- Kerberos Version 5, Release 1.0
+ Kerberos Version 5, Release 1.1
Release Notes
---------------------------------
The source distribution of Kerberos 5 comes in three gzipped tarfiles,
-krb5-1.0.src.tar.gz, krb5-1.0.doc.tar.gz, and krb5-1.0.crypto.tar.gz.
-The krb5-1.0.doc.tar.gz contains the doc/ directory and this README
-file. The krb5-1.0.src.tar.gz contains the src/ directory and this
+krb5-1.1.src.tar.gz, krb5-1.1.doc.tar.gz, and krb5-1.1.crypto.tar.gz.
+The krb5-1.1.doc.tar.gz contains the doc/ directory and this README
+file. The krb5-1.1.src.tar.gz contains the src/ directory and this
README file, except for the crypto library sources, which are in
-krb5-1.0.crypto.tar.gz.
+krb5-1.1.crypto.tar.gz.
Instruction on how to extract the entire distribution follow. These
directions assume that you want to extract into a directory called
mkdir DIST
cd DIST
- gtar zxpf krb5-1.0.src.tar.gz
- gtar zxpf krb5-1.0.crypto.tar.gz
- gtar zxpf krb5-1.0.doc.tar.gz
+ gtar zxpf krb5-1.1.src.tar.gz
+ gtar zxpf krb5-1.1.crypto.tar.gz
+ gtar zxpf krb5-1.1.doc.tar.gz
If you don't have GNU tar, you will need to get the FSF gzip
distribution and use gzcat:
mkdir DIST
cd DIST
- gzcat krb5-1.0.src.tar.gz | tar xpf -
- gzcat krb5-1.0.crypto.tar.gz | tar xpf -
- gzcat krb5-1.0.doc.tar.gz | tar xpf -
-
-Both of these methods will extract the sources into DIST/krb5-1.0/src
-and the documentation into DIST/krb5-1.0/doc.
-
-Unpacking the Binary Distribution
----------------------------------
-
-Binary distributions of Kerberos V5 are provided merely as convenience
-to those people who wish to try out Kerberos V5 without needing to do
-a full compile of Kerberos.
-
-MIT and the MIT Kerberos V5 development team make no guarantees that
-we will continue to supply binary distributions for future releases of
-Kerberos V5, or for any operating system/platform in particular.
-These binary distributions have been prepared by members of the MIT
-Kerberos V5 development team, or by volunteers who have graciously
-agreed to test the pre-release snapshot. Each binary build is PGP
-signed by the person who prepared the binary distribution for that
-particular platform.
-
-While the binary distribution is *supposed* to correspond exactly to
-the 1.0 Kerberos V5 source release, you have no way of knowing whether
-the person who prepared the binary release might have inserted a
-trojan horse, or a trapdoor. For all you know, the binary
-distribution might be mailing all of your Kerberos keys to
-kremvax!boris. (The same is true for the source distribution, but at
-least you can audit the code yourself!)
-
-For this reason, if you are planning on using Kerberos V5 in
-production, we strongly suggest that you obtain the source
-distribution and compile it from source yourself.
-
-The binary distributions have been compiled so that they will install
-in /usr/local. To install, su to root and and type the command:
-
- cd /usr/local
- gunzip < /tmp/krb5-1.0.<platform>.tar.gz | tar xvf -
+ gzcat krb5-1.1.src.tar.gz | tar xpf -
+ gzcat krb5-1.1.crypto.tar.gz | tar xpf -
+ gzcat krb5-1.1.doc.tar.gz | tar xpf -
+Both of these methods will extract the sources into DIST/krb5-1.1/src
+and the documentation into DIST/krb5-1.1/doc.
Building and Installing Kerberos 5
----------------------------------
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.
-Notes and Major Changes
------------------------
-
-* We are now using the GNATS system to track bug reports for Kerberos
-V5. It is therefore helpful for people to use the krb5-send-pr
-program when reporting bugs. The old interface of sending mail to
-krb5-bugs@mit.edu will still work; however, bug reports sent in this
-fashion may experience a delay in being processed.
-
-* The default keytab name has changed from /etc/v5srvtab to
-/etc/krb5.keytab.
-
-* login.krb5 no longer defaults to getting krb4 tickets.
-
-* The Windows (win16) DLL, LIBKRB5.DLL, has been renamed to
-KRB5_16.DLL. This change was necessary to distinguish it from the
-win32 version, which will be named KRB5_32.DLL. Note that the
-GSSAPI.DLL file has not been renamed, because this name was specified
-in a draft standard for the Windows 16 GSSAPI bindings. (The 32-bit
-version of the GSSAPI DLL will be named GSSAPI32.DLL.)
-
-* The directory structure used for installations has changed. In
-particular, files previously located in $prefix/lib/krb5kdc are now
-normally located in $sysconfdir/krb5kdc. With the normal configure
-options, this means the KDC database goes in /usr/local/var/krb5kdc by
-default. If you wish to have the old behavior, then you would use a
-configure line like the following:
-
- configure --prefix=/usr/local --sysconfdir=/usr/local/lib
-
-* kshd has been modified to accept krb4 encrypted rcp connections; for
-this to work, the v4rcp program must be in the bin directory.
-
-* The gssrpc library has symbol collisions with the rpc library in
-some of the libcs in certain operating systems without shared
-libraries, notably some ports of NetBSD and MkLinux. For those
-platforms which have rpc in libc and also contain NIS in libc,
-compiling with static libraries will not work because of this
-conflict. NetBSD users can either upgrade to the current tree, which
-includes shared libraries for more ports, choose not to build kadmind
-or kadmin, or recompile NetBSD without NIS support. MkLinux users
-must either recompile without NIS or not build the administration
-system.
+Notes, Major Changes, and Known Bugs
+------------------------------------
+
+* Triple DES support is included; however, it is only usable for
+ service keys at the moment, due to a large number of compatibility
+ issues. For example, the GSSAPI library has some (buggy) support
+ for a triple DES session key, but it is intentionally disabled.
+ More here later.
+
+* The lib/rpc tests do not appear to work under NetBSD-1.4, for
+ reasons that are not completely clear at the moment, but probably
+ have something to do with portmapper interfacing. This should not
+ affect other operations, such as kadmind operation.
+
+* Shared library builds are under a new framework; at this point only
+ Solaris, Irix, NetBSD, and possibly Linux are known to work. All
+ other working shared library builds may be figments of your
+ imagination.
+
+* Many existing databases, especially those converted from krb4
+ original databases, may contain expiration dates in 1999. You
+ should make sure to update these expiration dates, and also change
+ any config file entries that have two-digit years.
+
+* Not all reported bugs have been fixed in this release, due to time
+ constraints. We are planning to make another release in the near
+ future with more complete triple DES support, and additional
+ bugfixes. Many of the bugs in our database are reported against
+ what is now quite old code, or require hardware that we do not have,
+ which make them difficult to reproduce and debug. We will work on
+ these older bugs and some externally submitted patches for the
+ following release.
Copyright Notice and Legal Administrivia
----------------------------------------
-Copyright (C) 1996 by the Massachusetts Institute of Technology.
+Copyright (C) 1985-1999 by the Massachusetts Institute of Technology.
All rights reserved.
WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Individual source code files are copyright MIT, Cygnus Support,
-OpenVision, Oracle, Sun Soft, and others.
+OpenVision, Oracle, Sun Soft, FundsXpress, and others.
Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
and Zephyr are trademarks of the Massachusetts Institute of Technology
their many suggestions and bug fixes.
