5C137383FF67F12E12120111,
+                               00CFB471FF6D8BB412120111,
+                               41D6B54B0029FA1112120111,
+                       );
+                       isa = PBXHeadersBuildPhase;
+                       name = Headers;
+               };
+               5C1372EEFF6546C412120111 = {
+                       fileRef = 17447607FF5F046812120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1372EFFF6546C412120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               61622FD9FF85304012120111,
+                       );
+                       isa = PBXResourcesBuildPhase;
+                       name = "Bundle Resources";
+               };
+               5C1372F0FF6546C412120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               5C1372F9FF65475012120111,
+                               5C13733AFF654A8C12120111,
+                               5C13733BFF654A8C12120111,
+                               5C13733CFF654A8C12120111,
+                               5C13733DFF654A8C12120111,
+                               5C13733EFF654A8C12120111,
+                               5C13733FFF654A8C12120111,
+                               5C137340FF654A8C12120111,
+                               5C137341FF654A8C12120111,
+                               5C137342FF654A8C12120111,
+                               5C137343FF654A8C12120111,
+                               5C137344FF654A8C12120111,
+                               5C137345FF654A8C12120111,
+                               5C137346FF654A8C12120111,
+                               5C137347FF654A8C12120111,
+                               5C137348FF654A8C12120111,
+                               5C137349FF654A8C12120111,
+                               5C13734AFF654A8C12120111,
+                               5C13734BFF654A8C12120111,
+                               5C13734CFF654A8C12120111,
+                               5C13734DFF654A8C12120111,
+                               5C13734EFF654A8C12120111,
+                               5C13734FFF654A8C12120111,
+                               5C137350FF654A8C12120111,
+                               5C137351FF654A8C12120111,
+                               5C137352FF654A8C12120111,
+                               5C137353FF654A8C12120111,
+                               5C137354FF654A8C12120111,
+                               5C137355FF654A8C12120111,
+                               5C137356FF654A8C12120111,
+                               5C137357FF654A8C12120111,
+                               5C137358FF654A8C12120111,
+                               5C137359FF654A8C12120111,
+                               5C13735AFF654A8C12120111,
+                               5C13735BFF654A8C12120111,
+                               5C13735CFF654A8C12120111,
+                               5C13735DFF654A8C12120111,
+                               5C13735EFF654A8C12120111,
+                               5C13735FFF654A8C12120111,
+                               5C137360FF654A8C12120111,
+                               5C137361FF654A8C12120111,
+                               5C137362FF654A8C12120111,
+                               5C137363FF654A8C12120111,
+                               5C137364FF654A8C12120111,
+                               5C137365FF654A8C12120111,
+                               5C137366FF654A8C12120111,
+                               5C137367FF654A8C12120111,
+                               5C137368FF654A8C12120111,
+                               5C137369FF654A8C12120111,
+                               5C13736AFF654A8C12120111,
+                               5C13736BFF654A8C12120111,
+                               5C13736CFF654A8C12120111,
+                               5C13736DFF654A8C12120111,
+                               5C13736EFF654A8C12120111,
+                               5C13736FFF654A8C12120111,
+                               5C137370FF654A8C12120111,
+                               5C137371FF654A8C12120111,
+                               5C137375FF654AE912120111,
+                               00CFB46FFF6D85D612120111,
+                               61622FDFFF88D9AF12120111,
+                       );
+                       isa = PBXSourcesBuildPhase;
+                       name = Sources;
+               };
+               5C1372F1FF6546C412120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                               5C1372F2FF6546C412120111,
+                               5C137378FF654C0212120111,
+                               5C137385FF6824DB12120111,
+                               41D6B54C0029FA1112120111,
+                       );
+                       isa = PBXFrameworksBuildPhase;
+                       name = "Frameworks & Libraries";
+               };
+               5C1372F2FF6546C412120111 = {
+                       fileRef = 5C1372EAFF6546C412120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1372F3FF6546C412120111 = {
+                       buildActionMask = 2147483647;
+                       files = (
+                       );
+                       isa = PBXRezBuildPhase;
+                       name = "ResourceManager Resources";
+               };
+               5C1372F4FF65475012120111 = {
+                       isa = PBXFileReference;
+                       path = gss_libinit.c;
+                       refType = 4;
+               };
+               5C1372F5FF65475012120111 = {
+                       isa = PBXFileReference;
+                       path = gss_libinit.h;
+                       refType = 4;
+               };
+               5C1372F6FF65475012120111 = {
+                       children = (
+                               5C1372FAFF654A8C12120111,
+                               5C1372FBFF654A8C12120111,
+                               5C1372FDFF654A8C12120111,
+                               5C1372FEFF654A8C12120111,
+                               5C1372FFFF654A8C12120111,
+                               5C137300FF654A8C12120111,
+                               5C137301FF654A8C12120111,
+                               5C137302FF654A8C12120111,
+                               5C137303FF654A8C12120111,
+                               5C137304FF654A8C12120111,
+                               00CFB46EFF6D85D612120111,
+                               5C137305FF654A8C12120111,
+                               5C137306FF654A8C12120111,
+                               5C137307FF654A8C12120111,
+                               5C137308FF654A8C12120111,
+                               5C137309FF654A8C12120111,
+                               5C13730AFF654A8C12120111,
+                       );
+                       isa = PBXGroup;
+                       path = generic;
+                       refType = 4;
+               };
+               5C1372F7FF65475012120111 = {
+                       children = (
+                               5C13730BFF654A8C12120111,
+                               5C13730CFF654A8C12120111,
+                               5C13730DFF654A8C12120111,
+                               5C13730EFF654A8C12120111,
+                               5C13730FFF654A8C12120111,
+                               5C137310FF654A8C12120111,
+                               5C137311FF654A8C12120111,
+                               5C137312FF654A8C12120111,
+                               5C137313FF654A8C12120111,
+                               5C137314FF654A8C12120111,
+                               5C137315FF654A8C12120111,
+                               5C137316FF654A8C12120111,
+                               5C137317FF654A8C12120111,
+                               5C137318FF654A8C12120111,
+                               5C137372FF654AE812120111,
+                               5C137373FF654AE812120111,
+                               5C137319FF654A8C12120111,
+                               5C13731AFF654A8C12120111,
+                               5C13731BFF654A8C12120111,
+                               5C13731CFF654A8C12120111,
+                               5C13731DFF654A8C12120111,
+                               5C13731EFF654A8C12120111,
+                               5C13731FFF654A8C12120111,
+                               5C137320FF654A8C12120111,
+                               5C137321FF654A8C12120111,
+                               5C137322FF654A8C12120111,
+                               5C137323FF654A8C12120111,
+                               5C137324FF654A8C12120111,
+                               5C137325FF654A8C12120111,
+                               5C137326FF654A8C12120111,
+                               5C137327FF654A8C12120111,
+                               5C137328FF654A8C12120111,
+                               5C137329FF654A8C12120111,
+                               5C13732AFF654A8C12120111,
+                               5C13732BFF654A8C12120111,
+                               5C13732CFF654A8C12120111,
+                               5C13732DFF654A8C12120111,
+                               5C13732EFF654A8C12120111,
+                               5C13732FFF654A8C12120111,
+                               5C137330FF654A8C12120111,
+                               5C137331FF654A8C12120111,
+                               5C137332FF654A8C12120111,
+                               5C137333FF654A8C12120111,
+                               5C137334FF654A8C12120111,
+                               5C137335FF654A8C12120111,
+                       );
+                       isa = PBXGroup;
+                       path = krb5;
+                       refType = 4;
+               };
+               5C1372F8FF65475012120111 = {
+                       fileRef = 5C1372F5FF65475012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1372F9FF65475012120111 = {
+                       fileRef = 5C1372F4FF65475012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1372FAFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = disp_com_err_status.c;
+                       refType = 4;
+               };
+               5C1372FBFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = disp_major_status.c;
+                       refType = 4;
+               };
+               5C1372FCFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = gssapi.h;
+                       refType = 4;
+               };
+               5C1372FDFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = gssapi_err_generic.c;
+                       refType = 4;
+               };
+               5C1372FEFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = gssapi_err_generic.h;
+                       refType = 4;
+               };
+               5C1372FFFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = gssapi_generic.c;
+                       refType = 4;
+               };
+               5C137300FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = gssapi_generic.h;
+                       refType = 4;
+               };
+               5C137301FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = oid_ops.c;
+                       refType = 4;
+               };
+               5C137302FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = rel_buffer.c;
+                       refType = 4;
+               };
+               5C137303FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = rel_oid_set.c;
+                       refType = 4;
+               };
+               5C137304FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_buffer.c;
+                       refType = 4;
+               };
+               5C137305FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_dup.c;
+                       refType = 4;
+               };
+               5C137306FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_oid.c;
+                       refType = 4;
+               };
+               5C137307FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_ordering.c;
+                       refType = 4;
+               };
+               5C137308FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_set.c;
+                       refType = 4;
+               };
+               5C137309FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_token.c;
+                       refType = 4;
+               };
+               5C13730AFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_validate.c;
+                       refType = 4;
+               };
+               5C13730BFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = accept_sec_context.c;
+                       refType = 4;
+               };
+               5C13730CFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = acquire_cred.c;
+                       refType = 4;
+               };
+               5C13730DFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = add_cred.c;
+                       refType = 4;
+               };
+               5C13730EFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = canon_name.c;
+                       refType = 4;
+               };
+               5C13730FFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = compare_name.c;
+                       refType = 4;
+               };
+               5C137310FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = context_time.c;
+                       refType = 4;
+               };
+               5C137311FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = copy_ccache.c;
+                       refType = 4;
+               };
+               5C137312FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = delete_sec_context.c;
+                       refType = 4;
+               };
+               5C137313FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = disp_name.c;
+                       refType = 4;
+               };
+               5C137314FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = disp_status.c;
+                       refType = 4;
+               };
+               5C137315FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = duplicate_name.c;
+                       refType = 4;
+               };
+               5C137316FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = export_name.c;
+                       refType = 4;
+               };
+               5C137317FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = export_sec_context.c;
+                       refType = 4;
+               };
+               5C137318FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = get_tkt_flags.c;
+                       refType = 4;
+               };
+               5C137319FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = gssapi_krb5.c;
+                       refType = 4;
+               };
+               5C13731AFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = gssapi_krb5.h;
+                       refType = 4;
+               };
+               5C13731BFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = import_name.c;
+                       refType = 4;
+               };
+               5C13731CFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = import_sec_context.c;
+                       refType = 4;
+               };
+               5C13731DFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = indicate_mechs.c;
+                       refType = 4;
+               };
+               5C13731EFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = init_sec_context.c;
+                       refType = 4;
+               };
+               5C13731FFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = inq_context.c;
+                       refType = 4;
+               };
+               5C137320FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = inq_cred.c;
+                       refType = 4;
+               };
+               5C137321FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = inq_names.c;
+                       refType = 4;
+               };
+               5C137322FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = k5seal.c;
+                       refType = 4;
+               };
+               5C137323FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = k5unseal.c;
+                       refType = 4;
+               };
+               5C137324FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = krb5_gss_glue.c;
+                       refType = 4;
+               };
+               5C137325FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = process_context_token.c;
+                       refType = 4;
+               };
+               5C137326FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = rel_cred.c;
+                       refType = 4;
+               };
+               5C137327FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = rel_name.c;
+                       refType = 4;
+               };
+               5C137328FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = rel_oid.c;
+                       refType = 4;
+               };
+               5C137329FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = seal.c;
+                       refType = 4;
+               };
+               5C13732AFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = ser_sctx.c;
+                       refType = 4;
+               };
+               5C13732BFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = set_ccache.c;
+                       refType = 4;
+               };
+               5C13732CFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = sign.c;
+                       refType = 4;
+               };
+               5C13732DFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = unseal.c;
+                       refType = 4;
+               };
+               5C13732EFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_cksum.c;
+                       refType = 4;
+               };
+               5C13732FFF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_crypt.c;
+                       refType = 4;
+               };
+               5C137330FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_ctxsetup.c;
+                       refType = 4;
+               };
+               5C137331FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_seed.c;
+                       refType = 4;
+               };
+               5C137332FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = util_seqnum.c;
+                       refType = 4;
+               };
+               5C137333FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = val_cred.c;
+                       refType = 4;
+               };
+               5C137334FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = verify.c;
+                       refType = 4;
+               };
+               5C137335FF654A8C12120111 = {
+                       isa = PBXFileReference;
+                       path = wrap_size_limit.c;
+                       refType = 4;
+               };
+               5C137336FF654A8C12120111 = {
+                       fileRef = 5C1372FCFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Public,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137337FF654A8C12120111 = {
+                       fileRef = 5C1372FEFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137338FF654A8C12120111 = {
+                       fileRef = 5C137300FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Public,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137339FF654A8C12120111 = {
+                       fileRef = 5C13731AFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13733AFF654A8C12120111 = {
+                       fileRef = 5C1372FAFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13733BFF654A8C12120111 = {
+                       fileRef = 5C1372FBFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13733CFF654A8C12120111 = {
+                       fileRef = 5C1372FDFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13733DFF654A8C12120111 = {
+                       fileRef = 5C1372FFFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13733EFF654A8C12120111 = {
+                       fileRef = 5C137301FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13733FFF654A8C12120111 = {
+                       fileRef = 5C137302FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137340FF654A8C12120111 = {
+                       fileRef = 5C137303FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137341FF654A8C12120111 = {
+                       fileRef = 5C137304FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137342FF654A8C12120111 = {
+                       fileRef = 5C137305FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137343FF654A8C12120111 = {
+                       fileRef = 5C137306FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137344FF654A8C12120111 = {
+                       fileRef = 5C137307FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137345FF654A8C12120111 = {
+                       fileRef = 5C137308FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137346FF654A8C12120111 = {
+                       fileRef = 5C137309FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137347FF654A8C12120111 = {
+                       fileRef = 5C13730AFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137348FF654A8C12120111 = {
+                       fileRef = 5C13730BFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137349FF654A8C12120111 = {
+                       fileRef = 5C13730CFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13734AFF654A8C12120111 = {
+                       fileRef = 5C13730DFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13734BFF654A8C12120111 = {
+                       fileRef = 5C13730EFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13734CFF654A8C12120111 = {
+                       fileRef = 5C13730FFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13734DFF654A8C12120111 = {
+                       fileRef = 5C137310FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13734EFF654A8C12120111 = {
+                       fileRef = 5C137311FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13734FFF654A8C12120111 = {
+                       fileRef = 5C137312FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137350FF654A8C12120111 = {
+                       fileRef = 5C137313FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137351FF654A8C12120111 = {
+                       fileRef = 5C137314FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137352FF654A8C12120111 = {
+                       fileRef = 5C137315FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137353FF654A8C12120111 = {
+                       fileRef = 5C137316FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137354FF654A8C12120111 = {
+                       fileRef = 5C137317FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137355FF654A8C12120111 = {
+                       fileRef = 5C137318FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137356FF654A8C12120111 = {
+                       fileRef = 5C137319FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137357FF654A8C12120111 = {
+                       fileRef = 5C13731BFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137358FF654A8C12120111 = {
+                       fileRef = 5C13731CFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137359FF654A8C12120111 = {
+                       fileRef = 5C13731DFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13735AFF654A8C12120111 = {
+                       fileRef = 5C13731EFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13735BFF654A8C12120111 = {
+                       fileRef = 5C13731FFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13735CFF654A8C12120111 = {
+                       fileRef = 5C137320FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13735DFF654A8C12120111 = {
+                       fileRef = 5C137321FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13735EFF654A8C12120111 = {
+                       fileRef = 5C137322FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13735FFF654A8C12120111 = {
+                       fileRef = 5C137323FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137360FF654A8C12120111 = {
+                       fileRef = 5C137324FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137361FF654A8C12120111 = {
+                       fileRef = 5C137325FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137362FF654A8C12120111 = {
+                       fileRef = 5C137326FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137363FF654A8C12120111 = {
+                       fileRef = 5C137327FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137364FF654A8C12120111 = {
+                       fileRef = 5C137328FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137365FF654A8C12120111 = {
+                       fileRef = 5C137329FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137366FF654A8C12120111 = {
+                       fileRef = 5C13732AFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137367FF654A8C12120111 = {
+                       fileRef = 5C13732BFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137368FF654A8C12120111 = {
+                       fileRef = 5C13732CFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137369FF654A8C12120111 = {
+                       fileRef = 5C13732DFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13736AFF654A8C12120111 = {
+                       fileRef = 5C13732EFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13736BFF654A8C12120111 = {
+                       fileRef = 5C13732FFF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13736CFF654A8C12120111 = {
+                       fileRef = 5C137330FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13736DFF654A8C12120111 = {
+                       fileRef = 5C137331FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13736EFF654A8C12120111 = {
+                       fileRef = 5C137332FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13736FFF654A8C12120111 = {
+                       fileRef = 5C137333FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137370FF654A8C12120111 = {
+                       fileRef = 5C137334FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137371FF654A8C12120111 = {
+                       fileRef = 5C137335FF654A8C12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137372FF654AE812120111 = {
+                       isa = PBXFileReference;
+                       path = gssapi_err_krb5.c;
+                       refType = 4;
+               };
+               5C137373FF654AE812120111 = {
+                       isa = PBXFileReference;
+                       path = gssapi_err_krb5.h;
+                       refType = 4;
+               };
+               5C137374FF654AE912120111 = {
+                       fileRef = 5C137373FF654AE812120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137375FF654AE912120111 = {
+                       fileRef = 5C137372FF654AE812120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137376FF654C0212120111 = {
+                       isa = PBXFrameworkReference;
+                       path = ComErr.framework;
+                       refType = 3;
+               };
+               5C137377FF654C0212120111 = {
+                       isa = PBXTargetDependency;
+                       target = 174475D2FF5EF33612120111;
+               };
+               5C137378FF654C0212120111 = {
+                       fileRef = 5C137376FF654C0212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137379FF659EB012120111 = {
+                       isa = PBXFileReference;
+                       name = "k5-int.h";
+                       path = "../include/k5-int.h";
+                       refType = 2;
+               };
+               5C13737BFF65A0CC12120111 = {
+                       isa = PBXFileReference;
+                       name = osconf.h;
+                       path = ../include/krb5/stock/osconf.h;
+                       refType = 2;
+               };
+               5C13737EFF65A0CC12120111 = {
+                       fileRef = 5C13737BFF65A0CC12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13737FFF65A41212120111 = {
+                       isa = PBXFileReference;
+                       name = kdb.h;
+                       path = ../include/krb5/kdb.h;
+                       refType = 2;
+               };
+               5C137380FF65A41212120111 = {
+                       fileRef = 5C13737FFF65A41212120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137381FF67E3E112120111 = {
+                       fileRef = 174475FFFF5EFBEA12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Public,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137382FF67F12E12120111 = {
+                       isa = PBXFileReference;
+                       name = autoconf.h;
+                       path = ../include/autoconf.h;
+                       refType = 2;
+               };
+               5C137383FF67F12E12120111 = {
+                       fileRef = 5C137382FF67F12E12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137384FF6824DB12120111 = {
+                       isa = PBXFrameworkReference;
+                       path = Profile.framework;
+                       refType = 3;
+               };
+               5C137385FF6824DB12120111 = {
+                       fileRef = 5C137384FF6824DB12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137386FF6825B212120111 = {
+                       isa = PBXTargetDependency;
+                       target = 174475E2FF5EF80312120111;
+               };
+               5C137387FF682C2F12120111 = {
+                       children = (
+                               5C137388FF682C2F12120111,
+                               5C137389FF682C2F12120111,
+                               5C13738AFF682C2F12120111,
+                               5C13738BFF682C2F12120111,
+                               5C13738CFF682C2F12120111,
+                               5C13738DFF682C2F12120111,
+                               5C13738EFF682C2F12120111,
+                               5C13738FFF682C2F12120111,
+                               5C137390FF682C2F12120111,
+                               5C137391FF682C2F12120111,
+                               5C137392FF682C2F12120111,
+                               5C137393FF682C2F12120111,
+                               5C137394FF682C2F12120111,
+                               5C137395FF682C2F12120111,
+                               5C137396FF682C2F12120111,
+                               5C137397FF682C2F12120111,
+                               5C137398FF682C2F12120111,
+                               5C137399FF682C2F12120111,
+                               5C13739AFF682C2F12120111,
+                               5C13739BFF682C2F12120111,
+                               5C13739CFF682C2F12120111,
+                               5C13739DFF682C2F12120111,
+                       );
+                       isa = PBXGroup;
+                       path = file;
+                       refType = 4;
+               };
+               5C137388FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc.h;
+                       refType = 4;
+               };
+               5C137389FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_close.c;
+                       refType = 4;
+               };
+               5C13738AFF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_defops.c;
+                       refType = 4;
+               };
+               5C13738BFF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_destry.c;
+                       refType = 4;
+               };
+               5C13738CFF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_errs.c;
+                       refType = 4;
+               };
+               5C13738DFF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_eseq.c;
+                       refType = 4;
+               };
+               5C13738EFF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_gennew.c;
+                       refType = 4;
+               };
+               5C13738FFF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_getnam.c;
+                       refType = 4;
+               };
+               5C137390FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_gprin.c;
+                       refType = 4;
+               };
+               5C137391FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_init.c;
+                       refType = 4;
+               };
+               5C137392FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_maybe.c;
+                       refType = 4;
+               };
+               5C137393FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_nseq.c;
+                       refType = 4;
+               };
+               5C137394FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_ops.c;
+                       refType = 4;
+               };
+               5C137395FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = "fcc-proto.h";
+                       refType = 4;
+               };
+               5C137396FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_read.c;
+                       refType = 4;
+               };
+               5C137397FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_reslv.c;
+                       refType = 4;
+               };
+               5C137398FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_retrv.c;
+                       refType = 4;
+               };
+               5C137399FF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_sflags.c;
+                       refType = 4;
+               };
+               5C13739AFF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_skip.c;
+                       refType = 4;
+               };
+               5C13739BFF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_sseq.c;
+                       refType = 4;
+               };
+               5C13739CFF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_store.c;
+                       refType = 4;
+               };
+               5C13739DFF682C2F12120111 = {
+                       isa = PBXFileReference;
+                       path = fcc_write.c;
+                       refType = 4;
+               };
+               5C1373B3FF68306D12120111 = {
+                       fileRef = 5C137388FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373B4FF68306D12120111 = {
+                       fileRef = 5C137395FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373B5FF68306D12120111 = {
+                       fileRef = 5C137389FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373B6FF68306D12120111 = {
+                       fileRef = 5C13738AFF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373B7FF68306D12120111 = {
+                       fileRef = 5C13738BFF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373B8FF68306D12120111 = {
+                       fileRef = 5C13738CFF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373B9FF68306D12120111 = {
+                       fileRef = 5C13738DFF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373BAFF68306D12120111 = {
+                       fileRef = 5C13738EFF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373BBFF68306D12120111 = {
+                       fileRef = 5C13738FFF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373BCFF68306D12120111 = {
+                       fileRef = 5C137390FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373BDFF68306D12120111 = {
+                       fileRef = 5C137391FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373BEFF68306D12120111 = {
+                       fileRef = 5C137392FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373BFFF68306D12120111 = {
+                       fileRef = 5C137394FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373C0FF68306D12120111 = {
+                       fileRef = 5C137393FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373C1FF68306D12120111 = {
+                       fileRef = 5C137396FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373C2FF68306D12120111 = {
+                       fileRef = 5C137397FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373C3FF68306D12120111 = {
+                       fileRef = 5C137398FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373C4FF68306D12120111 = {
+                       fileRef = 5C137399FF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373C5FF68306D12120111 = {
+                       fileRef = 5C13739AFF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373C6FF68306D12120111 = {
+                       fileRef = 5C13739BFF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373C7FF68306D12120111 = {
+                       fileRef = 5C13739CFF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373C8FF68306D12120111 = {
+                       fileRef = 5C13739DFF682C2F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373C9FF683B8012120111 = {
+                       children = (
+                               5C1373CAFF683B8012120111,
+                               5C1373CBFF683B8012120111,
+                               5C1373CCFF683B8012120111,
+                               5C1373CDFF683B8012120111,
+                               5C1373CEFF683B8012120111,
+                               5C1373CFFF683B8012120111,
+                               5C1373D0FF683B8012120111,
+                               5C1373D1FF683B8012120111,
+                               5C1373D2FF683B8012120111,
+                               5C1373D3FF683B8012120111,
+                               5C1373D4FF683B8012120111,
+                               5C1373D5FF683B8012120111,
+                               5C1373D6FF683B8012120111,
+                               5C1373D7FF683B8012120111,
+                               5C1373D8FF683B8012120111,
+                               5C1373D9FF683B8012120111,
+                       );
+                       isa = PBXGroup;
+                       path = memory;
+                       refType = 4;
+               };
+               5C1373CAFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc.h;
+                       refType = 4;
+               };
+               5C1373CBFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_close.c;
+                       refType = 4;
+               };
+               5C1373CCFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_destry.c;
+                       refType = 4;
+               };
+               5C1373CDFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_eseq.c;
+                       refType = 4;
+               };
+               5C1373CEFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_gennew.c;
+                       refType = 4;
+               };
+               5C1373CFFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_getnam.c;
+                       refType = 4;
+               };
+               5C1373D0FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_gprin.c;
+                       refType = 4;
+               };
+               5C1373D1FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_init.c;
+                       refType = 4;
+               };
+               5C1373D2FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_nseq.c;
+                       refType = 4;
+               };
+               5C1373D3FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_ops.c;
+                       refType = 4;
+               };
+               5C1373D4FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = "mcc-proto.h";
+                       refType = 4;
+               };
+               5C1373D5FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_reslv.c;
+                       refType = 4;
+               };
+               5C1373D6FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_retrv.c;
+                       refType = 4;
+               };
+               5C1373D7FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_sflags.c;
+                       refType = 4;
+               };
+               5C1373D8FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_sseq.c;
+                       refType = 4;
+               };
+               5C1373D9FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = mcc_store.c;
+                       refType = 4;
+               };
+               5C1373DAFF683B8012120111 = {
+                       children = (
+                               5C1373DBFF683B8012120111,
+                               5C1373DCFF683B8012120111,
+                               5C1373DDFF683B8012120111,
+                               5C1373DEFF683B8012120111,
+                               5C1373DFFF683B8012120111,
+                               5C1373E0FF683B8012120111,
+                               5C1373E1FF683B8012120111,
+                               5C1373E2FF683B8012120111,
+                               5C1373E3FF683B8012120111,
+                               5C1373E4FF683B8012120111,
+                               5C1373E5FF683B8012120111,
+                               5C1373E6FF683B8012120111,
+                               5C1373E7FF683B8012120111,
+                               5C1373E8FF683B8012120111,
+                               5C1373E9FF683B8012120111,
+                               5C1373EAFF683B8012120111,
+                               5C1373EBFF683B8012120111,
+                               5C1373ECFF683B8012120111,
+                               5C1373EDFF683B8012120111,
+                               5C1373EEFF683B8012120111,
+                               5C1373EFFF683B8012120111,
+                               5C1373F0FF683B8012120111,
+                       );
+                       isa = PBXGroup;
+                       path = stdio;
+                       refType = 4;
+               };
+               5C1373DBFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc.h;
+                       refType = 4;
+               };
+               5C1373DCFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_close.c;
+                       refType = 4;
+               };
+               5C1373DDFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_defops.c;
+                       refType = 4;
+               };
+               5C1373DEFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_destry.c;
+                       refType = 4;
+               };
+               5C1373DFFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_errs.c;
+                       refType = 4;
+               };
+               5C1373E0FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_eseq.c;
+                       refType = 4;
+               };
+               5C1373E1FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_gennew.c;
+                       refType = 4;
+               };
+               5C1373E2FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_getnam.c;
+                       refType = 4;
+               };
+               5C1373E3FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_gprin.c;
+                       refType = 4;
+               };
+               5C1373E4FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_init.c;
+                       refType = 4;
+               };
+               5C1373E5FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_maybe.c;
+                       refType = 4;
+               };
+               5C1373E6FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_nseq.c;
+                       refType = 4;
+               };
+               5C1373E7FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_ops.c;
+                       refType = 4;
+               };
+               5C1373E8FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = "scc-proto.h";
+                       refType = 4;
+               };
+               5C1373E9FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_read.c;
+                       refType = 4;
+               };
+               5C1373EAFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_reslv.c;
+                       refType = 4;
+               };
+               5C1373EBFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_retrv.c;
+                       refType = 4;
+               };
+               5C1373ECFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_sflags.c;
+                       refType = 4;
+               };
+               5C1373EDFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_skip.c;
+                       refType = 4;
+               };
+               5C1373EEFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_sseq.c;
+                       refType = 4;
+               };
+               5C1373EFFF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_store.c;
+                       refType = 4;
+               };
+               5C1373F0FF683B8012120111 = {
+                       isa = PBXFileReference;
+                       path = scc_write.c;
+                       refType = 4;
+               };
+               5C1373F1FF683B8012120111 = {
+                       fileRef = 5C1373CAFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373F2FF683B8012120111 = {
+                       fileRef = 5C1373D4FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373F3FF683B8012120111 = {
+                       fileRef = 5C1373DBFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373F4FF683B8012120111 = {
+                       fileRef = 5C1373E8FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373F5FF683B8012120111 = {
+                       fileRef = 5C1373CBFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373F6FF683B8012120111 = {
+                       fileRef = 5C1373CCFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373F7FF683B8012120111 = {
+                       fileRef = 5C1373CDFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373F8FF683B8012120111 = {
+                       fileRef = 5C1373CEFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373F9FF683B8012120111 = {
+                       fileRef = 5C1373CFFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373FAFF683B8012120111 = {
+                       fileRef = 5C1373D0FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373FBFF683B8012120111 = {
+                       fileRef = 5C1373D1FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373FCFF683B8012120111 = {
+                       fileRef = 5C1373D2FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373FDFF683B8012120111 = {
+                       fileRef = 5C1373D3FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373FEFF683B8012120111 = {
+                       fileRef = 5C1373D5FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C1373FFFF683B8012120111 = {
+                       fileRef = 5C1373D6FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137400FF683B8012120111 = {
+                       fileRef = 5C1373D7FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137401FF683B8012120111 = {
+                       fileRef = 5C1373D8FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137402FF683B8012120111 = {
+                       fileRef = 5C1373D9FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137403FF683B8012120111 = {
+                       fileRef = 5C1373DCFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137404FF683B8012120111 = {
+                       fileRef = 5C1373DDFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137405FF683B8012120111 = {
+                       fileRef = 5C1373DEFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137406FF683B8012120111 = {
+                       fileRef = 5C1373DFFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137407FF683B8012120111 = {
+                       fileRef = 5C1373E0FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137408FF683B8012120111 = {
+                       fileRef = 5C1373E1FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137409FF683B8012120111 = {
+                       fileRef = 5C1373E2FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13740AFF683B8012120111 = {
+                       fileRef = 5C1373E3FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13740BFF683B8012120111 = {
+                       fileRef = 5C1373E4FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13740CFF683B8012120111 = {
+                       fileRef = 5C1373E5FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13740DFF683B8012120111 = {
+                       fileRef = 5C1373E6FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13740EFF683B8012120111 = {
+                       fileRef = 5C1373E7FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C13740FFF683B8012120111 = {
+                       fileRef = 5C1373E9FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137410FF683B8012120111 = {
+                       fileRef = 5C1373EAFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137411FF683B8012120111 = {
+                       fileRef = 5C1373EBFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137412FF683B8012120111 = {
+                       fileRef = 5C1373ECFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137413FF683B8012120111 = {
+                       fileRef = 5C1373EDFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137414FF683B8012120111 = {
+                       fileRef = 5C1373EEFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137415FF683B8012120111 = {
+                       fileRef = 5C1373EFFF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               5C137416FF683B8012120111 = {
+                       fileRef = 5C1373F0FF683B8012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               61622FD1FF82A36412120111 = {
+                       isa = PBXFileReference;
+                       path = Kerberos5Lib.pbexp;
+                       refType = 4;
+               };
+               61622FD2FF82A36412120111 = {
+                       fileRef = 61622FD1FF82A36412120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               61622FD8FF85304012120111 = {
+                       isa = PBXFileReference;
+                       path = GSSLibrary.pbexp;
+                       refType = 2;
+               };
+               61622FD9FF85304012120111 = {
+                       fileRef = 61622FD8FF85304012120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               61622FDAFF85346F12120111 = {
+                       isa = PBXFileReference;
+                       path = K5.CFM.c;
+                       refType = 4;
+               };
+               61622FDBFF85346F12120111 = {
+                       fileRef = 61622FDAFF85346F12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               61622FDCFF8535E112120111 = {
+                       isa = PBXFileReference;
+                       path = ProfileLib.CFM.c;
+                       refType = 2;
+               };
+               61622FDDFF8535E112120111 = {
+                       fileRef = 61622FDCFF8535E112120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+               61622FDEFF88D9AF12120111 = {
+                       isa = PBXFileReference;
+                       path = GSS.CFM.c;
+                       refType = 2;
+               };
+               61622FDFFF88D9AF12120111 = {
+                       fileRef = 61622FDEFF88D9AF12120111;
+                       isa = PBXBuildFile;
+                       settings = {
+                               ATTRIBUTES = (
+                                       Debug,
+                               );
+                               INCLUDED_OSS = (
+                                       MACOS,
+                                       WINDOWS,
+                                       PDOUNIX,
+                               );
+                       };
+               };
+       };
+       rootObject = 25C77492FF52D03A12120111;
+}
diff --git a/src/mac/GSSKerberosPrefix.h b/src/mac/GSSKerberosPrefix.h
new file mode 100644 (file)
index 0000000..a39332a
--- /dev/null
@@ -0,0 +1,61 @@
+#include <ConditionalMacros.h>
+
+#define SIZEOF_LONG            4
+#define SIZEOF_INT             4
+#define SIZEOF_SHORT           2
+
+#define        KRB5_DLLIMP             
+#define        GSS_DLLIMP              
+#define KRB5_CALLCONV          
+#define KRB5_CALLCONV_C                
+#define        FAR                     
+
+#define        krb5_sigtype            void
+
+#define USE_CCAPI
+#define USE_LOGIN_LIBRARY
+
+#define HAVE_NETINET_IN_H      1
+#define HAVE_SYS_STAT_H                1
+#define        HAVE_SYS_PARAM_H        1
+#define        HAVE_UNISTD_H           1
+#define        HAVE_STDLIB_H           1
+#define        HAVE_STDARG_H           1
+#define HAVE_SYS_TYPES_H       1
+#define        HAVE_PATHS_H            1
+#define        HAVE_REGEX_H            1
+#define        HAVE_REGEXP_H           1
+#define        HAVE_FCNTL_H            1
+#define        HAVE_MEMORY_H           1
+
+#define        HAVE_STAT               1
+#define        HAVE_ACCESS             1
+#define        HAVE_FLOCK              1
+
+#define        HAVE_FCHMOD             1
+#define        HAVE_CHMOD              1
+
+#define        HAVE_STRFTIME           1
+#define        HAVE_GETEUID            1
+
+#define        HAVE_SETENV             1
+#define        HAVE_UNSETENV           1
+#define        HAVE_GETENV             1
+
+#define        HAVE_SETSID             1
+#define        HAVE_GETHOSTBYNAME2     1
+
+#define        HAVE_VFPRINTF           1
+#define        HAVE_VSPRINTF           1
+
+#define        HAVE_STRDUP             1
+#define        HAVE_STRCASECMP         1
+#define        HAVE_STRERROR           1
+#define        HAVE_MEMMOVE            1
+#define        HAVE_DAEMON             1
+#define        HAVE_GETUID             1
+#define        HAVE_SSCANF             1
+#define        HAVE_SYSLOG             1
+#define        HAVE_REGEXEC            1
+#define        HAVE_REGCOMP            1
+#define        HAVE_SA_LEN             1
diff --git a/src/mac/GSSLibrary.pbexp b/src/mac/GSSLibrary.pbexp
new file mode 100644 (file)
index 0000000..64a0c2d
--- /dev/null
@@ -0,0 +1,70 @@
+#----------------------------------------------------
+#   GSSAPI.EXP - GSSAPI.DLL module definition file
+#----------------------------------------------------
+
+        ___initializeGSS
+
+       _gss_acquire_cred
+       _gss_release_cred
+       _gss_init_sec_context
+       _gss_accept_sec_context
+       _gss_process_context_token
+       _gss_delete_sec_context
+       _gss_context_time
+       _gss_sign
+       _gss_verify
+       _gss_seal
+       _gss_unseal
+       _gss_display_status
+       _gss_indicate_mechs
+       _gss_compare_name
+       _gss_display_name
+       _gss_import_name
+       _gss_release_name
+       _gss_release_buffer
+       _gss_release_oid_set
+       _gss_inquire_cred
+#
+# GSS-API v2  additional credential calls
+#
+       _gss_add_cred
+       _gss_inquire_cred_by_mech
+#
+# GSS-API v2  additional context-level calls
+#
+       _gss_inquire_context
+       _gss_wrap_size_limit
+       _gss_export_sec_context
+       _gss_import_sec_context
+#
+# GSS-API v2  additional calls for OID and OID_set operations
+#
+       _gss_release_oid
+       _gss_create_empty_oid_set
+       _gss_add_oid_set_member
+       _gss_test_oid_set_member
+       _gss_oid_to_str
+       _gss_str_to_oid
+#
+# GSS-API v2  renamed message protection calls
+#
+       _gss_wrap
+       _gss_unwrap
+       _gss_get_mic
+       _gss_verify_mic
+#
+# GSS-API v2  future extensions
+#
+       _gss_inquire_names_for_mech
+#      _gss_inquire_mechs_for_name
+       _gss_canonicalize_name
+       _gss_export_name
+       _gss_duplicate_name
+#
+# krb5-specific CCache name    stuff
+#
+       _gss_krb5_ccache_name
+       
+       
+       
+       
diff --git a/src/mac/GenerateErrorTables.sh b/src/mac/GenerateErrorTables.sh
new file mode 100644 (file)
index 0000000..24f8525
--- /dev/null
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+COMERR_DIR=$SRCROOT/../util/et
+COMPILE_ET_SH=$COMERR_DIR/compile_et.sh
+COMPILE_ET=$COMERR_DIR/compile_et
+
+PROFILE_DIR=$SRCROOT/../util/profile
+ERROR_TABLES_DIR=$SRCROOT/../lib/krb5/error_tables
+GSS_GENERIC_DIR=$SRCROOT/../lib/gssapi/generic
+GSS_KRB5_DIR=$SRCROOT/../lib/gssapi/krb5
+
+if [ ! -x $COMPILE_ET ] || [ $COMPILE_ET_SH -nt $COMPILE_ET ]; then
+    echo "Building compile_et"
+    $COMERR_DIR/config_script $COMPILE_ET_SH /usr/bin/awk /usr/bin/sed > $COMPILE_ET
+    /bin/chmod 755 $COMPILE_ET
+fi
+
+if [ -x $COMPILE_ET ]; then
+    echo "Generating profile error tables"
+    cd $PROFILE_DIR && $COMPILE_ET $PROFILE_DIR/prof_err.et
+    
+    echo "Generating adm error tables"
+    cd $ERROR_TABLES_DIR && $COMPILE_ET $ERROR_TABLES_DIR/adm_err.et
+
+    echo "Generating asn1 error tables"
+    cd $ERROR_TABLES_DIR && $COMPILE_ET $ERROR_TABLES_DIR/asn1_err.et
+
+    echo "Generating kdb5 error tables"
+    cd $ERROR_TABLES_DIR && $COMPILE_ET $ERROR_TABLES_DIR/kdb5_err.et
+
+    echo "Generating krb5 error tables"
+    cd $ERROR_TABLES_DIR && $COMPILE_ET $ERROR_TABLES_DIR/krb5_err.et
+
+    echo "Generating kv5m error tables"
+    cd $ERROR_TABLES_DIR && $COMPILE_ET $ERROR_TABLES_DIR/kv5m_err.et
+
+    echo "Generating gss error tables"
+    cd $GSS_GENERIC_DIR && $COMPILE_ET $GSS_GENERIC_DIR/gssapi_err_generic.et
+    cd $GSS_KRB5_DIR && $COMPILE_ET $GSS_KRB5_DIR/gssapi_err_krb5.et
+fi
diff --git a/src/mac/GenerateHeaderFiles.sh b/src/mac/GenerateHeaderFiles.sh
new file mode 100644 (file)
index 0000000..e0e0ade
--- /dev/null
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+PROFILE_DIR=$SRCROOT/../util/profile
+echo "Generating profile.h"
+cat $PROFILE_DIR/profile.hin $PROFILE_DIR/prof_err.h > $PROFILE_DIR/profile.h
+
+INCLUDE_DIR=$SRCROOT/../include
+ERROR_TABLE_DIR=$SRCROOT/../lib/krb5/error_tables
+GSS_DIR=$SRCROOT/../lib/gssapi
+
+echo "Symlinking error table header files"
+ln -sf $ERROR_TABLE_DIR/adm_err.h $INCLUDE_DIR
+ln -sf $ERROR_TABLE_DIR/asn1_err.h $INCLUDE_DIR
+ln -sf $ERROR_TABLE_DIR/kdb5_err.h $INCLUDE_DIR
+ln -sf $ERROR_TABLE_DIR/krb5_err.h $INCLUDE_DIR
+ln -sf $ERROR_TABLE_DIR/kv5m_err.h $INCLUDE_DIR
+
+if [ -f $INCLUDE_DIR/krb5.h ]; then
+    echo "Removing previous krb5.h"
+    rm $INCLUDE_DIR/krb5.h
+fi
+
+echo "Generating krb5.h"
+echo "/* This is the prologue to krb5.h */" > $INCLUDE_DIR/krb5.h
+echo "/* Unfortunately some of these defines are compiler dependent */" >> $INCLUDE_DIR/krb5.h
+grep SIZEOF $SRCROOT/GSSKerberosPrefix.h >> $INCLUDE_DIR/krb5.h
+grep HAVE_STDARG_H $SRCROOT/GSSKerberosPrefix.h >> $INCLUDE_DIR/krb5.h
+grep HAVE_SYS_TYPES_H $SRCROOT/GSSKerberosPrefix.h >> $INCLUDE_DIR/krb5.h
+echo "/* End of prologue section */"  >> $INCLUDE_DIR/krb5.h
+cat $INCLUDE_DIR/krb5.hin $INCLUDE_DIR/krb5_err.h $INCLUDE_DIR/kdb5_err.h \
+    $INCLUDE_DIR/kv5m_err.h $INCLUDE_DIR/asn1_err.h >> $INCLUDE_DIR/krb5.h
+
+if [ -f $GSS_DIR/gssapi.h ]; then
+    echo "Removing previous gssapi.h"
+    rm $GSS_DIR/gssapi.h
+fi
+
+echo "Generating gssapi.h"
+echo "/* This is the gssapi.h prologue. */" > $GSS_DIR/gssapi.h
+echo "/* It contains some choice pieces of autoconf.h */" >> $GSS_DIR/gssapi.h
+grep SIZEOF $SRCROOT/GSSKerberosPrefix.h >> $GSS_DIR/gssapi.h
+grep 'HAVE_.*_H' $SRCROOT/GSSKerberosPrefix.h >> $GSS_DIR/gssapi.h
+grep 'USE_.*_H' $SRCROOT/GSSKerberosPrefix.h >> $GSS_DIR/gssapi.h
+echo "/* End of gssapi.h prologue. */"  >> $GSS_DIR/gssapi.h
+cat $GSS_DIR/generic/gssapi.hin  >> $GSS_DIR/gssapi.h
+
+echo "Generating fake autoconf.h; the real one is included as a prefix file."
+touch $INCLUDE_DIR/autoconf.h
diff --git a/src/mac/HeaderFiles.jam b/src/mac/HeaderFiles.jam
new file mode 100644 (file)
index 0000000..afd61af
--- /dev/null
@@ -0,0 +1,106 @@
+include "/Developer/Makefiles/pbx_jamfiles/Jambase" ;
+
+PROFILE_DIR = "$(SRCROOT)/../util/profile" ;
+GSS_DIR = "$(SRCROOT)/../lib/gssapi" ;
+INCLUDE_DIR = "$(SRCROOT)/../include" ;
+ERROR_TABLES_DIR = "$(SRCROOT)/../lib/krb5/error_tables" ;
+
+DEPENDS all : 
+    "$(PROFILE_DIR)/profile.h"
+    "$(INCLUDE_DIR)/adm_err.h"
+    "$(INCLUDE_DIR)/asn1_err.h"
+    "$(INCLUDE_DIR)/kdb5_err.h"
+    "$(INCLUDE_DIR)/krb5_err.h"
+    "$(INCLUDE_DIR)/kv5m_err.h"
+    "$(INCLUDE_DIR)/krb5.h"
+    "$(GSS_DIR)/gssapi.h"
+    "$(INCLUDE_DIR)/autoconf.h"
+;
+
+DEPENDS install : all ;
+
+Clean.Remove clean : 
+    "$(PROFILE_DIR)/profile.h"
+    "$(INCLUDE_DIR)/adm_err.h"
+    "$(INCLUDE_DIR)/asn1_err.h"
+    "$(INCLUDE_DIR)/kdb5_err.h"
+    "$(INCLUDE_DIR)/krb5_err.h"
+    "$(INCLUDE_DIR)/kv5m_err.h"
+    "$(INCLUDE_DIR)/krb5.h"
+    "$(GSS_DIR)/gssapi.h"
+    "$(INCLUDE_DIR)/autoconf.h"
+;
+
+rule profile.h
+{
+    DEPENDS "$(1)" : "$(2)" ;
+}
+
+actions profile.h
+{
+    cat "$(2)" > "$(1)" ;
+}
+
+profile.h "$(PROFILE_DIR)/profile.h" : "$(PROFILE_DIR)/profile.hin" "$(PROFILE_DIR)/prof_err.h" ;
+
+rule krb5.h
+{
+    DEPENDS "$(1)" : "$(2)" ;
+    DEPENDS "$(1)" : "$(PREFIX)" ;
+}
+
+actions krb5.h
+{
+    echo "/* This is the prologue to krb5.h */" > "$(1)" ;
+    echo "/* Unfortunately some of these defines are compiler dependent */" >> "$(1)" ;
+    grep SIZEOF "$(SRCROOT)/GSSKerberosPrefix.h" >> "$(1)" ;
+    grep HAVE_STDARG_H "$(SRCROOT)/GSSKerberosPrefix.h" >> "$(1)" ;
+    grep HAVE_SYS_TYPES_H "$(SRCROOT)/GSSKerberosPrefix.h" >> "$(1)" ;
+    cat "$(2)" >> "$(1)" ;
+}
+
+krb5.h "$(INCLUDE_DIR)/krb5.h" :
+    "$(INCLUDE_DIR)/krb5.hin"
+    "$(INCLUDE_DIR)/krb5_err.h"
+    "$(INCLUDE_DIR)/kdb5_err.h"
+    "$(INCLUDE_DIR)/kv5m_err.h"
+    "$(INCLUDE_DIR)/asn1_err.h"
+;
+
+rule gssapi.h
+{
+    DEPENDS "$(1)" : "$(2)" ;
+    DEPENDS "$(1)" : "$(PREFIX)" ;
+}
+
+actions gssapi.h
+{
+    echo "/* This is the prologue to gssapi.h */" > "$(1)" ;
+    echo "/* It contains some choice pieces of autoconf.h */" >>  "$(1)" ;
+    grep SIZEOF "$(SRCROOT)/GSSKerberosPrefix.h" >>  "$(1)" ;
+    grep 'HAVE_.*_H' "$(SRCROOT)/GSSKerberosPrefix.h" >>  "$(1)" ;
+    grep 'USE_.*_H' "$(SRCROOT)/GSSKerberosPrefix.h" >>  "$(1)" ;
+    echo "/* End of gssapi.h prologue. */" >>  "$(1)" ;
+    cat "$(2)" >>  "$(1)" ;
+}
+
+gssapi.h "$(GSS_DIR)/gssapi.h" :
+    "$(GSS_DIR)/generic/gssapi.hin"
+;
+
+Cp "$(INCLUDE_DIR)/adm_err.h" : "$(ERROR_TABLES_DIR)/adm_err.h" ;
+Cp "$(INCLUDE_DIR)/asn1_err.h" : "$(ERROR_TABLES_DIR)/asn1_err.h" ;
+Cp "$(INCLUDE_DIR)/kdb5_err.h" : "$(ERROR_TABLES_DIR)/kdb5_err.h" ;
+Cp "$(INCLUDE_DIR)/krb5_err.h" : "$(ERROR_TABLES_DIR)/krb5_err.h" ;
+Cp "$(INCLUDE_DIR)/kv5m_err.h" : "$(ERROR_TABLES_DIR)/kv5m_err.h" ;
+
+rule autoconf.h
+{
+}
+
+actions autoconf.h
+{
+    touch "$(1)" ;
+}
+
+autoconf.h "$(INCLUDE_DIR)/autoconf.h" ;
\ No newline at end of file
index efb918cfc083a63c6c5ec80ba63b3a3a3aab05a1..45232804f29bd2d3e67c77abc9954f2b6690526f 100644 (file)
@@ -16,7 +16,7 @@
  * without express or implied warranty.
  */
  