Thanks to the members of the Kerberos V5 development team at MIT, both
-past and present: Jay Berkenbilt, Richard Basch, John Carr, Don
-Davis, Nancy Gilman, Sam Hartman, Marc Horowitz, Barry Jaspan, John
-Kohl, Cliff Neuman, Kevin Mitchell, Paul Park, Ezra Peisach, Chris
-Provenzano, Jon Rochlis, Jeff Schiller, Harry Tsai, Ted Ts'o, Tom Yu.
+past and present: Danillo Almeida, Jay Berkenbilt, Richard Basch, John
+Carr, Don Davis, Alexis Ellwood, Nancy Gilman, Matt Hancher, Sam
+Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Barry Jaspan, Geoffrey
+King, John Kohl, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul
+Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
+Schiller, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.
+1999-08-31 Ken Raeburn <raeburn@mit.edu>
+
+ * admin.texinfo (Kadmin Options): Describe -e option.
+ (The User/Kerberos Interaction): Renamed from User--Kerberos to
+ avoid an apparent makeinfo 1.68 bug.
+ (realms (kdc.conf)): Document kdc_supported_enctypes, and mention
+ how des3 can be used there. Add des-cbc-crc:v4 to both enctype
+ lists, in the descriptions and in the examples. Delete
+ encryption_type, which doesn't exist.
+ (Date Format): Avoid 2-digit years, and add a warning about them.
+
Fri Dec 13 15:10:44 1996 Tom Yu <tlyu@mit.edu>
* admin.texinfo (The User--Kerberos Interaction): The environment
* Kerberos Realms::
* The Ticket-Granting Ticket::
* Network Services and the Master Database::
-* The User--Kerberos Interaction::
+* The User/Kerberos Interaction::
* Definitions::
@end menu
@dfn{ticket file}, especially in Kerberos V4 documentation. Note,
however, that a credentials cache does not have to be stored in a file.
-@node Network Services and the Master Database, The User--Kerberos Interaction, The Ticket-Granting Ticket, How Kerberos Works
+@node Network Services and the Master Database, The User/Kerberos Interaction, The Ticket-Granting Ticket, How Kerberos Works
@section Network Services and the Master Database
The master database also contains entries for all network services that
of the service's password, and must be kept secure. Data which is meant
to be read only by the service is encrypted using this key.
-@node The User--Kerberos Interaction, Definitions, Network Services and the Master Database, How Kerberos Works
-@section The User--Kerberos Interaction
+@node The User/Kerberos Interaction, Definitions, Network Services and the Master Database, How Kerberos Works
+@section The User/Kerberos Interaction
Suppose that you walk up to a host intending to login to it, and then
@samp{rlogin} to the machine @samp{laughter}. Here's what happens:
@end enumerate
@end enumerate
-@node Definitions, , The User--Kerberos Interaction, How Kerberos Works
+@node Definitions, , The User/Kerberos Interaction, How Kerberos Works
@section Definitions
Following are definitions of some of the Kerberos terminology.
not allowed as passwords. The default is
@code{@value{ROOTDIR}/var/krb5kdc/kadm5.dict}.
-@itemx encryption_type
-(Encryption type string.) Specifies the encryption type used for this
-realm. Only "des-cbc-crc" is supported at this time.
-
@itemx kadmind_port
(Port number.) Specifies the port that the kadmind daemon is to listen
for this realm. The assigned port for kadmind is 749.
@itemx supported_enctypes
List of key:salt strings. Specifies the default key/salt combinations
-of principals for this realm. Since only the encryption type
-"des-cbc-crc" is supported, you should set this tag to
-@samp{des-cbc-crc:normal}.
+of principals for this realm. Any principals created through
+@code{kadmin} will have keys of these types. Since only the encryption
+type "des-cbc-crc" is supported, you should set this tag to
+@samp{des-cbc-crc:normal des-cbc-crc:v4}.
+
+@itemx kdc_supported_enctypes
+List of key:salt strings. Specifies the permitted key/salt combinations
+of principals for this realm. You should set this tag to
+@samp{des-cbc-crc:normal des-cbc-crc:v4}.
+
+@b{Note:} You may also use @samp{des3-cbc-sha1:normal} before
+@samp{des-cbc-crc:normal} if you wish to support triple-DES service keys
+in addition to DES service keys. In order to create such service keys,
+you must use the @code{-e} option to @code{kadmin.local}, running on the
+KDC system itself; the remote @code{kadmin} client does not allow this
+option. We do not currently support the use of triple-DES keys anywhere
+other than for service keys.
+
+
@end table
@node Sample kdc.conf File, , realms (kdc.conf), kdc.conf
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
- supported_enctypes = des-cbc-crc:normal
+ supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4
+ kdc_supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4
@}
[logging]
@item @b{-q} @i{query}
Pass @i{query} directly to @code{kadmin}. This is useful for writing
scripts that pass specific queries to @code{kadmin}.
+
+@item @b{-e} @i{"enctypes ..."}
+@b{(For @code{kadmin.local} only.)}
+Sets the list of cryptosystem and salt types to be used for any new keys
+created. Available types include @samp{des3-cbc-sha1:normal},
+@samp{des-cbc-crc:normal}, and @samp{des-cbc-crc:v4}. In this release,
+the @samp{des3-cbc-sha1:normal} type should only be used when
+registering service principals; for any services that may request
+tickets themselves to initiate some action, it should be combined with
+one or more of the other types.
@end table
@node Date Format, Principals, Kadmin Options, Administrating Kerberos Database Entries
now
"second Monday"
fortnight
-"3/31/92 10:00:07 PST"
-"January 23, 1987 10:05pm"
+"3/31/1992 10:00:07 PST"
+"January 23, 2007 10:05pm"
"22:00 GMT"
@end group
@end smallexample
+Two-digit years are allowed in places, but the use of this form is not
+recommended.
+
Note that if the date specification contains spaces, you must enclose it
in double quotes. Note also that you cannot use a number without a
unit. (I.e., ``"60 seconds"'' is correct, but ``60'' is incorrect.)
+1999-08-30 Ken Raeburn <raeburn@mit.edu>
+
+ * libdes.tex: Don't use ncs style; it's availability is dependent
+ on the local TeX installation.
+
1999-01-20 Theodore Ts'o <tytso@rsts-11.mit.edu>
* krb5.tex (krb5_mk_safe): Fix reference to a non-existent flag.
-\documentstyle[ncs,fixunder,functions,twoside]{article}
+\documentstyle[fixunder,functions,twoside]{article}
\setlength{\oddsidemargin}{0.25in}
\setlength{\evensidemargin}{-0.25in}
\setlength{\topmargin}{-.5in}
+1999-08-27 Danilo Almeida <dalmeida@mit.edu>
+
+ * Makefile.in: Add some missing dirs needed for generating a proper
+ kerbsrc.zip. Make krbsrc83.zip obsolete.
+
+1999-08-13 Brad Thompson <yak@mit.edu>
+
+ * aclocal.m4: Added MacOS X shared library support.
+
+1999-08-09 Danilo Almeida <dalmeida@mit.edu>
+
+ * Makefile.in: Build kpasswd under windows.
+
1999-07-22 Tom Yu <tlyu@mit.edu>
* Makefile.in (install-mkdirs): Use mkinstalldirs rather than
WINMAKEFILES=Makefile \
clients\Makefile clients\kdestroy\Makefile \
clients\kinit\Makefile clients\klist\Makefile \
+ clients\kpasswd\Makefile \
include\Makefile include\krb5\Makefile \
lib\Makefile lib\crypto\Makefile \
lib\crypto\crc32\Makefile lib\crypto\des\Makefile \
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##clients\klist\Makefile: clients\klist\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
+##DOS##clients\kpasswd\Makefile: clients\kpasswd\Makefile.in $(MKFDEP)
+##DOS## $(WCONFIG) config < $@.in > $@
##DOS##include\Makefile: include\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##include\krb5\Makefile: include\krb5\Makefile.in $(MKFDEP)
ZIP=zip
FILES= ./* \
clients/* clients/kdestroy/* clients/kinit/* clients/klist/* \
+ clients/kpasswd/* \
config/* include/* include/kerberosIV/* \
include/krb5/* include/krb5/stock/* include/sys/* lib/* \
lib/crypto/* lib/crypto/crc32/* lib/crypto/des/* lib/crypto/dk/* \
lib/krb5/ccache/* lib/krb5/ccache/file/* lib/krb5/ccache/memory/* \
lib/krb5/ccache/stdio/* lib/krb5/ccache/ccapi/* \
lib/krb5/error_tables/* \
- lib/krb5/keytab/* lib/krb5/keytab/file/* \
+ lib/krb5/keytab/* lib/krb5/keytab/file/* lib/krb5/keytab/srvtab/* \
lib/krb5/os/* lib/krb5/posix/* lib/krb5/rcache/* \
- util/et/* util/profile/*
+ util/* util/et/* util/profile/*
WINFILES= util/windows/* windows/* windows/lib/* windows/cns/* \
windows/wintel/* windows/gss/* windows/gina/*
prep-windows: dos-Makefile awk-windows-mac
-# Not supported....
-krbsrc83.zip: dos-Makefile awk-windows-mac winfile.list
- rm -f krbsrc83.zip
- $(ZIP) -@Dlk krbsrc83.zip < winfile.list
- $(ZIP) -Dk krbsrc83.zip $(WINBINARYFILES)
- if test -d mit ; then \
- $(ZIP) -rDk krbsrc83.zip $(MITWINBINARYFILES) ; \
- fi
- rm -f $(CLEANUP)
+krbsrc83.zip: krbsrc83-is-obsolete
+
+krbsrc83-is-obsolete:
+ @echo "Win16 and krbsrc83.zip are no longer supported."
+ @echo "We don't support building under 8.3 restricted filesystems"
+ @echo "anymore. You can still build for Win32 on filesystems"
+ @echo "without 8.3 restrictions using kerbsrc.zip"
+ @echo " "
kerbsrc.zip: dos-Makefile awk-windows-mac winfile.list
rm -f kerbsrc.zip
kerbsrc-nt.zip: kerbsrc-nt-is-obsolete
kerbsrc-nt-is-obsolete:
- @echo "Kerbsrc-nt.zip is now obsolete. Just use and build kerbsrc.zip"
+ @echo "kerbsrc-nt.zip is now obsolete. Just use and build kerbsrc.zip"
@echo "We don't support building under 8.3 restricted filesystems"
@echo "anymore, so what was kerbsrc-nt.zip is now kerbsrc.zip."
@echo " "
$(CP) clients\klist\$(OUTPRE)klist.exe $(KBINDIR)\.
$(CP) clients\kinit\$(OUTPRE)kinit.exe $(KBINDIR)\.
$(CP) clients\kdestroy\$(OUTPRE)kdestroy.exe $(KBINDIR)\.
+ $(CP) clients\kpasswd\$(OUTPRE)kpasswd.exe $(KBINDIR)\.
PROFFLAGS=-pg
;;
+*-*-macos10*)
+ PICFLAGS=-fno-common
+ SHLIBVEXT='.$(LIBMAJOR).$(LIBMINOR).dylib'
+ SHLIBSEXT='.$(LIBMAJOR).dylib'
+ SHLIB_EXPFLAGS='$(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+ SHLIBEXT=.dylib
+ SHOBJEXT=.so
+ LDCOMBINE='cc -dynamiclib -dylib_compatibility_version=$(LIBMAJOR).$(LIBMINOR) -dylib_current_version=$(LIBMAJOR).$(LIBMINOR)'
+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -dynamic'
+ CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) -static'
+ RUN_ENV='DYLD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export DYLD_LIBRARY_PATH;'
+ ;;
+
*-*-solaris*)
if test "$krb5_cv_prog_gcc" = yes; then
PICFLAGS=-fpic
+1999-08-24 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in (kshd): Remove $(LOGINLIBS) from kshd dependencies.
+
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * krlogin.c (main): Error out if -D isn't followed by another
+ argument. Based on patch from Brad Thompson.
+
+ * krshd.c (v4_kdata, v4_ticket): Don't define if KRB5_KRB4_COMPAT
+ is not defined. Patch from Brad Thompson.
+
+ * kcmd.c (kcmd): If krb5_get_credentials returns a nonzero error
+ code, print an error message before returning.
+
+1999-08-17 Ken Raeburn <raeburn@mit.edu>
+
+ * krlogin.c (main): If ospeed is outside of compiled-in table
+ index range but not high enough to be a baud rate, use the highest
+ rate in the table.
+
1999-08-02 Ken Raeburn <raeburn@mit.edu>
and Brad Thompson <yak@mit.edu>
${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \
fi
-kshd: krshd.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(LOGINLIBS) $(PTY_DEPLIB) $(UTIL_DEPLIB) $(KRB4COMPAT_DEPLIBS)
+kshd: krshd.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(UTIL_DEPLIB) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o kshd krshd.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(LOGINLIBS) $(PTY_LIB) $(UTIL_LIB) $(KRB4COMPAT_LIBS)
klogind: krlogind.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(UTIL_DEPLIB) $(KRB4COMPAT_DEPLIBS)
status = krb5_get_credentials(bsd_context, 0, cc, get_cred, &ret_cred);
krb5_free_creds(bsd_context, get_cred);
(void) krb5_cc_close(bsd_context, cc);
- if (status) goto bad2;
+ if (status) {
+ fprintf (stderr, "error getting credentials: %s\n",
+ error_message (status));
+ goto bad2;
+ }
/* Reset internal flags; these should not be sent. */
authopts &= (~OPTS_FORWARD_CREDS);
if (argc > 0 && !strcmp(*argv, "-D")) {
argv++; argc--;
+ if (*argv == NULL) {
+ fprintf (stderr,
+ "rlogin: -D flag must be followed by the debug port.\n");
+ exit (1);
+ }
debug_port = htons(atoi(*argv));
argv++; argc--;
goto another;
/* On some systems, ospeed is the baud rate itself,
not a table index. */
sprintf (term + strlen (term), "%d", ospeed);
+ else if (ospeed >= sizeof(speeds)/sizeof(char*))
+ /* Past end of table, but not high enough to
+ look like a real speed. */
+ (void) strcat (term, speeds[sizeof(speeds)/sizeof(char*) - 1]);
else {
(void) strcat(term, speeds[ospeed]);
}
krb5_principal client;
krb5_authenticator *kdata;
+#ifdef KRB5_KRB4_COMPAT
AUTH_DAT *v4_kdata;
KTEXT v4_ticket;
+#endif
int auth_sys = 0; /* Which version of Kerberos used to authenticate */
+1999-08-27 Tom Yu <tlyu@mit.edu>
+
+ * ftp.c: Diable krb5-mech2 for now.
+
Tue May 11 11:58:00 1999 Ezra Peisach <epeisach@mit.edu>
* ftp.c: Inclusion of gssapi_krb5.h requires gssapi_generic.h.
const gss_OID_desc * const * mech_type;
char *service_name;
} gss_trials[] = {
- { &gss_mech_krb5_v2, "ftp" },
{ &gss_mech_krb5, "ftp" },
- { &gss_mech_krb5_v2, "host" },
{ &gss_mech_krb5, "host" },
};
int n_gss_trials = sizeof(gss_trials)/sizeof(gss_trials[0]);
+1999-08-31 17:28 Jeffrey Altman <jaltman@columbia.edu>
+
+ * kerberos5.c: Corrections to yesterday's change.