+#if defined(macintosh)
 #include <CodeFragments.h>
 
 #include "krb5_libinit.h"
@@ -31,7 +31,13 @@ OSErr __initializeK5(CFragInitBlockPtr ibp)
        OSErr   err = noErr;
        
        err = __initialize();
-       
+#else
+#define noErr  0
+void __initializeK5 (void);
+void __initializeK5 (void)
+{
+        int err = noErr;
+#endif
        if (err == noErr) {
                err = krb5int_initialize_library ();
        }
@@ -39,10 +45,12 @@ OSErr __initializeK5(CFragInitBlockPtr ibp)
        if (err == noErr) {
                err = cryptoint_initialize_library ();
        }
-       
+#if defined(macintosh) 
        return err;
+#endif
 }
 
+#if defined(macintosh)
 void __terminateK5(void)
 {
 
@@ -51,3 +59,4 @@ void __terminateK5(void)
 
        __terminate();
 }
+#endif
index ddf86adf5905011472d0ed740ec6a87f8423b5c8..02b7a1b7dddb65ea6dc5817cb4eb9dd128e61906 100644 (file)
@@ -1,20 +1,3 @@
-krb5_error_code krb5_c_encrypt (krb5_context context, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*ivec, const krb5_data*input, krb5_enc_data*output);
-krb5_error_code krb5_c_decrypt (krb5_context context, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*ivec, const krb5_enc_data*input, krb5_data*output);
-krb5_error_code krb5_c_encrypt_length (krb5_context context, krb5_enctype enctype, size_t inputlen, size_t*length);
-krb5_error_code krb5_c_block_size (krb5_context context, krb5_enctype enctype, size_t*blocksize);
-krb5_error_code krb5_c_make_random_key (krb5_context context, krb5_enctype enctype, krb5_keyblock*random_key);
-krb5_error_code krb5_c_random_make_octets (krb5_context context, krb5_data*data);
-krb5_error_code krb5_c_random_seed (krb5_context context, krb5_data*data);
-krb5_error_code krb5_c_string_to_key (krb5_context context, krb5_enctype enctype, const krb5_data*string, const krb5_data*salt, krb5_keyblock*key);
-krb5_error_code krb5_c_enctype_compare (krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean*similar);
-krb5_error_code krb5_c_make_checksum (krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*input, krb5_checksum*cksum);
-krb5_error_code krb5_c_verify_checksum (krb5_context context, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*data, const krb5_checksum*cksum, krb5_boolean*valid);
-krb5_error_code krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, size_t*length);
-krb5_error_code krb5_c_keyed_checksum_types (krb5_context context, krb5_enctype enctype, unsigned int*count, krb5_cksumtype**cksumtypes);
-krb5_boolean valid_enctype (const krb5_enctype ktype);
-krb5_boolean valid_cksumtype (const krb5_cksumtype ctype);
-krb5_boolean is_coll_proof_cksum (const krb5_cksumtype ctype);
-krb5_boolean is_keyed_cksum (const krb5_cksumtype ctype);
 krb5_error_code krb5_encrypt (krb5_context context, const krb5_pointer inptr, krb5_pointer outptr, const size_t size, krb5_encrypt_block* eblock, krb5_pointer ivec);
 krb5_error_code krb5_decrypt (krb5_context context, const krb5_pointer inptr, krb5_pointer outptr, const size_t size, krb5_encrypt_block* eblock, krb5_pointer ivec);
 krb5_error_code krb5_process_key (krb5_context context, krb5_encrypt_block* eblock, const krb5_keyblock* key);
@@ -29,35 +12,13 @@ size_t krb5_encrypt_size (const size_t length, krb5_enctype crypto);
 size_t krb5_checksum_size (krb5_context context, const krb5_cksumtype ctype);
 krb5_error_code krb5_calculate_checksum (krb5_context context, const krb5_cksumtype ctype, const krb5_pointer in, const size_t in_length, const krb5_pointer seed, const size_t seed_length, krb5_checksum* outcksum);
 krb5_error_code krb5_verify_checksum (krb5_context context, const krb5_cksumtype ctype, const krb5_checksum* cksum, const krb5_pointer in, const size_t in_length, const krb5_pointer seed, const size_t seed_length);
-krb5_error_code krb5_random_confounder (size_t, krb5_pointer);
-krb5_error_code krb5_encrypt_data (krb5_context context, krb5_keyblock*key, krb5_pointer ivec, krb5_data*data, krb5_enc_data*enc_data);
-krb5_error_code krb5_decrypt_data (krb5_context context, krb5_keyblock*key, krb5_pointer ivec, krb5_enc_data*data, krb5_data*enc_data);
-krb5_error_code krb5_rc_default (krb5_context, krb5_rcache*);
-krb5_error_code krb5_rc_register_type (krb5_context, krb5_rc_ops*);
-krb5_error_code krb5_rc_resolve_type (krb5_context, krb5_rcache*,char*);
-krb5_error_code krb5_rc_resolve_full (krb5_context, krb5_rcache*,char*);
-char* krb5_rc_get_type (krb5_context, krb5_rcache);
-char* krb5_rc_default_type (krb5_context);
-char* krb5_rc_default_name (krb5_context);
-krb5_error_code krb5_auth_to_rep (krb5_context, krb5_tkt_authent*, krb5_donot_replay*);
 krb5_error_code krb5_init_context (krb5_context*);
 void krb5_free_context (krb5_context);
-krb5_error_code krb5_set_default_in_tkt_ktypes (krb5_context, const krb5_enctype*);
-krb5_error_code krb5_get_default_in_tkt_ktypes (krb5_context, krb5_enctype**);
-krb5_error_code krb5_set_default_tgs_ktypes (krb5_context, const krb5_enctype*);
-krb5_error_code krb5_get_tgs_ktypes (krb5_context, krb5_const_principal, krb5_enctype**);
-krb5_error_code krb5_get_permitted_enctypes (krb5_context, krb5_enctype**);
-krb5_boolean krb5_is_permitted_enctype (krb5_context, krb5_enctype);
-krb5_error_code krb5_kdc_rep_decrypt_proc (krb5_context, const krb5_keyblock*, krb5_const_pointer, krb5_kdc_rep* );
 krb5_error_code krb5_decrypt_tkt_part (krb5_context, const krb5_keyblock*, krb5_ticket* );
-krb5_error_code krb5_get_cred_from_kdc (krb5_context, krb5_ccache, krb5_creds*, krb5_creds**, krb5_creds*** );
-krb5_error_code krb5_get_cred_from_kdc_validate (krb5_context, krb5_ccache, krb5_creds*, krb5_creds**, krb5_creds***);
-krb5_error_code krb5_get_cred_from_kdc_renew (krb5_context, krb5_ccache, krb5_creds*, krb5_creds**, krb5_creds***);
 void krb5_free_tgt_creds (krb5_context, krb5_creds**);
 krb5_error_code krb5_get_credentials (krb5_context, const krb5_flags, krb5_ccache, krb5_creds*, krb5_creds**);
 krb5_error_code krb5_get_credentials_validate (krb5_context, const krb5_flags, krb5_ccache, krb5_creds*, krb5_creds**);
 krb5_error_code krb5_get_credentials_renew (krb5_context, const krb5_flags, krb5_ccache, krb5_creds*, krb5_creds**);
-krb5_error_code krb5_get_cred_via_tkt (krb5_context, krb5_creds*, const krb5_flags, krb5_address* const*, krb5_creds*, krb5_creds**);
 krb5_error_code krb5_mk_req (krb5_context, krb5_auth_context*, const krb5_flags, char*, char*, krb5_data*, krb5_ccache, krb5_data*);
 krb5_error_code krb5_mk_req_extended (krb5_context, krb5_auth_context*, const krb5_flags, krb5_data*, krb5_creds*, krb5_data*);
 krb5_error_code krb5_mk_rep (krb5_context, krb5_auth_context, krb5_data*);
@@ -69,11 +30,6 @@ krb5_error_code krb5_rd_priv (krb5_context, krb5_auth_context, const krb5_data*,
 krb5_error_code krb5_parse_name (krb5_context, const char*, krb5_principal*);
 krb5_error_code krb5_unparse_name (krb5_context, krb5_const_principal, char**);
 krb5_error_code krb5_unparse_name_ext (krb5_context, krb5_const_principal, char**, int*);
-krb5_error_code krb5_set_principal_realm (krb5_context, krb5_principal, const char*);
-krb5_boolean krb5_address_search (krb5_context, const krb5_address*, krb5_address* const*);
-krb5_boolean krb5_address_compare (krb5_context, const krb5_address*, const krb5_address*);
-int krb5_address_order (krb5_context, const krb5_address*, const krb5_address*);
-krb5_boolean krb5_realm_compare (krb5_context, krb5_const_principal, krb5_const_principal);
 krb5_boolean krb5_principal_compare (krb5_context, krb5_const_principal, krb5_const_principal);
 krb5_error_code krb5_copy_keyblock (krb5_context, const krb5_keyblock*, krb5_keyblock**);
 krb5_error_code krb5_copy_keyblock_contents (krb5_context, const krb5_keyblock*, krb5_keyblock*);
@@ -86,34 +42,20 @@ krb5_error_code krb5_copy_ticket (krb5_context, const krb5_ticket*, krb5_ticket*
 krb5_error_code krb5_copy_authdata (krb5_context, krb5_authdata* const*, krb5_authdata***);
 krb5_error_code krb5_copy_authenticator (krb5_context, const krb5_authenticator*, krb5_authenticator**);
 krb5_error_code krb5_copy_checksum (krb5_context, const krb5_checksum*, krb5_checksum**);
-void krb5_init_ets (krb5_context);
-void krb5_free_ets (krb5_context);
-krb5_error_code krb5_generate_subkey (krb5_context, const krb5_keyblock*, krb5_keyblock**);
-krb5_error_code krb5_generate_seq_number (krb5_context, const krb5_keyblock*, krb5_int32*);
 krb5_error_code krb5_get_server_rcache (krb5_context, const krb5_data*, krb5_rcache*);
-krb5_error_code krb5_build_principal_va (krb5_context, krb5_principal, int, const char*, va_list);
 krb5_error_code krb5_425_conv_principal (krb5_context, const char*name, const char*instance, const char*realm, krb5_principal*princ);
 krb5_error_code krb5_524_conv_principal (krb5_context context, const krb5_principal princ, char*name, char*inst, char*realm);
-krb5_error_code krb5_mk_chpw_req (krb5_context context, krb5_auth_context auth_context, krb5_data*ap_req, char*passwd, krb5_data*packet);
-krb5_error_code krb5_rd_chpw_rep (krb5_context context, krb5_auth_context auth_context, krb5_data*packet, int*result_code, krb5_data*result_data);
-krb5_error_code krb5_chpw_result_code_string (krb5_context context, int result_code, char**result_codestr);
 krb5_error_code krb5_kt_register (krb5_context, krb5_kt_ops*);
 krb5_error_code krb5_kt_resolve (krb5_context, const char*, krb5_keytab*);
-krb5_error_code krb5_kt_default_name (krb5_context, char*, int);
 krb5_error_code krb5_kt_default (krb5_context, krb5_keytab*);
 krb5_error_code krb5_kt_free_entry (krb5_context, krb5_keytab_entry*);
 krb5_error_code krb5_kt_remove_entry (krb5_context, krb5_keytab, krb5_keytab_entry*);
 krb5_error_code krb5_kt_add_entry (krb5_context, krb5_keytab, krb5_keytab_entry*);
-krb5_error_code krb5_principal2salt (krb5_context, krb5_const_principal, krb5_data*);
-krb5_error_code krb5_principal2salt_norealm (krb5_context, krb5_const_principal, krb5_data*);
 krb5_error_code krb5_cc_resolve (krb5_context, const char*, krb5_ccache*);
 const char* krb5_cc_default_name (krb5_context);
 krb5_error_code krb5_cc_set_default_name (krb5_context, const char*);
 krb5_error_code krb5_cc_default (krb5_context, krb5_ccache*);
 unsigned int krb5_get_notification_message (void);
-krb5_error_code krb5_cc_copy_creds (krb5_context context, krb5_ccache incc, krb5_ccache outcc);
-krb5_error_code krb5_check_transited_list (krb5_context, krb5_data*trans, krb5_data*realm1, krb5_data*realm2);
-void krb5_free_realm_tree (krb5_context, krb5_principal*);
 void krb5_free_principal (krb5_context, krb5_principal);
 void krb5_free_authenticator (krb5_context, krb5_authenticator*);
 void krb5_free_authenticator_contents (krb5_context, krb5_authenticator*);
@@ -154,28 +96,19 @@ krb5_error_code krb5_us_timeofday (krb5_context, krb5_int32*, krb5_int32*);
 krb5_error_code krb5_timeofday (krb5_context, krb5_int32*);
 krb5_error_code krb5_os_localaddr (krb5_context, krb5_address***);
 krb5_error_code krb5_get_default_realm (krb5_context, char**);
-krb5_error_code krb5_set_default_realm (krb5_context, const char*);
 krb5_error_code krb5_sname_to_principal (krb5_context, const char*, const char*, krb5_int32, krb5_principal*);
 krb5_error_code krb5_change_password (krb5_context context, krb5_creds*creds, char*newpw, int*result_code, krb5_data*result_code_string, krb5_data*result_string);
 krb5_error_code krb5_get_profile (krb5_context, profile_t*);
-krb5_error_code krb5_secure_config_files (krb5_context);
-krb5_error_code krb5_send_tgs (krb5_context, const krb5_flags, const krb5_ticket_times*, const krb5_enctype*, krb5_const_principal, krb5_address* const*, krb5_authdata* const*, krb5_pa_data* const*, const krb5_data*, krb5_creds*, krb5_response*);
 krb5_error_code krb5_get_in_tkt_with_password (krb5_context, const krb5_flags, krb5_address* const*, krb5_enctype*, krb5_preauthtype*, const char*, krb5_ccache, krb5_creds*, krb5_kdc_rep**);
 krb5_error_code krb5_get_in_tkt_with_skey (krb5_context, const krb5_flags, krb5_address* const*, krb5_enctype*, krb5_preauthtype*, const krb5_keyblock*, krb5_ccache, krb5_creds*, krb5_kdc_rep**);
 krb5_error_code krb5_get_in_tkt_with_keytab (krb5_context, const krb5_flags, krb5_address* const*, krb5_enctype*, krb5_preauthtype*, const krb5_keytab, krb5_ccache, krb5_creds*, krb5_kdc_rep**);
-krb5_error_code krb5_decode_kdc_rep (krb5_context, krb5_data*, const krb5_keyblock*, krb5_kdc_rep**);
 krb5_error_code krb5_rd_req (krb5_context, krb5_auth_context*, const krb5_data*, krb5_const_principal, krb5_keytab, krb5_flags*, krb5_ticket**);
-krb5_error_code krb5_rd_req_decoded (krb5_context, krb5_auth_context*, const krb5_ap_req*, krb5_const_principal, krb5_keytab, krb5_flags*, krb5_ticket**);
-krb5_error_code krb5_rd_req_decoded_anyflag (krb5_context, krb5_auth_context*, const krb5_ap_req*, krb5_const_principal, krb5_keytab, krb5_flags*, krb5_ticket**);
 krb5_error_code krb5_kt_read_service_key (krb5_context, krb5_pointer, krb5_principal, krb5_kvno, krb5_enctype, krb5_keyblock**);
 krb5_error_code krb5_mk_safe (krb5_context, krb5_auth_context, const krb5_data*, krb5_data*, krb5_replay_data*);
 krb5_error_code krb5_mk_priv (krb5_context, krb5_auth_context, const krb5_data*, krb5_data*, krb5_replay_data*);
 krb5_error_code krb5_cc_register (krb5_context, krb5_cc_ops*, krb5_boolean);
 krb5_error_code krb5_sendauth (krb5_context, krb5_auth_context*, krb5_pointer, char*, krb5_principal, krb5_principal, krb5_flags, krb5_data*, krb5_creds*, krb5_ccache, krb5_error**, krb5_ap_rep_enc_part**, krb5_creds**);
 krb5_error_code krb5_recvauth (krb5_context, krb5_auth_context*, krb5_pointer, char*, krb5_principal, krb5_int32, krb5_keytab, krb5_ticket**);
-krb5_error_code krb5_walk_realm_tree (krb5_context, const krb5_data*, const krb5_data*, krb5_principal**, int);
-krb5_error_code krb5_mk_ncred (krb5_context, krb5_auth_context, krb5_creds**, krb5_data**, krb5_replay_data*);
-krb5_error_code krb5_mk_1cred (krb5_context, krb5_auth_context, krb5_creds*, krb5_data**, krb5_replay_data*);
 krb5_error_code krb5_rd_cred (krb5_context, krb5_auth_context, krb5_data*, krb5_creds***, krb5_replay_data*);
 krb5_error_code krb5_fwd_tgt_creds (krb5_context, krb5_auth_context, char*, krb5_principal, krb5_principal, krb5_ccache, int forwardable, krb5_data*);
 krb5_error_code krb5_auth_con_init (krb5_context, krb5_auth_context*);
@@ -190,7 +123,6 @@ krb5_error_code krb5_auth_con_getkey (krb5_context, krb5_auth_context, krb5_keyb
 krb5_error_code krb5_auth_con_getlocalsubkey (krb5_context, krb5_auth_context, krb5_keyblock**);
 krb5_error_code krb5_auth_con_set_req_cksumtype (krb5_context, krb5_auth_context, krb5_cksumtype);
 krb5_error_code krb5_auth_con_set_safe_cksumtype (krb5_context, krb5_auth_context, krb5_cksumtype);
-krb5_error_code krb5_auth_con_getcksumtype (krb5_context, krb5_auth_context, krb5_cksumtype*);
 krb5_error_code krb5_auth_con_getlocalseqnumber (krb5_context, krb5_auth_context, krb5_int32*);
 krb5_error_code krb5_auth_con_getremoteseqnumber (krb5_context, krb5_auth_context, krb5_int32*);
 krb5_error_code krb5_auth_con_initivector (krb5_context, krb5_auth_context);
@@ -201,20 +133,10 @@ krb5_error_code krb5_auth_con_getrcache (krb5_context, krb5_auth_context, krb5_r
 krb5_error_code krb5_auth_con_getauthenticator (krb5_context, krb5_auth_context, krb5_authenticator**);
 krb5_error_code krb5_auth_con_getremotesubkey (krb5_context, krb5_auth_context, krb5_keyblock**);
 krb5_error_code krb5_read_password (krb5_context, const char*, const char*, char*, int*);
-krb5_error_code krb5_aname_to_localname (krb5_context, krb5_const_principal, const int, char*);
 krb5_error_code krb5_get_host_realm (krb5_context, const char*, char***);
 krb5_error_code krb5_free_host_realm (krb5_context, char* const*);
-krb5_error_code krb5_get_realm_domain (krb5_context, const char*, char**);
-krb5_boolean krb5_kuserok (krb5_context, krb5_principal, const char*);
 krb5_error_code krb5_auth_con_genaddrs (krb5_context, krb5_auth_context, int, int);
-krb5_error_code krb5_gen_portaddr (krb5_context, const krb5_address*, krb5_const_pointer, krb5_address**);
-krb5_error_code krb5_make_fulladdr (krb5_context, krb5_address*, krb5_address*, krb5_address*);
-krb5_error_code krb5_os_hostaddr (krb5_context, const char*, krb5_address***);
-krb5_error_code krb5_set_real_time (krb5_context, krb5_int32, krb5_int32);
-krb5_error_code krb5_set_debugging_time (krb5_context, krb5_int32, krb5_int32);
-krb5_error_code krb5_use_natural_time (krb5_context);
 krb5_error_code krb5_get_time_offsets (krb5_context, krb5_int32*, krb5_int32*);
-krb5_error_code krb5_set_time_offsets (krb5_context, krb5_int32, krb5_int32);
 krb5_error_code krb5_string_to_enctype (char*, krb5_enctype*);
 krb5_error_code krb5_string_to_salttype (char*, krb5_int32*);
 krb5_error_code krb5_string_to_cksumtype (char*, krb5_cksumtype*);
@@ -226,7 +148,6 @@ krb5_error_code krb5_cksumtype_to_string (krb5_cksumtype, char*, size_t);
 krb5_error_code krb5_timestamp_to_string (krb5_timestamp, char*, size_t);
 krb5_error_code krb5_timestamp_to_sfstring (krb5_timestamp, char*, size_t, char*);
 krb5_error_code krb5_deltat_to_string (krb5_deltat, char*, size_t);
-krb5_error_code krb5_prompter_posix (krb5_context context, void*data, const char*name, const char*banner, int num_prompts, krb5_prompt prompts[]);
 void krb5_get_init_creds_opt_init (krb5_get_init_creds_opt*opt);
 void krb5_get_init_creds_opt_set_tkt_life (krb5_get_init_creds_opt*opt, krb5_deltat tkt_life);
 void krb5_get_init_creds_opt_set_renew_life (krb5_get_init_creds_opt*opt, krb5_deltat renew_life);
@@ -238,12 +159,5 @@ void krb5_get_init_creds_opt_set_preauth_list (krb5_get_init_creds_opt*opt, krb5
 void krb5_get_init_creds_opt_set_salt (krb5_get_init_creds_opt*opt, krb5_data*salt);
 krb5_error_code krb5_get_init_creds_password (krb5_context context, krb5_creds*creds, krb5_principal client, char*password, krb5_prompter_fct prompter, void*data, krb5_deltat start_time, char*in_tkt_service, krb5_get_init_creds_opt*options);
 krb5_error_code krb5_get_init_creds_keytab (krb5_context context, krb5_creds*creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, char*in_tkt_service, krb5_get_init_creds_opt*options);
-void krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt*options);
-void krb5_verify_init_creds_opt_set_ap_req_nofail (krb5_verify_init_creds_opt*options, int ap_req_nofail);
-krb5_error_code krb5_verify_init_creds (krb5_context context, krb5_creds*creds, krb5_principal ap_req_server, krb5_keytab ap_req_keytab, krb5_ccache*ccache, krb5_verify_init_creds_opt*options);
 krb5_error_code krb5_get_validated_creds (krb5_context context, krb5_creds*creds, krb5_principal client, krb5_ccache ccache, char*in_tkt_service);
 krb5_error_code krb5_get_renewed_creds (krb5_context context, krb5_creds*creds, krb5_principal client, krb5_ccache ccache, char*in_tkt_service);
-krb5_error_code krb5_realm_iterator_create (krb5_context context, void**iter_p);
-krb5_error_code krb5_realm_iterator (krb5_context context, void**iter_p, char**ret_realm);
-void krb5_realm_iterator_free (krb5_context context, void**iter_p);
-void krb5_free_realm_string (krb5_context context, char*str);
index cf710dc0a2e24ebd83f5bd1c880cd545be9ce2ed..a27d776eb35dfb9056bff08ac92b0a78c25f40c9 100644 (file)
@@ -33,6 +33,7 @@
        krb5_free_creds
        krb5_free_data
        krb5_free_data_contents
+       krb5_free_default_realm
        krb5_free_enc_kdc_rep_part
        krb5_free_enc_tkt_part
        krb5_free_error
@@ -41,6 +42,7 @@
        krb5_free_kdc_req
        krb5_free_keyblock
        krb5_free_keyblock_contents
+       krb5_free_ktypes
        krb5_free_last_req
        krb5_free_pa_data
        krb5_free_principal
        krb5_get_init_creds_password
        krb5_get_init_creds_keytab
        krb5_get_init_creds_opt_init
+       krb5_get_validated_creds
+       krb5_get_renewed_creds
        krb5_get_notification_message
+       krb5_get_tgs_ktypes
+       krb5_get_time_offsets
        krb5_init_context
        krb5_mk_error
        krb5_mk_priv
@@ -88,6 +94,7 @@
        krb5_os_localaddr
        krb5_parse_name
        krb5_principal_compare
+       krb5_get_prompt_types
        krb5_rd_cred
        krb5_rd_error
        krb5_rd_priv
        krb5_init_random_key
        krb5_finish_random_key
        krb5_random_key
-#
-       krb5_c_decrypt
-       krb5_c_encrypt
-       krb5_c_encrypt_length
-       krb5_c_checksum_length
-       krb5_c_block_size
-       krb5_c_make_checksum
-       krb5_c_verify_checksum
-       krb5_c_random_make_octets
-       krb5_c_keyed_checksum_types
 #
        krb5_425_conv_principal
        krb5_524_conv_principal
        krb5_free_realm_string
 #
        krb5_cc_set_default_name
-#
-       krb5_rc_default 
-       krb5_rc_register_type 
-       krb5_rc_resolve_type 
-       krb5_rc_resolve_full 
-       krb5_rc_get_type 
-       krb5_rc_default_type 
-       krb5_rc_default_name 
-       krb5_auth_to_rep 
 #
        krb5_get_profile
+#
+# Added for 1.2:
+       krb5_decode_ticket
 