+
+1999-08-30 16:55 Jeffrey Altman <jaltman@columbia.edu>
+
+ * kerberos5.c: Ensure that only "host" service tickets are accepted.
+
Wed Feb 3 22:59:27 1999 Theodore Y. Ts'o <tytso@mit.edu>
* kerberos5.c: Increase size of str_data so that we can accept
#ifdef ENCRYPTION
Session_Key skey;
#endif
- char errbuf[128];
+ char errbuf[320];
char *name;
char *getenv();
krb5_data inbuf;
(void) strcat(errbuf, error_message(r));
goto errout;
}
+
+ /* 256 bytes should be much larger than any reasonable first component */
+ /* of a service name especially since the default is of length 4. */
+ if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) {
+ char princ[256];
+ strncpy(princ,
+ krb5_princ_component(telnet_context, ticket->server,0)->data,
+ krb5_princ_component(telnet_context, ticket->server,0)->length);
+ princ[krb5_princ_component(telnet_context,
+ ticket->server,0)->length] = '\0';
+ if ( strcmp("host", princ) )
+ {
+ (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"%s\"",
+ princ, "host");
+ goto errout;
+ }
+ } else {
+ (void) strcpy(errbuf, "service name too long");
+ goto errout;
+ }
+
r = krb5_auth_con_getauthenticator(telnet_context,
auth_context,
&authenticator);
errout:
{
- char eerrbuf[128+9];
+ char eerrbuf[329];
strcpy(eerrbuf, "telnetd: ");
strcat(eerrbuf, errbuf);
+1999-08-09 Danilo Almeida <dalmeida@mit.edu>
+
+ * Makefile.in: Build kpasswd under windows.
+
Tue May 18 19:52:56 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Remove - from recursive Win32 make invocation.
@echo Making all in clients\kinit
cd ..\kinit
$(MAKE) -$(MFLAGS)
+ @echo Making all in clients\kpasswd
+ cd ..\kpasswd
+ $(MAKE) -$(MFLAGS)
cd ..
clean-windows::
+1999-08-09 Danilo Almeida <dalmeida@mit.edu>
+
+ * Makefile.in: Use standard windows exe link flags.
+
Mon May 10 15:09:31 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Do win32 build in subdir.
##WIN32##all-windows:: $(OUTPRE)kdestroy.exe
##WIN32##$(OUTPRE)kdestroy.exe: $(OUTPRE)kdestroy.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB)
-##WIN32## link /nologo /out:$@ $**
+##WIN32## link $(LINKOPTS2) -out:$@ $**
clean-unix::
+1999-08-25 Ken Raeburn <raeburn@mit.edu>
+
+ * kinit.c (optind, optarg) [sun]: Declare on SunOS 4. Maybe
+ declare unconditionally, in the future.
+
+1999-08-12 Ken Raeburn <raeburn@mit.edu>
+
+ * kinit.c (main): Initialize cache_name to null, in case it's not
+ set.
+
+1999-08-09 Danilo Almeida <dalmeida@mit.edu>
+
+ * Makefile.in: Use standard windows exe link flags.
+
Mon May 10 15:13:37 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Do win32 build in subdir.
##WIN32##all-windows:: $(OUTPRE)kinit.exe
##WIN32##$(OUTPRE)kinit.exe: $(OUTPRE)kinit.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB)
-##WIN32## link /nologo /out:$@ $**
+##WIN32## link $(LINKOPTS2) -out:$@ $**
clean-unix::
#else
#ifdef HAVE_UNISTD_H
#include <unistd.h>
+#ifdef sun
+/* SunOS4 unistd didn't declare these; okay to make unconditional? */
+extern int optind;
+extern char *optarg;
+#endif /* sun */
#else
extern int optind;
extern char *optarg;
krb5_get_init_creds_opt opts;
char *service_name = NULL;
krb5_keytab keytab = NULL;
- char *cache_name;
+ char *cache_name = NULL;
krb5_ccache ccache = NULL;
enum { INIT_PW, INIT_KT, RENEW, VALIDATE} action;
int errflg = 0, idx, i;
+1999-09-01 Danilo Almeida <dalmeida@mit.edu>
+
+ * klist.c (do_ccache, show_credential): Use krb5_free_unparsed_name
+ instead of free.
+
+1999-08-26 Danilo Almeida <dalmeida@mit.edu>
+
+ * klist.c (show_credential): Index addresses array with i
+ in a loop instead of 1. (Thanks to jaltman@columbia.edu)
+
+1999-08-09 Danilo Almeida <dalmeida@mit.edu>
+
+ * Makefile.in: Use standard windows exe link flags.
+
Mon May 10 15:13:58 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Do win32 build in subdir.
##WIN32##all-windows:: $(OUTPRE)klist.exe
##WIN32##$(OUTPRE)klist.exe: $(OUTPRE)klist.obj $(KLIB) $(CLIB)
-##WIN32## link /nologo /out:$@ $** wsock32.lib
+##WIN32## link $(LINKOPTS2) -out:$@ $** wsock32.lib
clean-unix::
printf(")");
}
printf("\n");
- free(pname);
+ krb5_free_unparsed_name(kcontext, pname);
}
if (code && code != KRB5_KT_END) {
com_err(progname, code, "while scanning keytab");
retval = krb5_unparse_name(kcontext, cred->server, &sname);
if (retval) {
com_err(progname, retval, "while unparsing server name");
- free(name);
+ krb5_free_unparsed_name(kcontext, name);
return;
}
if (!cred->times.starttime)
for (i=1; cred->addresses[i]; i++) {
printf(", ");
- one_addr(cred->addresses[1]);
+ one_addr(cred->addresses[i]);
}
printf("\n");
}
}
- free(name);
- free(sname);
+ krb5_free_unparsed_name(kcontext, name);
+ krb5_free_unparsed_name(kcontext, sname);
}
void one_addr(a)
+1999-08-09 Danilo Almeida <dalmeida@mit.edu>
+
+ * kpasswd.c:
+ * Makefile.in: Build kpasswd under windows.