 #Temporary exports (DO NOT USE)
-       decode_krb5_ticket                                      # remove in next version
-       krb5_random_confounder
-       krb5_size_opaque
-       krb5_internalize_opaque
-       krb5_externalize_opaque
-       krb5_ser_pack_int32
-       krb5_ser_unpack_int32
-       krb5_ser_pack_bytes
-       krb5_ser_unpack_bytes
-       krb5_ser_auth_context_init
-       krb5_ser_context_init
-       krb5_ser_ccache_init
-       krb5_ser_keytab_init
-       krb5_ser_rcache_init
-       decode_krb5_ap_req                                      # remove in next version
-       krb5_mcc_ops
+       krb5_size_opaque                                        # GSSAPI
+       krb5_internalize_opaque                         # GSSAPI
+       krb5_externalize_opaque                         # GSSAPI
+       krb5_ser_pack_int32                                     # GSSAPI
+       krb5_ser_unpack_int32                           # GSSAPI
+       krb5_ser_pack_bytes                                     # GSSAPI
+       krb5_ser_unpack_bytes                           # GSSAPI
+       krb5_ser_auth_context_init                      # GSSAPI
+       krb5_ser_context_init                           # GSSAPI
+       krb5_ser_ccache_init                            # GSSAPI
+       krb5_ser_keytab_init                            # GSSAPI
+       krb5_ser_rcache_init                            # GSSAPI
+       decode_krb5_ap_req                                      # GSSAPI
+       krb5_mcc_ops                                            # GSSAPI
+       krb5_c_keyed_checksum_types             # GSSAPI
+       krb5_c_random_make_octets                       # GSSAPI
+       krb5_c_encrypt                                          # GSSAPI
+       krb5_c_make_checksum                            # GSSAPI
+       krb5_c_decrypt                                          # GSSAPI
+       krb5_c_verify_checksum                          # GSSAPI
+       krb5_c_block_size                                       # GSSAPI
+       krb5_c_checksum_length                          # GSSAPI
+       krb5_c_encrypt_length                           # GSSAPI
\ No newline at end of file
diff --git a/src/mac/Kerberos5Lib.exp b/src/mac/Kerberos5Lib.exp
new file mode 100644 (file)
index 0000000..1ae457a
--- /dev/null
@@ -0,0 +1,190 @@
+#----------------------------------------------------
+#   Kerberos5Lib.exp
+#
+# Public Kerberos v5 API
+#----------------------------------------------------
+
+# Kerberos 5
+       krb5_build_principal
+       krb5_build_principal_ext
+       krb5_copy_addr
+       krb5_copy_addresses
+       krb5_copy_authdata
+       krb5_copy_authenticator
+       krb5_copy_checksum
+       krb5_copy_creds
+       krb5_copy_data
+       krb5_copy_keyblock
+       krb5_copy_keyblock_contents
+       krb5_copy_principal
+       krb5_copy_ticket
+       krb5_decrypt_tkt_part
+       krb5_free_address
+       krb5_free_addresses
+       krb5_free_ap_rep
+       krb5_free_ap_rep_enc_part
+       krb5_free_ap_req
+       krb5_free_authdata
+       krb5_free_authenticator
+       krb5_free_authenticator_contents
+       krb5_free_checksum
+       krb5_free_context
+       krb5_free_cred
+       krb5_free_cred_contents
+       krb5_free_cred_enc_part
+       krb5_free_creds
+       krb5_free_data
+       krb5_free_data_contents
+       krb5_free_default_realm
+       krb5_free_enc_kdc_rep_part
+       krb5_free_enc_tkt_part
+       krb5_free_error
+       krb5_free_host_realm
+       krb5_free_kdc_rep
+       krb5_free_kdc_req
+       krb5_free_keyblock
+       krb5_free_keyblock_contents
+       krb5_free_last_req
+       krb5_free_pa_data
+       krb5_free_principal
+       krb5_free_priv
+       krb5_free_priv_enc_part
+       krb5_free_pwd_data
+       krb5_free_pwd_sequences
+       krb5_free_safe
+       krb5_free_tgt_creds
+       krb5_free_ticket
+       krb5_free_tickets
+       krb5_free_tkt_authent
+       krb5_free_checksum_contents
+       krb5_free_cksumtypes
+       krb5_fwd_tgt_creds
+       krb5_get_credentials
+       krb5_get_credentials_renew
+       krb5_get_credentials_validate
+       krb5_get_default_realm
+       krb5_get_host_realm
+       krb5_get_in_tkt
+       krb5_get_in_tkt_with_keytab
+       krb5_get_in_tkt_with_password
+       krb5_get_in_tkt_with_skey
+       krb5_get_init_creds_opt_init
+       krb5_get_init_creds_opt_set_tkt_life
+       krb5_get_init_creds_opt_set_renew_life
+       krb5_get_init_creds_opt_set_forwardable
+       krb5_get_init_creds_opt_set_proxiable
+       krb5_get_init_creds_opt_set_etype_list
+       krb5_get_init_creds_opt_set_address_list
+       krb5_get_init_creds_opt_set_preauth_list
+       krb5_get_init_creds_opt_set_salt
+       krb5_get_init_creds_password
+       krb5_get_init_creds_keytab
+       krb5_get_validated_creds
+       krb5_get_renewed_creds
+       krb5_get_notification_message
+       krb5_get_time_offsets
+       krb5_init_context
+       krb5_mk_error
+       krb5_mk_priv
+       krb5_mk_rep
+       krb5_mk_req
+       krb5_mk_req_extended
+       krb5_mk_safe
+       krb5_os_localaddr
+       krb5_parse_name
+       krb5_principal_compare
+       krb5_get_prompt_types
+       krb5_rd_cred
+       krb5_rd_error
+       krb5_rd_priv
+       krb5_rd_rep
+       krb5_rd_req
+       krb5_rd_safe
+       krb5_read_password
+       krb5_recvauth
+       krb5_sendauth
+       krb5_sname_to_principal
+       krb5_timeofday
+       krb5_unparse_name
+       krb5_unparse_name_ext
+       krb5_free_unparsed_name
+       krb5_us_timeofday
+       krb5_get_server_rcache
+#
+       krb5_use_enctype
+       krb5_checksum_size
+       krb5_encrypt_size
+       krb5_calculate_checksum
+       krb5_verify_checksum
+       krb5_eblock_enctype
+#
+       krb5_decrypt
+       krb5_encrypt
+       krb5_string_to_key
+       krb5_process_key
+       krb5_finish_key
+       krb5_init_random_key
+       krb5_finish_random_key
+       krb5_random_key
+#
+       krb5_425_conv_principal
+       krb5_524_conv_principal
+#
+       krb5_cksumtype_to_string
+       krb5_deltat_to_string
+       krb5_enctype_to_string
+       krb5_salttype_to_string
+       krb5_string_to_cksumtype
+       krb5_string_to_deltat
+       krb5_string_to_enctype
+       krb5_string_to_salttype
+       krb5_string_to_timestamp
+       krb5_timestamp_to_sfstring
+       krb5_timestamp_to_string
+#
+       krb5_auth_con_init
+       krb5_auth_con_free
+       krb5_auth_con_setflags
+       krb5_auth_con_getflags
+       krb5_auth_con_setaddrs
+       krb5_auth_con_getaddrs
+       krb5_auth_con_setports
+       krb5_auth_con_setuseruserkey
+       krb5_auth_con_getkey
+       krb5_auth_con_getlocalsubkey
+       krb5_auth_con_set_req_cksumtype
+       krb5_auth_con_set_safe_cksumtype
+#      krb5_auth_con_getcksumtype                              Why is this missing from sources?
+       krb5_auth_con_getlocalseqnumber
+       krb5_auth_con_getremoteseqnumber
+       krb5_auth_con_initivector
+       krb5_auth_con_getivector
+       krb5_auth_con_setivector
+       krb5_auth_con_setrcache
+       krb5_auth_con_getrcache
+       krb5_auth_con_getremotesubkey
+       krb5_auth_con_getauthenticator
+       krb5_auth_con_genaddrs
+#
+       krb5_cc_default
+       krb5_cc_default_name
+       krb5_cc_register
+       krb5_cc_resolve
+#
+       krb5_kt_default
+       krb5_kt_register
+       krb5_kt_resolve
+       krb5_kt_add_entry
+       krb5_kt_free_entry
+       krb5_kt_read_service_key
+       krb5_kt_remove_entry
+       
+#
+       krb5_change_password
+#
+       krb5_cc_set_default_name
+#
+       krb5_get_profile
+#
+# Added for 1.2:
+       krb5_decode_ticket
diff --git a/src/mac/Kerberos5Lib.pbexp b/src/mac/Kerberos5Lib.pbexp
new file mode 100644 (file)
index 0000000..390f411
--- /dev/null
@@ -0,0 +1,227 @@
+#----------------------------------------------------
+#   Kerberos5Lib.exp
+#
+# Public Kerberos v5 API
+#----------------------------------------------------
+
+        ___initializeK5
+
+# Kerberos 5
+       _krb5_build_principal
+       _krb5_build_principal_ext
+       _krb5_copy_addr
+       _krb5_copy_addresses
+       _krb5_copy_authdata
+       _krb5_copy_authenticator
+       _krb5_copy_checksum
+       _krb5_copy_creds
+       _krb5_copy_data
+       _krb5_copy_keyblock
+       _krb5_copy_keyblock_contents
+       _krb5_copy_principal
+       _krb5_copy_ticket
+       _krb5_decrypt_tkt_part
+       _krb5_free_address
+       _krb5_free_addresses
+       _krb5_free_ap_rep
+       _krb5_free_ap_rep_enc_part
+       _krb5_free_ap_req
+       _krb5_free_authdata
+       _krb5_free_authenticator
+       _krb5_free_authenticator_contents
+       _krb5_free_checksum
+       _krb5_free_context
+       _krb5_free_cred
+       _krb5_free_cred_contents
+       _krb5_free_cred_enc_part
+       _krb5_free_creds
+       _krb5_free_data
+       _krb5_free_data_contents
+       _krb5_free_default_realm
+       _krb5_free_enc_kdc_rep_part
+       _krb5_free_enc_tkt_part
+       _krb5_free_error
+       _krb5_free_host_realm
+       _krb5_free_kdc_rep
+       _krb5_free_kdc_req
+       _krb5_free_keyblock
+       _krb5_free_keyblock_contents
+       _krb5_free_last_req
+       _krb5_free_pa_data
+       _krb5_free_principal
+       _krb5_free_priv
+       _krb5_free_priv_enc_part
+       _krb5_free_pwd_data
+       _krb5_free_pwd_sequences
+       _krb5_free_safe
+       _krb5_free_tgt_creds
+       _krb5_free_ticket
+       _krb5_free_tickets
+       _krb5_free_tkt_authent
+       _krb5_free_checksum_contents
+       _krb5_free_cksumtypes
+       _krb5_fwd_tgt_creds
+       _krb5_get_credentials
+       _krb5_get_credentials_renew
+       _krb5_get_credentials_validate
+       _krb5_get_default_realm
+       _krb5_get_host_realm
+       _krb5_get_in_tkt
+       _krb5_get_in_tkt_with_keytab
+       _krb5_get_in_tkt_with_password
+       _krb5_get_in_tkt_with_skey
+        _krb5_get_init_creds_opt_init
+       _krb5_get_init_creds_opt_set_tkt_life
+       _krb5_get_init_creds_opt_set_renew_life
+       _krb5_get_init_creds_opt_set_forwardable
+       _krb5_get_init_creds_opt_set_proxiable
+       _krb5_get_init_creds_opt_set_etype_list
+       _krb5_get_init_creds_opt_set_address_list
+       _krb5_get_init_creds_opt_set_preauth_list
+       _krb5_get_init_creds_opt_set_salt
+       _krb5_get_init_creds_password
+       _krb5_get_init_creds_keytab
+       _krb5_get_validated_creds
+       _krb5_get_renewed_creds
+       _krb5_get_notification_message
+       _krb5_get_time_offsets
+       _krb5_init_context
+       _krb5_mk_error
+       _krb5_mk_priv
+       _krb5_mk_rep
+       _krb5_mk_req
+       _krb5_mk_req_extended
+       _krb5_mk_safe
+       _krb5_os_localaddr
+       _krb5_parse_name
+       _krb5_principal_compare
+       _krb5_get_prompt_types
+       _krb5_rd_cred
+       _krb5_rd_error
+       _krb5_rd_priv
+       _krb5_rd_rep
+       _krb5_rd_req
+       _krb5_rd_safe
+       _krb5_read_password
+       _krb5_recvauth
+       _krb5_sendauth
+       _krb5_sname_to_principal
+       _krb5_timeofday
+       _krb5_unparse_name
+       _krb5_unparse_name_ext
+       _krb5_free_unparsed_name
+       _krb5_us_timeofday
+       _krb5_get_server_rcache
+#
+       _krb5_use_enctype
+       _krb5_checksum_size
+       _krb5_encrypt_size
+       _krb5_calculate_checksum
+       _krb5_verify_checksum
+       _krb5_eblock_enctype
+#
+       _krb5_decrypt
+       _krb5_encrypt
+       _krb5_string_to_key
+       _krb5_process_key
+       _krb5_finish_key
+       _krb5_init_random_key
+       _krb5_finish_random_key
+       _krb5_random_key
+#
+       _krb5_425_conv_principal
+       _krb5_524_conv_principal
+#
+       _krb5_cksumtype_to_string
+       _krb5_deltat_to_string
+       _krb5_enctype_to_string
+       _krb5_salttype_to_string
+       _krb5_string_to_cksumtype
+       _krb5_string_to_deltat
+       _krb5_string_to_enctype
+       _krb5_string_to_salttype
+       _krb5_string_to_timestamp
+       _krb5_timestamp_to_sfstring
+       _krb5_timestamp_to_string
+#
+       _krb5_auth_con_init
+       _krb5_auth_con_free
+       _krb5_auth_con_setflags
+       _krb5_auth_con_getflags
+       _krb5_auth_con_setaddrs
+       _krb5_auth_con_getaddrs
+       _krb5_auth_con_setports
+       _krb5_auth_con_setuseruserkey
+       _krb5_auth_con_getkey
+       _krb5_auth_con_getlocalsubkey
+       _krb5_auth_con_set_req_cksumtype
+       _krb5_auth_con_set_safe_cksumtype
+#      _krb5_auth_con_getcksumtype                             Why is this missing from sources?
+       _krb5_auth_con_getlocalseqnumber
+       _krb5_auth_con_getremoteseqnumber
+       _krb5_auth_con_initivector
+       _krb5_auth_con_getivector
+       _krb5_auth_con_setivector
+       _krb5_auth_con_setrcache
+       _krb5_auth_con_getrcache
+       _krb5_auth_con_getremotesubkey
+       _krb5_auth_con_getauthenticator
+       _krb5_auth_con_genaddrs
+#
+       _krb5_cc_default
+       _krb5_cc_default_name
+       _krb5_cc_register
+       _krb5_cc_resolve
+#
+       _krb5_kt_default
+       _krb5_kt_register
+       _krb5_kt_resolve
+       _krb5_kt_add_entry
+       _krb5_kt_free_entry
+       _krb5_kt_read_service_key
+       _krb5_kt_remove_entry
+       
+#
+       _krb5_change_password
+#
+       _krb5_cc_set_default_name
+#
+       _krb5_get_profile
+#
+# Added for 1.2:
+       _krb5_decode_ticket
+
+#----------------------------------------------------
+#   PrivateKerberos5Lib.exp
+#
+# Exports from Kerberos v5 library which are not
+# a part of the public API, but are needed by some
+# critical clients. Each call is annotated by the
+# offending client.
+#----------------------------------------------------
+
+       _krb5_size_opaque
+       _krb5_internalize_opaque
+       _krb5_externalize_opaque
+       _krb5_ser_pack_int32
+       _krb5_ser_unpack_int32
+       _krb5_ser_pack_bytes
+       _krb5_ser_unpack_bytes
+       _krb5_ser_auth_context_init
+       _krb5_ser_context_init
+       _krb5_ser_ccache_init
+       _krb5_ser_keytab_init
+       _krb5_ser_rcache_init
+       _decode_krb5_ap_req
+       _krb5_mcc_ops
+       _krb5_c_keyed_checksum_types
+       _krb5_c_random_make_octets
+       _krb5_c_encrypt
+       _krb5_c_make_checksum
+       _krb5_c_decrypt
+       _krb5_c_verify_checksum
+       _krb5_c_block_size
+       _krb5_c_checksum_length
+       _krb5_c_encrypt_length
+       _krb5int_cc_default
+        
\ No newline at end of file
index 95cc9ba29509105b88c5becfa3eda030228b58e4..fad6b317b9bc69819e6cd1404c2f311c3bfc2f07 100644 (file)
@@ -6,14 +6,23 @@ root-folder                                                                                   = ::
 mitsupportlib-root-folder                                                      = {root-folder}:::MITSupportLib:
 mitkerberoslib-root-folder                                                     = {root-folder}:
 makefile-name                                                                          = {root-folder}mac:Makefile
+makefile-dependency                                                                    = #{root-folder}mac:Makefile
 
 library-output-folder                                                          = {root-folder}bin:
 
-library-platform-PPC                                   = .PPC
+library-target-macos9                                  = .9
+library-target-carbon                                  = .CB
 
-library-kind-debug                                             = .debug
+library-kind-debug                                             = d
 library-kind-final                                             =
 
+fragment-name-macos9                                   =
+fragment-name-carbon                                   = ";Carbon"
+fragment-name-debug-macos9                             = ".debug"
+fragment-name-debug-carbon                             = ";Debug"
+fragment-name-final-macos9                             = 
+fragment-name-final-carbon                             = 
+
 ##############################################################################################################
 ###                    Top-level targets -- abstract targets for convenient grouping
 ##############################################################################################################
@@ -22,12 +31,16 @@ library-kind-final                                          =
 all Ã„ unset-echo all-debug all-final
 
 #      Debugging versions
-all-debug Ã„ unset-echo ppc-debug
+all-debug Ã„ unset-echo macos9-debug-build carbon-debug-build
+carbon-debug Ã„ unset-echo carbon-debug-build
+macos9-debug Ã„ unset-echo macos9-debug-build
 
 #      Final versions
-all-final Ã„ unset-echo ppc-final
+all-final Ã„ unset-echo macos9-final-build carbon-final-build
+carbon-final Ã„ unset-echo carbon-final-build
+macos9-final Ã„ unset-echo macos9-final-build
 
-#      Clasic 68K glue
+#      Clasic 69K glue
 glue Ã„ unset-echo glue-gss glue-krb5
 
 unset-echo Ã„
@@ -42,37 +55,49 @@ unset-echo 
 ##############################################################################################################
 
 gss-library-output-folder                                                      = {root-folder}:GSSLib:Binaries:
+privatekrb5-library-output-folder                                      = {root-folder}:Kerberos5Lib:Binaries:
 krb5-library-output-folder                                                     = {root-folder}:Kerberos5Lib:Binaries:
 profile-library-output-folder                                          = {root-folder}:KerberosProfileLib:Binaries:
 comerr-library-output-folder                                           = {root-folder}:ComErrLib:Binaries:
 
 gss-library-name                                                                       = GSSLib
+privatekrb5-library-name                                                       = PrivateKrb5Lib
 krb5-library-name                                                                      = Kerberos5Lib
 profile-library-name                                                           = KrbProfileLib
 comerr-library-name                                                                    = ComErrLib
 
 gss-library-export                                                                     = {root-folder}mac:GSSLibrary.exp
-krb5-library-export                                                                    = {root-folder}mac:K5Library.exp
+privatekrb5-library-export                                                     = {root-folder}mac:PrivateKerberos5Lib.exp
+krb5-library-export                                                                    = {root-folder}mac:Kerberos5Lib.exp
 profile-library-export                                                         = {root-folder}util:profile:profile.exp
 comerr-library-export                                                          = {root-folder}util:et:et.exp
 
 gss-library-fragment-name                                                      = "GSSLibrary"
+gss-library-fragment-name-carbon                                       = "GSSLibrary"
+privatekrb5-library-fragment-name                                      = "MIT KerberosÂ¥PrivateKerberos5Lib"
+privatekrb5-library-fragment-name-carbon                       = "MIT Kerberos;PrivateKerberos5Lib"
 krb5-library-fragment-name                                                     = "MIT KerberosÂ¥Kerberos5Lib"
+krb5-library-fragment-name-carbon                                      = "MIT Kerberos;Kerberos5Lib"
 profile-library-fragment-name                                          = "MIT KerberosÂ¥KerberosProfileLib"
+profile-library-fragment-name-carbon                           = "MIT Kerberos;KerberosProfileLib"
 comerr-library-fragment-name                                           = "MIT KerberosÂ¥ComErrLib"
+comerr-library-fragment-name-carbon                                    = "MIT Kerberos;ComErrLib"
 
 gss-library-main                                                                       = Â¶"¶"
+privatekrb5-library-main                                                       = Â¶"¶"
 krb5-library-main                                                                      = Â¶"¶"
 profile-library-main                                                           = Â¶"¶"
 comerr-library-main                                                                    = Â¶"¶"
 
 gss-library-init                                                                       = __initializeGSS
-krb5-library-init                                                                      = __initializeK5
+privatekrb5-library-init                                                       = __initializeK5
+krb5-library-init                                                                      = Â¶"¶"
 profile-library-init                                                           = InitializeProfileLib
 comerr-library-init                                                                    = __initialize
        
 gss-library-term                                                                       = __terminateGSS
-krb5-library-term                                                                      = __terminateK5
+privatekrb5-library-term                                                       = __terminateK5
+krb5-library-term                                                                      = Â¶"¶"
 profile-library-term                                                           = TerminateProfileLib
 comerr-library-term                                                                    = __terminate
 
@@ -80,9 +105,13 @@ gss-library-current-version                                                 = 1
 gss-library-definition-version                                         = 0
 gss-library-implementation-version                                     = 1
 
-krb5-library-current-version                                           = 2
-krb5-library-definition-version                                                = 2
-krb5-library-implementation-version                                    = 2
+privatekrb5-library-current-version                                    = 5
+privatekrb5-library-definition-version                         = 5
+privatekrb5-library-implementation-version                     = 5
+
+krb5-library-current-version                                           = 5
+krb5-library-definition-version                                                = 5
+krb5-library-implementation-version                                    = 5
 
 profile-library-current-version                                                = 0
 profile-library-definition-version                                     = 0
@@ -98,7 +127,8 @@ comerr-library-implementation-version                                = 0
 
 list-generation-script-working-folder = "{root-folder}mac:"
 list-generation-script-folder = "{root-folder}mac:"
-list-generation-script = "{list-generation-script-folder}macfile_gen.pl"
+list-generation-script = "{list-generation-script-folder}macfile_gen.macpl"
+list-generation-script-source = "{list-generation-script-folder}macfile_gen.pl"
 list-generation-script-root = ".."
 
 all-files-list                                                                 = {root-folder}"All files.list"
@@ -110,17 +140,25 @@ gss-sources-list                                                          = {root-folder}"GSS sources.list"
 krb5-sources-list                                                              = {root-folder}"Krb5 sources.list"
 profile-sources-list                                                   = {root-folder}"Profile sources.list"
 
-gss-objects-ppc-debug-list                                             = {root-folder}"GSS objects PPC debug.list"
-gss-objects-ppc-final-list                                             = {root-folder}"GSS objects PPC final.list"
+gss-objects-macos9-debug-list                                  = {root-folder}"GSS objects 9 debug.list"
+gss-objects-macos9-final-list                                  = {root-folder}"GSS objects 9 final.list"
+gss-objects-carbon-debug-list                                  = {root-folder}"GSS objects CB debug.list"
+gss-objects-carbon-final-list                                  = {root-folder}"GSS objects CB final.list"
 
-krb5-objects-ppc-debug-list                                            = {root-folder}"Krb5 objects PPC debug.list"
-krb5-objects-ppc-final-list                                            = {root-folder}"Krb5 objects PPC final.list"
+krb5-objects-macos9-debug-list                                 = {root-folder}"Krb5 objects 9 debug.list"
+krb5-objects-macos9-final-list                                 = {root-folder}"Krb5 objects 9 final.list"
+krb5-objects-carbon-debug-list                                 = {root-folder}"Krb5 objects CB debug.list"
+krb5-objects-carbon-final-list                                 = {root-folder}"Krb5 objects CB final.list"
 
-profile-objects-ppc-debug-list                                 = {root-folder}"Profile objects PPC debug.list"
-profile-objects-ppc-final-list                                 = {root-folder}"Profile objects PPC final.list"
+profile-objects-macos9-debug-list                              = {root-folder}"Profile objects 9 debug.list"
+profile-objects-macos9-final-list                              = {root-folder}"Profile objects 9 final.list"
+profile-objects-carbon-debug-list                              = {root-folder}"Profile objects CB debug.list"
+profile-objects-carbon-final-list                              = {root-folder}"Profile objects CB final.list"
 
-comerr-objects-ppc-debug-list                                  = {root-folder}"ComErr objects PPC debug.list"
-comerr-objects-ppc-final-list                                  = {root-folder}"ComErr objects PPC final.list"
+comerr-objects-macos9-debug-list                               = {root-folder}"ComErr objects 9 debug.list"
+comerr-objects-macos9-final-list                               = {root-folder}"ComErr objects 9 final.list"
+comerr-objects-carbon-debug-list                               = {root-folder}"ComErr objects CB debug.list"
+comerr-objects-carbon-final-list                               = {root-folder}"ComErr objects CB final.list"
 
 all-lists = Â¶
        {all-files-list} Â¶
@@ -129,83 +167,128 @@ all-lists = 
        {include-folders-list} Â¶
        {gss-sources-list} Â¶
        {krb5-sources-list} Â¶
-       {gss-objects-ppc-debug-list} Â¶
-       {gss-objects-ppc-final-list} Â¶
-       {krb5-objects-ppc-debug-list} Â¶
-       {krb5-objects-ppc-final-list} Â¶
-       {profile-objects-ppc-debug-list} Â¶
-       {profile-objects-ppc-final-list} Â¶
-       {comerr-objects-ppc-debug-list} Â¶
-       {comerr-objects-ppc-final-list}
+       {gss-objects-macos9-debug-list} Â¶
+       {gss-objects-macos9-final-list} Â¶
+       {gss-objects-carbon-debug-list} Â¶
+       {gss-objects-carbon-final-list} Â¶
+       {krb5-objects-macos9-debug-list} Â¶
+       {krb5-objects-macos9-final-list} Â¶
+       {krb5-objects-carbon-debug-list} Â¶
+       {krb5-objects-carbon-final-list} Â¶
+       {profile-objects-macos9-debug-list} Â¶
+       {profile-objects-macos9-final-list} Â¶
+       {profile-objects-carbon-debug-list} Â¶
+       {profile-objects-carbon-final-list} Â¶
+       {comerr-objects-macos9-debug-list} Â¶
+       {comerr-objects-macos9-final-list} Â¶
+       {comerr-objects-carbon-debug-list} Â¶
+       {comerr-objects-carbon-final-list}
 
 file-lists Ã„ {all-lists}
 
+{list-generation-script} Ã„ {list-generation-script-source}
+       perl -p -e 's/\r/\n/g;' < {list-generation-script-source} > {list-generation-script}
+
 # Note that even though the list generation script tries to have a mechanism allowing you to run it
 # in different directories, it actually doesn't work too well because it wants a UNIX-style relative
 # path to root Makefile.in. This is why we run it with -x to specify the root.
 
-{all-files-list} Ã„ {list-generation-script} {makefile-name}
+{all-files-list} Ã„ {list-generation-script} {makefile-dependency}
        perl -x"{list-generation-script-working-folder}" {list-generation-script} all-files {list-generation-script-root} Â¶
  > {Targ}
 
-{all-sources-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
+{all-sources-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
        perl -x"{list-generation-script-working-folder}" {list-generation-script} all-sources {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{all-folders-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
+{all-folders-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
        perl -x"{list-generation-script-working-folder}" {list-generation-script} all-folders {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{include-folders-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
+{include-folders-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
        perl -x"{list-generation-script-working-folder}" {list-generation-script} include-folders {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{gss-sources-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
+{gss-sources-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
        perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-sources {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{krb5-sources-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
+{krb5-sources-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
        perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-sources {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{gss-objects-ppc-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
-       perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-ppc-debug {list-generation-script-root} Â¶
+{gss-objects-macos9-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-macos9-debug {list-generation-script-root} Â¶
+ < {all-files-list} > {Targ}
+
+{gss-objects-macos9-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-macos9-final {list-generation-script-root} Â¶
+ < {all-files-list} > {Targ}
+
+{gss-objects-carbon-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-carbon-debug {list-generation-script-root} Â¶
+ < {all-files-list} > {Targ}
+
+{gss-objects-carbon-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-carbon-final {list-generation-script-root} Â¶
+ < {all-files-list} > {Targ}
+
+{krb5-objects-macos9-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-macos9-debug {list-generation-script-root} Â¶
+ < {all-files-list} > {Targ}
+
+{krb5-objects-macos9-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-macos9-final {list-generation-script-root} Â¶
+ < {all-files-list} > {Targ}
+
+{krb5-objects-carbon-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-carbon-debug {list-generation-script-root} Â¶
+ < {all-files-list} > {Targ}
+
+{krb5-objects-carbon-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-carbon-final {list-generation-script-root} Â¶
+ < {all-files-list} > {Targ}
+
+{profile-objects-macos9-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-macos9-debug {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{gss-objects-ppc-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
-       perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-ppc-final {list-generation-script-root} Â¶
+{profile-objects-macos9-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-macos9-final {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{krb5-objects-ppc-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
-       perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-ppc-debug {list-generation-script-root} Â¶
+{profile-objects-carbon-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-carbon-debug {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{krb5-objects-ppc-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
-       perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-ppc-final {list-generation-script-root} Â¶
+{profile-objects-carbon-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-carbon-final {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{profile-objects-ppc-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
-       perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-ppc-debug {list-generation-script-root} Â¶
+{comerr-objects-macos9-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-macos9-debug {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{profile-objects-ppc-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
-       perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-ppc-final {list-generation-script-root} Â¶
+{comerr-objects-macos9-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-macos9-final {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{comerr-objects-ppc-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
-       perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-ppc-debug {list-generation-script-root} Â¶
+{comerr-objects-carbon-debug-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-carbon-debug {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
-{comerr-objects-ppc-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-name}
-       perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-ppc-final {list-generation-script-root} Â¶
+{comerr-objects-carbon-final-list} Ã„ {all-files-list} {list-generation-script} {makefile-dependency}
+       perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-carbon-final {list-generation-script-root} Â¶
  < {all-files-list} > {Targ}
 
 ##############################################################################################################
 ###                    Autogenerated files
 ##############################################################################################################
 
-autogeneration-h-script = {root-folder}util:et:et_h.perl
-autogeneration-c-script = {root-folder}util:et:et_c.perl
+autogeneration-h-script = {root-folder}util:et:et_h.macpl
+autogeneration-h-script-source = {root-folder}util:et:et_h.pl
+autogeneration-c-script = {root-folder}util:et:et_c.macpl
+autogeneration-c-script-source = {root-folder}util:et:et_c.pl
 
 autogenerated-files = Â¶
        {root-folder}include:asn1_err.h Â¶
@@ -228,60 +311,81 @@ autogenerated-files = 
        {root-folder}util:profile:profile.h Â¶
        {root-folder}include:profile.h Â¶
        {root-folder}include:krb5:osconf.h Â¶
-       {root-folder}lib:gssapi:generic:gssapi.h Â¶
-       {root-folder}include:autoconf.h
+       {root-folder}lib:gssapi:generic:gssapi.h
 
 ###                    error table headers
 
-{root-folder}include:asn1_err.h Ã„ {root-folder}lib:krb5:error_tables:asn1_err.et {makefile-name} {autogeneration-h-script}
-       perl {autogeneration-h-script} outfile="{root-folder}include:asn1_err.h" < "{root-folder}lib:krb5:error_tables:asn1_err.et"
+{autogeneration-h-script} Ã„ {autogeneration-h-script-source}
+       perl -p -e 's/\r/\n/g;' < {autogeneration-h-script-source} > {autogeneration-h-script}
+
+{root-folder}include:asn1_err.h Ã„ {root-folder}lib:krb5:error_tables:asn1_err.et {makefile-dependency} {autogeneration-h-script}
+       Catenate {root-folder}lib:krb5:error_tables:asn1_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-h-script} outfile="{root-folder}include:asn1_err.h"
 
-{root-folder}include:kdb5_err.h Ã„ {root-folder}lib:krb5:error_tables:kdb5_err.et {makefile-name} {autogeneration-h-script}
-       perl {autogeneration-h-script} outfile="{root-folder}include:kdb5_err.h" < "{root-folder}lib:krb5:error_tables:kdb5_err.et"
+{root-folder}include:kdb5_err.h Ã„ {root-folder}lib:krb5:error_tables:kdb5_err.et {makefile-dependency} {autogeneration-h-script}
+       Catenate {root-folder}lib:krb5:error_tables:kdb5_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-h-script} outfile="{root-folder}include:kdb5_err.h"
 
-{root-folder}include:krb5_err.h Ã„ {root-folder}lib:krb5:error_tables:krb5_err.et {makefile-name} {autogeneration-h-script}
-       perl {autogeneration-h-script} outfile="{root-folder}include:krb5_err.h" < "{root-folder}lib:krb5:error_tables:krb5_err.et"
+{root-folder}include:krb5_err.h Ã„ {root-folder}lib:krb5:error_tables:krb5_err.et {makefile-dependency} {autogeneration-h-script}
+       Catenate {root-folder}lib:krb5:error_tables:krb5_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-h-script} outfile="{root-folder}include:krb5_err.h"
 
-{root-folder}include:kv5m_err.h Ã„ {root-folder}lib:krb5:error_tables:kv5m_err.et {makefile-name} {autogeneration-h-script}
-       perl {autogeneration-h-script} outfile="{root-folder}include:kv5m_err.h" < "{root-folder}lib:krb5:error_tables:kv5m_err.et"
+{root-folder}include:kv5m_err.h Ã„ {root-folder}lib:krb5:error_tables:kv5m_err.et {makefile-dependency} {autogeneration-h-script}
+       Catenate {root-folder}lib:krb5:error_tables:kv5m_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-h-script} outfile="{root-folder}include:kv5m_err.h"
 
-{root-folder}include:adm_err.h Ã„ {root-folder}lib:krb5:error_tables:adm_err.et {makefile-name} {autogeneration-h-script}
-       perl {autogeneration-h-script} outfile="{root-folder}include:adm_err.h" < "{root-folder}lib:krb5:error_tables:adm_err.et"
+{root-folder}include:adm_err.h Ã„ {root-folder}lib:krb5:error_tables:adm_err.et {makefile-dependency} {autogeneration-h-script}
+       Catenate {root-folder}lib:krb5:error_tables:adm_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-h-script} outfile="{root-folder}include:adm_err.h" 
        
-{root-folder}lib:gssapi:generic:gssapi_err_generic.h Ã„ {root-folder}lib:gssapi:generic:gssapi_err_generic.et {makefile-name} {autogeneration-h-script}
-       perl {autogeneration-h-script} outfile="{root-folder}lib:gssapi:generic:gssapi_err_generic.h" < "{root-folder}lib:gssapi:generic:gssapi_err_generic.et"
+{root-folder}lib:gssapi:generic:gssapi_err_generic.h Ã„ {root-folder}lib:gssapi:generic:gssapi_err_generic.et {makefile-dependency} {autogeneration-h-script}
+       Catenate {root-folder}lib:gssapi:generic:gssapi_err_generic.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-h-script} outfile="{root-folder}lib:gssapi:generic:gssapi_err_generic.h"
        
-{root-folder}lib:gssapi:krb5:gssapi_err_krb5.h Ã„ {root-folder}lib:gssapi:krb5:gssapi_err_krb5.et {makefile-name} {autogeneration-h-script}
-       perl {autogeneration-h-script} outfile="{root-folder}lib:gssapi:krb5:gssapi_err_krb5.h" < "{root-folder}lib:gssapi:krb5:gssapi_err_krb5.et"
+{root-folder}lib:gssapi:krb5:gssapi_err_krb5.h Ã„ {root-folder}lib:gssapi:krb5:gssapi_err_krb5.et {makefile-dependency} {autogeneration-h-script}
+       Catenate {root-folder}lib:gssapi:krb5:gssapi_err_krb5.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-h-script} outfile="{root-folder}lib:gssapi:krb5:gssapi_err_krb5.h"
 
-{root-folder}util:profile:prof_err.h Ã„ {root-folder}util:profile:prof_err.et {makefile-name} {autogeneration-h-script}
-       perl {autogeneration-h-script} outfile="{root-folder}util:profile:prof_err.h" < "{root-folder}util:profile:prof_err.et"
+{root-folder}util:profile:prof_err.h Ã„ {root-folder}util:profile:prof_err.et {makefile-dependency} {autogeneration-h-script}
+       Catenate {root-folder}util:profile:prof_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-h-script} outfile="{root-folder}util:profile:prof_err.h"
 
 ###                    error table sources
 
-{root-folder}lib:krb5:error_tables:asn1_err.c Ã„ {root-folder}lib:krb5:error_tables:asn1_err.et {makefile-name} {autogeneration-c-script}
-       perl {autogeneration-c-script} outfile="{root-folder}lib:krb5:error_tables:asn1_err.c" < "{root-folder}lib:krb5:error_tables:asn1_err.et"
+{autogeneration-c-script} Ã„ {autogeneration-c-script-source}
+       perl -p -e 's/\r/\n/g;' < {autogeneration-c-script-source} > {autogeneration-c-script}
 
-{root-folder}lib:krb5:error_tables:kdb5_err.c Ã„ {root-folder}lib:krb5:error_tables:kdb5_err.et {makefile-name} {autogeneration-c-script}
-       perl {autogeneration-c-script} outfile="{root-folder}lib:krb5:error_tables:kdb5_err.c" < "{root-folder}lib:krb5:error_tables:kdb5_err.et"
+{root-folder}lib:krb5:error_tables:asn1_err.c Ã„ {root-folder}lib:krb5:error_tables:asn1_err.et {makefile-dependency} {autogeneration-c-script}
+       Catenate {root-folder}lib:krb5:error_tables:asn1_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-c-script} outfile="{root-folder}lib:krb5:error_tables:asn1_err.c"
 
-{root-folder}lib:krb5:error_tables:krb5_err.c Ã„ {root-folder}lib:krb5:error_tables:krb5_err.et {makefile-name} {autogeneration-c-script}
-       perl {autogeneration-c-script} outfile="{root-folder}lib:krb5:error_tables:krb5_err.c" < "{root-folder}lib:krb5:error_tables:krb5_err.et"
+{root-folder}lib:krb5:error_tables:kdb5_err.c Ã„ {root-folder}lib:krb5:error_tables:kdb5_err.et {makefile-dependency} {autogeneration-c-script}
+       Catenate {root-folder}lib:krb5:error_tables:kdb5_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-c-script} outfile="{root-folder}lib:krb5:error_tables:kdb5_err.c"
 
-{root-folder}lib:krb5:error_tables:kv5m_err.c Ã„ {root-folder}lib:krb5:error_tables:kv5m_err.et {makefile-name} {autogeneration-c-script}
-       perl {autogeneration-c-script} outfile="{root-folder}lib:krb5:error_tables:kv5m_err.c" < "{root-folder}lib:krb5:error_tables:kv5m_err.et"
+{root-folder}lib:krb5:error_tables:krb5_err.c Ã„ {root-folder}lib:krb5:error_tables:krb5_err.et {makefile-dependency} {autogeneration-c-script}
+       Catenate {root-folder}lib:krb5:error_tables:krb5_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-c-script} outfile="{root-folder}lib:krb5:error_tables:krb5_err.c"
 
-{root-folder}lib:krb5:error_tables:adm_err.c Ã„ {root-folder}lib:krb5:error_tables:adm_err.et {makefile-name} {autogeneration-c-script}
-       perl {autogeneration-c-script} outfile="{root-folder}lib:krb5:error_tables:adm_err.c" < "{root-folder}lib:krb5:error_tables:adm_err.et"
+{root-folder}lib:krb5:error_tables:kv5m_err.c Ã„ {root-folder}lib:krb5:error_tables:kv5m_err.et {makefile-dependency} {autogeneration-c-script}
+       Catenate {root-folder}lib:krb5:error_tables:kv5m_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-c-script} outfile="{root-folder}lib:krb5:error_tables:kv5m_err.c"
 
-{root-folder}lib:gssapi:generic:gssapi_err_generic.c Ã„ {root-folder}lib:gssapi:generic:gssapi_err_generic.et {makefile-name} {autogeneration-c-script}
-       perl {autogeneration-c-script} outfile="{root-folder}lib:gssapi:generic:gssapi_err_generic.c" < "{root-folder}lib:gssapi:generic:gssapi_err_generic.et"
+{root-folder}lib:krb5:error_tables:adm_err.c Ã„ {root-folder}lib:krb5:error_tables:adm_err.et {makefile-dependency} {autogeneration-c-script}
+       Catenate {root-folder}lib:krb5:error_tables:adm_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-c-script} outfile="{root-folder}lib:krb5:error_tables:adm_err.c"
 
-{root-folder}lib:gssapi:krb5:gssapi_err_krb5.c Ã„ {root-folder}lib:gssapi:krb5:gssapi_err_krb5.et {makefile-name} {autogeneration-c-script}
-       perl {autogeneration-c-script} outfile="{root-folder}lib:gssapi:krb5:gssapi_err_krb5.c" < "{root-folder}lib:gssapi:krb5:gssapi_err_krb5.et"
+{root-folder}lib:gssapi:generic:gssapi_err_generic.c Ã„ {root-folder}lib:gssapi:generic:gssapi_err_generic.et {makefile-dependency} {autogeneration-c-script}
+       Catenate {root-folder}lib:gssapi:generic:gssapi_err_generic.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-c-script} outfile="{root-folder}lib:gssapi:generic:gssapi_err_generic.c"
 
-{root-folder}util:profile:prof_err.c Ã„ {root-folder}util:profile:prof_err.et {makefile-name} {autogeneration-c-script}
-       perl {autogeneration-c-script} outfile="{root-folder}util:profile:prof_err.c" < "{root-folder}util:profile:prof_err.et"
+{root-folder}lib:gssapi:krb5:gssapi_err_krb5.c Ã„ {root-folder}lib:gssapi:krb5:gssapi_err_krb5.et {makefile-dependency} {autogeneration-c-script}
+       Catenate {root-folder}lib:gssapi:krb5:gssapi_err_krb5.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-c-script} outfile="{root-folder}lib:gssapi:krb5:gssapi_err_krb5.c"
+
+{root-folder}util:profile:prof_err.c Ã„ {root-folder}util:profile:prof_err.et {makefile-dependency} {autogeneration-c-script}
+       Catenate {root-folder}util:profile:prof_err.et | perl -p -e 's/\r/\n/g;' | Catenate | Â¶
+               perl {autogeneration-c-script} outfile="{root-folder}util:profile:prof_err.c"
 
 ###                    other autogenerated files
 
@@ -289,26 +393,27 @@ autogenerated-files = 
        {root-folder}include:kdb5_err.h {root-folder}include:kv5m_err.h {root-folder}include:asn1_err.h
        Catenate {root-folder}include:krb5.hin {root-folder}include:krb5_err.h {root-folder}include:kdb5_err.h Â¶
        {root-folder}include:kv5m_err.h {root-folder}include:asn1_err.h > {root-folder}include:krb5.h
+       Catenate {root-folder}include:krb5.h | perl -p -e 's/\n/\r/g;' | Catenate > {root-folder}include:krb5.h
        
 {root-folder}util:profile:profile.h Ã„ {root-folder}util:profile:profile.hin {root-folder}util:profile:prof_err.h
        Catenate {root-folder}util:profile:profile.hin {root-folder}util:profile:prof_err.h > {root-folder}util:profile:profile.h
+       Catenate {root-folder}util:profile:profile.h | perl -p -e 's/\n/\r/g;' | Catenate > {root-folder}util:profile:profile.h
        
 {root-folder}include:profile.h Ã„ {root-folder}util:profile:profile.h
        Catenate {root-folder}util:profile:profile.h > {root-folder}include:profile.h
+       Catenate {root-folder}include:profile.h | perl -p -e 's/\n/\r/g;' | Catenate > {root-folder}include:profile.h
        SetFile -a l "{Targ}"
 
 {root-folder}include:krb5:osconf.h Ã„ {root-folder}include:krb5:stock:osconf.h
        Catenate {root-folder}include:krb5:stock:osconf.h > {root-folder}include:krb5:osconf.h
+       Catenate {root-folder}include:krb5:osconf.h | perl -p -e 's/\n/\r/g;' | Catenate > {root-folder}include:krb5:osconf.h
        SetFile -a l "{Targ}"
 
 {root-folder}lib:gssapi:generic:gssapi.h Ã„ {root-folder}lib:gssapi:generic:gssapi.hin
        Catenate {root-folder}lib:gssapi:generic:gssapi.hin > {root-folder}lib:gssapi:generic:gssapi.h
+       Catenate {root-folder}lib:gssapi:generic:gssapi.h | perl -p -e 's/\n/\r/g;' | Catenate > {root-folder}lib:gssapi:generic:gssapi.h
        SetFile -a l "{Targ}"
        
-{root-folder}include:autoconf.h Ã„ {root-folder}mac:libraries:autoconf.h
-       Catenate {root-folder}mac:libraries:autoconf.h > {root-folder}include:autoconf.h
-       SetFile -a l "{Targ}"
-
 ##############################################################################################################
 ###                    High-level abstract targets -- this is where we decide on options
 ##############################################################################################################
@@ -360,90 +465,189 @@ autogenerated-files = 
 ###            General
 ###                    library-linker                                                                  -- linker to use
 ###                    autogenerated-files                                                             -- list of autogenerated files
-###                    library-platform                                                                -- platform name (68K or PPC)
-###                    library-kind                                                                    -- library kind (".debug" or "")
-###                    object-suffix                                                                   -- object file suffix (.ppcf.o, .ppcd.o, .68kf.o, .68kd.o)
-###                    object-suffix-data                                                              -- object file suffix fdor data libraries (.ppc.o, .68k.o)
+###                    library-target                                                                  -- platform name (Mac OS 9 or Carbon)
+###                    library-kind                                                                    -- library kind (debug on non-debug)
+###                    object-suffix                                                                   -- object file suffix (.9d.o, .CBd.o, .9.o, .CB.o)
+###                    object-suffix-data                                                              -- object file suffix for data libraries (.9.o, .CB.o)
 
 
 ### The following variables are platform- or kind-specific, but constant
 
-clib-ppc-debug                                         = {mitsupportlib-root-folder}CLib:Binaries:CLib.PPC.debug
-clib-ppc-final                                         = {mitsupportlib-root-folder}CLib:Binaries:CLib.PPC
-
-runtimelib-ppc-debug                           = {mitsupportlib-root-folder}RuntimeLib:Binaries:RuntimeLib.PPC.debug
-runtimelib-ppc-final                           = {mitsupportlib-root-folder}RuntimeLib:Binaries:RuntimeLib.PPC
-
-runtimelib-static-ppc-debug                    = {mitsupportlib-root-folder}"RuntimeLib:Binaries:ShlibRuntime.Lib.PPC.debug"
-runtimelib-static-ppc-final                    = {mitsupportlib-root-folder}"RuntimeLib:Binaries:ShlibRuntime.Lib.PPC"
-
-standard-libraries-ppc-debug                   = Â¶
-       "{clib-ppc-debug}" Â¶
-       "{runtimelib-ppc-debug}" Â¶
-       "{runtimelib-static-ppc-debug}" Â¶
+clib-macos9-debug                                      = {mitsupportlib-root-folder}CLib:Binaries:CLib.9d
+clib-macos9-final                                      = {mitsupportlib-root-folder}CLib:Binaries:CLib.9
+clib-carbon-debug                                      = {mitsupportlib-root-folder}CLib:Binaries:CLib.CBd
+clib-carbon-final                                      = {mitsupportlib-root-folder}CLib:Binaries:CLib.CB
+
+runtimelib-macos9-debug                                = {mitsupportlib-root-folder}RuntimeLib:Binaries:RuntimeLib.9d
+runtimelib-macos9-final                                = {mitsupportlib-root-folder}RuntimeLib:Binaries:RuntimeLib.9
+runtimelib-carbon-debug                                = {mitsupportlib-root-folder}RuntimeLib:Binaries:RuntimeLib.CBd
+runtimelib-carbon-final                                = {mitsupportlib-root-folder}RuntimeLib:Binaries:RuntimeLib.CB
+
+runtimelib-static-macos9-debug         = {mitsupportlib-root-folder}"RuntimeLib:Binaries:Runtime.9d.lib"
+runtimelib-static-macos9-final         = {mitsupportlib-root-folder}"RuntimeLib:Binaries:Runtime.9.lib"
+runtimelib-static-carbon-debug         = {mitsupportlib-root-folder}"RuntimeLib:Binaries:Runtime.CBd.lib"
+runtimelib-static-carbon-final         = {mitsupportlib-root-folder}"RuntimeLib:Binaries:Runtime.CB.lib"
+
+standard-libraries-macos9-debug                        = Â¶
+       "{clib-macos9-debug}" Â¶
+       "{runtimelib-macos9-debug}" Â¶
+       "{runtimelib-static-macos9-debug}" Â¶
        Â¶"{SharedLibraries}InterfaceLib¶" Â¶
        Â¶"{SharedLibraries}MathLib¶"
-standard-libraries-ppc-final                   = Â¶
-       "{clib-ppc-final}" Â¶
-       "{runtimelib-ppc-final}" Â¶
-       "{runtimelib-static-ppc-final}" Â¶
+standard-libraries-macos9-final                        = Â¶
+       "{clib-macos9-final}" Â¶
+       "{runtimelib-macos9-final}" Â¶
+       "{runtimelib-static-macos9-final}" Â¶
        Â¶"{SharedLibraries}InterfaceLib¶" Â¶
        Â¶"{SharedLibraries}MathLib¶"
-
-ccachelib-ppc-debug                                            = {mitkerberoslib-root-folder}CCacheLib:Binaries:CCacheLib.PPC.debug
-ccachelib-ppc-final                                            = {mitkerberoslib-root-folder}CCacheLib:Binaries:CCacheLib.PPC
-
-socketslib-ppc-debug                                   = {mitsupportlib-root-folder}SocketsLib:Binaries:SocketsLib.PPC.debug
-socketslib-ppc-final                                   = {mitsupportlib-root-folder}SocketsLib:Binaries:SocketsLib.PPC
-
-errorlib-ppc-debug                                             = {mitsupportlib-root-folder}ErrorLib:Binaries:ErrorLib.PPC.debug
-errorlib-ppc-final                                             = {mitsupportlib-root-folder}ErrorLib:Binaries:ErrorLib.PPC
-
-object-suffix-ppc-debug                                        = .ppcd.o
-object-suffix-ppc-final                                        = .ppcf.o
-object-suffix-ppc-data                                 = .ppc.o
-
-gss-library-libraries-ppc-debug = Â¶
-       {standard-libraries-ppc-debug} Â¶
-       {krb5-library-output-folder}{krb5-library-name}{library-platform-ppc}{library-kind-debug} Â¶
-       {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-debug} Â¶
-       {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-debug}
-gss-library-libraries-ppc-final = Â¶
-       {standard-libraries-ppc-final} Â¶
-       {krb5-library-output-folder}{krb5-library-name}{library-platform-ppc}{library-kind-final} Â¶
-       {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-final} Â¶
-       {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-final}
-
-krb5-library-libraries-ppc-debug = Â¶
-       {standard-libraries-ppc-debug} Â¶
-       {ccachelib-ppc-debug} Â¶
-       {socketslib-ppc-debug} Â¶
-       {errorlib-ppc-debug} Â¶
-       {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-debug} Â¶
-       {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-debug} Â¶
-       Â¶"{PPCLibraries}PPCMath64Lib.o¶" Â¶
-       Â¶"{SharedLibraries}DriverServicesLib¶"
-krb5-library-libraries-ppc-final = Â¶
-       {standard-libraries-ppc-final} Â¶
-       {ccachelib-ppc-final} Â¶
-       {socketslib-ppc-final} Â¶
-       {errorlib-ppc-final} Â¶
-       {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-final} Â¶
-       {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-final} Â¶
-       Â¶"{PPCLibraries}PPCMath64Lib.o¶" Â¶
-       Â¶"{SharedLibraries}DriverServicesLib¶"
-
-profile-library-libraries-ppc-debug = Â¶
-       {standard-libraries-ppc-debug} Â¶
-       {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-debug}
-profile-library-libraries-ppc-final = Â¶
-       {standard-libraries-ppc-final} Â¶
-       {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-final}
-
-comerr-library-libraries-ppc-debug = Â¶
-       {standard-libraries-ppc-debug} {errorlib-ppc-debug}
-comerr-library-libraries-ppc-final = Â¶
-       {standard-libraries-ppc-final} {errorlib-ppc-final}
+standard-libraries-carbon-debug                        = Â¶
+       "{clib-carbon-debug}" Â¶
+       "{runtimelib-carbon-debug}" Â¶
+       "{runtimelib-static-carbon-debug}" Â¶
+       Â¶"{SharedLibraries}CarbonLib¶"
+standard-libraries-carbon-final                        = Â¶
+       "{clib-carbon-final}" Â¶
+       "{runtimelib-carbon-final}" Â¶
+       "{runtimelib-static-carbon-final}" Â¶
+       Â¶"{SharedLibraries}CarbonLib¶"
+
+ccachelib-macos9-debug                                 = {mitkerberoslib-root-folder}CCacheLib:Binaries:CCacheLib.9d
+ccachelib-macos9-final                                 = {mitkerberoslib-root-folder}CCacheLib:Binaries:CCacheLib.9
+ccachelib-carbon-debug                                 = {mitkerberoslib-root-folder}CCacheLib:Binaries:CCacheLib.CBd
+ccachelib-carbon-final                                 = {mitkerberoslib-root-folder}CCacheLib:Binaries:CCacheLib.CB
+
+loginlib-macos9-debug                                  = {mitkerberoslib-root-folder}LoginLib:Binaries:KrbLoginLib.stub.9d
+loginlib-macos9-final                                  = {mitkerberoslib-root-folder}LoginLib:Binaries:KrbLoginLib.stub.9
+loginlib-carbon-debug                                  = {mitkerberoslib-root-folder}LoginLib:Binaries:KrbLoginLib.stub.CBd
+loginlib-carbon-final                                  = {mitkerberoslib-root-folder}LoginLib:Binaries:KrbLoginLib.stub.CB
+
+preferenceslib-macos9-debug                            = {mitkerberoslib-root-folder}PreferencesLib:Binaries:PreferencesLib.9d
+preferenceslib-macos9-final                            = {mitkerberoslib-root-folder}PreferencesLib:Binaries:PreferencesLib.9
+preferenceslib-carbon-debug                            = {mitkerberoslib-root-folder}PreferencesLib:Binaries:PreferencesLib.CBd
+preferenceslib-carbon-final                            = {mitkerberoslib-root-folder}PreferencesLib:Binaries:PreferencesLib.CB
+
+socketslib-macos9-debug                                        = {mitsupportlib-root-folder}SocketsLib:Binaries:SocketsLib.9d
+socketslib-macos9-final                                        = {mitsupportlib-root-folder}SocketsLib:Binaries:SocketsLib.9
+socketslib-carbon-debug                                        = {mitsupportlib-root-folder}SocketsLib:Binaries:SocketsLib.CBd
+socketslib-carbon-final                                        = {mitsupportlib-root-folder}SocketsLib:Binaries:SocketsLib.CB
+
+errorlib-macos9-debug                                  = {mitsupportlib-root-folder}ErrorLib:Binaries:ErrorLib.9d
+errorlib-macos9-final                                  = {mitsupportlib-root-folder}ErrorLib:Binaries:ErrorLib.9
+errorlib-carbon-debug                                  = {mitsupportlib-root-folder}ErrorLib:Binaries:ErrorLib.CBd
+errorlib-carbon-final                                  = {mitsupportlib-root-folder}ErrorLib:Binaries:ErrorLib.CB
+
+utilitieslib-macos9-debug                              = {mitsupportlib-root-folder}UtilitiesLib:Binaries:UtilitiesLib.9d
+utilitieslib-macos9-final                              = {mitsupportlib-root-folder}UtilitiesLib:Binaries:UtilitiesLib.9
+utilitieslib-carbon-debug                              = {mitsupportlib-root-folder}UtilitiesLib:Binaries:UtilitiesLib.CBd
+utilitieslib-carbon-final                              = {mitsupportlib-root-folder}UtilitiesLib:Binaries:UtilitiesLib.CB
+
+object-suffix-macos9-debug                             = .9d.o
+object-suffix-macos9-final                             = .9.o
+object-suffix-macos9-data                              = .9.o
+object-suffix-carbon-debug                             = .CBd.o
+object-suffix-carbon-final                             = .CB.o
+object-suffix-carbon-data                              = .CB.o
+
+gss-library-libraries-macos9-debug = Â¶
+       {standard-libraries-macos9-debug} Â¶
+       {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-target-macos9}{library-kind-debug} Â¶
+       {profile-library-output-folder}{profile-library-name}{library-target-macos9}{library-kind-debug} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-macos9}{library-kind-debug}
+gss-library-libraries-macos9-final = Â¶
+       {standard-libraries-macos9-final} Â¶
+       {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-target-macos9}{library-kind-final} Â¶
+       {profile-library-output-folder}{profile-library-name}{library-target-macos9}{library-kind-final} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-macos9}{library-kind-final}
+gss-library-libraries-carbon-debug = Â¶
+       {standard-libraries-carbon-debug} Â¶
+       {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-target-carbon}{library-kind-debug} Â¶
+       {profile-library-output-folder}{profile-library-name}{library-target-carbon}{library-kind-debug} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-carbon}{library-kind-debug}
+gss-library-libraries-carbon-final = Â¶
+       {standard-libraries-carbon-final} Â¶
+       {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-target-carbon}{library-kind-final} Â¶
+       {profile-library-output-folder}{profile-library-name}{library-target-carbon}{library-kind-final} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-carbon}{library-kind-final}
+
+krb5-library-libraries-macos9-debug = Â¶
+       {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-target-macos9}{library-kind-debug}
+krb5-library-libraries-macos9-final = Â¶
+       {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-target-macos9}{library-kind-final}
+krb5-library-libraries-carbon-debug = Â¶
+       {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-target-carbon}{library-kind-debug}
+krb5-library-libraries-carbon-final = Â¶
+       {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-target-carbon}{library-kind-final}
+
+privatekrb5-library-libraries-macos9-debug = Â¶
+       Â¶"{SharedLibraries}DriverServicesLib¶" Â¶
+       {standard-libraries-macos9-debug} Â¶
+       {utilitieslib-macos9-debug} Â¶
+       {ccachelib-macos9-debug} Â¶
+       {preferenceslib-macos9-debug} Â¶
+       {loginlib-macos9-debug} Â¶
+       {socketslib-macos9-debug} Â¶
+       {errorlib-macos9-debug} Â¶
+       {profile-library-output-folder}{profile-library-name}{library-target-macos9}{library-kind-debug} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-macos9}{library-kind-debug} Â¶
+       Â¶"{PPCLibraries}PPCMath64Lib.o¶"
+privatekrb5-library-libraries-macos9-final = Â¶
+       Â¶"{SharedLibraries}DriverServicesLib¶" Â¶
+       {standard-libraries-macos9-final} Â¶
+       {utilitieslib-macos9-final} Â¶
+       {ccachelib-macos9-final} Â¶
+       {preferenceslib-macos9-final} Â¶
+       {loginlib-macos9-final} Â¶
+       {socketslib-macos9-final} Â¶
+       {errorlib-macos9-final} Â¶
+       {profile-library-output-folder}{profile-library-name}{library-target-macos9}{library-kind-final} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-macos9}{library-kind-final} Â¶
+       Â¶"{PPCLibraries}PPCMath64Lib.o¶"
+privatekrb5-library-libraries-carbon-debug = Â¶
+       {standard-libraries-carbon-debug} Â¶
+       {utilitieslib-carbon-debug} Â¶
+       {ccachelib-carbon-debug} Â¶
+       {preferenceslib-carbon-debug} Â¶
+       {loginlib-carbon-debug} Â¶
+       {socketslib-carbon-debug} Â¶
+       {errorlib-carbon-debug} Â¶
+       {profile-library-output-folder}{profile-library-name}{library-target-carbon}{library-kind-debug} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-carbon}{library-kind-debug}
+privatekrb5-library-libraries-carbon-final = Â¶
+       {standard-libraries-carbon-final} Â¶
+       {utilitieslib-carbon-final} Â¶
+       {ccachelib-carbon-final} Â¶
+       {preferenceslib-carbon-final} Â¶
+       {loginlib-carbon-final} Â¶
+       {socketslib-carbon-final} Â¶
+       {errorlib-carbon-final} Â¶
+       {profile-library-output-folder}{profile-library-name}{library-target-carbon}{library-kind-final} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-carbon}{library-kind-final}
+
+profile-library-libraries-macos9-debug = Â¶
+       {standard-libraries-macos9-debug} Â¶
+       {utilitieslib-macos9-debug} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-macos9}{library-kind-debug}
+profile-library-libraries-macos9-final = Â¶
+       {standard-libraries-macos9-final} Â¶
+       {utilitieslib-macos9-final} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-macos9}{library-kind-final}
+profile-library-libraries-carbon-debug = Â¶
+       {standard-libraries-carbon-debug} Â¶
+       {utilitieslib-carbon-debug} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-carbon}{library-kind-debug}
+profile-library-libraries-carbon-final = Â¶
+       {standard-libraries-carbon-final} Â¶
+       {utilitieslib-carbon-final} Â¶
+       {comerr-library-output-folder}{comerr-library-name}{library-target-carbon}{library-kind-final}
+
+comerr-library-libraries-macos9-debug = Â¶
+       {standard-libraries-macos9-debug} {errorlib-macos9-debug}
+comerr-library-libraries-macos9-final = Â¶
+       {standard-libraries-macos9-final} {errorlib-macos9-final}
+comerr-library-libraries-carbon-debug = Â¶
+       {standard-libraries-carbon-debug} {errorlib-carbon-debug}
+comerr-library-libraries-carbon-final = Â¶
+       {standard-libraries-carbon-final} {errorlib-carbon-final}
 
 ### Construct linker options. 
 
@@ -456,93 +660,142 @@ gss-library-common-linker-options = 
        -dv {gss-library-definition-version} Â¶
        -uv {gss-library-implementation-version}
 
-gss-library-linker-options-ppc-debug = {common-linker-options-debug} {gss-library-common-linker-options}
-gss-library-linker-options-ppc-final = {common-linker-options-final} {gss-library-common-linker-options}
+gss-library-linker-options-macos9-debug = {common-linker-options-debug} {gss-library-common-linker-options}
+gss-library-linker-options-macos9-final = {common-linker-options-final} {gss-library-common-linker-options}
+gss-library-linker-options-carbon-debug = {common-linker-options-debug} {gss-library-common-linker-options}
+gss-library-linker-options-carbon-final = {common-linker-options-final} {gss-library-common-linker-options}
 
 krb5-library-common-linker-options = Â¶
        -cv {krb5-library-current-version} Â¶
        -dv {krb5-library-definition-version} Â¶
        -uv {krb5-library-implementation-version}
 
-krb5-library-linker-options-ppc-debug = {common-linker-options-debug} {krb5-library-common-linker-options} -weaklib "DriverServicesLib"
-krb5-library-linker-options-ppc-final = {common-linker-options-final} {krb5-library-common-linker-options} -weaklib "DriverServicesLib"
+krb5-library-linker-options-macos9-debug = {common-linker-options-debug} {krb5-library-common-linker-options}
+krb5-library-linker-options-macos9-final = {common-linker-options-final} {krb5-library-common-linker-options}
+krb5-library-linker-options-carbon-debug = {common-linker-options-debug} {krb5-library-common-linker-options}
+krb5-library-linker-options-carbon-final = {common-linker-options-final} {krb5-library-common-linker-options}
+
+privatekrb5-library-common-linker-options = Â¶
+       -cv {privatekrb5-library-current-version} Â¶
+       -dv {privatekrb5-library-definition-version} Â¶
+       -uv {privatekrb5-library-implementation-version}
+
+privatekrb5-library-linker-options-macos9-debug = {common-linker-options-debug} {privatekrb5-library-common-linker-options} -weaklib "DriverServicesLib"
+privatekrb5-library-linker-options-macos9-final = {common-linker-options-final} {privatekrb5-library-common-linker-options} -weaklib "DriverServicesLib"
+privatekrb5-library-linker-options-carbon-debug = {common-linker-options-debug} {privatekrb5-library-common-linker-options}
+privatekrb5-library-linker-options-carbon-final = {common-linker-options-final} {privatekrb5-library-common-linker-options}
 
 profile-library-common-linker-options = Â¶
        -cv {profile-library-current-version} Â¶
        -dv {profile-library-definition-version} Â¶
        -uv {profile-library-implementation-version}
 
-profile-library-linker-options-ppc-debug = {common-linker-options-debug} {profile-library-common-linker-options}
-profile-library-linker-options-ppc-final = {common-linker-options-final} {profile-library-common-linker-options}
+profile-library-linker-options-macos9-debug = {common-linker-options-debug} {profile-library-common-linker-options}
+profile-library-linker-options-macos9-final = {common-linker-options-final} {profile-library-common-linker-options}
+profile-library-linker-options-carbon-debug = {common-linker-options-debug} {profile-library-common-linker-options}
+profile-library-linker-options-carbon-final = {common-linker-options-final} {profile-library-common-linker-options}
 
 comerr-library-common-linker-options = Â¶
        -cv {comerr-library-current-version} Â¶
        -dv {comerr-library-definition-version} Â¶
        -uv {comerr-library-implementation-version}
 
-comerr-library-linker-options-ppc-debug = {common-linker-options-debug} {comerr-library-common-linker-options}
-comerr-library-linker-options-ppc-final = {common-linker-options-final} {comerr-library-common-linker-options}
-
-gss-library-objects-ppc-debug = `catenate {gss-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
-       {root-folder}mac:GSS.CFM{object-suffix-ppc-debug}
-gss-library-objects-ppc-final = `catenate {gss-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
-       {root-folder}mac:GSS.CFM{object-suffix-ppc-final}
-
-krb5-library-objects-ppc-debug = `catenate {krb5-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
-       {root-folder}mac:K5.CFM{object-suffix-ppc-debug}
-krb5-library-objects-ppc-final = `catenate {krb5-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
-       {root-folder}mac:K5.CFM{object-suffix-ppc-final}
-
-profile-library-objects-ppc-debug = `catenate {profile-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
-       {root-folder}mac:ProfileLib.CFM{object-suffix-ppc-debug}
-profile-library-objects-ppc-final = `catenate {profile-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
-       {root-folder}mac:ProfileLib.CFM{object-suffix-ppc-final}
-
-comerr-library-objects-ppc-debug = `catenate {comerr-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"`
-comerr-library-objects-ppc-final = `catenate {comerr-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"`
-
-library-linker-ppc                                             = MWLinkPPC
+comerr-library-linker-options-macos9-debug = {common-linker-options-debug} {comerr-library-common-linker-options}
+comerr-library-linker-options-macos9-final = {common-linker-options-final} {comerr-library-common-linker-options}
+comerr-library-linker-options-carbon-debug = {common-linker-options-debug} {comerr-library-common-linker-options}
+comerr-library-linker-options-carbon-final = {common-linker-options-final} {comerr-library-common-linker-options}
+
+gss-library-objects-macos9-debug = `catenate {gss-objects-macos9-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:GSS.CFM{object-suffix-macos9-debug}
+gss-library-objects-macos9-final = `catenate {gss-objects-macos9-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:GSS.CFM{object-suffix-macos9-final}
+gss-library-objects-carbon-debug = `catenate {gss-objects-carbon-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:GSS.CFM{object-suffix-carbon-debug}
+gss-library-objects-carbon-final = `catenate {gss-objects-carbon-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:GSS.CFM{object-suffix-carbon-final}
+
+privatekrb5-library-objects-macos9-debug = `catenate {krb5-objects-macos9-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:K5.CFM{object-suffix-macos9-debug}
+privatekrb5-library-objects-macos9-final = `catenate {krb5-objects-macos9-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:K5.CFM{object-suffix-macos9-final}
+privatekrb5-library-objects-carbon-debug = `catenate {krb5-objects-carbon-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:K5.CFM{object-suffix-carbon-debug}
+privatekrb5-library-objects-carbon-final = `catenate {krb5-objects-carbon-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:K5.CFM{object-suffix-carbon-final}
+
+profile-library-objects-macos9-debug = `catenate {profile-objects-macos9-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:ProfileLib.CFM{object-suffix-macos9-debug}
+profile-library-objects-macos9-final = `catenate {profile-objects-macos9-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:ProfileLib.CFM{object-suffix-macos9-final}
+profile-library-objects-carbon-debug = `catenate {profile-objects-carbon-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:ProfileLib.CFM{object-suffix-carbon-debug}
+profile-library-objects-carbon-final = `catenate {profile-objects-carbon-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"` Â¶
+       {root-folder}mac:ProfileLib.CFM{object-suffix-carbon-final}
+
+comerr-library-objects-macos9-debug = `catenate {comerr-objects-macos9-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"`
+comerr-library-objects-macos9-final = `catenate {comerr-objects-macos9-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"`
+comerr-library-objects-carbon-debug = `catenate {comerr-objects-carbon-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"`
+comerr-library-objects-carbon-final = `catenate {comerr-objects-carbon-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/Â¥:(Ã…)¨2/ Print prefix¨2"`
+
+library-linker-macos9                                  = MWLinkPPC
+library-linker-carbon                                  = MWLinkPPC
 
 ### Construct compiler options.
 
 common-compiler-options = Â¶
-               -enum int -opt all -strings pool -mapcr Â¶
-        -mpw_pointers -warnings off -fatext -nosyspath -maxerrors 1000 Â¶
+               -enum int -opt all -strings pool -mapcr -strings readonly Â¶
+        -relax_pointers -warnings off -fatext -nosyspath -maxerrors 1000 Â¶
         -align mac68k -opt off -toc_data on -fp_contract on Â¶
                -model farData
 
 # Don't put the prefix file in these options because they are used to precompile the prefix file
-ppc-compiler-options = -tb on
+macos9-compiler-options = -tb on
+carbon-compiler-options = -tb on
 debug-compiler-options = -sym on
 final-compiler-options = -sym off
 
 mitsupportlib-include-paths = Â¶
+       -i {mitsupportlib-root-folder}CLib:Headers: Â¶
        -i {mitsupportlib-root-folder}SocketsLib:Headers: Â¶
        -i {mitsupportlib-root-folder}ErrorLib:Headers: Â¶
        -i {mitsupportlib-root-folder}UtilitiesLib:Headers:
 
-include-paths = `catenate {include-folders-list} | StreamEdit -d -set prefix="{root-folder}mac:" -e "/-i (Ã…)¨1/ Print '-i 'prefix¨1"` Â¶
+include-paths = -i {root-folder}mac:libraries: Â¶
+       `catenate {include-folders-list} | StreamEdit -d -set prefix="{root-folder}mac:" -e "/-i (Ã…)¨1/ Print '-i 'prefix¨1"` Â¶
        -i {mitkerberoslib-root-folder}CCacheLib:Headers: Â¶
+       -i {mitkerberoslib-root-folder}LoginLib:Headers: Â¶
+       -i {mitkerberoslib-root-folder}PreferencesLib:Headers: Â¶
+       -i {mitkerberoslib-root-folder}Support:Headers: Â¶
        {mitsupportlib-include-paths}
                
-compiler-options-ppc-debug = {include-paths} {common-compiler-options} {ppc-compiler-options} Â¶
-       {debug-compiler-options} -prefix {precompiled-headers-ppc}
-compiler-options-ppc-final = {include-paths} {common-compiler-options} {ppc-compiler-options} Â¶
-       {final-compiler-options} -prefix {precompiled-headers-ppc}
-
-compiler-ppc                                                   = MWCPPC
+compiler-options-macos9-debug = {include-paths} {common-compiler-options} {macos9-compiler-options} Â¶
+       {debug-compiler-options} -prefix {precompiled-headers-macos9}
+compiler-options-macos9-final = {include-paths} {common-compiler-options} {macos9-compiler-options} Â¶
+       {final-compiler-options} -prefix {precompiled-headers-macos9}
+compiler-options-carbon-debug = {include-paths} {common-compiler-options} {carbon-compiler-options} Â¶
+       {debug-compiler-options} -prefix {precompiled-headers-carbon}
+compiler-options-carbon-final = {include-paths} {common-compiler-options} {carbon-compiler-options} Â¶
+       {final-compiler-options} -prefix {precompiled-headers-carbon}
+
+compiler-macos9                                                        = MWCPPC
+compiler-carbon                                                        = MWCPPC
 
 ### Precompiled headers
 
 precompiled-headers-folder = {root-folder}mac:libraries:
 
-precompiled-headers-ppc = {precompiled-headers-folder}KerberosHeaders.PPC
+precompiled-headers-macos9 = {precompiled-headers-folder}KerberosHeaders.9
+precompiled-headers-carbon = {precompiled-headers-folder}KerberosHeaders.CB
 
-precompiled-headers-source = {precompiled-headers-folder}KerberosHeaders.pch
+precompiled-headers-source-macos9 = {precompiled-headers-folder}KerberosHeaders.9.pch
+precompiled-headers-source-carbon = {precompiled-headers-folder}KerberosHeaders.CB.pch
 
-{precompiled-headers-ppc} Ã„ {precompiled-headers-source} {precompiled-headers-folder}KerberosHeaders.h
-       {compiler-ppc} {precompiled-headers-source} {common-compiler-options} {ppc-compiler-options} Â¶
-               -precompile {Targ} -i {precompiled-headers-folder} {mitsupportlib-include-paths}
+{precompiled-headers-macos9} Ã„ {precompiled-headers-source-macos9} {precompiled-headers-folder}KerberosHeaders.h
+       {compiler-macos9} -nostdinc -i "{CWANSIIncludes}sys" {precompiled-headers-source-macos9} {common-compiler-options} {macos9-compiler-options} Â¶
+               -precompile {Targ} -i {precompiled-headers-folder} {include-paths} -I- -i "{mitsupportlib-root-folder}Clib:Headers:" -i "{MWCIncludes}"
+{precompiled-headers-carbon} Ã„ {precompiled-headers-source-carbon} {precompiled-headers-folder}KerberosHeaders.h
+       {compiler-carbon} -nostdinc -i "{CWANSIIncludes}sys" {precompiled-headers-source-carbon} {common-compiler-options} {carbon-compiler-options} Â¶
+               -precompile {Targ} -i {precompiled-headers-folder} {include-paths} -I- -i "{mitsupportlib-root-folder}Clib:Headers:" -i "{MWCIncludes}"
 
 make-options-common = Â¶
        -f {makefile-name} Â¶
@@ -551,88 +804,190 @@ make-options-common = 
        -d gss-library-output-folder="{gss-library-output-folder}" Â¶
        -d gss-library-name="{gss-library-name}" Â¶
        -d gss-library-export="{gss-library-export}" Â¶
-       -d gss-library-fragment-name={gss-library-fragment-name} Â¶
        -d gss-library-main="{gss-library-main}" Â¶
        -d gss-library-init="{gss-library-init}" Â¶
        -d gss-library-term="{gss-library-term}" Â¶
        -d krb5-library-output-folder="{krb5-library-output-folder}" Â¶
        -d krb5-library-name="{krb5-library-name}" Â¶
        -d krb5-library-export="{krb5-library-export}" Â¶
-       -d krb5-library-fragment-name={krb5-library-fragment-name} Â¶
        -d krb5-library-main="{krb5-library-main}" Â¶
        -d krb5-library-init="{krb5-library-init}" Â¶
        -d krb5-library-term="{krb5-library-term}" Â¶
+       -d privatekrb5-library-output-folder="{privatekrb5-library-output-folder}" Â¶
+       -d privatekrb5-library-name="{privatekrb5-library-name}" Â¶
+       -d privatekrb5-library-export="{privatekrb5-library-export}" Â¶
+       -d privatekrb5-library-main="{privatekrb5-library-main}" Â¶
+       -d privatekrb5-library-init="{privatekrb5-library-init}" Â¶
+       -d privatekrb5-library-term="{privatekrb5-library-term}" Â¶
        -d profile-library-output-folder="{profile-library-output-folder}" Â¶
        -d profile-library-name="{profile-library-name}" Â¶
        -d profile-library-export="{profile-library-export}" Â¶
-       -d profile-library-fragment-name={profile-library-fragment-name} Â¶
        -d profile-library-main="{profile-library-main}" Â¶
        -d profile-library-init="{profile-library-init}" Â¶
        -d profile-library-term="{profile-library-term}" Â¶
        -d comerr-library-output-folder="{comerr-library-output-folder}" Â¶
        -d comerr-library-name="{comerr-library-name}" Â¶
        -d comerr-library-export="{comerr-library-export}" Â¶
-       -d comerr-library-fragment-name={comerr-library-fragment-name} Â¶
        -d comerr-library-main="{comerr-library-main}" Â¶
        -d comerr-library-init="{comerr-library-init}" Â¶
        -d comerr-library-term="{comerr-library-term}"
 
-make-options-ppc-debug = Â¶
-       -d library-linker="{library-linker-ppc}" Â¶
-       -d library-platform="{library-platform-ppc}" Â¶
+make-options-macos9-debug = Â¶
+       -d library-linker="{library-linker-macos9}" Â¶
+       -d library-platform="{library-target-macos9}" Â¶
+       -d library-kind="{library-kind-debug}" Â¶
+       -d fragment-kind={fragment-name-macos9}{fragment-name-debug-macos9} Â¶
+       -d gss-library-fragment-name={gss-library-fragment-name} Â¶
+       -d krb5-library-fragment-name={krb5-library-fragment-name} Â¶
+       -d privatekrb5-library-fragment-name={privatekrb5-library-fragment-name} Â¶
+       -d profile-library-fragment-name={profile-library-fragment-name} Â¶
+       -d comerr-library-fragment-name={comerr-library-fragment-name} Â¶
+       -d gss-library-libraries="{gss-library-libraries-macos9-debug}" Â¶
+       -d gss-library-objects="{gss-library-objects-macos9-debug}" Â¶
+       -d gss-library-linker-options="{gss-library-linker-options-macos9-debug}" Â¶
+       -d krb5-library-libraries="{krb5-library-libraries-macos9-debug}" Â¶
+       -d krb5-library-objects="{krb5-library-objects-macos9-debug}" Â¶
+       -d krb5-library-linker-options="{krb5-library-linker-options-macos9-debug}" Â¶
+       -d privatekrb5-library-libraries="{privatekrb5-library-libraries-macos9-debug}" Â¶
+       -d privatekrb5-library-objects="{privatekrb5-library-objects-macos9-debug}" Â¶
+       -d privatekrb5-library-linker-options="{privatekrb5-library-linker-options-macos9-debug}" Â¶
+       -d profile-library-libraries="{profile-library-libraries-macos9-debug}" Â¶
+       -d profile-library-objects="{profile-library-objects-macos9-debug}" Â¶
+       -d profile-library-linker-options="{profile-library-linker-options-macos9-debug}" Â¶
+       -d comerr-library-libraries="{comerr-library-libraries-macos9-debug}" Â¶
+       -d comerr-library-objects="{comerr-library-objects-macos9-debug}" Â¶
+       -d comerr-library-linker-options="{comerr-library-linker-options-macos9-debug}" Â¶
+       -d object-suffix="{object-suffix-macos9-debug}" Â¶
+       -d object-suffix-data="{object-suffix-macos9-data}" Â¶
+       -d compiler-options="{compiler-options-macos9-debug}" Â¶
+       -d compiler="{compiler-macos9}" Â¶
+       -d precompiled-headers="{precompiled-headers-macos9}"
+       
+make-options-macos9-final = Â¶
+       -d library-linker="{library-linker-macos9}" Â¶
+       -d library-platform="{library-target-macos9}" Â¶
+       -d library-kind="{library-kind-final}" Â¶
+       -d fragment-kind={fragment-name-macos9}{fragment-name-final-macos9} Â¶
+       -d gss-library-fragment-name={gss-library-fragment-name} Â¶
+       -d krb5-library-fragment-name={krb5-library-fragment-name} Â¶
+       -d privatekrb5-library-fragment-name={privatekrb5-library-fragment-name} Â¶
+       -d profile-library-fragment-name={profile-library-fragment-name} Â¶
+       -d comerr-library-fragment-name={comerr-library-fragment-name} Â¶
+       -d gss-library-libraries="{gss-library-libraries-macos9-final}" Â¶
+       -d gss-library-objects="{gss-library-objects-macos9-final}" Â¶
+       -d gss-library-linker-options="{gss-library-linker-options-macos9-final}" Â¶
+       -d krb5-library-libraries="{krb5-library-libraries-macos9-final}" Â¶
+       -d krb5-library-objects="{krb5-library-objects-macos9-final}" Â¶
+       -d krb5-library-linker-options="{krb5-library-linker-options-macos9-final}" Â¶
+       -d privatekrb5-library-libraries="{privatekrb5-library-libraries-macos9-final}" Â¶
+       -d privatekrb5-library-objects="{privatekrb5-library-objects-macos9-final}" Â¶
+       -d privatekrb5-library-linker-options="{privatekrb5-library-linker-options-macos9-final}" Â¶
+       -d profile-library-libraries="{profile-library-libraries-macos9-final}" Â¶
+       -d profile-library-objects="{profile-library-objects-macos9-final}" Â¶
+       -d profile-library-linker-options="{profile-library-linker-options-macos9-final}" Â¶
+       -d comerr-library-libraries="{comerr-library-libraries-macos9-final}" Â¶
+       -d comerr-library-objects="{comerr-library-objects-macos9-final}" Â¶
+       -d comerr-library-linker-options="{comerr-library-linker-options-macos9-final}" Â¶
+       -d object-suffix="{object-suffix-macos9-final}" Â¶
+       -d object-suffix-data="{object-suffix-macos9-data}" Â¶
+       -d compiler-options="{compiler-options-macos9-final}" Â¶
+       -d compiler="{compiler-macos9}" Â¶
+       -d precompiled-headers="{precompiled-headers-macos9}"
+       
+make-options-carbon-debug = Â¶
+       -d library-linker="{library-linker-carbon}" Â¶
+       -d library-platform="{library-target-carbon}" Â¶
        -d library-kind="{library-kind-debug}" Â¶
-       -d gss-library-libraries="{gss-library-libraries-ppc-debug}" Â¶
-       -d gss-library-objects="{gss-library-objects-ppc-debug}" Â¶
-       -d gss-library-linker-options="{gss-library-linker-options-ppc-debug}" Â¶
-       -d krb5-library-libraries="{krb5-library-libraries-ppc-debug}" Â¶
-       -d krb5-library-objects="{krb5-library-objects-ppc-debug}" Â¶
-       -d krb5-library-linker-options="{krb5-library-linker-options-ppc-debug}" Â¶
-       -d profile-library-libraries="{profile-library-libraries-ppc-debug}" Â¶
-       -d profile-library-objects="{profile-library-objects-ppc-debug}" Â¶
-       -d profile-library-linker-options="{profile-library-linker-options-ppc-debug}" Â¶
-       -d comerr-library-libraries="{comerr-library-libraries-ppc-debug}" Â¶
-       -d comerr-library-objects="{comerr-library-objects-ppc-debug}" Â¶
-       -d comerr-library-linker-options="{comerr-library-linker-options-ppc-debug}" Â¶
-       -d object-suffix="{object-suffix-ppc-debug}" Â¶
-       -d object-suffix-data="{object-suffix-ppc-data}" Â¶
-       -d compiler-options="{compiler-options-ppc-debug}" Â¶
-       -d compiler="{compiler-ppc}" Â¶
-       -d precompiled-headers="{precompiled-headers-ppc}"
+       -d fragment-kind={fragment-name-carbon}{fragment-name-debug-carbon} Â¶
+       -d gss-library-fragment-name={gss-library-fragment-name-carbon} Â¶
+       -d krb5-library-fragment-name={krb5-library-fragment-name-carbon} Â¶
+       -d privatekrb5-library-fragment-name={privatekrb5-library-fragment-name-carbon} Â¶
+       -d profile-library-fragment-name={profile-library-fragment-name-carbon} Â¶
+       -d comerr-library-fragment-name={comerr-library-fragment-name-carbon} Â¶
+       -d gss-library-libraries="{gss-library-libraries-carbon-debug}" Â¶
+       -d gss-library-objects="{gss-library-objects-carbon-debug}" Â¶
+       -d gss-library-linker-options="{gss-library-linker-options-carbon-debug}" Â¶
+       -d krb5-library-libraries="{krb5-library-libraries-carbon-debug}" Â¶
+       -d krb5-library-objects="{krb5-library-objects-carbon-debug}" Â¶
+       -d krb5-library-linker-options="{krb5-library-linker-options-carbon-debug}" Â¶
+       -d privatekrb5-library-libraries="{privatekrb5-library-libraries-carbon-debug}" Â¶
+       -d privatekrb5-library-objects="{privatekrb5-library-objects-carbon-debug}" Â¶
+       -d privatekrb5-library-linker-options="{privatekrb5-library-linker-options-carbon-debug}" Â¶
+       -d profile-library-libraries="{profile-library-libraries-carbon-debug}" Â¶
+       -d profile-library-objects="{profile-library-objects-carbon-debug}" Â¶
+       -d profile-library-linker-options="{profile-library-linker-options-carbon-debug}" Â¶
+       -d comerr-library-libraries="{comerr-library-libraries-carbon-debug}" Â¶
+       -d comerr-library-objects="{comerr-library-objects-carbon-debug}" Â¶
+       -d comerr-library-linker-options="{comerr-library-linker-options-carbon-debug}" Â¶
+       -d object-suffix="{object-suffix-carbon-debug}" Â¶
+       -d object-suffix-data="{object-suffix-carbon-data}" Â¶
+       -d compiler-options="{compiler-options-carbon-debug}" Â¶
+       -d compiler="{compiler-carbon}" Â¶
+       -d precompiled-headers="{precompiled-headers-carbon}"
        