+
1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Set the myfulldir and mydir variables (which are
kpasswd.o: $(srcdir)/kpasswd.c
all-unix:: kpasswd
-all-windows:: kpasswd.exe
clean-unix::
$(RM) kpasswd.o kpasswd
-clean-windows::
- $(RM) kpasswd.obj kpasswd.exe
-
install-all install-kdc install-server install-client install-unix::
$(INSTALL_PROGRAM) kpasswd $(DESTDIR)$(CLIENT_BINDIR)/`echo kpasswd|sed '$(transform)'`
$(INSTALL_DATA) $(srcdir)/kpasswd.M $(DESTDIR)$(CLIENT_MANDIR)/`echo kpasswd|sed '$(transform)'`.1;
-kpasswd.exe: kpasswd.obj
- link /out:kpasswd.exe kpasswd.obj $(BUILDTOP)\lib\libkrb5.lib
+##WIN32##INCLUDES = /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5
+##WIN32##CFLAGS = $(CCOPTS2) $(INCLUDES)
+
+##WIN32##all-windows:: $(OUTPRE)kpasswd.exe
+##WIN32##$(OUTPRE)kpasswd.exe: $(OUTPRE)kpasswd.obj $(KLIB) $(CLIB)
+##WIN32## link $(LINKOPTS2) -out:$@ $**
#include <stdio.h>
#include <sys/types.h>
-#include <pwd.h>
+
+#ifndef _WIN32
#include <unistd.h>
+#endif
#include <krb5.h>
#define P1 "Enter new password: "
#define P2 "Enter it again: "
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+
+void get_name_from_passwd_file(program_name, kcontext, me)
+ char * program_name;
+ krb5_context kcontext;
+ krb5_principal * me;
+{
+ struct passwd *pw;
+ krb5_error_code code;
+ if (pw = getpwuid((int) getuid())) {
+ if ((code = krb5_parse_name(kcontext, pw->pw_name, me))) {
+ com_err (program_name, code, "when parsing name %s", pw->pw_name);
+ exit(1);
+ }
+ } else {
+ fprintf(stderr, "Unable to identify user from password file\n");
+ exit(1);
+ }
+}
+#else /* HAVE_PWD_H */
+void get_name_from_passwd_file(kcontext, me)
+ krb5_context kcontext;
+ krb5_principal * me;
+{
+ fprintf(stderr, "Unable to identify user\n");
+ exit(1);
+}
+#endif /* HAVE_PWD_H */
+
int main(int argc, char *argv[])
{
krb5_error_code ret;
krb5_context context;
krb5_principal princ;
char *pname;
- struct passwd *pwd;
krb5_ccache ccache;
krb5_get_init_creds_opt opts;
krb5_creds creds;
exit(1);
}
+#if 0
krb5_init_ets(context);
+#endif
/* in order, use the first of:
- a name specified on the command line
com_err(argv[0], ret, "closing ccache");
exit(1);
}
- } else if (pwd = getpwuid(getuid())) {
- if (ret = krb5_parse_name(context, pwd->pw_name, &princ)) {
- com_err(argv[0], ret, "parsing client name");
- exit(1);
- }
} else {
- com_err(argv[0], 0,
- "no matching password entry while looking for username");
- exit(1);
+ get_name_from_passwd_file(argv[0], context, &princ);
}
krb5_get_init_creds_opt_init(&opts);
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * heuristic.c (find_ticket): Use flag KRB5_TC_SUPPORTED_KTYPES
+ when calling krb5_cc_retrieve_cred.
+ * krb_auth_su.c (krb5_auth_check, krb5_fast_auth): Ditto.
+
Fri Mar 12 18:52:18 1999 Tom Yu <tlyu@mit.edu>
* main.c (main): Fix cleanup code for setluid() failure.
if (retval= krb5_copy_principal(context, server, &tgtq.server))
return retval ;
- retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY,
+ retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt);
if (! retval) retval = krb5_check_exp(context, tgt.times);
}
if (auth_debug){ dump_principal(context, "local tgt principal name", tgtq.server ); }
- retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY,
- &tgtq, &tgt);
+ retval = krb5_cc_retrieve_cred(context, cc,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
+ &tgtq, &tgt);
if (! retval) retval = krb5_check_exp(context, tgt.times);
return (FALSE) ;
}
- if ((retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY,
- &tgtq, &tgt))){
+ if ((retval = krb5_cc_retrieve_cred(context, cc,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
+ &tgtq, &tgt))){
if (auth_debug)
com_err(prog_name, retval,"While Retrieving credentials");
return (FALSE) ;
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * config.guess: Recognize Rhapsody OS.
+ * config.sub: Recognize OS name "rhapsody*".
+
+1999-08-17 Ken Raeburn <raeburn@mit.edu>
+
+ * post.in (*-recurse): If an error occurs when using -k, report an
+ error after finishing all the subdirectories.
+
+1999-08-13 Brad Thompson <yak@mit.edu>
+
+ * config.sub: Now recognizes MacOS 10 as a valid OS.
+
1999-07-30 Ken Raeburn <raeburn@mit.edu>
* config.guess: Add MacOS 10 support. (Submitted to autoconf
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
exit 0 ;;
+# MIT addition
+ Power\ Macintosh:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit 0 ;;
+# MIT addition
+ powerpc:Rhapsody:*:*)
+ echo powerpc-unknown-rhapsody${UNAME_RELEASE}
+ exit 0 ;;
+# MIT addition
+ i?86:Rhapsody:*:*)
+ echo i386-unknown-rhapsody${UNAME_RELEASE}
+ exit 0 ;;
+# MIT addition
Power\ Macintosh:Mac\ OS:*:*)
echo powerpc-apple-macos${UNAME_RELEASE}
exit 0 ;;
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -mingw32* | -linux-gnu* | -uxpv* | -beos*)
+ | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -macos* | -rhapsody*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-linux*)
all-recurse clean-recurse distclean-recurse install-recurse check-recurse Makefiles-recurse:
@case "`echo 'x$(MFLAGS)'|sed -e 's/^x//' -e 's/ --.*$$//'`" \
- in *[ik]*) e=:;; *) e="exit 1";; esac; \
+ in *[ik]*) e="status=1" ;; *) e="exit 1";; esac; \
if test -z "$(MY_SUBDIRS)" ; then \
do_subdirs="$(SUBDIRS)" ; \
else \
do_subdirs="$(MY_SUBDIRS)" ; \
fi; \
+ status=0; \
if test -n "$$do_subdirs" && test -z "$(NORECURSE)"; then \
for i in $$do_subdirs ; do \
if test -d $$i ; then \
echo "making $$target in $(CURRENT_DIR)$$i..."; \
if (cd $$i ; $(MAKE) CC="$(CC)" CCOPTS="$(CCOPTS)" \
CURRENT_DIR=$(CURRENT_DIR)$$i/ $$target) then :; \
- else $$e; fi; \
+ else eval $$e; fi; \
;; \
esac; \
else \
fi; \
done; \
else :; \
- fi
+ fi;\
+ exit $$status
+1999-08-31 Jeffrey Altman <jaltman@columbia.edu>
+
+ * k5-int.h: Add #define ANSI_STDIO for Windows builds so that
+ stdio opens files in binary mode instead of text
+ mode. This is necessary for Ctrl-Z transparency.
+
+1999-08-30 Ken Raeburn <raeburn@mit.edu>
+
+ * configure.in: Check for memmove and bcopy.
+
+ * Makefile.in (install): Install profile.h since krb5.h will use
+ it.
+
+1999-08-26 Danilo Almeida <dalmeida@mit.edu>
+
+ * krb5.hin (krb5_kuserok): Fix calling convention to make it
+ consistent with rest of krb5 exports before we start exporting
+ this from the Windows DLL.
+
+1999-08-25 Danilo Almeida <dalmeida@mit.edu>
+
+ * k5-int.h (krb5_cc_retrieve_cred_default): Fix calling convention
+ to make it consistent with actual calling convention.
+
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * krb5.hin (KRB5_TC_SUPPORTED_KTYPES): New flag.
+ * k5-int.h (krb5_cc_retrieve_cred_default): Declare.
+
+1999-08-18 Tom Yu <tlyu@mit.edu>
+
+ * krb5.hin: Re-align des3-cbc-sha1 and hmac-sha1-des3 to agree
+ with new number assignments; also rename symbols a little bit.
+
+1999-08-09 Danilo Almeida <dalmeida@mit.edu>
+
+ * win-mac.h: Define MAXPATHLEN only if not already defined. This
+ avoids warnings under Windows.
+
1999-08-04 Danilo Almeida <dalmeida@mit.edu>
* k5-int.h: Keep invariant that profile_in_memory member of context
cd ..