-make-options-ppc-final = Â¶
-       -d library-linker="{library-linker-ppc}" Â¶
-       -d library-platform="{library-platform-ppc}" Â¶
+make-options-carbon-final = Â¶
+       -d library-linker="{library-linker-carbon}" Â¶
+       -d library-platform="{library-target-carbon}" Â¶
        -d library-kind="{library-kind-final}" Â¶
-       -d gss-library-libraries="{gss-library-libraries-ppc-final}" Â¶
-       -d gss-library-objects="{gss-library-objects-ppc-final}" Â¶
-       -d gss-library-linker-options="{gss-library-linker-options-ppc-final}" Â¶
-       -d krb5-library-libraries="{krb5-library-libraries-ppc-final}" Â¶
-       -d krb5-library-objects="{krb5-library-objects-ppc-final}" Â¶
-       -d krb5-library-linker-options="{krb5-library-linker-options-ppc-final}" Â¶
-       -d profile-library-libraries="{profile-library-libraries-ppc-final}" Â¶
-       -d profile-library-objects="{profile-library-objects-ppc-final}" Â¶
-       -d profile-library-linker-options="{profile-library-linker-options-ppc-final}" Â¶
-       -d comerr-library-libraries="{comerr-library-libraries-ppc-final}" Â¶
-       -d comerr-library-objects="{comerr-library-objects-ppc-final}" Â¶
-       -d comerr-library-linker-options="{comerr-library-linker-options-ppc-final}" Â¶
-       -d object-suffix="{object-suffix-ppc-final}" Â¶
-       -d object-suffix-data="{object-suffix-ppc-data}" Â¶
-       -d compiler-options="{compiler-options-ppc-final}" Â¶
-       -d compiler="{compiler-ppc}" Â¶
-       -d precompiled-headers="{precompiled-headers-ppc}"
+       -d fragment-kind={fragment-name-carbon}{fragment-name-final-carbon} Â¶
+       -d gss-library-fragment-name={gss-library-fragment-name-carbon} Â¶
+       -d krb5-library-fragment-name={krb5-library-fragment-name-carbon} Â¶
+       -d privatekrb5-library-fragment-name={privatekrb5-library-fragment-name-carbon} Â¶
+       -d profile-library-fragment-name={profile-library-fragment-name-carbon} Â¶
+       -d comerr-library-fragment-name={comerr-library-fragment-name-carbon} Â¶
+       -d gss-library-libraries="{gss-library-libraries-carbon-final}" Â¶
+       -d gss-library-objects="{gss-library-objects-carbon-final}" Â¶
+       -d gss-library-linker-options="{gss-library-linker-options-carbon-final}" Â¶
+       -d krb5-library-libraries="{krb5-library-libraries-carbon-final}" Â¶
+       -d krb5-library-objects="{krb5-library-objects-carbon-final}" Â¶
+       -d krb5-library-linker-options="{krb5-library-linker-options-carbon-final}" Â¶
+       -d privatekrb5-library-libraries="{privatekrb5-library-libraries-carbon-final}" Â¶
+       -d privatekrb5-library-objects="{privatekrb5-library-objects-carbon-final}" Â¶
+       -d privatekrb5-library-linker-options="{privatekrb5-library-linker-options-carbon-final}" Â¶
+       -d profile-library-libraries="{profile-library-libraries-carbon-final}" Â¶
+       -d profile-library-objects="{profile-library-objects-carbon-final}" Â¶
+       -d profile-library-linker-options="{profile-library-linker-options-carbon-final}" Â¶
+       -d comerr-library-libraries="{comerr-library-libraries-carbon-final}" Â¶
+       -d comerr-library-objects="{comerr-library-objects-carbon-final}" Â¶
+       -d comerr-library-linker-options="{comerr-library-linker-options-carbon-final}" Â¶
+       -d object-suffix="{object-suffix-carbon-final}" Â¶
+       -d object-suffix-data="{object-suffix-carbon-data}" Â¶
+       -d compiler-options="{compiler-options-carbon-final}" Â¶
+       -d compiler="{compiler-carbon}" Â¶
+       -d precompiled-headers="{precompiled-headers-carbon}"
        
 make-output = "{TempFolder}GSS/Kerberos Makefile script"
-submakefile-target = gss-library
+submakefile-gss-target = gss-library
+submakefile-krb5-target = krb5-library
 
-ppc-debug Ã„ glue headers documentation {makefile-name} {gss-objects-ppc-debug-list} {krb5-objects-ppc-debug-list} Â¶
-       {profile-objects-ppc-debug-list} {comerr-objects-ppc-debug-list} {include-folders-list}
-       Make {make-options-common} {make-options-ppc-debug} {submakefile-target} > {make-output}
+macos9-debug-build Ã„ glue headers documentation {makefile-dependency} {gss-objects-macos9-debug-list} {krb5-objects-macos9-debug-list} Â¶
+       {profile-objects-macos9-debug-list} {comerr-objects-macos9-debug-list} {include-folders-list}
+       Make {make-options-common} {make-options-macos9-debug} {submakefile-gss-target} > {make-output}
+       {make-output}
+       Make {make-options-common} {make-options-macos9-debug} {submakefile-krb5-target} > {make-output}
+       {make-output}
+       
+macos9-final-build Ã„ glue headers documentation  {makefile-dependency} {gss-objects-macos9-final-list} {krb5-objects-macos9-final-list} Â¶
+       {profile-objects-macos9-final-list} {comerr-objects-macos9-final-list} {include-folders-list}
+       Make {make-options-common} {make-options-macos9-final} {submakefile-gss-target} > {make-output}
+       {make-output}
+       Make {make-options-common} {make-options-macos9-final} {submakefile-krb5-target} > {make-output}
+       {make-output}
+       
+carbon-debug-build Ã„ glue headers documentation {makefile-dependency} {gss-objects-carbon-debug-list} {krb5-objects-carbon-debug-list} Â¶
+       {profile-objects-carbon-debug-list} {comerr-objects-carbon-debug-list} {include-folders-list}
+       Make {make-options-common} {make-options-carbon-debug} {submakefile-gss-target} > {make-output}
+       {make-output}
+       Make {make-options-common} {make-options-carbon-debug} {submakefile-krb5-target} > {make-output}
        {make-output}
        
-ppc-final Ã„ glue headers documentation  {makefile-name} {gss-objects-ppc-final-list} {krb5-objects-ppc-final-list} Â¶
-       {profile-objects-ppc-final-list} {comerr-objects-ppc-final-list} {include-folders-list}
-       Make {make-options-common} {make-options-ppc-final} {submakefile-target} > {make-output}
+carbon-final-build Ã„ glue headers documentation  {makefile-dependency} {gss-objects-carbon-final-list} {krb5-objects-carbon-final-list} Â¶
+       {profile-objects-carbon-final-list} {comerr-objects-carbon-final-list} {include-folders-list}
+       Make {make-options-common} {make-options-carbon-final} {submakefile-gss-target} > {make-output}
        {make-output}
+       Make {make-options-common} {make-options-carbon-final} {submakefile-krb5-target} > {make-output}
+       {make-output}
+       
        
 ##############################################################################################################
 ###                    Variable targets -- these depend on which target we select in the above make invocations
@@ -660,6 +1015,17 @@ ppc-final 
 ###                    krb5-library-init                                                               -- name of Krb5 library initialization routine
 ###                    krb5-library-term                                                               -- name of Krb5 library termination routine
 ###                    krb5-library-linker-options                                             -- all other Krb5 library linker options
+###            For PrivateKrb5 library
+###                    privatekrb5-library-output-folder                               -- destination of PrivateKrb5 library output
+###                    privatekrb5-library-name                                                -- name of the PrivateKrb5 library
+###                    privatekrb5-library-export                                              -- name of PrivateKrb5 library export file
+###                    privatekrb5-library-libraries                                   -- list of libraries PrivateKrb5 library links against
+###                    privatekrb5-library-objects                                             -- list of object files PrivateKrb5 library links
+###                    privatekrb5-library-fragment-name                               -- name of PrivateKrb5 library fragment
+###                    privatekrb5-library-main                                                -- name of PrivateKrb5 library main entry point
+###                    privatekrb5-library-init                                                -- name of PrivateKrb5 library initialization routine
+###                    privatekrb5-library-term                                                -- name of PrivateKrb5 library termination routine
+###                    privatekrb5-library-linker-options                              -- all other PrivateKrb5 library linker options
 ###            For profile library
 ###                    profile-library-output-folder                                   -- destination of profile library output
 ###                    profile-library-name                                                    -- name of the profile library
@@ -685,8 +1051,9 @@ ppc-final 
 ###            General
 ###                    library-linker                                                                  -- linker to use
 ###                    autogenerated-files                                                             -- list of autogenerated files
-###                    library-platform                                                                -- platform name (68K or PPC)
-###                    library-kind                                                                    -- library kind (".debug" or "")
+###                    library-platform                                                                -- platform name (69K or PPC)
+###                    library-kind                                                                    -- library kind ("d" or "")
+###                    fragment-kind                                                                   -- fragment kind (Carbon, debug, etc)
 
 
 ### script to create a folder if it does not exist
@@ -697,12 +1064,16 @@ create-folder = {root-folder}mac:create-folder.mpw
 library-linker =
 library-platform =
 library-kind =
+fragment-kind =
 gss-library-libraries =
 gss-library-objects =
 gss-library-linker-options =
 krb5-library-libraries =
 krb5-library-objects =
 krb5-library-linker-options =
+privatekrb5-library-libraries =
+privatekrb5-library-objects =
+privatekrb5-library-linker-options =
 precompiled-headers =
 object-suffix = .ignore.me
 object-suffix-data = .ignore.me.too
@@ -720,7 +1091,7 @@ gss-library-dependencies = 
        {autogenerated-files} {gss-library-export} {gss-library-libraries} {gss-library-objects}
 gss-library-build-command = Â¶
        {library-linker} Â¶
-       -name "{gss-library-fragment-name}{library-kind}" Â¶
+       -name "{gss-library-fragment-name}{fragment-kind}" Â¶
        -main {gss-library-main} Â¶
        -init {gss-library-init} Â¶
        -term {gss-library-term} Â¶
@@ -736,7 +1107,7 @@ krb5-library-dependencies = 
        {autogenerated-files} {krb5-library-export} {krb5-library-libraries} {krb5-library-objects}
 krb5-library-build-command = Â¶
        {library-linker} Â¶
-       -name "{krb5-library-fragment-name}{library-kind}" Â¶
+       -name "{krb5-library-fragment-name}{fragment-kind}" Â¶
        -main {krb5-library-main} Â¶
        -init {krb5-library-init} Â¶
        -term {krb5-library-term} Â¶
@@ -746,13 +1117,30 @@ krb5-library-build-command = 
        {krb5-library-linker-options} Â¶
        {krb5-library-objects} {krb5-library-libraries}
 
+privatekrb5-library-output-files = Â¶
+       {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-platform}{library-kind}
+privatekrb5-library-dependencies = Â¶
+       {autogenerated-files} {privatekrb5-library-export} {privatekrb5-library-libraries} {privatekrb5-library-objects}
+privatekrb5-library-build-command = Â¶
+       {library-linker} Â¶
+       -name "{privatekrb5-library-fragment-name}{fragment-kind}" Â¶
+       -main {privatekrb5-library-main} Â¶
+       -init {privatekrb5-library-init} Â¶
+       -term {privatekrb5-library-term} Â¶
+       -@export {privatekrb5-library-export} Â¶
+       -@export {krb5-library-export} Â¶
+       -map {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-platform}{library-kind}.MAP Â¶
+       -o {privatekrb5-library-output-folder}{privatekrb5-library-name}{library-platform}{library-kind} Â¶
+       {privatekrb5-library-linker-options} Â¶
+       {privatekrb5-library-objects} {privatekrb5-library-libraries}
+
 profile-library-output-files = Â¶
        {profile-library-output-folder}{profile-library-name}{library-platform}{library-kind}
 profile-library-dependencies = Â¶
        {autogenerated-files} {profile-library-export} {profile-library-libraries} {profile-library-objects}
 profile-library-build-command = Â¶
        {library-linker} Â¶
-       -name "{profile-library-fragment-name}{library-kind}" Â¶
+       -name "{profile-library-fragment-name}{fragment-kind}" Â¶
        -main {profile-library-main} Â¶
        -init {profile-library-init} Â¶
        -term {profile-library-term} Â¶
@@ -768,7 +1156,7 @@ comerr-library-dependencies = 
        {autogenerated-files} {comerr-library-export} {comerr-library-libraries} {comerr-library-objects}
 comerr-library-build-command = Â¶
        {library-linker} Â¶
-       -name "{comerr-library-fragment-name}{library-kind}" Â¶
+       -name "{comerr-library-fragment-name}{fragment-kind}" Â¶
        -main {comerr-library-main} Â¶
        -init {comerr-library-init} Â¶
        -term {comerr-library-term} Â¶
@@ -782,22 +1170,27 @@ comerr-library-build-command = 
 
 gss-library Ã„ {gss-library-output-files}
 krb5-library Ã„ {krb5-library-output-files}
+privatekrb5-library Ã„ {privatekrb5-library-output-files}
 profile-library Ã„ {profile-library-output-files}
 comerr-library Ã„ {comerr-library-output-files}
 
-{gss-library-output-files} Ã„Ä {gss-library-dependencies} {makefile-name}
+{gss-library-output-files} Ã„Ä {gss-library-dependencies} {makefile-dependency}
        {create-folder} {gss-library-output-folder}
        {gss-library-build-command}
        
-{krb5-library-output-files} Ã„Ä {krb5-library-dependencies} {makefile-name}
+{krb5-library-output-files} Ã„Ä {krb5-library-dependencies} {makefile-dependency}
        {create-folder} {krb5-library-output-folder}
        {krb5-library-build-command}
 
-{profile-library-output-files} Ã„Ä {profile-library-dependencies} {makefile-name}
+{privatekrb5-library-output-files} Ã„Ä {privatekrb5-library-dependencies} {makefile-dependency}
+       {create-folder} {privatekrb5-library-output-folder}
+       {privatekrb5-library-build-command}
+
+{profile-library-output-files} Ã„Ä {profile-library-dependencies} {makefile-dependency}
        {create-folder} {profile-library-output-folder}
        {profile-library-build-command}
 
-{comerr-library-output-files} Ã„Ä {comerr-library-dependencies} {makefile-name}
+{comerr-library-output-files} Ã„Ä {comerr-library-dependencies} {makefile-dependency}
        {create-folder} {comerr-library-output-folder}
        {comerr-library-build-command}
 
@@ -805,13 +1198,13 @@ comerr-library 
 ###                    Default compilation rules
 ##############################################################################################################
 
-{object-suffix} Ã„ .c {autogenerated-files} {makefile-name} {precompiled-headers}
+{object-suffix} Ã„ .c {autogenerated-files} {makefile-dependency} {precompiled-headers}
        echo {DepDir}{Default}{object-suffix}
-       {compiler} {DepDir}{Default}.c -o {DepDir}{Default}{object-suffix} {compiler-options}
+       {compiler} -i "{CWANSIIncludes}sys" {DepDir}{Default}.c -o {DepDir}{Default}{object-suffix} {compiler-options}
 
-{object-suffix-data} Ã„ .c {autogenerated-files} {makefile-name} {precompiled-headers}
+{object-suffix-data} Ã„ .c {autogenerated-files} {makefile-dependency} {precompiled-headers}
        echo {DepDir}{Default}{object-suffix-data}
-       {compiler} {DepDir}{Default}.c -o {DepDir}{Default}{object-suffix-data} {compiler-options}
+       {compiler} -i "{CWANSIIncludes}sys" {DepDir}{Default}.c -o {DepDir}{Default}{object-suffix-data} {compiler-options}
 
 ##############################################################################################################
 ###                    Autogenerating classic 68K glue files
@@ -823,10 +1216,10 @@ krb5-library-glue-output-folder                                          = {root-folder}:Kerberos5Lib:ClassicGlue:
 profile-library-glue-output-folder                                     = {root-folder}:KerberosProfileLib:ClassicGlue:
 comerr-library-glue-output-folder                                      = {root-folder}:ComErrLib:ClassicGlue:
 
-gss-library-glue-output                                                                = {gss-library-glue-output-folder}GSSLib.glue.c
-krb5-library-glue-output                                                       = {krb5-library-glue-output-folder}Kerberos5Lib.glue.c
-profile-library-glue-output                                                    = {profile-library-glue-output-folder}KrbProfileLib.glue.c
-comerr-library-glue-output                                                     = {comerr-library-glue-output-folder}ComErrLib.glue.c
+gss-library-glue-output                                                                = {gss-library-glue-output-folder}GSSLib.glue.c {gss-library-glue-output-folder}GSSLib.glue.h
+krb5-library-glue-output                                                       = {krb5-library-glue-output-folder}Kerberos5Lib.glue.c {krb5-library-glue-output-folder}Kerberos5Lib.glue.h
+profile-library-glue-output                                                    = {profile-library-glue-output-folder}KrbProfileLib.glue.c {profile-library-glue-output-folder}KrbProfileLib.glue.h
+comerr-library-glue-output                                                     = {comerr-library-glue-output-folder}ComErrLib.glue.c {comerr-library-glue-output-folder}ComErrLib.glue.h
 
 classic-glue-output = Â¶
        {gss-library-glue-output} Â¶
@@ -842,32 +1235,36 @@ glue-profile 
 glue-comerr Ã„ {comerr-library-glue-output}
 
 {krb5-library-glue-output} Ã„ {root-folder}mac:K5.CFMglue.cin {root-folder}mac:K5.CFMglue.proto.h Â¶
-       {root-folder}mac:CFMglue.c {root-folder}mac:K5.moreCFMglue.cin {classic-glue-generation-script}
+       {root-folder}mac:CFMglue.c {root-folder}mac:GSSLib.glue.h {root-folder}mac:K5.moreCFMglue.cin {classic-glue-generation-script}
        {create-folder} {krb5-library-glue-output-folder}
        perl {classic-glue-generation-script} < {root-folder}mac:K5.CFMglue.proto.h > {root-folder}mac:K5.CFMglue.c
        Catenate {root-folder}mac:K5.CFMglue.cin {root-folder}mac:CFMglue.c {root-folder}mac:K5.CFMglue.c Â¶
-       {root-folder}mac:K5.moreCFMglue.cin | Catenate > {krb5-library-glue-output}
+       {root-folder}mac:K5.moreCFMglue.cin | Catenate > {krb5-library-glue-output-folder}Kerberos5Lib.glue.c
+       Duplicate -y {root-folder}mac:Kerberos5Lib.glue.h {krb5-library-glue-output-folder}Kerberos5Lib.glue.h
 
 {gss-library-glue-output} Ã„ {root-folder}mac:GSS.CFMglue.cin {root-folder}mac:GSS.CFMglue.proto.h Â¶
-       {root-folder}mac:CFMglue.c {root-folder}mac:GSS.moreCFMglue.cin {classic-glue-generation-script}
+       {root-folder}mac:CFMglue.c {root-folder}mac:Kerberos5Lib.glue.h {root-folder}mac:GSS.moreCFMglue.cin {classic-glue-generation-script}
        {create-folder} {gss-library-glue-output-folder}
        perl {classic-glue-generation-script} < {root-folder}mac:GSS.CFMglue.proto.h > {root-folder}mac:GSS.CFMglue.c
        Catenate {root-folder}mac:GSS.CFMglue.cin {root-folder}mac:CFMglue.c {root-folder}mac:GSS.CFMglue.c Â¶
-       {root-folder}mac:GSS.moreCFMglue.cin | Catenate > {gss-library-glue-output}
+       {root-folder}mac:GSS.moreCFMglue.cin | Catenate > {gss-library-glue-output-folder}GSSLib.glue.c
+       Duplicate -y {root-folder}mac:GSSLib.glue.h {gss-library-glue-output-folder}GSSLib.glue.h
 
 {profile-library-glue-output} Ã„ {root-folder}mac:KrbProfileLib.glue.pre.cin {root-folder}mac:KrbProfileLib.glue.proto.h Â¶
-       {root-folder}mac:CFMglue.c {root-folder}mac:KrbProfileLib.glue.post.cin {classic-glue-generation-script}
+       {root-folder}mac:CFMglue.c {root-folder}mac:KrbProfileLib.glue.h {root-folder}mac:KrbProfileLib.glue.post.cin {classic-glue-generation-script}
        {create-folder} {profile-library-glue-output-folder}
        perl {classic-glue-generation-script} < {root-folder}mac:KrbProfileLib.glue.proto.h > {root-folder}mac:KrbProfileLib.CFMglue.c
        Catenate {root-folder}mac:KrbProfileLib.glue.pre.cin {root-folder}mac:CFMglue.c {root-folder}mac:KrbProfileLib.CFMglue.c Â¶
-       {root-folder}mac:KrbProfileLib.glue.post.cin | Catenate > {profile-library-glue-output}
+       {root-folder}mac:KrbProfileLib.glue.post.cin | Catenate > {profile-library-glue-output-folder}KrbProfileLib.glue.c
+       Duplicate -y {root-folder}mac:KrbProfileLib.glue.h {profile-library-glue-output-folder}KrbProfileLib.glue.h
 
 {comerr-library-glue-output} Ã„ {root-folder}mac:ComErrLib.glue.pre.cin {root-folder}mac:ComErrLib.glue.proto.h Â¶
-       {root-folder}mac:CFMglue.c {root-folder}mac:ComErrLib.glue.post.cin {classic-glue-generation-script}
+       {root-folder}mac:CFMglue.c {root-folder}mac:ComErrLib.glue.h {root-folder}mac:ComErrLib.glue.post.cin {classic-glue-generation-script}
        {create-folder} {comerr-library-glue-output-folder}
        perl {classic-glue-generation-script} < {root-folder}mac:ComErrLib.glue.proto.h > {root-folder}mac:ComErrLib.CFMglue.c
        Catenate {root-folder}mac:ComErrLib.glue.pre.cin {root-folder}mac:CFMglue.c {root-folder}mac:ComErrLib.CFMglue.c Â¶
-       {root-folder}mac:ComErrLib.glue.post.cin | Catenate > {comerr-library-glue-output}
+       {root-folder}mac:ComErrLib.glue.post.cin | Catenate > {comerr-library-glue-output-folder}ComErrLib.glue.c
+       Duplicate -y {root-folder}mac:ComErrLib.glue.h {comerr-library-glue-output-folder}ComErrLib.glue.h
 
 ##############################################################################################################
 ###                    Clean target deletes all generated files
@@ -875,19 +1272,22 @@ glue-comerr 
 
 clean Ã„
        # Need a dummy invalid name at the end to cover the case when nothing is found
-       Delete -i `files -r -s -o -f "{root-folder}" | StreamEdit  -d -e "/Ã…{object-suffix-ppc-debug}/ Print"` supercalifragilisticexpialidoucious
-       Delete -i `files -r -s -o -f "{root-folder}" | StreamEdit  -d -e "/Ã…{object-suffix-ppc-final}/ Print"` supercalifragilisticexpialidoucious
-       Delete -i `files -r -s -o -f "{root-folder}" | StreamEdit  -d -e "/Ã…{object-suffix-ppc-data}/ Print"` supercalifragilisticexpialidoucious
-       Delete -i {all-lists}
+       Delete -i `files -r -s -o -f "{root-folder}" | StreamEdit  -d -e "/Ã…{object-suffix-macos9-debug}/ Print"` supercalifragilisticexpialidoucious
+       Delete -i `files -r -s -o -f "{root-folder}" | StreamEdit  -d -e "/Ã…{object-suffix-macos9-final}/ Print"` supercalifragilisticexpialidoucious
+       Delete -i `files -r -s -o -f "{root-folder}" | StreamEdit  -d -e "/Ã…{object-suffix-macos9-data}/ Print"` supercalifragilisticexpialidoucious
+       Delete -i `files -r -s -o -f "{root-folder}" | StreamEdit  -d -e "/Ã…{object-suffix-carbon-debug}/ Print"` supercalifragilisticexpialidoucious
+       Delete -i `files -r -s -o -f "{root-folder}" | StreamEdit  -d -e "/Ã…{object-suffix-carbon-final}/ Print"` supercalifragilisticexpialidoucious
+       Delete -i `files -r -s -o -f "{root-folder}" | StreamEdit  -d -e "/Ã…{object-suffix-carbon-data}/ Print"` supercalifragilisticexpialidoucious
+       Delete -i {all-lists} {autogenerated-files}
        
 ##############################################################################################################
 ###                    Copying headers around
 ##############################################################################################################
 
-gss-headers-output-folder                                                      = {root-folder}:GSSLib:Headers:
-krb5-headers-output-folder                                                     = {root-folder}:Kerberos5Lib:Headers:
-comerr-headers-output-folder                                           = {root-folder}:ComErrLib:Headers:
-profile-headers-output-folder                                          = {root-folder}:KerberosProfileLib:Headers:
+gss-headers-output-folder                                                      = {root-folder}:GSSLib:Headers:GSS:
+krb5-headers-output-folder                                                     = {root-folder}:Kerberos5Lib:Headers:Kerberos5:
+comerr-headers-output-folder                                           = {root-folder}:ComErrLib:Headers:ComErr:
+profile-headers-output-folder                                          = {root-folder}:KerberosProfileLib:Headers:Profile:
 
 gss-headers-output = Â¶
        "{gss-headers-output-folder}gssapi.h" Â¶
@@ -908,7 +1308,7 @@ headers-output = {gss-headers-output} {krb5-headers-output} 
 
 headers Ã„ unset-echo {headers-output}
 
-"{gss-headers-output-folder}gssapi.h" Ã„ "{root-folder}lib:gssapi:generic:gssapi.h" {makefile-name}
+"{gss-headers-output-folder}gssapi.h" Ã„ "{root-folder}lib:gssapi:generic:gssapi.h" {makefile-dependency}
        "{create-folder}" "{TargDir}"
        If (`Exists "{Targ}" | Count -l`)
                SetFile -a l "{Targ}"
@@ -916,7 +1316,7 @@ headers 
        Catenate "{root-folder}lib:gssapi:generic:gssapi.h" > "{Targ}"
        SetFile -a l "{Targ}"
 
-"{gss-headers-output-folder}gssapi_krb5.h" Ã„ "{root-folder}lib:gssapi:krb5:gssapi_krb5.h" {makefile-name}
+"{gss-headers-output-folder}gssapi_krb5.h" Ã„ "{root-folder}lib:gssapi:krb5:gssapi_krb5.h" {makefile-dependency}
        "{create-folder}" "{TargDir}"
        If (`Exists "{Targ}" | Count -l`)
                SetFile -a l "{Targ}"
@@ -924,7 +1324,7 @@ headers 
        Catenate "{root-folder}lib:gssapi:krb5:gssapi_krb5.h" > "{Targ}"
        SetFile -a l "{Targ}"
 
-"{krb5-headers-output-folder}krb5.h" Ã„ "{root-folder}include:krb5.h" {makefile-name}
+"{krb5-headers-output-folder}krb5.h" Ã„ "{root-folder}include:krb5.h" {makefile-dependency}
        "{create-folder}" "{TargDir}"
        If (`Exists "{Targ}" | Count -l`)
                SetFile -a l "{Targ}"
@@ -932,7 +1332,7 @@ headers 
        Catenate "{root-folder}include:krb5.h" > "{Targ}"
        SetFile -a l "{Targ}"
 
-"{krb5-headers-output-folder}win-mac.h" Ã„ "{root-folder}include:win-mac.h" {makefile-name}
+"{krb5-headers-output-folder}win-mac.h" Ã„ "{root-folder}include:win-mac.h" {makefile-dependency}
        "{create-folder}" "{TargDir}"
        If (`Exists "{Targ}" | Count -l`)
                SetFile -a l "{Targ}"
@@ -940,7 +1340,7 @@ headers 
        Catenate "{root-folder}include:win-mac.h" > "{Targ}"
        SetFile -a l "{Targ}"
 
-"{comerr-headers-output-folder}com_err.h" Ã„ "{root-folder}util:et:com_err.h" {makefile-name}
+"{comerr-headers-output-folder}com_err.h" Ã„ "{root-folder}util:et:com_err.h" {makefile-dependency}
        "{create-folder}" "{TargDir}"
        If (`Exists "{Targ}" | Count -l`)
                SetFile -a l "{Targ}"
@@ -948,7 +1348,7 @@ headers 
        Catenate "{root-folder}util:et:com_err.h" > "{Targ}"
        SetFile -a l "{Targ}"
 
-"{profile-headers-output-folder}profile.h" Ã„ "{root-folder}util:profile:profile.h" {makefile-name}
+"{profile-headers-output-folder}profile.h" Ã„ "{root-folder}util:profile:profile.h" {makefile-dependency}
        "{create-folder}" "{TargDir}"
        If (`Exists "{Targ}" | Count -l`)
                SetFile -a l "{Targ}"
@@ -982,7 +1382,7 @@ documentation-output = {gss-documentation-output} {krb5-documentation-output} 
 
 documentation Ã„ unset-echo {documentation-output}
 
-{gss-documentation-output-folder}"GSSLib ReadMe" Ã„ {root-folder}"mac:GSSLib ReadMe" {makefile-name}
+{gss-documentation-output-folder}"GSSLib ReadMe" Ã„ {root-folder}"mac:GSSLib ReadMe" {makefile-dependency}
        "{create-folder}" "{TargDir}"
        If (`Exists "{Targ}" | Count -l`)
                SetFile -a l {Targ}
@@ -990,7 +1390,7 @@ documentation 
        Catenate {root-folder}"mac:GSSLib ReadMe" > {Targ}
        SetFile -a l {Targ}
 
-{krb5-documentation-output-folder}"krb5api.pdf" Ã„ {makefile-name}
+{krb5-documentation-output-folder}"krb5api.pdf" Ã„ {makefile-dependency}
        "{create-folder}" "{TargDir}"
        If (`Exists "{Targ}" | Count -l`)
                SetFile -a l {Targ}
@@ -1000,7 +1400,7 @@ documentation 
                SetFile -a l -t 'PDF ' -c 'CARO' {Targ}
        End
 
-{comerr-documentation-output-folder}"ComErrLib ReadMe" Ã„ {root-folder}"mac:ComErrLib ReadMe" {makefile-name}
+{comerr-documentation-output-folder}"ComErrLib ReadMe" Ã„ {root-folder}"mac:ComErrLib ReadMe" {makefile-dependency}
        "{create-folder}" "{TargDir}"
        If (`Exists "{Targ}" | Count -l`)
                SetFile -a l {Targ}
@@ -1008,7 +1408,7 @@ documentation 
        Catenate {root-folder}"mac:ComErrLib ReadMe" > {Targ}
        SetFile -a l {Targ}
 
-{profile-documentation-output-folder}"KerberosProfileLib ReadMe" Ã„ {root-folder}"mac:KerberosProfileLib ReadMe" {makefile-name}
+{profile-documentation-output-folder}"KerberosProfileLib ReadMe" Ã„ {root-folder}"mac:KerberosProfileLib ReadMe" {makefile-dependency}
        "{create-folder}" "{TargDir}"
        If (`Exists "{Targ}" | Count -l`)
                SetFile -a l {Targ}
diff --git a/src/mac/PrivateKerberos5Lib.exp b/src/mac/PrivateKerberos5Lib.exp
new file mode 100644 (file)
index 0000000..3a8588a
--- /dev/null
@@ -0,0 +1,33 @@
+#----------------------------------------------------
+#   PrivateKerberos5Lib.exp
+#
+# Exports from Kerberos v5 library which are not
+# a part of the public API, but are needed by some
+# critical clients. Each call is annotated by the
+# offending client.
+#----------------------------------------------------
+
+       krb5_size_opaque                                        # GSSAPI
+       krb5_internalize_opaque                         # GSSAPI
+       krb5_externalize_opaque                         # GSSAPI
+       krb5_ser_pack_int32                                     # GSSAPI
+       krb5_ser_unpack_int32                           # GSSAPI
+       krb5_ser_pack_bytes                                     # GSSAPI
+       krb5_ser_unpack_bytes                           # GSSAPI
+       krb5_ser_auth_context_init                      # GSSAPI
+       krb5_ser_context_init                           # GSSAPI
+       krb5_ser_ccache_init                            # GSSAPI
+       krb5_ser_keytab_init                            # GSSAPI
+       krb5_ser_rcache_init                            # GSSAPI
+       decode_krb5_ap_req                                      # GSSAPI
+       krb5_mcc_ops                                            # GSSAPI
+       krb5_c_keyed_checksum_types             # GSSAPI
+       krb5_c_random_make_octets                       # GSSAPI
+       krb5_c_encrypt                                          # GSSAPI
+       krb5_c_make_checksum                            # GSSAPI
+       krb5_c_decrypt                                          # GSSAPI
+       krb5_c_verify_checksum                          # GSSAPI
+       krb5_c_block_size                                       # GSSAPI
+       krb5_c_checksum_length                          # GSSAPI
+       krb5_c_encrypt_length                           # GSSAPI
+       krb5int_cc_default                                      # GSSAPI
\ No newline at end of file
index 9b5ea87cf5de7a147c79d7c42b77be2309321602..8d1b78ba850927276756017d398c3d301df71129 100644 (file)
  * without express or implied warranty.
  */
  
-#include <CodeFragments.h>
-
 #include "profile.h"
 
+#if defined(macintosh)
+#include <CodeFragments.h>
 
 OSErr InitializeProfileLib (
        CFragInitBlockPtr ibp);
@@ -33,17 +32,28 @@ OSErr InitializeProfileLib(
        
        /* Do normal init of the shared library */
        err = __initialize(ibp);
+#else
+#define noErr  0
+void __InitializeProfileLib (void);
+void __InitializeProfileLib (void)
+{
+       int     err = noErr;
+#endif
        
        /* Initialize the error tables */
        if (err == noErr) {
            add_error_table(&et_prof_error_table);
        }
        
+#if defined(macintosh)
        return err;
+#endif
 }
 
+#if defined(macintosh)
 void TerminateProfileLib(void)
 {
     remove_error_table(&et_prof_error_table);
        __terminate();
 }
+#endif
index d087037db3839e61e97ef86429c48c2e10da52b3..517720dfc2e0505e76b6b30f1ee1d880dc22d59c 100644 (file)
@@ -91,7 +91,7 @@ Changes in 1.1a3:
  
 2.0.1b1
  Microseconds support added
- Microseconds fixed on machines that don't have hardware support (Chas Williams)
+ Microseconds fixed on machines that do not have hardware support (Chas Williams)
  Fixed a bunch of missing krb5_auth_con_* exports
  Added NRL config file name (Chas Williams)
  Fixed profile layer to handle missing files correctly when looking for multiple ones
@@ -153,4 +153,91 @@ Changes in 1.1a3:
 3.0d3
  from tag Mac_GSSKerberos5_3_0d3
  no changes on the Mac side
- fixed crash in get_init_creds when no network
\ No newline at end of file
+ fixed crash in get_init_creds when no network 
+3.0d4
+ from tag Mac_GSSKerberos5_3_0d4
+ no changes on the Mac side
+3.0d5
+ from tag Mac_GSSKerberos5_3_0d5
+ no changes on the Mac side
+
+3.0d6
+ from tag Mac_GSSKerberos5_3_0d6
+ login lib support
+ fixed to ccache v5 creds copying code
+
+3.0d7
+ from tag Mac_GSSKerberos5_3_0d7
+ support for login library in expired passwords
+
+3.0d8
+ from tag Mac_GSSKerberos5_3_0d8
+ now following the krb5-1-2 branch (except in util/profile)
+
+3.0a1
+ from tag Mac_GSSKerberos5_3_0a1
+ fixed krb5_cc_default
+ workaround for hostname resolution problems
+3.0a2
+ from tag Mac_GSSKerberos5_3_0a2
+ no changes on the Mac side
+
+3.0b1
+ from tag Mac_GSSKerberos5_3_0b1
+ Kerberos5Lib now uses PreferencesLib
+ fixed get_credentials [BZ 323]
+
+3.0b2
+ from tag Mac_GSSKerberos5_3_0b2
+ changed error in krb5_init_context from ENFILE to ENOENT when file not found
+
+3.0fc1
+ from tag Mac_GSSKerberos5_3_0fc1
+ no changes on the Mac side
+
+3.0fc2
+ from tag Mac_GSSKerberos5_3_0fc2
+ fixed memory leak in krb5_425_conv_principal
+
+3.0
+ from tag Mac_GSSKerberos5_3_0
+
+3.1d1
+ from tag Mac_GSSKerberos5_3_1d1
+ Carbon and CWP 6 builds
+3.1d2
+ from tag Mac_GSSKerberos5_3_1d2
+ Fixed epoch conversion throughout
+ Rebuilt with fixed CWP 6 fcntl.h
+3.1d3
+ from tag Mac_GSSKerberos5_3_1d3
+ Fixed profile library to support FSpecs under X
+ Fixed build system to work with UNIX newlines under 9
+3.1d4
+ from tag Mac_GSSKerberos5_3_1d4
+ first Mac OS X release
+
+3.1d5
+ from tag Mac_GSSKerberos5_3_1d5
+ fixed Carbon fragment names
+3.1d6
+ from tag Mac_GSSKerberos5_3_1d6
+ fixed sleep time bug
+ fixed dependencies on 8.5+ InterfaceLib
+
+3.1a1
+ from tag Mac_GSSKerberos5_3_1a1
+ alpha
+
+3.1a2
+ from tag Mac_GSSKerberos5_3_1a2
+ no longer prevents idle sleep
+ override carbon errno with Kerberos Support Library
+ fix NULL prompter crash
\ No newline at end of file
diff --git a/src/mac/libraries/KerberosHeaders.9.pch b/src/mac/libraries/KerberosHeaders.9.pch
new file mode 100644 (file)
index 0000000..b8a8f88
--- /dev/null
@@ -0,0 +1,2 @@
+#include "KerberosHeaders.h"
+#include "MacHeaders.c"
diff --git a/src/mac/libraries/KerberosHeaders.CB.pch b/src/mac/libraries/KerberosHeaders.CB.pch
new file mode 100644 (file)
index 0000000..73d04ab
--- /dev/null
@@ -0,0 +1,4 @@
+#define TARGET_API_MAC_CARBON 1
+
+#include "KerberosHeaders.h"
+#include "MacHeaders.c"
index 1a07404ba38127a3cc8229d1bc600b6169c43d71..f37777649f50a31c5c937bd8888ea296f8f66040 100644 (file)
@@ -5,22 +5,24 @@
  *  Copyright Â© 1993 metrowerks inc.  All rights reserved.
  * Modified for Kerberos5 Mac port to include compile options
  */
+#include "autoconf.h"
 