@echo Making clean in include
-install:: krb5.h
+install:: krb5.h profile.h
$(INSTALL_DATA) krb5.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5.h
+ $(INSTALL_DATA) profile.h $(DESTDIR)$(KRB5_INCDIR)$(S)profile.h
AC_PROG_AWK
AC_PROG_LEX
AC_CONST
-AC_CHECK_FUNCS(strdup labs setvbuf)
+AC_CHECK_FUNCS(strdup labs setvbuf memmove bcopy)
HAVE_YYLINENO
CHECK_DIRENT
AC_TYPE_UID_T
#define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */
#define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */
#define HAVE_LABS
+#define ANSI_STDIO
#endif
krb5_octet FAR * FAR *,
size_t FAR *));
+
+krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default
+ KRB5_PROTOTYPE((krb5_context, krb5_ccache, krb5_flags,
+ krb5_creds *, krb5_creds *));
+
#if defined(macintosh) && defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__)
#pragma import reset
#endif
/* XXX deprecated? */
#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */
#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */
-#define ENCTYPE_DES3_HMAC_SHA1 0x0007
#define ENCTYPE_DES_HMAC_SHA1 0x0008
+#define ENCTYPE_DES3_CBC_SHA1 0x0010
#define ENCTYPE_UNKNOWN 0x01ff
/* local crud */
/* marc's DES-3 with 32-bit length */
#define CKSUMTYPE_RSA_MD5 0x0007
#define CKSUMTYPE_RSA_MD5_DES 0x0008
#define CKSUMTYPE_NIST_SHA 0x0009
-#define CKSUMTYPE_HMAC_SHA1 0x000a
+#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c
#ifndef krb5_roundup
/* round x up to nearest multiple of y */
#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040
#define KRB5_TC_MATCH_2ND_TKT 0x00000080
#define KRB5_TC_MATCH_KTYPE 0x00000100
+#define KRB5_TC_SUPPORTED_KTYPES 0x00000200
/* for set_flags and other functions */
#define KRB5_TC_OPENCLOSE 0x00000001
-#define krb5_cc_initialize(context, cache, principal) krb5_x((cache)->ops->init,(context, cache, principal))
-#define krb5_cc_gen_new(context, cache) krb5_x((*cache)->ops->gen_new,(context, cache))
-#define krb5_cc_destroy(context, cache) krb5_x((cache)->ops->destroy,(context, cache))
-#define krb5_cc_close(context, cache) krb5_x((cache)->ops->close,(context, cache))
-#define krb5_cc_store_cred(context, cache, creds) krb5_x((cache)->ops->store,(context, cache, creds))
-#define krb5_cc_retrieve_cred(context, cache, flags, mcreds, creds) krb5_x((cache)->ops->retrieve,(context, cache, flags, mcreds, creds))
-#define krb5_cc_get_principal(context, cache, principal) krb5_x((cache)->ops->get_princ,(context, cache, principal))
-#define krb5_cc_start_seq_get(context, cache, cursor) krb5_x((cache)->ops->get_first,(context, cache, cursor))
-#define krb5_cc_next_cred(context, cache, cursor, creds) krb5_x((cache)->ops->get_next,(context, cache, cursor, creds))
-#define krb5_cc_end_seq_get(context, cache, cursor) krb5_x((cache)->ops->end_get,(context, cache, cursor))
-#define krb5_cc_remove_cred(context, cache, flags, creds) krb5_x((cache)->ops->remove_cred,(context, cache,flags, creds))
-#define krb5_cc_set_flags(context, cache, flags) krb5_x((cache)->ops->set_flags,(context, cache, flags))
-#define krb5_cc_get_name(context, cache) krb5_xc((cache)->ops->get_name,(context, cache))
-#define krb5_cc_get_type(context, cache) ((cache)->ops->prefix)
+#define krb5_cc_initialize(context, cache, principal) krb5_x ((cache)->ops->init,(context, cache, principal))
+#define krb5_cc_gen_new(context, cache) krb5_x ((*cache)->ops->gen_new,(context, cache))
+#define krb5_cc_destroy(context, cache) krb5_x ((cache)->ops->destroy,(context, cache))
+#define krb5_cc_close(context, cache) krb5_x ((cache)->ops->close,(context, cache))
+#define krb5_cc_store_cred(context, cache, creds) krb5_x ((cache)->ops->store,(context, cache, creds))
+#define krb5_cc_retrieve_cred(context, cache, flags, mcreds, creds) krb5_x ((cache)->ops->retrieve,(context, cache, flags, mcreds, creds))
+#define krb5_cc_get_principal(context, cache, principal) krb5_x ((cache)->ops->get_princ,(context, cache, principal))
+#define krb5_cc_start_seq_get(context, cache, cursor) krb5_x ((cache)->ops->get_first,(context, cache, cursor))
+#define krb5_cc_next_cred(context, cache, cursor, creds) krb5_x ((cache)->ops->get_next,(context, cache, cursor, creds))
+#define krb5_cc_end_seq_get(context, cache, cursor) krb5_x ((cache)->ops->end_get,(context, cache, cursor))
+#define krb5_cc_remove_cred(context, cache, flags, creds) krb5_x ((cache)->ops->remove_cred,(context, cache,flags, creds))
+#define krb5_cc_set_flags(context, cache, flags) krb5_x ((cache)->ops->set_flags,(context, cache, flags))
+#define krb5_cc_get_name(context, cache) krb5_xc((cache)->ops->get_name,(context, cache))
+#define krb5_cc_get_type(context, cache) ((cache)->ops->prefix)
extern krb5_cc_ops *krb5_cc_dfl_ops;
KRB5_PROTOTYPE((krb5_context,
const char *,
char ** ));
-krb5_boolean krb5_kuserok
+KRB5_DLLIMP krb5_boolean KRB5_CALLCONV krb5_kuserok
KRB5_PROTOTYPE((krb5_context,
krb5_principal, const char *));
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs
+++ /dev/null
-/*
- * Copyright 1990,1991,1994,1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Configuration definition file.
- */
-
-
-#ifndef KRB5_CONFIG__
-#define KRB5_CONFIG__
-
-#ifdef _MSDOS
-/*
- * Machine-type definitions: PC Clone 386 running Microloss Windows
- */
-
-/* Kerberos Windows initialization file */
-#define KERBEROS_INI "kerberos.ini"
-#define INI_FILES "Files"
-#define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */
-#define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */
-
-#define KRB5_DBM_COMPAT__ /* Don't load dbm.h */
-#define KRB5_KDB5__ /* Don't load kdb.h */
-#define KRB5_KDB5_DBM__ /* Don't load kdb_dbm.h */
-
-#define BITS16
-#define SIZEOF_INT 2
-#define SIZEOF_SHORT 2
-#define SIZEOF_LONG 4
-#define MAXHOSTNAMELEN 512
-#define MAXPATHLEN 256 /* Also for Windows temp files */
-
-#define KRB5_USE_INET
-#define MSDOS_FILESYSTEM
-#define USE_STRING_H
-#define HAVE_SRAND
-#define HAVE_ERRNO
-#define HAS_STRDUP
-#define NO_USERID
-#define NOFCHMOD
-#define NOCHMOD
-#define NO_PASSWORD
-#define WM_KERBEROS5_CHANGED "Kerberos5 Changed"
-
-#define HAS_ANSI_VOLATILE
-#define HAS_VOID_TYPE
-#define KRB5_PROVIDE_PROTOTYPES
-#define HAVE_STDARG_H
-#define HAVE_SYS_TYPES_H
-
-#ifndef _SIZE_T_DEFINED
-typedef unsigned int size_t;
-#define _SIZE_T_DEFINED
-#endif
-
-#ifndef KRB5_SYSTYPES__
-#define KRB5_SYSTYPES__
-#include <sys/types.h>
-typedef unsigned long u_long; /* Not part of sys/types.h on the pc */
-typedef unsigned int u_int;
-typedef unsigned short u_short;
-typedef unsigned char u_char;
-#endif /* KRB5_SYSTYPES__ */
-
-#ifndef INTERFACE
-#define INTERFACE __far __export __pascal
-#define INTERFACE_C __far __export __cdecl
-#endif
-
-/*
- * The following defines are needed to make <windows.h> work
- * in stdc mode (/Za flag). Winsock.h needs <windows.h>.
- */
-#define FAR _far
-#define NEAR _near
-#define _far __far
-#define _near __near
-#define _pascal __pascal
-#define _cdecl __cdecl
-#define _huge __huge
-
-#ifdef NEED_WINDOWS
-#include <windows.h>
-#endif
-
-#ifdef NEED_LOWLEVEL_IO
-/* Ugly. Microsoft, in stdc mode, doesn't support the low-level i/o
- * routines directly. Rather, they only export the _<function> version.
- * The following defines works around this problem.
- */
-#include <sys\types.h>
-#include <sys\stat.h>
-#include <fcntl.h>
-#include <io.h>
-#include <process.h>
-#define O_RDONLY _O_RDONLY
-#define O_WRONLY _O_WRONLY
-#define O_RDWR _O_RDWR
-#define O_APPEND _O_APPEND
-#define O_CREAT _O_CREAT
-#define O_TRUNC _O_TRUNC
-#define O_EXCL _O_EXCL
-#define O_TEXT _O_TEXT
-#define O_BINARY _O_BINARY
-#define O_NOINHERIT _O_NOINHERIT
-#define stat _stat
-#define unlink _unlink
-#define lseek _lseek
-#define write _write
-#define open _open
-#define close _close
-#define read _read
-#define fstat _fstat
-#define mktemp _mktemp
-#define dup _dup
-
-#define getpid _getpid
-#endif
-
-#ifdef NEED_SYSERROR
-/* Only needed by util/et/error_message.c but let's keep the source clean */
-#define sys_nerr _sys_nerr
-#define sys_errlist _sys_errlist
-#endif
-
-/* XXX these should be parameterized soon... */
-#define PROVIDE_DES_CBC_MD5
-#define PROVIDE_DES_CBC_CRC
-#define PROVIDE_RAW_DES_CBC
-#define PROVIDE_CRC32
-#define PROVIDE_DES_CBC_CKSUM
-#define PROVIDE_RSA_MD4
-#define PROVIDE_RSA_MD5
-#define DEFAULT_PWD_STRING1 "Enter password:"
-#define DEFAULT_PWD_STRING2 "Re-enter password for verification:"
-
-/* Functions with slightly different names on the PC
-*/
-#define strcasecmp _stricmp
-#define strdup _strdup
-#define off_t _off_t
-
-#else /* Rest of include file is for non-Microloss-Windows */
-
-#if defined(_MACINTOSH)
-#include <stddef.h>
-
-typedef struct {
- int dummy;
-} datum;
-
-#include <stddef.h>
-
-#ifdef NEED_LOWLEVEL_IO
-#include <fcntl.h>
-#endif
-
-#ifndef _MWERKS
-/* there is no <stat.h> for mpw */
-typedef unsigned long mode_t;
-typedef unsigned long ino_t;
-typedef unsigned long dev_t;
-typedef short nlink_t;
-typedef unsigned long uid_t;
-typedef unsigned long gid_t;
-typedef long off_t;
-struct stat
-{
- mode_t st_mode; /* File mode; see #define's below */
- ino_t st_ino; /* File serial number */
- dev_t st_dev; /* ID of device containing this file */
- nlink_t st_nlink; /* Number of links */
- uid_t st_uid; /* User ID of the file's owner */
- gid_t st_gid; /* Group ID of the file's group */
- dev_t st_rdev; /* Device type */
- off_t st_size; /* File size in bytes */
- unsigned long st_atime; /* Time of last access */
- unsigned long st_mtime; /* Time of last data modification */
- unsigned long st_ctime; /* Time of last file status change */
- long st_blksize; /* Optimal blocksize */
- long st_blocks; /* blocks allocated for file */
-};
-
-int stat(const char *path, struct stat *buf);
-int fstat(int fildes, struct stat *buf);
-
-#endif /* _MWERKS */
-
-#define EFBIG 1000
-
-#define NOFCHMOD 1
-#define NOCHMOD 1
-#define _MACSOCKAPI_
-
-#define THREEPARAMOPEN(x,y,z) open(x,y)
-#define MAXPATHLEN 255
-
-/* protocol families same as address families */
-#define PF_INET AF_INET
-
-/* XXX these should be parameterized soon... */
-#define PROVIDE_DES_CBC_MD5
-#define PROVIDE_DES_CBC_CRC
-#define PROVIDE_RAW_DES_CBC
-#define PROVIDE_CRC32
-#define PROVIDE_DES_CBC_CKSUM
-#define PROVIDE_RSA_MD4
-#define PROVIDE_RSA_MD5
-
-#else /* _MACINTOSH */
-#define THREEPARAMOPEN(x,y,z) open(x,y,z)
-#endif /* _MACINTOSH */
-
-#ifndef KRB5_AUTOCONF__
-#define KRB5_AUTOCONF__
-#include "autoconf.h"
-#endif
-
-#ifndef KRB5_SYSTYPES__
-#define KRB5_SYSTYPES__
-
-#ifdef HAVE_SYS_TYPES_H /* From autoconf.h */
-#include <sys/types.h>
-#else /* HAVE_SYS_TYPES_H */
-typedef unsigned long u_long;
-typedef unsigned int u_int;
-typedef unsigned short u_short;
-typedef unsigned char u_char;
-#endif /* HAVE_SYS_TYPES_H */
-#endif /* KRB5_SYSTYPES__ */
-
-#ifdef SYSV
-/* Change srandom and random to use rand and srand */
-/* Taken from the Sandia changes. XXX We should really just include */
-/* srandom and random into Kerberos release, since rand() is a really */
-/* bad random number generator.... [tytso:19920616.2231EDT] */
-#define random() rand()
-#define srandom(a) srand(a)
-#ifndef unicos61
-#define utimes(a,b) utime(a,b)
-#endif /* unicos61 */
-#endif /* SYSV */
-
-/* XXX these should be parameterized soon... */
-#define PROVIDE_DES_CBC_MD5
-#define PROVIDE_DES_CBC_CRC
-#define PROVIDE_RAW_DES_CBC
-#define PROVIDE_CRC32
-#define PROVIDE_DES_CBC_CKSUM
-#define PROVIDE_RSA_MD4
-#define PROVIDE_RSA_MD5
-
-#define DEFAULT_PWD_STRING1 "Enter password:"
-#define DEFAULT_PWD_STRING2 "Re-enter password for verification:"
-
-#define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */
-#define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */
-#define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */
-
-/*
- * For paranoid DOE types that don't want to give helpful error
- * messages to the client....er, attacker
- */
-#undef KRBCONF_VAGUE_ERRORS
-
-/*
- * Define this if you want the KDC to modify the Kerberos database;
- * this allows the last request information to be updated, as well as
- * the failure count information.
- *
- * Note that this doesn't work if you're using slave servers!!! It
- * also causes the database to be modified (and thus need to be
- * locked) frequently.
- */
-#undef KRBCONF_KDC_MODIFIES_KDB
-
-/*
- * Windows requires a different api interface to each function. Here
- * just define it as NULL.