 /*
  * Add the compile flag switches for kerberos compile
  */
 #define KRB5 1
 
-#define SIZEOF_INT 4
-#define SIZEOF_SHORT 2
 #define HAVE_SRAND
 #define NO_PASSWORD
 #define HAVE_LABS
 #define ANSI_STDIO
+#define USE_CCAPI
 
 #include <unix.h>
 #include <ctype.h>
 #include <SocketErrors.h>
+#include <unistd.h>
 
 #define PROVIDE_RSA_MD4
 #define PROVIDE_RSA_MD5
 
 #define NO_SYS_TYPES_H
 #define NO_SYS_STAT_H
-#define HAVE_STDLIB_H 1
 
 //jfm need to reimplement
 #define mktemp(a)
 
 enum {
 EROFS  = 30,
-ENFILE = 23
+/*ENFILE = 23*/
 };
index 00d53657a7c7f73597116a1e6fcc4f157fd84d5d..e0de100086a0e896d30799f7630884a80f2d130d 100644 (file)
@@ -3,29 +3,29 @@
 # Usage:
 # macfile_gen.pl list-type start-path prefix
 #      list-type is one of:
-#              all-files                                       -- complete list of mac sources, relative to root
-#              all-folders                                     -- complete list of mac directories, relative to root
-#              gss-sources                                     -- complete list of mac GSS sources, relative to root
-#              krb5-sources                            -- complete list of mac Krb5 sources, relative to root
-#              profile-sources                         -- complete list of mac profile sources, relative to root
-#              comerr-sources                          -- complete list of mac com_err sources, relative to root
-#              gss-objects-ppc-debug           -- complete list of mac GSS PPC debug objects, relative to root
-#              gss-objects-68k-debug           -- complete list of mac GSS 68K debug objects, relative to root
-#              gss-objects-ppc-final           -- complete list of mac GSS PPC final objects, relative to root
-#              gss-objects-68k-final           -- complete list of mac GSS 68K final objects, relative to root
-#              krb5-objects-ppc-debug          -- complete list of mac Kerberos v5 PPC debug objects, relative to root
-#              krb5-objects-68k-debug          -- complete list of mac Kerberos v5 68K debug objects, relative to root
-#              krb5-objects-ppc-final          -- complete list of mac Kerberos v5 PPC final objects, relative to root
-#              krb5-objects-68k-final          -- complete list of mac Kerberos v5 68K final objects, relative to root
-#              profile-objects-ppc-debug       -- complete list of mac profile PPC debug objects, relative to root
-#              profile-objects-68k-debug       -- complete list of mac profile v5 68K debug objects, relative to root
-#              profile-objects-ppc-final       -- complete list of mac profile v5 PPC final objects, relative to root
-#              profile-objects-68k-final       -- complete list of mac profile v5 68K final objects, relative to root
-#              comerr-objects-ppc-debug        -- complete list of mac com_err PPC debug objects, relative to root
-#              comerr-objects-68k-debug        -- complete list of mac com_err v5 68K debug objects, relative to root
-#              comerr-objects-ppc-final        -- complete list of mac com_err v5 PPC final objects, relative to root
-#              comerr-objects-68k-final        -- complete list of mac com_err v5 68K final objects, relative to root
-#              include-folders                         -- complete list of include paths, relative to root
+#              all-files                                               -- complete list of mac sources, relative to root
+#              all-folders                                             -- complete list of mac directories, relative to root
+#              gss-sources                                             -- complete list of mac GSS sources, relative to root
+#              krb5-sources                                    -- complete list of mac Krb5 sources, relative to root
+#              profile-sources                                 -- complete list of mac profile sources, relative to root
+#              comerr-sources                                  -- complete list of mac com_err sources, relative to root
+#              gss-objects-macos9-debug                -- complete list of mac GSS Mac OS 9 debug objects, relative to root
+#              gss-objects-macos9-final                -- complete list of mac GSS Mac OS 9 final objects, relative to root
+#              krb5-objects-macos9-debug               -- complete list of mac Kerberos v5 Mac OS 9 debug objects, relative to root
+#              krb5-objects-macos9-final               -- complete list of mac Kerberos v5 Mac OS 9 final objects, relative to root
+#              profile-objects-macos9-debug    -- complete list of mac profile Mac OS 9 debug objects, relative to root
+#              profile-objects-macos9-final    -- complete list of mac profile v5 Mac OS 9 final objects, relative to root
+#              comerr-objects-macos9-debug             -- complete list of mac com_err Mac OS 9 debug objects, relative to root
+#              comerr-objects-macos9-final             -- complete list of mac com_err v5 Mac OS 9 final objects, relative to root
+#              gss-objects-carbon-debug                -- complete list of mac GSS Carbon debug objects, relative to root
+#              gss-objects-carbon-final                -- complete list of mac GSS Carbon final objects, relative to root
+#              krb5-objects-carbon-debug               -- complete list of mac Kerberos v5 Carbon debug objects, relative to root
+#              krb5-objects-carbon-final               -- complete list of mac Kerberos v5 Carbon final objects, relative to root
+#              profile-objects-carbon-debug    -- complete list of mac profile Carbon debug objects, relative to root
+#              profile-objects-carbon-final    -- complete list of mac profile v5 Carbon final objects, relative to root
+#              comerr-objects-carbon-debug             -- complete list of mac com_err Carbon debug objects, relative to root
+#              comerr-objects-carbon-final             -- complete list of mac com_err v5 Carbon final objects, relative to root
+#              include-folders                                 -- complete list of include paths, relative to root
 #
 #      input on stdin
 #      output on stdout
@@ -103,115 +103,115 @@ if ($action eq "all-folders") {
        @outputList = grep (/:et:/, @sourceList);
        print (STDERR "Done. \n");
        
-} elsif ($action eq "gss-objects-ppc-debug") {
+} elsif ($action eq "gss-objects-macos9-debug") {
 
-       print (STDERR "# Building GSS PPC debug object listÉ ");
-       @outputList = grep (s/\.c$/\.ppcd.o/, @sourceList);
+       print (STDERR "# Building GSS Mac OS 9 debug object listÉ ");
+       @outputList = grep (s/\.c$/\.9d.o/, @sourceList);
        @outputList = grep (/:gssapi:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "gss-objects-68k-debug") {
+} elsif ($action eq "gss-objects-macos9-final") {
 
-       print (STDERR "# Building GSS 68K debug object listÉ ");
-       @outputList = grep (s/\.c$/\.68kd.o/, @sourceList);
+       print (STDERR "# Building GSS Mac OS 9 final object listÉ ");
+       @outputList = grep (s/\.c$/\.9.o/, @sourceList);
        @outputList = grep (/:gssapi:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "gss-objects-ppc-final") {
+} elsif ($action eq "krb5-objects-macos9-debug") {
 
-       print (STDERR "# Building GSS PPC final object listÉ ");
-       @outputList = grep (s/\.c$/\.ppcf.o/, @sourceList);
-       @outputList = grep (/:gssapi:/, @outputList);
+       print (STDERR "# Building Kerberos v5 Mac OS 9 debug object listÉ ");
+       @outputList = grep (s/\.c$/\.9d.o/, @sourceList);
+       @outputList = grep (!/:gssapi:|:profile:|:et:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "gss-objects-68k-final") {
+} elsif ($action eq "krb5-objects-macos9-final") {
 
-       print (STDERR "# Building GSS 68K final object listÉ ");
-       @outputList = grep (s/\.c$/\.68kf.o/, @sourceList);
-       @outputList = grep (/:gssapi:/, @outputList);
+       print (STDERR "# Building Kerberos v5 Mac OS 9 final object listÉ ");
+       @outputList = grep (s/\.c$/\.9.o/, @sourceList);
+       @outputList = grep (!/:gssapi:|:profile:|:et:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "krb5-objects-ppc-debug") {
+} elsif ($action eq "profile-objects-macos9-debug") {
 
-       print (STDERR "# Building Kerberos v5 PPC debug object listÉ ");
-       @outputList = grep (s/\.c$/\.ppcd.o/, @sourceList);
-       @outputList = grep (!/:gssapi:|:profile:|:et:/, @outputList);
+       print (STDERR "# Building profile Mac OS 9 debug object listÉ ");
+       @outputList = grep (s/\.c$/\.9d.o/, @sourceList);
+       @outputList = grep (/:profile:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "krb5-objects-68k-debug") {
+} elsif ($action eq "profile-objects-macos9-final") {
 
-       print (STDERR "# Building Kerberos v5 68K debug object listÉ ");
-       @outputList = grep (s/\.c$/\.68kd.o/, @sourceList);
-       @outputList = grep (!/:gssapi:|:profile:|:et:/, @outputList);
+       print (STDERR "# Building profile Mac OS 9 final object listÉ ");
+       @outputList = grep (s/\.c$/\.9.o/, @sourceList);
+       @outputList = grep (/:profile:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "krb5-objects-ppc-final") {
+} elsif ($action eq "comerr-objects-macos9-debug") {
 
-       print (STDERR "# Building Kerberos v5 PPC final object listÉ ");
-       @outputList = grep (s/\.c$/\.ppcf.o/, @sourceList);
-       @outputList = grep (!/:gssapi:|:profile:|:et:/, @outputList);
+       print (STDERR "# Building com_err Mac OS 9 debug object listÉ ");
+       @outputList = grep (s/\.c$/\.9d.o/, @sourceList);
+       @outputList = grep (/:et:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "krb5-objects-68k-final") {
+} elsif ($action eq "comerr-objects-macos9-final") {
 
-       print (STDERR "# Building Kerberos v5 68K final object listÉ ");
-       @outputList = grep (s/\.c$/\.68kf.o/, @sourceList);
-       @outputList = grep (!/:gssapi:|:profile:|:et:/, @outputList);
+       print (STDERR "# Building com_err Mac OS 9 final object listÉ ");
+       @outputList = grep (s/\.c$/\.9.o/, @sourceList);
+       @outputList = grep (/:et:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "profile-objects-ppc-debug") {
+} elsif ($action eq "gss-objects-carbon-debug") {
 
-       print (STDERR "# Building profile PPC debug object listÉ ");
-       @outputList = grep (s/\.c$/\.ppcd.o/, @sourceList);
-       @outputList = grep (/:profile:/, @outputList);
+       print (STDERR "# Building GSS Carbon debug object listÉ ");
+       @outputList = grep (s/\.c$/\.CBd.o/, @sourceList);
+       @outputList = grep (/:gssapi:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "profile-objects-68k-debug") {
+} elsif ($action eq "gss-objects-carbon-final") {
 
-       print (STDERR "# Building profile 68K debug object listÉ ");
-       @outputList = grep (s/\.c$/\.68kd.o/, @sourceList);
-       @outputList = grep (/:profile:/, @outputList);
+       print (STDERR "# Building GSS Carbon final object listÉ ");
+       @outputList = grep (s/\.c$/\.CB.o/, @sourceList);
+       @outputList = grep (/:gssapi:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "profile-objects-ppc-final") {
+} elsif ($action eq "krb5-objects-carbon-debug") {
 
-       print (STDERR "# Building profile PPC final object listÉ ");
-       @outputList = grep (s/\.c$/\.ppcf.o/, @sourceList);
-       @outputList = grep (/:profile:/, @outputList);
+       print (STDERR "# Building Kerberos v5 Carbon debug object listÉ ");
+       @outputList = grep (s/\.c$/\.CBd.o/, @sourceList);
+       @outputList = grep (!/:gssapi:|:profile:|:et:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "profile-objects-68k-final") {
+} elsif ($action eq "krb5-objects-carbon-final") {
 
-       print (STDERR "# Building profile 68K final object listÉ ");
-       @outputList = grep (s/\.c$/\.68kf.o/, @sourceList);
-       @outputList = grep (/:profile:/, @outputList);
+       print (STDERR "# Building Kerberos v5 Carbon final object listÉ ");
+       @outputList = grep (s/\.c$/\.CB.o/, @sourceList);
+       @outputList = grep (!/:gssapi:|:profile:|:et:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "comerr-objects-ppc-debug") {
+} elsif ($action eq "profile-objects-carbon-debug") {
 
-       print (STDERR "# Building com_err PPC debug object listÉ ");
-       @outputList = grep (s/\.c$/\.ppcd.o/, @sourceList);
-       @outputList = grep (/:et:/, @outputList);
+       print (STDERR "# Building profile Carbon debug object listÉ ");
+       @outputList = grep (s/\.c$/\.CBd.o/, @sourceList);
+       @outputList = grep (/:profile:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "comerr-objects-68k-debug") {
+} elsif ($action eq "profile-objects-carbon-final") {
 
-       print (STDERR "# Building com_err 68K debug object listÉ ");
-       @outputList = grep (s/\.c$/\.68kd.o/, @sourceList);
-       @outputList = grep (/:et:/, @outputList);
+       print (STDERR "# Building profile Carbon final object listÉ ");
+       @outputList = grep (s/\.c$/\.CB.o/, @sourceList);
+       @outputList = grep (/:profile:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "comerr-objects-ppc-final") {
+} elsif ($action eq "comerr-objects-carbon-debug") {
 
-       print (STDERR "# Building com_err PPC final object listÉ ");
-       @outputList = grep (s/\.c$/\.ppcf.o/, @sourceList);
+       print (STDERR "# Building com_err Carbon debug object listÉ ");
+       @outputList = grep (s/\.c$/\.CBd.o/, @sourceList);
        @outputList = grep (/:et:/, @outputList);
        print (STDERR "Done. \n");
 
-} elsif ($action eq "comerr-objects-68k-final") {
+} elsif ($action eq "comerr-objects-carbon-final") {
 
-       print (STDERR "# Building com_err 68K final object listÉ ");
-       @outputList = grep (s/\.c$/\.68kf.o/, @sourceList);
+       print (STDERR "# Building com_err Carbon final object listÉ ");
+       @outputList = grep (s/\.c$/\.CB.o/, @sourceList);
        @outputList = grep (/:et:/, @outputList);
        print (STDERR "Done. \n");
 
@@ -448,7 +448,7 @@ sub read_file
 {
        die("Bad call to read_file") unless defined $_[0];
        local($FN) = (&chew_on_filename($_[0]));
-       local (@LINES, @NLFREE_LINES);
+       local ($CONTENTS, @NLFREE_LINES);
 
        if (!open(FILE, $FN))
        {
@@ -456,16 +456,23 @@ sub read_file
                exit(1);
        }
 
-       @LINES=<FILE>;
-       @NLFREE_LINES=grep(s/\n$//, @LINES);
-       
-       if (!close(FILE))
        {
-               print(STDERR "Can't close $FN.\n");
-               exit(1);
-       }
+               local ($/);
+               undef $/;
+               $CONTENTS = <FILE>;
+               
+               $CONTENTS =~ s/\012/\015/g;
+               
+               @NLFREE_LINES = split ('\015', $CONTENTS);
+               
+               if (!close(FILE))
+               {
+                       print(STDERR "Can't close $FN.\n");
+                       exit(1);
+               }
 
-       @NLFREE_LINES;
+               return @NLFREE_LINES;
+       }
 }
 
 # lists files that match $PATTERN in $DIR.
index e80bb3892b304a14002c5505aecc29a7f8907fc7..3a729516841901d6d58f1ff3ae0667cb7960c4d8 100644 (file)
@@ -1,3 +1,9 @@
+2000-05-08  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kprop.c (open_connection): New argument indicates output buffer
+       size.  Don't overrun it.
+       (get_tickets): Pass size of Errmsg.
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 5b6b5969b0f9b5bb7002dc0a415e990b1c6e6194..fa32f11a8432b6492e4c9e2aca78c695a7c5f30a 100644 (file)
@@ -72,7 +72,7 @@ void  get_tickets
 static void usage 
        PROTOTYPE((void));
 krb5_error_code open_connection 
-       PROTOTYPE((char *, int *, char *));
+       PROTOTYPE((char *, int *, char *, int));
 void   kerberos_authenticate 
        PROTOTYPE((krb5_context, krb5_auth_context *, 
                   int, krb5_principal, krb5_creds **));
@@ -116,7 +116,7 @@ main(argc, argv)
        get_tickets(context);
 
        database_fd = open_database(context, file, &database_size);
-       if (retval = open_connection(slave_host, &fd, Errmsg)) {
+       if (retval = open_connection(slave_host, &fd, Errmsg, sizeof(Errmsg))) {
                com_err(progname, retval, "%s while opening connection to %s",
                        Errmsg, slave_host);
                exit(1);
@@ -307,10 +307,11 @@ void get_tickets(context)
 }
 
 krb5_error_code
-open_connection(host, fd, Errmsg)
+open_connection(host, fd, Errmsg, ErrmsgSz)
        char    *host;
        int     *fd;
        char    *Errmsg;
+       int      ErrmsgSz;
 {
        int     s;
        krb5_error_code retval;
@@ -331,8 +332,9 @@ open_connection(host, fd, Errmsg)
        if(!port) {
                sp = getservbyname(KPROP_SERVICE, "tcp");
                if (sp == 0) {
-                       (void) strcpy(Errmsg, KPROP_SERVICE);
-                       (void) strcat(Errmsg, "/tcp: unknown service");
+                       (void) strncpy(Errmsg, KPROP_SERVICE, ErrmsgSz - 1);
+                       Errmsg[ErrmsgSz - 1] = '\0';
+                       (void) strncat(Errmsg, "/tcp: unknown service", ErrmsgSz - 1 - strlen(Errmsg));
                        *fd = -1;
                        return(0);
                }
@@ -481,7 +483,8 @@ open_database(context, data_fn, size)
                com_err(progname, ENOMEM, "while trying to malloc data_ok_fn");
                exit(1);
        }
-       strcat(strcpy(data_ok_fn, data_fn), ok);
+       strcpy(data_ok_fn, data_fn);
+       strcat(data_ok_fn, ok);
        if (stat(data_ok_fn, &stbuf_ok)) {
                com_err(progname, errno, "while trying to stat %s",
                        data_ok_fn);
index e0eaa3395eea8957d87efeeb29db3133ee1890df..ffc379768051cc5e18cb858ab71640be2826ac2f 100644 (file)
@@ -1,3 +1,17 @@
+2001-01-31  Tom Yu  <tlyu@mit.edu>
+
+       * krb5_decode_test.c (main): Add new test cases for indefinite
+       length ticket and as_rep.  Fix up calls to decode_run() to have
+       the modifier be in the description parameter.
+       (decode_run): If the ASN1 decoder returns an error, add one to the
+       error count so there will be a non-zero exit. Sometimes, the
+       decoded structure is complete enoght to pass the test, even with
+       an ASN.1 error - which can easilly get missed in the output run.
+       [pullup from trunk]
+
+       * utility.c (asn1_krb5_data_unparse): signed char
+       paranoia. [pullup from trunk]
+
 1999-11-01  Tom Yu  <tlyu@mit.edu>
 
        * krb5_decode_test.c (main): Add test case for zero-length
index 8ec075b93846eeb283545e2673099ba980e4b061..24efb540fd8a180d8d550112e6c522faa5d26de7 100644 (file)
@@ -40,6 +40,7 @@ int main(argc, argv)
     retval = decoder(&code,&var);\
     if(retval){\
       com_err("krb5_decode_test", retval, "while decoding %s", typestring);\
+      error_count++;\
     }\
     assert(comparator(&ref,var),typestring);\
     printf("%s\n",description)
@@ -67,6 +68,49 @@ int main(argc, argv)
   {
     setup(krb5_ticket,"krb5_ticket",ktest_make_sample_ticket);
     decode_run("ticket","","61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ticket,ktest_equal_ticket);
+    decode_run("ticket","(+ trailing [4] INTEGER","61 61 30 5F A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 03 02 01 01",decode_krb5_ticket,ktest_equal_ticket);
+
+/*
+  "61 80 30 80 "
+  "  A0 03 02 01 05 "
+  "  A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 "
+  "  A2 80 30 80 "
+  "    A0 03 02 01 01 "
+  "    A1 80 30 80 "
+  "      1B 06 68 66 74 73 61 69 "
+  "      1B 05 65 78 74 72 61 "
+  "    00 00 00 00 "
+  "  00 00 00 00 "
+  "  A3 80 30 80 "
+  "    A0 03 02 01 00 "
+  "    A1 03 02 01 05 "
+  "    A2 17 04 15 6B 72 62 41 53 4E 2E 31 "
+  "      20 74 65 73 74 20 6D 65 73 73 61 67 65 "
+  "  00 00 00 00"
+  "00 00 00 00"
+*/
+    decode_run("ticket","(indefinite lengths)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00" ,decode_krb5_ticket,ktest_equal_ticket);
+/*
+  "61 80 30 80 "
+  "  A0 03 02 01 05 "
+  "  A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 "
+  "  A2 80 30 80 "
+  "    A0 03 02 01 01 "
+  "    A1 80 30 80 "
+  "      1B 06 68 66 74 73 61 69 "
+  "      1B 05 65 78 74 72 61 "
+  "    00 00 00 00 "
+  "  00 00 00 00 "
+  "  A3 80 30 80 "
+  "    A0 03 02 01 00 "
+  "    A1 03 02 01 05 "
+  "    A2 17 04 15 6B 72 62 41 53 4E 2E 31 "
+  "      20 74 65 73 74 20 6D 65 73 73 61 67 65 "
+  "  00 00 00 00"
+  "  A4 03 02 01 01 "
+  "00 00 00 00"
+*/
+    decode_run("ticket","(indefinite lengths + trailing [4] INTEGER)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 A4 03 02 01 01 00 00 00 00",decode_krb5_ticket,ktest_equal_ticket);
   }
 
   /****************************************************************/
@@ -74,21 +118,22 @@ int main(argc, argv)
   {
     setup(krb5_keyblock,"krb5_keyblock",ktest_make_sample_keyblock);
     decode_run("encryption_key","","30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key(+ trailing [2] INTEGER)","","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key(+ trailing [2] SEQUENCE {[0] INTEGER})","","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 07 30 05 A0 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key(indefinite lengths)","","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key(indefinite lengths + trailing [2] INTEGER)","","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
-    decode_run("encryption_key(indefinite lengths + trailing [2] SEQUENCE {[0] INTEGER})","","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 80 30 80 A0 03 02 01 01 00 00 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(+ trailing [2] INTEGER)","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(+ trailing [2] SEQUENCE {[0] INTEGER})","30 1A A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 07 30 05 A0 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(indefinite lengths)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(indefinite lengths + trailing [2] INTEGER)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(indefinite lengths + trailing [2] SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 80 30 80 A0 03 02 01 01 00 00 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(indefinite lengths + trailing SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 80 A0 03 02 01 01 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key);
     ref.enctype = -1;
-    decode_run("encryption_key(enctype = -1)","","30 11 A0 03 02 01 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(enctype = -1)","30 11 A0 03 02 01 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
     ref.enctype = -255;
-    decode_run("encryption_key(enctype = -255)","","30 12 A0 04 02 02 FF 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(enctype = -255)","30 12 A0 04 02 02 FF 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
     ref.enctype = 255;
-    decode_run("encryption_key(enctype = 255)","","30 12 A0 04 02 02 00 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(enctype = 255)","30 12 A0 04 02 02 00 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
     ref.enctype = -2147483648;
-    decode_run("encryption_key(enctype = -2147483648)","","30 14 A0 06 02 04 80 00 00 00 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(enctype = -2147483648)","30 14 A0 06 02 04 80 00 00 00 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
     ref.enctype = 2147483647;
-    decode_run("encryption_key(enctype = 2147483647)","","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
+    decode_run("encryption_key","(enctype = 2147483647)","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key);
   }  
   
   /****************************************************************/
@@ -146,6 +191,57 @@ int main(argc, argv)
     ref.msg_type = KRB5_AS_REP;
 
     decode_run("as_rep","","6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep);
+
+/*
+  6B 80 30 80
+    A0 03 02 01 05
+    A1 03 02 01 0B
+    A2 80 30 80
+      30 80
+       A1 03 02 01 0D
+       A2 09 04 07 70 61 2D 64 61 74 61
+      00 00
+      30 80
+       A1 03 02 01 0D
+       A2 09 04 07 70 61 2D 64 61 74 61
+      00 00
+    00 00 00 00
+    A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55
+    A4 80 30 80
+      A0 03 02 01 01
+      A1 80 30 80
+       1B 06 68 66 74 73 61 69
+       1B 05 65 78 74 72 61
+      00 00 00 00
+    00 00 00 00
+    A5 80 61 80 30 80
+      A0 03 02 01 05
+      A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55
+      A2 80 30 80
+       A0 03 02 01 01
+       A1 80 30 80
+         1B 06 68 66 74 73 61 69
+         1B 05 65 78 74 72 61
+       00 00 00 00
+      00 00 00 00
+      A3 80 30 80
+       A0 03 02 01 00
+       A1 03 02 01 05
+       A2 17 04 15 6B 72 62 41 53 4E 2E 31
+         20 74 65 73 74 20 6D 65
+         73 73 61 67 65
+      00 00 00 00
+    00 00 00 00 00 00
+    A6 80 30 80
+      A0 03 02 01 00
+      A1 03 02 01 05
+      A2 17 04 15 6B 72 62 41 53 4E 2E 31
+       20 74 65 73 74 20 6D 65
+       73 73 61 67 65
+    00 00 00 00
+  00 00 00 00
+*/
+    decode_run("as_rep","(indefinite lengths)","6B 80 30 80 A0 03 02 01 05 A1 03 02 01 0B A2 80 30 80 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 00 00 00 00 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A5 80 61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00 00 00 A6 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00",decode_krb5_as_rep,ktest_equal_as_rep);
     ktest_destroy_pa_data_array(&(ref.padata));
     decode_run("as_rep","(optionals NULL)","6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep);
   }  
index 739d639131f5c5c80640a7afa6d82d92f1bd3f12..0831a0864e41052369b71e50509a70ee0a9cf300 100644 (file)
@@ -22,11 +22,11 @@ asn1_error_code asn1_krb5_data_unparse(code, s)
   }else{
     int i;
 
-    *s = (char*)calloc(3*(code->length), sizeof(char));
+    *s = (char*)calloc((size_t) 3*(code->length), sizeof(char));
     if(*s == NULL) return ENOMEM;
     for(i = 0; i < code->length; i++){
-      (*s)[3*i] = hexchar(((code->data)[i]&0xF0)>>4);
-      (*s)[3*i+1] = hexchar((code->data)[i]&0x0F);
+      (*s)[3*i] = hexchar((unsigned char) (((code->data)[i]&0xF0)>>4));
+      (*s)[3*i+1] = hexchar((unsigned char) ((code->data)[i]&0x0F));
       (*s)[3*i+2] = ' ';
     }
     (*s)[3*(code->length)-1] = '\0';
index 55733523c7faf6d244e5edf801791c44fa4317a4..bc57b0c1d4b8df74abd099bb7d1a21eeb6dab22c 100644 (file)
@@ -1,3 +1,13 @@
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kdb5_mkdums.c (main): Make sure buffer 'principal' is terminated.
+
+2000-05-08  Ken Raeburn  <raeburn@mit.edu>
+           Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kdb5_mkdums.c (main): Make sure buffer "tmp" is
+       null-terminated.  Don't overflow buffer "tmp" or "tmp2".
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 3cacc19df18572a24eec9367f51a300d4648a048..aa1854c8f460c82a75eee35c0c733b6b6e835957 100644 (file)
@@ -130,7 +130,8 @@ char *argv[];
            mkey_password = optarg;
            break;
        case 'p':                       /* prefix name to create */
-           strcpy(principal_string, optarg);
+           strncpy(principal_string, optarg, sizeof(principal_string) - 1);
+           principal_string[sizeof(principal_string) - 1] = '\0';
            suffix = principal_string + strlen(principal_string);
            break;
        case 'n':                        /* how many to create */
@@ -195,13 +196,14 @@ char *argv[];
         again given a prefix and count to test the db lib and kdb */
       (void) sprintf(suffix, "%d", n);
       (void) sprintf(tmp, "%s-DEPTH-1", principal_string);
+      tmp[sizeof(tmp) - 1] = '\0';
       str_newprinc = tmp;
       add_princ(test_context, str_newprinc);
 
       for (i = 2; i <= depth; i++) {
-       tmp2[0] = '\0';
        (void) sprintf(tmp2, "/%s-DEPTH-%d", principal_string, i);
-       strcat(tmp, tmp2);
+       tmp2[sizeof(tmp2) - 1] = '\0';
+       strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
        str_newprinc = tmp;
        add_princ(test_context, str_newprinc);
       }
index 54d0e4b826802a55816e81a8472a9f9ca76be01b..f3767a9f5cc0655e414b131fc44e7d4defc7b395 100644 (file)
@@ -1,3 +1,8 @@
+2000-05-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * default.exp (setup_kerberos_files): Include des3 in supported
+       enctypes.
+
 2000-02-07  Tom Yu  <tlyu@mit.edu>
 
        * default.exp: Remove default_tgs_enctypes for now as it was
index 44ffab7a96fbb71f2162329daec25e6cb489aff7..e3993544e498fdf7a1a3922fa053ed3dbc194438 100644 (file)
@@ -352,8 +352,7 @@ proc setup_kerberos_files { } {
        puts $conffile "                max_renewable_life = 3:00:00"
        puts $conffile "                master_key_type = des-cbc-md5"
        puts $conffile "                master_key_name = master/key"
-# des3-cbc-sha1:normal
-       puts $conffile "                supported_enctypes =  des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
+       puts $conffile "                supported_enctypes = des3-cbc-sha1:normal des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
        puts $conffile "                kdc_supported_enctypes = des3-cbc-sha1:normal des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
        puts $conffile "                kdc_ports = 3088"
        puts $conffile "                default_principal_expiration = 2037.12.31.23.59.59"
index 3744efdf8683cf3a7e5a94d6b8560d738d1eb31a..81ec954f336b540d7cda271de987632da72291ae 100644 (file)
@@ -1,3 +1,9 @@
+Wed Jan 31 12:32:37 2001  Ezra Peisach  <epeisach@mit.edu>
+
+       * rlogin.exp: Use the build tree's version of krlogin instead of
+       using the one found in the users path that might have been used in the
+       root login.
+
 Thu Nov 14 15:20:19 1996  Barry Jaspan  <bjaspan@mit.edu>
 
        * telnet.exp: telnet may output fqdn in upper-case
index 4e8497049effc7440f4eb6d0d8ab232f3bad8e18..ac3952005cdcf553109193d2de7aa8b87152c9e3 100644 (file)
@@ -7,8 +7,8 @@
 # if they exist.  If they do not, then they must be in PATH.  We
 # expect $objdir to be .../kerberos/src.
 
-if ![info exists RLOGIN] {
-    set RLOGIN [findfile $objdir/../../appl/bsd/rlogin]
+if ![info exists KRLOGIN] {
+    set KRLOGIN [findfile $objdir/../../appl/bsd/rlogin]
 }
 
 if ![info exists KRLOGIND] {
@@ -119,7 +119,7 @@ proc stop_rlogin_daemon { } {
 
 proc rlogin_test { } {
     global REALMNAME
-    global RLOGIN
+    global KRLOGIN
     global BINSH
     global SHELL_PROMPT
     global KEY
@@ -141,7 +141,7 @@ proc rlogin_test { } {
     start_rlogin_daemon -k
 
     # Make an rlogin connection.
-    spawn $RLOGIN $hostname -k $REALMNAME -D 3543
+    spawn $KRLOGIN $hostname -k $REALMNAME -D 3543
 
     expect_after {
        timeout {
@@ -215,7 +215,7 @@ proc rlogin_test { } {
 
     # Try an encrypted connection.
     start_rlogin_daemon -e
-    spawn $RLOGIN $hostname -x -k $REALMNAME -D 3543
+    spawn $KRLOGIN $hostname -x -k $REALMNAME -D 3543
 
     expect_after {
        timeout {
index 649fb4387f97c606d190b65cd5569c46f1849378..546a6fac1d9d2d5d53cec12e8dc4e45078bc5488 100644 (file)
@@ -1,3 +1,16 @@
+2001-02-23  Tom Yu  <tlyu@mit.edu>
+
+       * rsh.exp: Drain buffers on klist test to avoid wedging rsh on
+       exit under HP/UX.
+       [pullup from trunk]
+
+       * gssapi.exp: Rework significantly to deal with HP/UX lossage that
+       probably resulted from when either the client or the server wound
+       up blocking on tty output.  Abstract things a little more.  Remove
+       dead duplicate code that used to deal with "-v2".  Should figure
+       out why the "-v2" stuff disappeared mysteriously.
+       [pullup from trunk]
+
 2000-02-07  Tom Yu  <tlyu@mit.edu>
 
        * kadmin.exp: Use $KDESTROY -5 to deal with changed behavior.
index 8f932cb05578743e7b534a017a19e434004a26d0..fa717282e58e9f3ed8470e22477a1ff68819b820 100644 (file)
@@ -113,6 +113,81 @@ proc gss_restore_env { } {
     }
 }
 
+proc run_client {test tkfile client} {
+    global env
+    global hostname
+    global GSSCLIENT
+    global spawn_id
+    global gss_server_spawn_id
+    global REALMNAME
+
+    set env(KRB5CCNAME) $tkfile
+    verbose "KRB5CCNAME=$env(KRB5CCNAME)"
+    verbose "spawning gssclient, identity=$client"
+    spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from $client"
+    set got_client 0
+    set got_server 0
+    expect_after {
+       -i $spawn_id
+       timeout {
+           if {!$got_client} {
+               verbose -log "client timeout"
+               fail $test
+               catch "expect_after"
+               return
+           }
+       }
+       eof {
+           if {!$got_client} {
+               verbose -log "client eof"
+               fail $test
+               catch "expect_after"
+               return
+           }
+       }
+       -i $gss_server_spawn_id
+       timeout {
+           if {!$got_server} {
+               verbose -log "server timeout"
+               fail $test
+               catch "expect_after"
+               return
+           }
+       }
+       eof {
+           if {!$got_server} {
+               verbose -log "server eof"
+               fail $test
+               catch "expect_after"
+               return
+           }
+       }
+    }
+    expect {
+       -i $gss_server_spawn_id
+       "Accepted connection: \"$client@$REALMNAME\"" exp_continue
+       "Received message: \"message from $client\"" {
+           set got_server 1
+           if {!$got_client} {
+               exp_continue
+           }
+       }
+       -i $spawn_id
+       "Signature verified" {
+           set got_client 1
+           if {!$got_server} {
+               exp_continue
+           }
+       }
+    }
+    catch "expect_after"
+    if ![check_exit_status $test] {
+       # check_exit_staus already calls fail for us
+       return
+    }
+    pass $test
+}
+
 proc doit { } {
     global REALMNAME
     global env
@@ -133,70 +208,59 @@ proc doit { } {
 
     # Start up the kerberos and kadmind daemons.
     if ![start_kerberos_daemons 0] {
-       fail gsstest
-       return
+       perror "failed to start kerberos daemons"
     }
 
     # Use kadmin to add a key for us.
     if ![add_kerberos_key gsstest0 0] {
-       fail gsstest
-       return
+       perror "failed to set up gsstest0 key"
     }
 
     # Use kadmin to add a key for us.
     if ![add_kerberos_key gsstest1 0] {
-       fail gsstest
-       return
+       perror "failed to set up gsstest1 key"
     }
 
     # Use kadmin to add a key for us.
     if ![add_kerberos_key gsstest2 0] {
-       fail gsstest
-       return
+       perror "failed to set up gsstest2 key"
     }
 
     # Use kadmin to add a key for us.
     if ![add_kerberos_key gsstest3 0] {
-       fail gsstest
-       return
+       perror "faild to set up gsstest3 key"
     }
 
     # Use kadmin to add a service key for us.
     if ![add_random_key gssservice/$hostname 0] {
-       fail gsstest
-       return
+       perror "failed to set up gssservice/$hostname key"
     }
 
     # Use kdb5_edit to create a srvtab entry for gssservice
     if ![setup_srvtab 0 gssservice] {
-       fail gsstest
-       return
+       perror "failed to set up gssservice srvtab"
     }
 
     catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"
 
     # Use kinit to get a ticket.
     if ![our_kinit gsstest0 gsstest0$KEY $tmppwd/gss_tk_0] {
-       fail gsstest
-       return
+       perror "failed to kinit gsstest0"
     }
 
     # Use kinit to get a ticket.
     if ![our_kinit gsstest1 gsstest1$KEY $tmppwd/gss_tk_1] {
-       fail gsstest
-       return
+       perror "failed to kinit gsstest1"
     }
 
     # Use kinit to get a ticket.
     if ![our_kinit gsstest2 gsstest2$KEY $tmppwd/gss_tk_2] {
-       fail gsstest
-       return
+       perror "failed to kinit gsstest2"
     }
 
     # Use kinit to get a ticket.
     if ![our_kinit gsstest3 gsstest3$KEY $tmppwd/gss_tk_3] {
-       fail gsstest
-       return
+       perror "failed to kinit gsstest3"
     }
 
     #
@@ -219,377 +283,30 @@ proc doit { } {
     spawn $GSSSERVER -port 5556 gssservice@$hostname
     set gss_server_pid [exp_pid]
     set gss_server_spawn_id $spawn_id
-    catch "exec sleep 4"
-
-    # Start the client with client identity 0
-    set env(KRB5CCNAME) $tmppwd/gss_tk_0
-    verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-    spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest0"
-    expect_after {
-       -i $spawn_id
-       timeout {
-           fail gssclient0
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient0
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $spawn_id "Signature verified"
-    catch "expect_after"
-    expect_after {
-       -i $gss_server_spawn_id
-       timeout {
-           fail gssclient0
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient0
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $gss_server_spawn_id "Accepted connection: \"gsstest0@$REALMNAME\""
-    expect -i $gss_server_spawn_id "Received message: \"message from gsstest0\""
-    catch "expect_after"
-    if ![check_exit_status gssclient0] {
-       fail gssclient0
-       return
-    }
-    pass gssclient0
-
-    # Start the client with client identity 1
-    set env(KRB5CCNAME) $tmppwd/gss_tk_1
-    verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-    spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest1"
-    expect_after {
-       -i $spawn_id
-       timeout {
-           fail gssclient1
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient1
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $spawn_id "Signature verified"
-    catch "expect_after"
-    expect_after {
-       -i $gss_server_spawn_id
-       timeout {
-           fail gssclient1
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient1
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $gss_server_spawn_id "Accepted connection: \"gsstest1@$REALMNAME\""
-    expect -i $gss_server_spawn_id "Received message: \"message from gsstest1\""
-    catch "expect_after"
-    if ![check_exit_status gssclient1] {
-       fail gssclient1
-       return
-    }
-    pass gssclient1
-
-    # Start the client with client identity 2
-    set env(KRB5CCNAME) $tmppwd/gss_tk_2
-    verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-    spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest2"
-    expect_after {
-       -i $spawn_id
-       timeout {
-           fail gssclient2
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient2
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $spawn_id "Signature verified"
-    catch "expect_after"
-    expect_after {
-       -i $gss_server_spawn_id
-       timeout {
-           fail gssclient2
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient2
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $gss_server_spawn_id "Accepted connection: \"gsstest2@$REALMNAME\""
-    expect -i $gss_server_spawn_id "Received message: \"message from gsstest2\""
-    catch "expect_after"
-    if ![check_exit_status gssclient2] {
-       fail gssclient2
-       return
-    }
-    pass gssclient2
-
-    # Start the client with client identity 3
-    set env(KRB5CCNAME) $tmppwd/gss_tk_3
-    verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-    spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest3"
-    expect_after {
-       -i $gss_server_spawn_id
-       timeout {
-           fail "gssclient3 (server timeout)"
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail "gssclient3 (server eof)"
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $gss_server_spawn_id "Accepted connection: \"gsstest3@$REALMNAME\""
-    # Drain some output from the verbose client side.  Otherwise, this
-    # test sometimes fails under HP-UX.
-    expect -i $spawn_id "\"gsstest3@KRBTEST.COM\" to \"gssservice"
-    expect -i $spawn_id "Mechanism { * } supports * name"
-
-    expect -i $gss_server_spawn_id "Received message: \"message from gsstest3\""
-    catch "expect_after"
-    expect_after {
-       -i $spawn_id
-       timeout {
-           fail "gssclient3 (timeout)"
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail "gssclient3 (eof)"
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $spawn_id "Signature verified"
-    catch "expect_after"
-    if ![check_exit_status gssclient3] {
-       fail "gssclient3 (exit status)"
-       return
-    }
-    pass gssclient3
-
-    stop_gss_server
-
-    # Try some V2 services.
-    # Now start the gss-server.
-    spawn $GSSSERVER -port 5557 gssservice@$hostname
-    set gss_server_pid [exp_pid]
-    set gss_server_spawn_id $spawn_id
-    catch "exec sleep 4"
+    sleep 2
 
-    # Start the client with client identity 0
-    set env(KRB5CCNAME) $tmppwd/gss_tk_0
-    verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-    spawn $GSSCLIENT -port 5557 $hostname gssservice@$hostname "message from gsstest0"
-    expect_after {
-       -i $spawn_id
-       timeout {
-           fail gssclient0
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient0
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $spawn_id "Signature verified"
-    catch "expect_after"
-    expect_after {
-       -i $gss_server_spawn_id
-       timeout {
-           fail gssclient0
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient0
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $gss_server_spawn_id "Accepted connection: \"gsstest0@$REALMNAME\""
-    expect -i $gss_server_spawn_id "Received message: \"message from gsstest0\""
-    catch "expect_after"
-    if ![check_exit_status gssclient0] {
-       fail gssclient0
-       return
-    }
-    pass gssclient0
-
-    # Start the client with client identity 1
-    set env(KRB5CCNAME) $tmppwd/gss_tk_1
-    verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-    spawn $GSSCLIENT -port 5557 $hostname gssservice@$hostname "message from gsstest1"
-    expect_after {
-       -i $spawn_id
-       timeout {
-           fail gssclient1
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient1
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $spawn_id "Signature verified"
-    catch "expect_after"
-    expect_after {
-       -i $gss_server_spawn_id
-       timeout {
-           fail gssclient1
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient1
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $gss_server_spawn_id "Accepted connection: \"gsstest1@$REALMNAME\""
-    expect -i $gss_server_spawn_id "Received message: \"message from gsstest1\""
-    catch "expect_after"
-    if ![check_exit_status gssclient1] {
-       fail gssclient1
-       return
-    }
-    pass gssclient1
-
-    # Start the client with client identity 2
-    set env(KRB5CCNAME) $tmppwd/gss_tk_2
-    verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-    spawn $GSSCLIENT -port 5557 $hostname gssservice@$hostname "message from gsstest2"
-    expect_after {
-       -i $spawn_id
-       timeout {
-           fail gssclient2
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient2
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $spawn_id "Signature verified"
-    catch "expect_after"
-    expect_after {
-       -i $gss_server_spawn_id
-       timeout {
-           fail gssclient2
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient2
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $gss_server_spawn_id "Accepted connection: \"gsstest2@$REALMNAME\""
-    expect -i $gss_server_spawn_id "Received message: \"message from gsstest2\""
-    catch "expect_after"
-    if ![check_exit_status gssclient2] {
-       fail gssclient2
-       return
-    }
-    pass gssclient2
-
-    # Start the client with client identity 3
-    set env(KRB5CCNAME) $tmppwd/gss_tk_3
-    verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-    spawn $GSSCLIENT -port 5557 $hostname gssservice@$hostname "message from gsstest3"
-    expect_after {
-       -i $gss_server_spawn_id
-       timeout {
-           fail gssclient3
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient3
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $gss_server_spawn_id "Accepted connection: \"gsstest3@$REALMNAME\""
-
-    # Drain some output from the verbose client side.  Otherwise, this
-    # test sometimes fails under HP-UX.
-    expect -i $spawn_id "\"gsstest3@KRBTEST.COM\" to \"gssservice"
-    expect -i $spawn_id "Mechanism { * } supports * name"
-
-    expect -i $gss_server_spawn_id "Received message: \"message from gsstest3\""
-    catch "expect_after"
-    expect_after {
-       -i $spawn_id
-       timeout {
-           fail gssclient3
-           catch "expect_after"
-           return
-       }
-       eof {
-           fail gssclient3
-           catch "expect_after"
-           return
-       }
-    }
-    expect -i $spawn_id "Signature verified"
-    catch "expect_after"
-    if ![check_exit_status gssclient3] {
-       fail gssclient3
-       return
-    }
-    pass gssclient3
+    run_client gssclient0 $tmppwd/gss_tk_0 gssclient0
+    run_client gssclient1 $tmppwd/gss_tk_1 gssclient1
+    run_client gssclient2 $tmppwd/gss_tk_2 gssclient2
+    run_client gssclient3 $tmppwd/gss_tk_3 gssclient3
 
     stop_gss_server
     gss_restore_env
 
     if ![our_kdestroy $tmppwd/gss_tk_0] {
-       fail gsstest
-       return
+       perror "failed kdestroy gss_tk_0" 0
     }
 
     if ![our_kdestroy $tmppwd/gss_tk_1] {
-       fail gsstest
-       return
+       perror "failed kdestroy gss_tk_1" 0
     }
 
     if ![our_kdestroy $tmppwd/gss_tk_2] {
-       fail gsstest
-       return
+       perror "failed kdestroy gss_tk_2" 0
     }
 
     if ![our_kdestroy $tmppwd/gss_tk_3] {
-       fail gsstest
-       return
+       perror "failed kdestroy gss_tk_3" 0
     }
 
     catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"
@@ -604,7 +321,6 @@ gss_restore_env
 stop_kerberos_daemons
 
 if { $status != 0 } {
-    send_error "ERROR: error in gssapi.exp\n"
-    send_error "$msg\n"
-    exit 1
+    perror "error in gssapi.exp" 0
+    perror $msg 0
 }
index 09b5222fb28c58d755b2bac966222471309c6234..ed47af2c63610d6c75c43c2c3b775d94097f1a5f 100644 (file)
@@ -162,7 +162,9 @@ proc rsh_test { } {
 
     spawn $RSH $hostname -f -k $REALMNAME -D 3544 -A $BINSH -c $tmppwd/klist.wrap 
     expect {
-       "Ticket cache:" { }
+       "Ticket cache:*\r" {
+           expect eof
+       }
        "klist: No credentials cache file found" {
            fail "$testname (not forwarded)"
            return
@@ -191,7 +193,9 @@ proc rsh_test { } {
     set testname "encrypted rsh forwarding tickets"
     spawn $RSH $hostname -x -f -k $REALMNAME -D 3544 -A $BINSH -c $tmppwd/klist.wrap 
     expect {
-       "Ticket cache:" { }
+       "Ticket cache:*\r" {
+           expect eof
+       }
        "klist: No credentials cache file found" {
            fail "$testname (not forwarded)"
            return
index 1504de43402f9599121c99b735ffb4cacb1ba9e6..fcdd391c24019547fcee35631c6983b83cd083db 100644 (file)
@@ -1,3 +1,12 @@
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kdc5_hammer.c (main): Make sure buffer 'prefix' is null-terminated.
+
+2000-05-08  Ken Raeburn  <raeburn@mit.edu>
+           Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kdc5_hammer.c (main): Don't overflow buffers "ctmp" or "stmp".
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 780f92d83ec89f6cd1e01ca3887107a5a87afe70..6429a38edad816a0f88b5e94502be494299d2b0c 100644 (file)
@@ -169,7 +169,8 @@ main(argc, argv)
            depth = atoi(optarg);       /* how deep to go */
            break;
        case 'p':                       /* prefix name to check */
-           strcpy(prefix, optarg);
+           strncpy(prefix, optarg, sizeof(prefix) - 1);
+           prefix[sizeof(prefix) - 1] = '\0';
            break;
        case 'n':                        /* how many to check */
            num_to_check = atoi(optarg);
@@ -240,10 +241,11 @@ main(argc, argv)
           again given a prefix and count to test the db lib and kdb */
        ctmp[0] = '\0';
        for (i = 1; i <= depth; i++) {
-         ctmp2[0] = '\0';
          (void) sprintf(ctmp2, "%s%s%d-DEPTH-%d", (i != 1) ? "/" : "",
                         prefix, n, i);
-         strcat(ctmp, ctmp2);
+         ctmp2[sizeof(ctmp2) - 1] = '\0';
+         strncat(ctmp, ctmp2, sizeof(ctmp) - 1 - strlen(ctmp));
+         ctmp[sizeof(ctmp) - 1] = '\0';
          sprintf(client, "%s@%s", ctmp, cur_realm);
 
          if (get_tgt (test_context, client, &client_princ, ccache)) {
@@ -255,10 +257,11 @@ main(argc, argv)
 
          stmp[0] = '\0';
          for (j = 1; j <= depth; j++) {
-           stmp2[0] = '\0';
            (void) sprintf(stmp2, "%s%s%d-DEPTH-%d", (j != 1) ? "/" : "",
                           prefix, n, j);
-           strcat(stmp, stmp2);
+           stmp2[sizeof (stmp2) - 1] = '\0';
+           strncat(stmp, stmp2, sizeof(stmp) - 1 - strlen(stmp));
+           stmp[sizeof(stmp) - 1] = '\0';
            sprintf(server, "%s@%s", stmp, cur_realm);
            if (verify_cs_pair(test_context, client, client_princ, 
                               stmp, cur_realm, n, i, j, ccache))
index 7d0a88f2e66f527b10b56b059c099edbfa602d51..f73710bb240c5d1534e2b9e7035179a7d09a606c 100644 (file)
@@ -1,3 +1,12 @@
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kdb5_verify.c (main): Make sure buffer "principal_string" is
+       properly terminated.
+
+2000-05-08  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * kdb5_verify.c (main): Don't overflow buffer "tmp".
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index bfb0661369a300ca8046aa83cde0908b1d908437..e4277b18c64184af8f8e6d8a23d4cf8248235135 100644 (file)
@@ -131,7 +131,8 @@ char *argv[];
            mkey_password = optarg;
            break;
        case 'p':                       /* prefix name to check */
-           strcpy(principal_string, optarg);
+           strncpy(principal_string, optarg, sizeof(principal_string) - 1);
+           principal_string[sizeof(principal_string) - 1] = '\0';
            suffix = principal_string + strlen(principal_string);
            break;
        case 'n':                        /* how many to check */
@@ -199,9 +200,9 @@ char *argv[];
       if (check_princ(context, str_princ)) errors++;
 
       for (i = 2; i <= depth; i++) {
-       tmp2[0] = '\0';
        (void) sprintf(tmp2, "/%s-DEPTH-%d", principal_string, i);
-       strcat(tmp, tmp2);
+       tmp2[sizeof(tmp2) - 1] = '\0';
+       strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
        str_princ = tmp;
        if (check_princ(context, str_princ)) errors++;
       }
index 3862b2530e24473041154ca67e5386cc30e21f9b..39731b19bd6e4f100887d3a3d5d72423b23c3539 100644 (file)
@@ -1,3 +1,22 @@
+2001-02-21  Tom Yu  <tlyu@mit.edu>
+
+       * mkrel: When generating multiple tarballs, also generate a
+       consolidated tarball.
+
+2001-02-06  Tom Yu  <tlyu@mit.edu>
+
+       * mkrel: Default to making a single tarball.
+
+2001-01-28  Tom Yu  <tlyu@mit.edu>
+
+       * Makefile.in (all-prerecurse): Move aix.bincmds rule to
+       all-prerecurse so it gets built before the subdirectories of
+       src/util.
+
+       * makeshlib.sh: Use the linker flag -berok so that unresolved
+       symbols don't turn into link-time errors for building shared libs
+       on AIX.
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 3b4fd5d9bfc7494c03e5130f92db8c50a28940b1..f5d91d44fd4c0219a3837bd3be0da09a6d7cb96d 100644 (file)
@@ -77,7 +77,7 @@ makeshlib: $(srcdir)/makeshlib.sh Makefile
 #
 # We only need this for AIX, but we generate it for all systems.
 #
-all-unix:: aix.bincmds
+all-prerecurse:: aix.bincmds
 
 aix.bincmds: Makefile
         echo libpath $(KRB5_LIBDIR):`pwd`/$(TOPLIBD):/usr/lib:/lib >aix.bincmds
index 7972728d647a396b8bdc4455ff2cf73c1c079859..9ce240aecb145060ca260b45a8f702d3e02a70e4 100644 (file)
@@ -1,3 +1,7 @@
+2000-05-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * hash/dbm.c (kdb2_dbm_open): Don't overflow buffer "path".
+
 1999-08-15  Tom Yu  <tlyu@mit.edu>
 
        * README.NOT.SLEEPYCAT.DB: New file; pointer to README to
index 50921de84a61596b8dbcd4290db319a204964ded..aa9676632b39fb3773af647b23568e18d2bc01f8 100644 (file)
@@ -168,8 +168,9 @@ kdb2_dbm_open(file, flags, mode)
        info.cachesize = 0;
        info.hash = NULL;
        info.lorder = 0;
-       (void)strcpy(path, file);
-       (void)strcat(path, DBM_SUFFIX);
+       (void)strncpy(path, file, sizeof(path) - 1);
+       path[sizeof(path) - 1] = '\0';
+       (void)strncat(path, DBM_SUFFIX, sizeof(path) - 1 - strlen(path));
        return ((DBM *)__hash_open(path, flags, mode, &info, 0));
 }
 
index 345416e37e196f3c8202f8d1d99754e5061d05c5..6e67e27fef7b757969bae629f0745b8df04006e6 100644 (file)
@@ -1,3 +1,30 @@
+2000-10-08  Miro Jurisic  <meeroh@mit.edu>
+
+       * et_c.perl, et_h.perl: 
+        Renamed to et_c.pl and et_h.pl because the extension is used
+        as a newline separator heuristic in MacPerl parser
+
+2000-10-08  Miro Jurisic  <meeroh@mit.edu>
+
+       * et_c.perl, et_h.perl: 
+        Removed #! from the first line to avoid confusing MacPerl
+
+2000-10-02  Alexandra Ellwood  <lxs@mit.edu>
+
+       * com_err.h, error_message.c, et.pbexp, et_c.awk, et_h.awk: 
+        conditionalized com_err so it doesn't need to export et_list 
+        on Mac OS X 
+
+2000-05-07  Miro Jurisic  <meeroh@mit.edu>
+
+       * com_err.c (default_com_err_proc): use strncpy
+       where strncpy was meant (typo in Nalin's patch)
+
+2000-05-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * com_err.c (default_com_err_proc) [_MSDOS || _WIN32 ||
+       macintosh]: Don't overflow buffer "errbuf".
+
 2000-02-23  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.in (com_err.o): Depends on com_err.c.
index 31da130db261baf5af5928ebe95ab753cc682597..7bb081048df4a8c67b6dc3cd7666c737af02f023 100644 (file)
@@ -50,15 +50,18 @@ static void default_com_err_proc(whoami, code, fmt, ap)
        char errbuf[1024] = "";
 
        if (whoami) {
-               strcat (errbuf, whoami);
-               strcat (errbuf, ": ");
+               errbuf[sizeof(errbuf) - 1] = '\0';
+               strncat (errbuf, whoami, sizeof(errbuf) - 1 - strlen(errbuf));
+               strncat (errbuf, ": ", sizeof(errbuf) - 1 - strlen(errbuf));
        }
        if (code) {
-               strcat (errbuf, error_message(code));
-               strcat (errbuf, " ");
+               errbuf[sizeof(errbuf) - 1] = '\0';
+               strncat (errbuf, error_message(code), sizeof(errbuf) - 1 - strlen(errbuf));
+               strncat (errbuf, " ", sizeof(errbuf) - 1 - strlen(errbuf));
        }
        if (fmt)
                vsprintf (errbuf + strlen (errbuf), fmt, ap);
+       errbuf[sizeof(errbuf) - 1] = '\0';
 
 #ifdef macintosh
        MacMessageBox(errbuf);
index 7a8858b38611c8b5ef4b345c6211469823989c8f..0e9a875a86fd886a046fd7afc90c8d0dc6dd9fb0 100644 (file)
@@ -80,7 +80,7 @@ KRB5_DLLIMP extern errcode_t KRB5_CALLCONV add_error_table
 KRB5_DLLIMP extern errcode_t KRB5_CALLCONV remove_error_table
        ET_P((const struct error_table FAR *));
 
-#if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh)
+#if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh) && !defined(__MACH__)
 /*
  * The display routine should be application specific.  A global hook,
  * may cause inappropriate display procedures to be called between
index b4a0537cf670bcaaa7ead0c046729e19eb830625..8286638b55252855aac713e6cf8953810bd66727 100644 (file)
@@ -48,7 +48,7 @@ extern const int sys_nerr;
 
 static char buffer[ET_EBUFSIZ];
 
-#if (defined(_MSDOS) || defined(_WIN32) || defined(macintosh))
+#if (defined(_MSDOS) || defined(_WIN32) || defined(macintosh) || defined(__MACH__))
 static struct et_list * _et_list = (struct et_list *) NULL;
 #else
 /* Old interface compatibility */
diff --git a/src/util/et/et.pbexp b/src/util/et/et.pbexp
new file mode 100644 (file)
index 0000000..c841aa5
--- /dev/null
@@ -0,0 +1,8 @@
+#
+# comerr library Macintosh export file
+#
+# $Header$
+
+_error_message
+_add_error_table
+_remove_error_table
index 94b258f0fab3af49ea6a37380924ee7199f0faa8..589c8d4ba32c4aced48fe83853af7d19b5c61f87 100644 (file)
@@ -209,14 +209,14 @@ END {
                tab_base_low, table_item_count) > outfile
        }
        print "" > outfile
-       print "#if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh)" > outfile
+       print "#if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh) && !defined(__MACH__)" > outfile
        print "struct et_list {" > outfile
        print "    struct et_list *next;" > outfile
        print "    const struct error_table * table;" > outfile
        print "};" > outfile
        print "extern struct et_list *_et_list;" > outfile
        print "static struct et_list link = { 0, 0 };" > outfile
-       print "void initialize_" table_name "_error_table (NOARGS) {" > outfile
+       print "void initialize_" table_name "_error_table (NOARGS) {" > outfile    
        print "    if (!link.table) {" > outfile
        print "        link.next = _et_list;" > outfile
        print "        link.table = &et_" table_name "_error_table;" > outfile
similarity index 97%
rename from src/util/et/et_c.perl
rename to src/util/et/et_c.pl
index 6af71791f9fa87a17e22a31513b426c3a79cd19e..fce470670c01f7b218a8917ee77d4ac2f67cb1ab 100644 (file)
@@ -1,9 +1,3 @@
-#!/afs/athena/contrib/perl5/p
-eval 'exec /afs/athena/contrib/perl5/arch/sun4x_55/bin/perl -S $0 ${1+"$@"}'
-    if $running_under_some_shell;
-                       # this emulates #! processing on NIH machines.
-                       # (remove #! line above if indigestible)
-
 eval '$'.$1.'$2;' while $ARGV[0] =~ /^([A-Za-z_0-9]+=)(.*)/ && shift;
                        # process any FOO=bar switches
 
index 2521886ec03585c8c262f3100ec619678393bc6a..ad1d24a92f8de8ca73dd22767eecf460fb8b3ea8 100644 (file)
@@ -148,7 +148,7 @@ END {
        print "" > outfile
        print "extern struct error_table et_" table_name "_error_table;" > outfile
        print "" > outfile
-       print "#if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh)" > outfile
+       print "#if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh) && !defined(__MACH__)" > outfile
        print "/* for compatibility with older versions... */" > outfile
        print "extern void initialize_" table_name "_error_table ();" > outfile
        print "#define init_" table_name "_err_tbl initialize_" table_name "_error_table" > outfile
similarity index 95%
rename from src/util/et/et_h.perl
rename to src/util/et/et_h.pl
index b477faf5d97f1a2ae76fc299580b5e991f5a3f1f..9d015451747acb70a3c848962830af27432fb3a7 100644 (file)
@@ -1,9 +1,3 @@
-#!/afs/athena/contrib/perl5/p
-eval 'exec /afs/athena/contrib/perl5/arch/sun4x_55/bin/perl -S $0 ${1+"$@"}'
-    if $running_under_some_shell;
-                       # this emulates #! processing on NIH machines.
-                       # (remove #! line above if indigestible)
-
 eval '$'.$1.'$2;' while $ARGV[0] =~ /^([A-Za-z_0-9]+=)(.*)/ && shift;
                        # process any FOO=bar switches
 
index ec485cac179066b009cf8c58f560810466a92161..303c0ced9bea3e7d0a93d9c7d102af6236bd8ac8 100644 (file)
@@ -38,16 +38,14 @@ case $host  in
        stat=$?
        if [ $stat -eq 0 ] ; then
            if test "$HAVE_GCC" = "yes" ; then
-
-
-               $CC -o shr.o.$version $library  -nostartfiles -Xlinker -bgcbypass:1 -Xlinker -bfilelist -Xlinker -bM:SRE -Xlinker -bE:${library}.syms   $LDFLAGS -lc
+               $CC -o shr.o.$version $library  -nostartfiles -Xlinker -bgcbypass:1 -Xlinker -bfilelist -Xlinker -bM:SRE -Xlinker -bE:${library}.syms -Xlinker -berok $LDFLAGS -lc
            else
                # Pull in by explicit pathname so we don't get gnu ld if
                # installed (it could be even if we chose not to use gcc).
                # Better still would be to do this through $CC -- how do
                # we get crt0.o left out?
-    echo       /bin/ld -o shr.o.$version $library -H512 -T512 -bnoentry -bM:SRE $LDFLAGS -bgcbypass:1 -bnodelcsect -bE:${library}.syms $libdirfl $liblist -lc
-               /bin/ld -o shr.o.$version $library -H512 -T512 -bnoentry -bM:SRE $LDFLAGS -bgcbypass:1 -bnodelcsect -bE:${library}.syms  -lc
+    echo       /bin/ld -o shr.o.$version $library -H512 -T512 -bnoentry -bM:SRE $LDFLAGS -bgcbypass:1 -bnodelcsect -bE:${library}.syms -berok $libdirfl $liblist -lc
+               /bin/ld -o shr.o.$version $library -H512 -T512 -bnoentry -bM:SRE $LDFLAGS -bgcbypass:1 -bnodelcsect -bE:${library}.syms -berok -lc
            fi
            stat=$?
            if [ $stat -eq 0 ] ; then
index e534a478f18ad2141c6d7de0a640afaf1d488023..a086450fa4ea0e678668d7c7f136d939a477eade 100644 (file)
@@ -3,12 +3,15 @@ repository=:kserver:cvs.mit.edu:/cvs/krbdev
 dodoc=t
 dosrc=t
 checkout=t
+multitar=nil
 while test $# -gt 2; do
        case $1 in
        --srconly)
                dodoc=nil;;
        --doconly)
                dosrc=nil;;
+       --multi*)
+               multitar=t;;
        --repository)
                shift; repository=$1;;
        --nocheckout)
@@ -136,22 +139,25 @@ fi
 
 echo "Generating tarfiles..."
 GZIP=-9; export GZIP
-if test $dosrc = t; then
-       gtar --exclude $reldir/src/lib/crypto \
-               --exclude $reldir/src/lib/des425 \
-               --exclude $reldir/doc \
-               -zcf ${reldir}.src.tar.gz $reldir
-
-       gtar zcf ${reldir}.crypto.tar.gz \
-               $reldir/src/lib/crypto \
-               $reldir/src/lib/des425
-fi
-
-if test $dodoc = t; then
-       gtar zcf ${reldir}.doc.tar.gz $reldir/doc $reldir/README
+if test $multitar = t; then
+       if test $dosrc = t; then
+               gtar --exclude $reldir/src/lib/crypto \
+                       --exclude $reldir/src/lib/des425 \
+                       --exclude $reldir/doc \
+                       -zcf ${reldir}.src.tar.gz $reldir
+
+               gtar zcf ${reldir}.crypto.tar.gz \
+                       $reldir/src/lib/crypto \
+                       $reldir/src/lib/des425
+       fi
+       if test $dodoc = t; then
+               gtar zcf ${reldir}.doc.tar.gz $reldir/doc $reldir/README
+       fi
+       ls -l ${reldir}.*.tar.gz
 fi
 
-ls -l ${reldir}.*.tar.gz
+gtar zcf ${reldir}.tar.gz $reldir
+ls -l ${reldir}.tar.gz
 
 echo "Done."
 
index 172d7acd3a4c6201a8ae813a8940f0d6cd428433..700e342ce60413ea06d0d03c39d393a66f28348e 100644 (file)
@@ -1,3 +1,23 @@
+2001-02-02  Tom Yu  <tlyu@mit.edu>
+
+       * krb5.conf: Test with trailing whitespace on "default_realm"
+       line. [pullup from trunk]
+
+       * krb5.conf: Test with a space after ']' and '{' [pullup from trunk]
+
+       * prof_parse.c (parse_std_line): Spaces after '{' or ']' should
+       not be a fatal error. This is a common lossage in krb5.conf files.
+       [pullup from trunk]
+
+2000-10-7  Miro Jurisic  <meeroh@mit.edu>
+
+       * et.pbexp: Added the Mach-O initializer function
+
+2000-10-7  Miro Jurisic  <meeroh@mit.edu>
+
+       * et.pbexp: Added the Mac OS X export file (hopefully temporary,
+       until Apple fixes their tools to use the same format as Mac OS 9)
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 01eb66ce8aceb4c3673ab3c8835086132d99930e..19c59c60d3aa8e2e387da726ef61fa3cf92f88e7 100644 (file)
@@ -1,5 +1,5 @@
 [libdefaults]
-       default_realm = ATHENA.MIT.EDU
+       default_realm = ATHENA.MIT.EDU 
        default_tgs_enctypes = des-cbc-crc
        default_tkt_enctypes = des-cbc-crc
        krb4_config = /etc/athena/krb.conf
@@ -8,8 +8,8 @@
        kdc_timesync = 1
        ccache_type = 4
 
-[realms]
-       ATHENA.MIT.EDU = {
+[realms] 
+       ATHENA.MIT.EDU = { 
 #              kdc = kerberos-2000.mit.edu
                kdc = kerberos.mit.edu:88
                kdc = kerberos-1.mit.edu:88
@@ -17,7 +17,7 @@
                kdc = kerberos-3.mit.edu:88
                admin_server = kerberos.mit.edu
                default_domain = mit.edu
-       }
+       } 
        MEDIA-LAB.MIT.EDU = {
                kdc = kerberos.media.mit.edu
                admin_server = kerberos.media.mit.edu
index 0e3cffe7466a318bcaa5f4cee724fee72561f6ea..7e8bcb8732a906536831a76ee0263482dbbd5d5f 100644 (file)
@@ -130,6 +130,10 @@ static errcode_t parse_std_line(line, state)
                        profile_make_node_final(state->current_section);
                        cp++;
                }
+               /*
+                * A space after ']' should not be fatal 
+                */
+               cp = skip_over_blanks(cp);
                if (*cp)
                        return PROF_SECTION_SYNTAX;
                return 0;
@@ -169,7 +173,7 @@ static errcode_t parse_std_line(line, state)
        } else if (value[0] == 0) {
                do_subsection++;
                state->state = STATE_GET_OBRACE;
-       } else if (value[0] == '{' && value[1] == 0) 
+       } else if (value[0] == '{' && *(skip_over_blanks(value+1)) == 0)
                do_subsection++;
        else {
                cp = value + strlen(value) - 1;
diff --git a/src/util/profile/profile.pbexp b/src/util/profile/profile.pbexp
new file mode 100644 (file)
index 0000000..10e9ba4
--- /dev/null
@@ -0,0 +1,32 @@
+#
+# _profile library Macintosh export file
+#
+# $Header$
+
+___InitializeProfileLib 
+
+_profile_init
+_profile_init_path
+_profile_flush
+_profile_abandon
+_profile_release
+_profile_get_values
+_profile_free_list
+_profile_get_string
+_profile_get_integer
+_profile_get_relation_names
+_profile_get_subsection_names
+_profile_iterator_create
+_profile_iterator_free
+_profile_iterator
+_profile_release_string
+_profile_update_relation
+_profile_clear_relation
+_profile_rename_section
+_profile_add_relation
+
+### Temporary -- DO NOT USE
+
+_profile_ser_internalize
+_profile_ser_externalize
+_profile_ser_size
index ff815b74cf96057eef1fc11effdf70783b4f55ad..1986967b624cffc491d3b9d8846f4a7756c0d4e5 100644 (file)
@@ -1,3 +1,8 @@
+2000-03-24  Ken Raeburn  <raeburn@mit.edu>
+
+       * configure.in: Check for alpha*-dec-osf* instead of
+       alpha-dec-osf*.
+
 1999-10-26  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
index 398b1827f2cb219b788b78229536d6aa5e300241..58ceb8369517c7fe09ed4a927172348d7a139d4c 100644 (file)
@@ -30,7 +30,7 @@ ac_cv_func_setsid=no # setsid doesn't do the right thing under Ultrix even thoug
 # Moreover, strops.h trashes sys/ioctl.h
 krb5_cv_has_streams=no
 ;;
-alpha-dec-osf*)
+alpha*-dec-osf*)
        AC_CHECK_LIB(security,main,
                AC_DEFINE(HAVE_SETLUID)
                LOGINLIBS="$LOGINLIBS -lsecurity"
index 8cac4b73416678a71a38f4ad36f536b93ab231be..72063d7a4817bdd83f8ac40076193f3aa48b5aa0 100644 (file)
@@ -1,3 +1,11 @@
+2000-05-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * help.c (ss_help): Don't overflow buffers "buffer" or "buf".
+       * list_rqs.c (ss_list_requests): Don't overflow buffer "buffer".
+       * mk_cmds.c (main): Don't overflow buffer "c_file".
+       * utils.c (generate_rqte): Update lengths of constant strings in
+       computing buffer size.
+
 2000-02-01  Ken Raeburn  <raeburn@mit.edu>
 
        * listen.c (ss_listen): Local var END should be volatile.
index e09b7771589bdbd5b53787bb10c4c9e2d5a0c545..3c9cbec51853ad7c2da94806c5fe8557ea32ea82 100644 (file)
@@ -53,16 +53,18 @@ void ss_help (argc, argv, sci_idx, info_ptr)
        return;
     }
     for (idx = 0; info->info_dirs[idx] != (char *)NULL; idx++) {
-       (void) strcpy(buffer, info->info_dirs[idx]);
-       (void) strcat(buffer, "/");
-       (void) strcat(buffer, argv[1]);
-       (void) strcat(buffer, ".info");
+       (void) strncpy(buffer, info->info_dirs[idx], sizeof(buffer) - 1);
+       buffer[sizeof(buffer) - 1] = '\0';
+       (void) strncat(buffer, "/", sizeof(buffer) - 1 - strlen(buffer));
+       (void) strncat(buffer, argv[1], sizeof(buffer) - 1 - strlen(buffer));
+       (void) strncat(buffer, ".info", sizeof(buffer) - 1 - strlen(buffer));
        if ((fd = open(&buffer[0], O_RDONLY)) >= 0) goto got_it;
     }
     if ((fd = open(&buffer[0], O_RDONLY)) < 0) {
        char buf[MAXPATHLEN];
-       strcpy(buf, "No info found for ");
-       strcat(buf, argv[1]);
+       strncpy(buf, "No info found for ", sizeof(buf) - 1);
+       buf[sizeof(buf) - 1] = '\0';
+       strncat(buf, argv[1], sizeof(buf) - 1 - strlen(buf));
        ss_perror(sci_idx, 0, buf);
        return;
     }
index cf2c9312fd825486678d0ded2998935a5dbba16e..045a0c82bd9b88d3ce13557d75eaf92c15d1e749 100644 (file)
@@ -87,23 +87,24 @@ ss_list_requests(argc, argv, sci_idx, info_ptr)
             buffer[0] = '\0';
             if (entry->flags & SS_OPT_DONT_LIST)
                 continue;
+            buffer[sizeof(buffer) - 1] = '\0';
             for (name = entry->command_names; *name; name++) {
                 register int len = strlen(*name);
-                strncat(buffer, *name, len);
+                strncat(buffer, *name, sizeof(buffer) - 1 - strlen(buffer));
                 spacing += len + 2;
                 if (name[1]) {
-                    strcat(buffer, ", ");
+                    strncat(buffer, ", ", sizeof(buffer) - 1 - strlen(buffer));
                 }
             }
             if (spacing > 23) {
-                strcat(buffer, NL);
+                strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer));
                 fputs(buffer, output);
                 spacing = 0;
                 buffer[0] = '\0';
             }
-            strncat(buffer, twentyfive_spaces, 25-spacing);
-            strcat(buffer, entry->info_string);
-            strcat(buffer, NL);
+            strncat(buffer, twentyfive_spaces, sizeof(buffer) - 1 - (25-spacing));
+            strncpy(buffer + 25, entry->info_string, sizeof(buffer) - 1 - 25);
+            strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer));
             fputs(buffer, output);
         }
     }
index 0bcd77061a3382b5de855b96655a0e7aee015829..bba5edd2ff88032132395c2acf0b410330aaee35 100644 (file)
@@ -62,8 +62,9 @@ int main(argc, argv)
     p = strrchr(path, '.');
     *p = '\0';
     q = rindex(path, '/');
-    strcpy(c_file, (q) ? q + 1 : path);
-    strcat(c_file, ".c");
+    strncpy(c_file, (q) ? q + 1 : path, sizeof(c_file) - 1);
+    c_file[sizeof(c_file) - 1] = '\0';
+    strncat(c_file, ".c", sizeof(c_file) - 1 - strlen(c_file));
     *p = '.';
 
     output_file = fopen(c_file, "w+");
index 9698e7043f6607e41e47dfb7f05685f994e6ed10..c578001574833cd8207fc5aa4566cd3c6d322ef6 100644 (file)
@@ -61,13 +61,12 @@ char * generate_rqte(func_name, info_string, cmds, options)
     var_name = generate_cmds_string(cmds);
     generate_function_definition(func_name);
     size = 6;          /* "    { " */
-    size += strlen(var_name)+7; /* "quux, " */
-    size += strlen(func_name)+7; /* "foo, " */
-    size += strlen(info_string)+9; /* "\"Info!\", " */
+    size += strlen(var_name)+8; /* "quux, " */
+    size += strlen(func_name)+8; /* "foo, " */
+    size += strlen(info_string)+8; /* "\"Info!\", " */
     sprintf(numbuf, "%d", options);
-    size += strlen(numbuf);
-    size += 4;         /* " }," + NL */
-    string = malloc(size * sizeof(char *));
+    size += strlen(numbuf)+5;          /* " }," + NL + NUL */
+    string = malloc(size);
     strcpy(string, "    { ");
     strcat(string, var_name);
     strcat(string, ",\n      ");
index 0671a1ed6bb269bbd83b5ad70dc3ea61f4e5d25b..fdbc0d909b04d4bada789748252965f24337ae2c 100644 (file)
@@ -76,6 +76,13 @@ int main(int argc, char *argv[])
        ignore_len = strlen(ignore_str);
        argc--; argv++;
        while (*argv && *argv[0] == '-') {
+               wflags[sizeof(wflags) - 1] = '\0';
+               if (strlen (wflags) + 1 + strlen (*argv) > sizeof (wflags) - 1) {
+                       fprintf (stderr,
+                                "wconfig: argument list too long (internal limit %d)",
+                                sizeof (wflags));
+                       exit (1);
+               }
                if (wflags[0])
                        strcat(wflags, " ");
                strcat(wflags, *argv);
index ce20631b5ee4725cf06e6f5cb21aa2a7a7cb07c6..fe9032a02b132e3d2826439d327f6212a082d0da 100644 (file)
@@ -1,3 +1,16 @@
+2000-07-07  Danilo Almeida  <dalmeida@mit.edu>
+
+       * version.rc: No longer pre-release.
+
+2000-06-21  Danilo Almeida  <dalmeida@mit.edu>
+
+       * README: Update documentation with DNS information.  Fix up the
+       language a bit.
+
+2000-04-25  Danilo Almeida  <dalmeida@mit.edu>
+
+       * version.rc: Bump version to 1.2 beta.
+
 2000-02-06  Danilo Almeida  <dalmeida@mit.edu>
 
        * README: Add documentation about debug vs. release builds.
index f30d02992c23cc5cf98ab5759e912c730fb20e53..1bac4086cef5ee0e0ba2b0fe0fc3f95d7d32e76f 100644 (file)
@@ -1,29 +1,35 @@
               Building & Running Kerberos 5 on Windows
               ----------------------------------------
 
-Kerberos 5 Windows support now only includes Win32 and no longer
-includes Win16.
+Kerberos 5 builds on Windows with MSVC++ 6.0.  It may or may not build
+with other compilers or make utilities.
 
-We build Kerberos 5 on Windows just with MSVC++ 6.0.  You should
-not need anything else.  We do not know whether it currently
-builds with other compilers or make utilities.
-
-These build instructions assume that you got a standalong source
-distribution of Kerberos 5 rather than the MIT Kerberos for Win32
+These build instructions assume that you have the standalone source
+distribution of Kerberos 5 rather than the MIT Kerberos for Windows
 distribution (which includes a working Kerberos 4).
 
 There are two methods for building a Windows version of Kerberos 5.
 The traditional method involves starting on a Unix machine and
 creating a distribution that can be built on Windows.  The second
 method works from the sources that come from the Unix distribution if
-you have certain Unix-type utilities.
+you have certain Unix-type utilities (see below).
 
-IMPORTANT NOTE: By default, the sources are build with debug
+IMPORTANT NOTE: By default, the sources are built with debug
 information and linked against the debug version of the Microsoft C
-Runtime library, which is not found on most Win32 systems unless they
-have development tools.  To build a release version, you need to
+Runtime library, which is not found on most Windows systems unless
+they have development tools.  To build a release version, you need to
 define NODEBUG either in the environment or the nmake command-line.
 
+DNS Support: To support DNS lookups, you will need to define
+KRB5_DNS_LOOKUP, KRB5_DNS_LOOKUP_KDC, or KRB5_DNS_LOOKUP_REALMS.  The
+DNS code will default to trying to use the wshelper library.  If you
+would rather use a resolver library whose include files more closely
+match the Unix resolver library, define KRB5_NO_WSHELPER.  You will
+also need to define DNS_INC to point to the include directory for the
+library and DNS_LIB to library itself.  The default is not to support
+DNS because the build cannot know whether there is a DNS resolver
+library around for it to use.
+
 
 Traditional Build Method:
 ------------------------
@@ -36,13 +42,13 @@ On the Unix side
 
 
 On the PC side
-1) md \krb5                            # Create where we'll put the tree
+1) md \krb5                            # Create dir where we'll put the tree
 2) cd \krb5
 3) unzip kerbsrc.zip
         - or -
    pkunzip -d kerbsrc.zip
-4) nmake [NODEBUG=1]                   # Build the sources
-5) nmake install [NODEBUG=1]          # Copy headers, libs, executables
+4) nmake [NODEBUG=1] [DNS-options]     # Build the sources
+5) nmake install [NODEBUG=1]           # Copy headers, libs, executables
 
 
 All-Windows Build Method:
@@ -52,8 +58,8 @@ First, make sure you have sed, gawk, cat, and cp.
 
 1) cd xxx/src                          # Go to where the source lives
 2) nmake -f Makefile.in prep-windows   # Create Makefile for Windows
-3) nmake [NODEBUG=1]                   # Build the sources
-4) nmake install [NODEBUG=1]          # Copy headers, libs, executables
+3) nmake [NODEBUG=1] [DNS-options      # Build the sources
+4) nmake install [NODEBUG=1]           # Copy headers, libs, executables
 
 
 Notes on the install Target:
@@ -82,7 +88,7 @@ able to run the applications that are built.  Note that Kerberos 5
 will not look for the krb5.ini file in your path.
 
 
-Krb5.ini File:
+krb5.ini File:
 -------------
 
 WARNING: Despite its name, this is not a Windows .ini file.
@@ -128,7 +134,7 @@ Othes Issues:
 
 The krb4_32.dll that is built (but not installed) is not supported.
 If you need Kerberos 4, you can use the krbv4w32.dll that MIT
-distributes as part of the MIT Kerberos for Win32 distribution.
+distributes as part of the MIT Kerberos for Windows distribution.
 
 
 More Information:
index f99c56a53acb8a25a8182a85adb915f482d6c108..b420e42d56572a65f742c71922ec39e8c0167274 100644 (file)
@@ -1,3 +1,12 @@
+2000-05-08  Ken Raeburn  <raeburn@mit.edu>
+           Nalin Dahyabhai  <nalin@redhat.com>
+       
+       * cns.c (kwin_push_login): Don't overflow buffer "fullname".
+       (kwin_command): Don't overflow buffer "copyright".
+       * cns_reg.c (cns_load_registry): Don't overflow buffer
+       "cns_res.def_confname".
+       * tktlist.c (ticket_init_list): Don't overflow buffer "buf".
+
 1999-12-03  Danilo Almeida  <dalmeida@mit.edu>
 
        * Makefile.in: Windows fix for updated win-pre.in.
index 7af81fc6ada83e6b10cc7f60d87b5ce1f42fa669..512f2f5c36fed88e71404de24ba362502c42dbd4 100644 (file)
@@ -384,12 +384,13 @@ kwin_push_login(HWND hwnd, char *name, char *instance, char *realm)
   char menuitem[MAX_K_NAME_SZ + 3];
   BOOL rc;
 
-  strcpy(fullname, "&x ");
-  strcat(fullname, name);
-  strcat(fullname, ".");
-  strcat(fullname, instance);
-  strcat(fullname, "@");
-  strcat(fullname, realm);
+  fullname[sizeof(fullname) - 1] = '\0';
+  strncpy(fullname, "&x ", sizeof(fullname) - 1);
+  strncat(fullname, name, sizeof(fullname) - 1 - strlen(fullname));
+  strncat(fullname, ".", sizeof(fullname) - 1 - strlen(fullname));
+  strncat(fullname, instance, sizeof(fullname) - 1 - strlen(fullname));
+  strncat(fullname, "@", sizeof(fullname) - 1 - strlen(fullname));
+  strncat(fullname, realm, sizeof(fullname) - 1 - strlen(fullname));
 
   hmenu = GetMenu(hwnd);
   assert(hmenu != NULL);
@@ -1339,14 +1340,16 @@ kwin_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify)
     strcpy(copyright, "        Kerberos V5 for Windows ");
 #endif
 #ifdef _WIN32
-    strcat(copyright, "32-bit\n");
+    strncat(copyright, "32-bit\n", sizeof(copyright) - 1 - strlen(copyright));
 #else
-    strcat(copyright, "16-bit\n");
+    strncat(copyright, "16-bit\n", sizeof(copyright) - 1 - strlen(copyright));
 #endif
-    strcat(copyright, "\n                Version 1.12\n\n");
+    strncat(copyright, "\n                Version 1.12\n\n",
+            sizeof(copyright) - 1 - strlen(copyright));
 #ifdef ORGANIZATION
-    strcat(copyright, "          For information, contact:\n");
-    strcat(copyright, ORGANIZATION);
+    strncat(copyright, "          For information, contact:\n",
+           sizeof(copyright) - 1 - strlen(copyright));
+    strncat(copyright, ORGANIZATION, sizeof(copyright) - 1 - strlen(copyright));
 #endif
     MessageBox(hwnd, copyright, KWIN_DIALOG_NAME, MB_OK);
 
@@ -1469,8 +1472,9 @@ kwin_paint(HWND hwnd)
       sprintf(buf, "%s - %ld hr", KWIN_DIALOG_NAME, dt);
     }
 
+    buf[sizeof(buf) - 1] = '\0';
     if (dt > 1)
-      strcat(buf, "s");
+      strncat(buf, "s", sizeof(buf) - 1 - strlen(buf));
   }
 
   DrawIcon(hdc, r.left, r.top, hicon);
index 400d72d235595776ab4debbab05126f1069c5e57..160eb15e3fc9dd3b38487d9e513faa8731f19456 100644 (file)
@@ -74,8 +74,12 @@ cns_load_registry(void)
   if (key != INVALID_HANDLE_VALUE) {
        if (registry_string_get(key, KERBNET_HOME, &ts) == 0) {
                cns_res.conf_override = 0;
-               strcpy(cns_res.def_confname, ts);
-               strcat(cns_res.def_confname, "\\etc\\krb5.conf");
+               cns_res.def_confname[sizeof(cns_res.def_confname) - 1];
+               strncpy(cns_res.def_confname, ts,
+                       sizeof(cns_res.def_confname) - 1);
+               strncat(cns_res.def_confname, "\\etc\\krb5.conf",
+                       sizeof(cns_res.def_confname) - 1 -
+                       strlen(cns_res.def_confname));
                free(ts);
          }
 
index 62b6eb8d6cd2a1d5b9eb5fb0b469173bf1922fe2..5e1520120b21c4b735ffab0ff8a1c2bbc34db14f 100644 (file)
@@ -122,11 +122,12 @@ ticket_init_list (HWND hwnd)
     krb_get_nth_cred(service, instance, realm, i);
     krb_get_cred(service, instance, realm, &c);
     strcpy(buf, " ");
-    strcat(buf, short_date(c.issue_date - kwin_get_epoch()));
+    strncat(buf, short_date(c.issue_date - kwin_get_epoch()),
+            sizeof(buf) - 1 - strlen(buf));
     expiration = c.issue_date - kwin_get_epoch() + (long) c.lifetime * 5L * 60L;
-    strcat (buf, "      ");
-    strcat(buf, short_date(expiration));
-    strcat (buf, "      ");
+    strncat(buf, "      ", sizeof(buf) - 1 - strlen(buf));
+    strncat(buf, short_date(expiration), sizeof(buf) - 1 - strlen(buf));
+    strncat(buf, "      ", sizeof(buf) - 1 - strlen(buf));
     l = strlen(buf);
     sprintf(&buf[l], "%s%s%s%s%s (%d)",
            c.service, (c.instance[0] ? "." : ""), c.instance,
@@ -172,10 +173,12 @@ ticket_init_list (HWND hwnd)
       
       ncred++;
       strcpy (buf, "  ");
-      strcat (buf, short_date (c.times.starttime - kwin_get_epoch()));
-      strcat (buf, "      ");
-      strcat (buf, short_date (c.times.endtime - kwin_get_epoch()));
-      strcat (buf, "      ");
+      strncat(buf, short_date (c.times.starttime - kwin_get_epoch()),
+             sizeof(buf) - 1 - strlen(buf));
+      strncat(buf, "      ", sizeof(buf) - 1 - strlen(buf));
+      strncat(buf, short_date (c.times.endtime - kwin_get_epoch()),
+             sizeof(buf) - 1 - strlen(buf));
+      strncat(buf, "      ", sizeof(buf) - 1 - strlen(buf));
       
       /* Add ticket service name and realm */
       code = krb5_unparse_name (k5_context, c.server, &sname);
@@ -183,9 +186,9 @@ ticket_init_list (HWND hwnd)
        com_err (NULL, code, "while unparsing server name");
        break;
       }
-      strcat (buf, sname);
+      strncat (buf, sname, sizeof(buf) - 1 - strlen(buf));
 
-      strcat (buf, flags_string (&c)); /* Add flag info */
+      strncat (buf, flags_string (&c), sizeof(buf) - 1 - strlen(buf)); /* Add flag info */
       
       l = strlen(buf);
       lpinfo = (LPTICKETINFO) malloc(sizeof(TICKETINFO) + l + 1);
index 25f20f41d0259791d3ec93cd382ef8a86d29e1b0..160a899f3af7ea5a779258d7ed65fb03ad0de07b 100644 (file)
@@ -1,3 +1,7 @@
+2000-05-18  Danilo Almeida  <dalmeida@mit.edu>
+
+       * cacheapi.h: Update to v2.
+
 1999-12-03  Danilo Almeida  <dalmeida@mit.edu>
 
        * Makefile.in: Fix of build flags with updated win-pre.in.
index d23b8d4723beac045f41b356e8b07eef74efb5fd..76615995aeb765c490d152b73c1ae98fb07cdeaf 100644 (file)
 **
 */
 
-#include <krb5.h>
-
 #ifndef Krb_CCacheAPI_h_
 #define Krb_CCacheAPI_h_
 
 #include <windows.h>
 
-#define CC_API_VER_1    1
+//typedef int cc_int32;
+#define cc_int32  long
+#define cc_uint32 unsigned long
 
-#define CCACHE_API __declspec(dllexport) cc_int32
-//#define CCACHE_API __declspec( dllexport ) cc_int32 __stdcall 
+typedef cc_int32  cc_time_t;
 
-/*
-** Decisions I haven't nailed down yet
-*/
-// determines if cred_type precedes ptrs to creds in cred_union
-//#define CRED_TYPE_IN_UNION
-//
-// JENNYEXT - modifications Jenny made to cacheapi for MIT code
-//                       not blessed, but reproduced temporarily
-#ifndef JENNYEXT
-#define JENNYEXT
-#endif
+#define CC_API_VER_1   1
+#define CC_API_VER_2   2
+
+//enum {
+//     CC_API_VER_1 = 1,
+//     CC_API_VER_2 = 2
+//};
+
+#define CCACHE_API __declspec(dllexport) cc_int32
 
 /*
 ** The Official Error Codes
 */
-#define CC_NOERROR  0
-#define CC_BADNAME  1
-#define CC_NOTFOUND 2
-#define CC_END      3
-#define CC_IO       4
-#define CC_WRITE    5
-#define CC_NOMEM    6
-#define CC_FORMAT   7
-#define CC_LOCKED   8
-#define CC_BAD_API_VERSION  9
-#define CC_NO_EXIST 10
-#define CC_NOT_SUPP 11
-#define CC_BAD_PARM 12
-#define CC_ERR_CACHE_ATTACH 13
-#define CC_ERR_CACHE_RELEASE    14
-#define CC_ERR_CACHE_FULL   15
-#define CC_ERR_CRED_VERSION 16
+#define CC_NOERROR           0
+#define CC_BADNAME           1
+#define CC_NOTFOUND          2
+#define CC_END               3
+#define CC_IO                4
+#define CC_WRITE             5
+#define CC_NOMEM             6
+#define CC_FORMAT            7
+#define CC_LOCKED            8
+#define CC_BAD_API_VERSION   9
+#define CC_NO_EXIST          10
+#define CC_NOT_SUPP          11
+#define CC_BAD_PARM          12
+#define CC_ERR_CACHE_ATTACH  13
+#define CC_ERR_CACHE_RELEASE 14
+#define CC_ERR_CACHE_FULL    15
+#define CC_ERR_CRED_VERSION  16
 
 \f
 /*
 ** types, structs, & constants
 */
-typedef int cc_int32;
-typedef cc_int32 cc_time_t;
-
 // Flag bits promised by Ted "RSN"
 #define CC_FLAGS_RESERVED 0xFFFFFFFF
 
-typedef cc_int32 cc_nc_flags;       // set via constants above
+typedef cc_uint32 cc_nc_flags;       // set via constants above
 
-typedef struct opaque_ccache_pointer_type* ccache_p;
 typedef struct opaque_dll_control_block_type* apiCB;
+typedef struct opaque_ccache_pointer_type* ccache_p;
 typedef struct opaque_credential_iterator_type* ccache_cit;
 
-enum { KRB5_CLIENT_SZ = 256};
-enum { KRB5_SERVER_SZ = 256};
-enum { KRB5_DATA_SZ = 1024};
-enum { KRB5_DATA_CNT = 20};
-
+#if 0
 enum _cc_data_type { 
-    type_ticket = 0,                // 0 for ticket, second_ticket
+    type_ticket = 0,                /* 0 for ticket, second_ticket */
     /* Ted's draft spec says these are to be 
        "as defined in the Kerberos V5 protocol"
        all I can find are typdefs, 
@@ -125,22 +115,17 @@ enum _cc_data_type {
     type_address,           /* =  <"as defined in the Kerberos V5 protocol"> */
     type_authdata,          /* = <"as defined in the Kerberos V5 protocol"> */
     type_encryption,        /* = <"as defined in the Kerberos V5 protocol"> */
-    cc_data_type_max };             // for validation
+    cc_data_type_max        /* for validation */
+};
+#endif
 
 typedef struct _cc_data
 {
-    cc_int32        type;           // should be one of _cc_data_type
-    cc_int32        length; 
-    unsigned char*  data;           // the proverbial bag-o-bits
+    cc_uint32       type;              // should be one of _cc_data_type
+    cc_uint32       length; 
+    unsigned char*  data;              // the proverbial bag-o-bits
 } cc_data;
 
-typedef struct _cc_data1
-{
-    cc_int32        type;           // should be one of _cc_data_type
-    cc_int32        length; 
-    unsigned char      data[KRB5_DATA_SZ];           // the proverbial bag-o-bits
-} cc_data1;
-
 // V5 Credentials
 typedef struct _cc_creds {
     char*           client;
@@ -150,75 +135,53 @@ typedef struct _cc_creds {
     cc_time_t       starttime;
     cc_time_t       endtime;
     cc_time_t       renew_till;
-    cc_int32        is_skey;
-    cc_int32        ticket_flags;
+    cc_uint32       is_skey;
+    cc_uint32       ticket_flags;
     cc_data FAR **  addresses;
     cc_data         ticket;
     cc_data         second_ticket;
     cc_data FAR **  authdata;
 } cc_creds;
 
-typedef struct _cc_cache_creds {
-    char            client[KRB5_CLIENT_SZ];
-    char            server[KRB5_SERVER_SZ];
-    cc_data1           keyblock;
-    cc_time_t       authtime;
-    cc_time_t       starttime;
-    cc_time_t       endtime;
-    cc_time_t       renew_till;
-    cc_int32        is_skey;
-    cc_int32        ticket_flags;
-       cc_data1                addresses[KRB5_DATA_CNT];
-    cc_data1        ticket;
-    cc_data1        second_ticket;
-    cc_data1           authdata[KRB5_DATA_CNT];
-} cc_cache_creds;
-
 \f
 // begin V4 stuff
-
-enum { KRB_PRINCIPAL_SZ = 40 };
-enum { KRB_SERVICE_SZ = 40};
-enum { KRB_INSTANCE_SZ = 40};
-enum { KRB_REALM_SZ = 40};
-#ifndef ADDR_SZ
-enum { ADDR_SZ = 16};
-#endif
-
 // use an enumerated type so all callers infer the same meaning
 // these values are what krbv4win uses internally.
-enum StringToKey_Type { STK_AFS = 0, STK_DES = 1 };
+#define STK_AFS        0
+#define STK_DES        1
 
 // K4 uses a MAX_KTXT_LEN of 1250 to hold a ticket
 // K95 uses 256
 // To be safe I'll use the larger number, but a factor of 5!!!
-enum { MAX_V4_CRED_LEN = 1250 };
+#define MAX_V4_CRED_LEN        1250
 
 // V4 Credentials
+
+enum {
+    KRB_NAME_SZ = 40,
+    KRB_INSTANCE_SZ = 40,
+    KRB_REALM_SZ = 40
+};
+
 typedef struct cc_V4credential {
-    unsigned char      kversion;
-    char                       principal[KRB_PRINCIPAL_SZ];
-    char                       principal_instance[KRB_INSTANCE_SZ];
-    char                       service[KRB_SERVICE_SZ];
-    char                       service_instance[KRB_INSTANCE_SZ];
-    char                       realm[KRB_REALM_SZ];
-    unsigned char      session_key[8];
-    cc_int32           kvno;                   // k95 used BYTE skvno
-    enum StringToKey_Type 
-                                       str_to_key;                             // k4 infers dynamically, k95 stores
-    long                       issue_date;             // k95 called this issue_time
-    cc_int32           lifetime;               // k95 used LONG expiration_time
-    char                       address[ADDR_SZ];       // IP Address of local host
-    cc_int32           ticket_sz;              // k95 used BYTE, k4 ktext uses int to hold up to 1250
-    unsigned char      ticket[MAX_V4_CRED_LEN];
-    unsigned long      oops;                   // zero to catch runaways
+    unsigned char  kversion;
+    char           principal[KRB_NAME_SZ + 1];
+    char           principal_instance[KRB_INSTANCE_SZ + 1];
+    char                  service[KRB_NAME_SZ + 1];
+    char                  service_instance[KRB_INSTANCE_SZ + 1];
+    char           realm[KRB_REALM_SZ + 1];
+    unsigned char  session_key[8];
+    cc_int32       kvno;           // k95 used BYTE skvno
+    cc_int32       str_to_key;     // k4 infers dynamically, k95 stores
+    long           issue_date;     // k95 called this issue_time
+    cc_int32       lifetime;       // k95 used LONG expiration_time
+    cc_uint32      address;        // IP Address of local host
+    cc_int32       ticket_sz;      // k95 used BYTE, k4 ktext uses int to hold up to 1250
+    unsigned char  ticket[MAX_V4_CRED_LEN];
+    unsigned long  oops;           // zero to catch runaways
 } V4Cred_type;
 
-#ifdef JENNYEXT
-typedef struct cc_V4credential CCV4CREDENTIALS;        // JENNYEXT
-#endif
-
-enum cc_cred_vers {  
+enum {
     CC_CRED_VUNKNOWN = 0,       // For validation
     CC_CRED_V4 = 1,
     CC_CRED_V5 = 2,
@@ -226,17 +189,21 @@ enum cc_cred_vers {
 };
 
 typedef union cred_ptr_union_type {
-    V4Cred_type*       pV4Cred;
-    cc_creds*  pV5Cred;
+    V4Cred_type* pV4Cred;
+    cc_creds*    pV5Cred;
 } cred_ptr_union;
 
 typedef struct cred_union_type {
-//#ifdef CRED_TYPE_IN_UNION
-    enum cc_cred_vers cred_type;
-//#endif
-    cred_ptr_union cred;
+    cc_int32        cred_type;
+    cred_ptr_union  cred;
 } cred_union;
 
+typedef struct _infoNC {
+    char*     name;
+    char*     principal;
+    cc_int32  vers;
+} infoNC;
+
 \f
 /*
 ** The official (externally visible) API
@@ -251,113 +218,147 @@ extern "C" /* this entire list of functions */
 ** Main cache routines : initialize, shutdown, get_cache_names, & get_change_time
 */
 CCACHE_API
-cc_initialize(apiCB** cc_ctx,           // <  DLL's primary control structure. 
-                                        //    returned here, passed everywhere else
-              const cc_int32 api_version,// > ver supported by caller (use CC_API_VER_1)
-              cc_int32*  api_supported, // <  if ~NULL, max ver supported by DLL
-              const char** vendor);     // <  if ~NULL, vendor name in read only C string
+cc_initialize(
+    apiCB** cc_ctx,           // <  DLL's primary control structure. 
+                              //    returned here, passed everywhere else
+    cc_int32 api_version,     // >  ver supported by caller (use CC_API_VER_1)
+    cc_int32*  api_supported, // <  if ~NULL, max ver supported by DLL
+    const char** vendor       // <  if ~NULL, vendor name in read only C string
+    );
 
 CCACHE_API
-cc_shutdown(apiCB** cc_ctx);            // <> DLL's primary control structure. NULL after call.
+cc_shutdown(
+    apiCB** cc_ctx            // <> DLL's primary control structure. NULL after call.
+    );
 
 CCACHE_API
-cc_get_change_time(apiCB* cc_ctx,       // >  DLL's primary control structure
-                   cc_time_t* time);    // <  time of last change to main cache
+cc_get_change_time(
+    apiCB* cc_ctx,       // >  DLL's primary control structure
+    cc_time_t* time      // <  time of last change to main cache
+    );
 
 \f
 /*
 ** Named Cache (NC) routines
-** create, open, close, destroy, get_principal, get_cred_version, & lock_request
+**   create, open, close, destroy, get_principal, get_cred_version, & 
+**   lock_request
 **
-** Multiple NCs are allowed within the main cache.  Each has a Name and kerberos
-** version # (V4 or V5).  Caller gets "ccache_ptr"s for NCs.
+** Multiple NCs are allowed within the main cache.  Each has a Name
+** and kerberos version # (V4 or V5).  Caller gets "ccache_ptr"s for
+** NCs.
 */
 CCACHE_API
-cc_create(apiCB* cc_ctx,                // >  DLL's primary control structure
-          const char* name,             // >  name of cache to be [destroyed if exists, then] created
-          const char* principal,        // >  name of principal associated with NC
-          const enum cc_cred_vers vers, // >  ticket version (CC_CRED_V4 or CC_CRED_V5)
-          const cc_int32 cc_flags,      // >  options
-          ccache_p** ccache_ptr);       // <  NC control structure
+cc_create(
+    apiCB* cc_ctx,          // >  DLL's primary control structure
+    const char* name,       // >  name of cache to be [destroyed if exists, then] created
+    const char* principal,
+    cc_int32 vers,          // >  ticket version (CC_CRED_V4 or CC_CRED_V5)
+    cc_uint32 cc_flags,     // >  options
+    ccache_p** ccache_ptr   // <  NC control structure
+    );
 
 CCACHE_API
-cc_open(apiCB* cc_ctx,                  // >  DLL's primary control structure
-        const char* name,               // >  name of pre-created cache
-        const enum cc_cred_vers vers,   // >  ticket version (CC_CRED_V4 or CC_CRED_V5)
-        const cc_int32 cc_flags,        // >  options
-        ccache_p** ccache_ptr);         // <  NC control structure
+cc_open(
+    apiCB* cc_ctx,          // >  DLL's primary control structure
+    const char* name,       // >  name of pre-created cache
+    cc_int32 vers,          // >  ticket version (CC_CRED_V4 or CC_CRED_V5)
+    cc_uint32 cc_flags,     // >  options
+    ccache_p** ccache_ptr   // <  NC control structure
+    );
 
 CCACHE_API
-cc_close(apiCB* cc_ctx,                 // >  DLL's primary control structure
-         ccache_p** ccache_ptr);        // <> NC control structure. NULL after call.
+cc_close(
+    apiCB* cc_ctx,         // >  DLL's primary control structure
+    ccache_p** ccache_ptr  // <> NC control structure. NULL after call.
+    );
 
 CCACHE_API
-cc_destroy(apiCB* cc_ctx,               // >  DLL's primary control structure
-           ccache_p** ccache_ptr);      // <> NC control structure. NULL after call.
-
+cc_destroy(
+    apiCB* cc_ctx,         // >  DLL's primary control structure
+    ccache_p** ccache_ptr  // <> NC control structure. NULL after call.
+    );
 
 /*
 ** Ways to get information about the NCs
 */
 
 CCACHE_API
-cc_seq_fetch_NCs(apiCB* cc_ctx,         // >  DLL's primary control structure
-                 ccache_p** ccache_ptr, // <  NC control structure (free via cc_close())
-                 ccache_cit** itNCs);   // <> iterator used by DLL, 
-                                        //    set to NULL before first call
-                                        //    returned NULL at CC_END
+cc_seq_fetch_NCs_begin(
+    apiCB* cc_ctx, 
+    ccache_cit** itNCs
+    );
 
-typedef struct _infoNC {
-    char*   name;
-    enum cc_cred_vers vers;
-} infoNC;
+CCACHE_API
+cc_seq_fetch_NCs_end(
+    apiCB* cc_ctx, 
+    ccache_cit** itNCs
+    );
+
+CCACHE_API
+cc_seq_fetch_NCs_next(
+    apiCB* cc_ctx,
+    ccache_p** ccache_ptr,
+    ccache_cit* itNCs
+    );
 
 CCACHE_API
-cc_get_NC_info(apiCB* cc_ctx,           // >  DLL's primary control structure
-            struct _infoNC*** ppNCi);   // <  (NULL before call) null terminated, 
-                                        //    list of a structs (free via cc_free_infoNC())
+cc_seq_fetch_NCs(
+    apiCB* cc_ctx,         // >  DLL's primary control structure
+    ccache_p** ccache_ptr, // <  NC control structure (free via cc_close())
+    ccache_cit** itNCs     // <> iterator used by DLL, 
+                           //    set to NULL before first call
+                           //    returned NULL at CC_END
+    );
 
 CCACHE_API
-cc_free_NC_info(apiCB* cc_ctx,
-            struct _infoNC*** ppNCi);   // <  free list of structs returned by cc_get_cache_names()
-                                        //    set to NULL on return
+cc_get_NC_info(
+    apiCB* cc_ctx,          // >  DLL's primary control structure
+    struct _infoNC*** ppNCi // <  (NULL before call) null terminated, 
+                            //    list of a structs (free via cc_free_infoNC())
+    );
+
+CCACHE_API
+cc_free_NC_info(
+    apiCB* cc_ctx,
+    struct _infoNC*** ppNCi // <  free list of structs returned by 
+                            //    cc_get_cache_names().  set to NULL on return
+    );
 
 /*
 ** Functions that provide distinguishing characteristics of NCs.
 */
 
 CCACHE_API
-cc_get_name(apiCB* cc_ctx,                             // > DLL's primary control structure
-            const ccache_p* ccache_ptr, // > NC control structure
-            char** name);               // < name of NC associated with ccache_ptr (free via cc_free_name())
+cc_get_name(
+    apiCB* cc_ctx,              // > DLL's primary control structure
+    const ccache_p* ccache_ptr, // > NC control structure
+    char** name                 // < name of NC associated with ccache_ptr 
+                                //   (free via cc_free_name())
+    );
 
 CCACHE_API
-cc_set_principal(apiCB* cc_ctx,                 // > DLL's primary control structure
-                                const ccache_p* ccache_pointer,// < name of principal associated with NC
-                                const enum cc_cred_vers vers,       //   Free via cc_free_principal()
-                                const char* principal);        
+cc_set_principal(
+    apiCB* cc_ctx,                  // > DLL's primary control structure
+    const ccache_p* ccache_pointer, // > NC control structure
+    const cc_int32 vers,
+    const char* principal           // > name of principal associated with NC
+                                    //   Free via cc_free_principal()
+    );         
                                  
 CCACHE_API
-cc_get_principal(apiCB* cc_ctx,             // > DLL's primary control structure
-                 ccache_p* ccache_pointer,  // < name of principal associated with NC
-                 char** principal);         //   Free via cc_free_principal()
+cc_get_principal(
+    apiCB* cc_ctx,                  // > DLL's primary control structure
+    const ccache_p* ccache_pointer, // > NC control structure
+    char** principal                // < name of principal associated with NC
+                                    //   Free via cc_free_principal()
+    );
 
-#ifdef JENNYEXT
-
-CCACHE_API
-cc_set_instance(apiCB* cc_ctx,          // > DLL's primary control structure
-                const char* instance);  // < name of principal_instance associated with NC
-                                        //   Free via cc_free_instance()
 CCACHE_API
-cc_get_instance(apiCB* cc_ctx,          // > DLL's primary control structure
-                char** instance);              // < name of principal_instance associated with NC
-                                        //   Free via cc_free_instance()
-#endif /* JENNYEXT */
-
-CCACHE_API
-cc_get_cred_version(apiCB* cc_ctx,             // > DLL's primary control structure
-                const ccache_p* ccache_ptr,// > NC control structure
-                enum cc_cred_vers* vers);// < ticket version associated with NC
+cc_get_cred_version(
+    apiCB* cc_ctx,              // > DLL's primary control structure
+    const ccache_p* ccache_ptr, // > NC control structure
+    cc_int32* vers              // < ticket version associated with NC
+    );
 
 #define CC_LOCK_UNLOCK   1
 #define CC_LOCK_READER   2
@@ -365,9 +366,12 @@ cc_get_cred_version(apiCB* cc_ctx,         // > DLL's primary control structure
 #define CC_LOCK_NOBLOCK 16
 
 CCACHE_API
-cc_lock_request(apiCB* cc_ctx,                 // > DLL's primary control structure
-               const ccache_p* ccache_ptr,// > NC control structure
-               const cc_int32 lock_type);// > one (or combination) of above defined lock types
+cc_lock_request(
+    apiCB* cc_ctx,                     // > DLL's primary control structure
+    const ccache_p* ccache_ptr, // > NC control structure
+    const cc_int32 lock_type    // > one (or combination) of above defined 
+                                //   lock types
+    );
 
 \f
 /*
@@ -375,23 +379,49 @@ cc_lock_request(apiCB* cc_ctx,                    // > DLL's primary control structure
 ** store, remove_cred, seq_fetch_creds 
 */
 CCACHE_API
-cc_store(apiCB* cc_ctx,                     // > DLL's primary control structure
-         const ccache_p* ccache_ptr,        // > NC control structure
-         const cred_union creds);           // > credentials to be copied into NC
+cc_store(
+    apiCB* cc_ctx,               // > DLL's primary control structure
+    ccache_p* ccache_ptr,        // > NC control structure
+    const cred_union creds       // > credentials to be copied into NC
+    );
 
 CCACHE_API
-cc_remove_cred(apiCB* cc_ctx,               // > DLL's primary control structure
-               const ccache_p* ccache_ptr,  // > NC control structure
-               const cred_union cred);      // > credentials to remove from NC
+cc_remove_cred(
+    apiCB* cc_ctx,            // > DLL's primary control structure
+    ccache_p* ccache_ptr,     // > NC control structure
+    const cred_union cred     // > credentials to remove from NC
+    );
 
 CCACHE_API
-cc_seq_fetch_creds(apiCB* cc_ctx,           // > DLL's primary control structure
-                   const ccache_p* ccache_ptr, // > NC control structure
-                   cred_union** creds,       // < filled in by DLL, free via cc_free_creds()
-                   ccache_cit** itCreds);   // <> iterator used by DLL, set to NULL before first call
-                                            //    Also NULL for final call if loop ends before CC_END
+cc_seq_fetch_creds(
+    apiCB* cc_ctx,              // > DLL's primary control structure
+    const ccache_p* ccache_ptr, // > NC control structure
+    cred_union** creds,         // < filled in by DLL, free via cc_free_creds()
+    ccache_cit** itCreds        // <> iterator used by DLL, set to NULL 
+                                //    before first call -- Also NULL for final
+                                //    call if loop ends before CC_END
+    );
+
+CCACHE_API
+cc_seq_fetch_creds_begin(
+    apiCB* cc_ctx, 
+    const ccache_p* ccache_ptr, 
+    ccache_cit** itCreds
+    );
+
+CCACHE_API
+cc_seq_fetch_creds_end(
+    apiCB* cc_ctx, 
+    ccache_cit** itCreds
+    );
+
+CCACHE_API
+cc_seq_fetch_creds_next(
+    apiCB* cc_ctx, 
+    cred_union** cred, 
+    ccache_cit* itCreds
+    );
 
-\f
 /*
 ** methods of liberation, 
 ** or freeing space via the free that goes with the malloc used to get it
@@ -401,37 +431,28 @@ cc_seq_fetch_creds(apiCB* cc_ctx,           // > DLL's primary control structure
 ** freeing a NULL pointer is not treated as an error
 */
 CCACHE_API
-cc_free_principal(apiCB* cc_ctx,               // > DLL's primary control structure
-                  char** principal);   // <> ptr to principal to be freed, returned as NULL
-                                                                               //   (from cc_get_principal())
-
-#ifdef JENNYEXT
-
-CCACHE_API
-cc_free_instance(apiCB* cc_ctx,                        // > DLL's primary control structure
-                  char** instance);            // <> ptr to instance to be freed, returned as NULL
-                                                                               //   (from cc_get_instance())
-
-#endif
+cc_free_principal(
+    apiCB* cc_ctx,   // >  DLL's primary control structure
+    char** principal // <> ptr to principal to be freed, returned as NULL
+                     //    (from cc_get_principal())
+    );
 
 CCACHE_API
-cc_free_name(apiCB* cc_ctx,                            // > DLL's primary control structure
-             char** name);                             // <> ptr to name to be freed, returned as NULL
-                                                                               //   (from cc_get_name())
+cc_free_name(
+    apiCB* cc_ctx,   // >  DLL's primary control structure
+    char** name      // <> ptr to name to be freed, returned as NULL
+                     //    (from cc_get_name())
+    );
 
 CCACHE_API
-cc_free_name_list(apiCB* cc_ctx,               // > DLL's primary control structure
-             char*** name_list);               // <> ptr to null terminated list of names to be freed
-                                                                               //   (from cc_get_cache_names()), returned as NULL
-
-CCACHE_API
-cc_free_creds(apiCB* cc_ctx,                   // > DLL's primary control structure
-              cred_union** pCred);             // <> cred (from cc_seq_fetch_creds()) to be freed
-                                                                               //    Returned as NULL.
+cc_free_creds(
+    apiCB* cc_ctx,     // > DLL's primary control structure
+    cred_union** pCred // <> cred (from cc_seq_fetch_creds()) to be freed
+                       //    Returned as NULL.
+    );
 
 #ifdef __cplusplus
 } /* end extern "C" */
 #endif /* __cplusplus */
 
 #endif /* Krb_CCacheAPI_h_ */
-
index 67660fc42b8fbebc652eb61a62345fcc765e94de..d3fc3fab95f52e881b41922500280214a9666f9e 100644 (file)
@@ -5,6 +5,14 @@
  * BEGIN COMMON VERSION INFO for GSS and Kerberos version resources
  */
 
+#ifdef PRE_RELEASE
+#define BETA_STR  " beta"
+#define BETA_FLAG VS_FF_PRERELEASE
+#else
+#define BETA_STR  ""
+#define BETA_FLAG 0
+#endif
+
 #if !defined(_WIN32)
 #define Targ_OS VOS__WINDOWS16
 #else
 
 /* we're going to stamp all the DLLs with the same version number */
 
-#define K5_PRODUCT_VERSION_STRING "1.1.1\0"
-#define K5_PRODUCT_VERSION        1, 1, 1, 0
+#define K5_PRODUCT_VERSION_STRING "1.2" BETA_STR "\0"
+#define K5_PRODUCT_VERSION        1, 2, 0, 0
 
-#define K5_COPYRIGHT "Copyright (C) 1997-1999 by the Massachusetts Institute of Technology\0"
+#define K5_COPYRIGHT "Copyright (C) 1997-2000 by the Massachusetts Institute of Technology\0"
 #define K5_COMPANY_NAME "Massachusetts Institute of Technology.\0"
 
 /* 
@@ -134,7 +142,7 @@ VS_VERSION_INFO VERSIONINFO
 FILEVERSION    K5_PRODUCT_VERSION
 PRODUCTVERSION K5_PRODUCT_VERSION
 FILEFLAGSMASK   VS_FFI_FILEFLAGSMASK
-FILEFLAGS      (VS_FF_DEBUG | VS_FF_PRIVATEBUILD)
+FILEFLAGS      (VS_FF_DEBUG | VS_FF_PRIVATEBUILD | BETA_FLAG)
 FILEOS         Targ_OS
 FILETYPE        K5_FILETYPE
 BEGIN
index a9d6900902a9c3011f18c3fc8bb4e41f77d86e5a..f8526d9bc88e954949a9c6f48c2f8811bbe6e42c 100644 (file)
@@ -1,3 +1,9 @@
+2000-05-08  Nalin Dahyabhai  <nalin@redhat.com>
+
+       * auth.c (auth_abort): Don't overflow buffer "strTmp".
+       (k4_auth_send): Don't overflow buffer "dbgbuf".
+       * encrypt.c (printsub): Don't overflow buffer "p".
+
 1999-12-03  Danilo Almeida  <dalmeida@mit.edu>
 
        * Makefile.in: Windows fix for updated win-pre.in.
index 5e9d1d2efcf525b217d57cd87cf047553d7a1168..28f515b6c61751806392a5b781ada3b6f03ae7da 100644 (file)
@@ -151,10 +151,11 @@ auth_abort(kstream ks, char *errmsg, long r)
   TelnetSend(ks, (LPSTR)buf, 8, 0);
   
   if (errmsg != NULL) {
-    strcpy(strTmp, errmsg);
+    strTmp[sizeof(strTmp) - 1] = '\0';
+    strncpy(strTmp, errmsg, sizeof(strTmp) - 1);
     
     if (r != KSUCCESS) {
-      strcat(strTmp, "\n");
+      strncat(strTmp, "\n", sizeof(strTmp) - 1 - strlen(strTmp));
 #ifdef KRB4
       lstrcat(strTmp, krb_get_err_text((int)r));
 #endif
@@ -423,8 +424,8 @@ k4_auth_send(kstream ks)
 
   if (!realm) {
     strcpy(buf, "Can't find realm for host \"");
-    strcat(buf, szHostName);
-    strcat(buf, "\"");
+    strncat(buf, szHostName, sizeof(buf) - 1 - strlen(buf));
+    strncat(buf, "\"", sizeof(buf) - 1 - strlen(buf));
     auth_abort(ks, buf, 0);
     return KFAILURE;
   }
@@ -436,14 +437,14 @@ k4_auth_send(kstream ks)
 
   if (r) {
     strcpy(buf, "Can't get \"");
-    strcat(buf, KRB_SERVICE_NAME);
+    strncat(buf, KRB_SERVICE_NAME, sizeof(buf) - 1 - strlen(buf));
     if (instance[0] != 0) {
-      strcat(buf, ".");
+      strncat(buf, ".", sizeof(buf) - 1 - strlen(buf));
       lstrcat(buf, instance);
     }
-    strcat(buf, "@");
+    strncat(buf, "@", sizeof(buf) - 1 - strlen(buf));
     lstrcat(buf, realm);
-    strcat(buf, "\" ticket");
+    strncat(buf, "\" ticket", sizeof(buf) - 1 - strlen(buf));
     auth_abort(ks, buf, r);
 
     return r;
index f1a1301fb09aa9c60e1064b6a4ed1a7c63a66d78..bbb5496d6b8855a93d2cb74c16b6cb623823150c 100644 (file)
@@ -230,10 +230,11 @@ printsub(char c, unsigned char *s, size_t len)
 
   *p++ = c;
 
-  for (i = 0 ; i < len ; i++)
+  for (i = 0 ; (i < len) && (p - dbgbuf + 3 < sizeof(dbgbuf)) ; i++)
     p += sprintf(p, "%02x ", s[i]);
+  dbgbuf[sizeof(dbgbuf) - 1] = '\0';
 
-  strcat(p, "\n");
+  strncat(p, "\n", sizeof(dbgbuf) - 1 - (p - dbgbuf));
 
   OutputDebugString(dbgbuf);