- */
-#define INTERFACE
-#define INTERFACE_C
-#define FAR
-#define NEAR
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-#ifndef HAS_LABS
-#define labs(x) abs(x)
-#endif
-
-#endif /* _MSDOS */
-#endif /* KRB5_CONFIG__ */
#endif /* KRB5_SYSTYPES__ */
#define MAXHOSTNAMELEN 512
+#ifndef MAXPATHLEN
#define MAXPATHLEN 256 /* Also for Windows temp files */
+#endif
#define HAVE_NETINET_IN_H
#define MSDOS_FILESYSTEM
+1999-08-18 Ken Raeburn <raeburn@mit.edu>
+
+ * getdate.y (Convert): Check for year past 2038.
+ (RelativeMonth): Check for error return from Convert.
+ (get_date): Check for error return from RelativeMonth.
+
1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Set the myfulldir and mydir variables (which are
#define EPOCH 1970
+#define EPOCH_END 2038 /* assumes 32 bits */
#define HOUR(x) ((time_t)(x) * 60)
#define SECSPERDAY (24L * 60L * 60L)
if (Year < 0)
Year = -Year;
- if (Year < 100)
+ if (Year < 1900)
Year += 1900;
DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
? 29 : 28;
if (Year < EPOCH
+ || Year > EPOCH_END
|| Month < 1 || Month > 12
/* Lint fluff: "conversion from long may lose accuracy" */
|| Day < 1 || Day > DaysInMonth[(int)--Month])
struct tm *tm;
time_t Month;
time_t Year;
+ time_t ret;
if (RelMonth == 0)
return 0;
Month = 12 * tm->tm_year + tm->tm_mon + RelMonth;
Year = Month / 12;
Month = Month % 12 + 1;
- return DSTcorrect(Start,
- Convert(Month, (time_t)tm->tm_mday, Year,
- (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec,
- MER24, DSTmaybe));
+ ret = Convert(Month, (time_t)tm->tm_mday, Year,
+ (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec,
+ MER24, DSTmaybe);
+ if (ret == -1)
+ return ret;
+ return DSTcorrect(Start, ret);
}
struct my_timeb ftz;
time_t Start;
time_t tod;
+ time_t delta;
yyInput = p;
if (now == NULL) {
* thoroughness?
*/
Start += yyRelSeconds;
- Start += RelativeMonth(Start, yyRelMonth);
+ delta = RelativeMonth(Start, yyRelMonth);
+ if (delta == (time_t) -1)
+ return -1;
+ Start += delta;
/*
* Now, if you specified a day of week and counter, add it in. By
+1999-08-31 Ken Raeburn <raeburn@mit.edu>
+
+ * lib/helpers.exp (unexpire): Move expiration date ahead a few
+ decades.
+
+ * Makefile.in (check- check-ok): Disable tests until the tests get
+ updated for non-OVSEC mode, etc.
+
1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Set the myfulldir and mydir variables (which are
check:: check-@DO_V4_TEST@
-check-::
+# When the tests get updated, nuke this and delete "-not" from the next two.
+check- check-ok::
+ @echo "+++"
+ @echo "+++ WARNING: kadmin/v4server unit tests out of date; not run."
+ @echo "+++"
+
+check--not::
@echo "+++"
@echo "+++ WARNING: kadmin/v4server unit tests not run."
@echo "+++ Either Athena compatibility, tcl, runtest, or Perl is unavailable."
@echo "+++"
-check-ok unit-test:: unit-test-setup unit-test-body unit-test-cleanup
+check-ok-not unit-test:: unit-test-setup unit-test-body unit-test-cleanup
unit-test-setup::
$(ENV_SETUP) $(START_SERVERS_LOCAL) -v4files -kdcport 750 -keysalt des-cbc-crc:v4
# While we're at it, make sure they aren't expired.
exp_prog "$name: kadmin.local" $kadmin_local "" 0 {
"kadmin.local:" {
- send "modprinc -expire \"May 6, 1999\" $fullname\n"
+ send "modprinc -expire \"May 6, 2029\" $fullname\n"
}
} {
-re "Principal .* modified." { send "quit\n" }
+1999-08-18 Tom Yu <tlyu@mit.edu>
+
+ * kerberos_v4.c (compat_decrypt_key): Align DES3 enctypes with
+ current names.
+ (kerb_get_principal): Align DES3 enctypes with current names.
+
+1999-08-17 Ken Raeburn <raeburn@mit.edu>
+
+ * kdc_util.c (select_session_keytype): If none of the requested
+ ktypes are NULL or single-DES, force des-cbc-crc.
+
1999-06-30 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (CFLAGS): Define NOCACHE.
krb5_enctype *ktype;
{
int i;
+ krb5_enctype dfl = 0;
for (i = 0; i < nktypes; i++) {
if (!valid_enctype(ktype[i]))
continue;
- if (dbentry_supports_enctype(context, server, ktype[i]))
- return (ktype[i]);
+ if (dbentry_supports_enctype(context, server, ktype[i])) {
+ switch (ktype[i]) {
+ case ENCTYPE_NULL:
+ case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES_CBC_MD4:
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES_CBC_RAW:
+ case ENCTYPE_DES_HMAC_SHA1:
+ return ktype[i];
+
+ default:
+ /* For now, too much of our code supports only
+ single-DES. For example, the GSSAPI Kerberos
+ mechanism needs to be modified. If someone tries
+ using other key types, force single-DES for the
+ session key.
+
+ This weird way of setting it here is so that a
+ requested single-DES enctype listed after DES3 can
+ be used, and this fallback enctype will be used
+ only if *no* single-DES enctypes were requested. */
+ dfl = ENCTYPE_DES_CBC_CRC;
+ break;
+ }
+ }
}
- return 0;
+ return dfl;
}
/*
retval = -1;
} else {
/* KLUDGE! If it's a non-raw des3 key, bash its enctype */
- if (out5->enctype == ENCTYPE_DES3_HMAC_SHA1 ||
+ if (out5->enctype == ENCTYPE_DES3_CBC_SHA1 ||
out5->enctype == ENCTYPE_LOCAL_DES3_HMAC_SHA1)
out5->enctype = ENCTYPE_DES3_CBC_RAW;
}
ENCTYPE_LOCAL_DES3_HMAC_SHA1,
-1, kvno, &pkey) &&
krb5_dbe_find_enctype(kdc_context, &entries,
- ENCTYPE_DES3_HMAC_SHA1,
+ ENCTYPE_DES3_CBC_SHA1,
-1, kvno, &pkey) &&
krb5_dbe_find_enctype(kdc_context, &entries,
ENCTYPE_DES_CBC_CRC,
+1999-08-18 Tom Yu <tlyu@mit.edu>
+
+ * krb524d.c (do_connection): Convert to using new symbol for
+ DES3.
+
+ * cnv_tkt_skey.c (krb524_convert_tkt_skey): Convert to using new
+ symbol for DES3.
+
1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Set the myfulldir and mydir variables (which are
v4_skey->contents);
} else {
/* Force enctype to be raw if using DES3. */
- if (v4_skey->enctype == ENCTYPE_DES3_HMAC_SHA1 ||
+ if (v4_skey->enctype == ENCTYPE_DES3_CBC_SHA1 ||
v4_skey->enctype == ENCTYPE_LOCAL_DES3_HMAC_SHA1)
v4_skey->enctype = ENCTYPE_DES3_CBC_RAW;
ret = krb_cr_tkt_krb5(v4tkt,
0,
&v4_service_key, &v4kvno)) &&
(ret = lookup_service_key(context, v5tkt->server,
- ENCTYPE_DES3_HMAC_SHA1,
+ ENCTYPE_DES3_CBC_SHA1,
0,
&v4_service_key, &v4kvno)) &&
(ret = lookup_service_key(context, v5tkt->server,
+1999-08-26 Danilo Almeida <dalmeida@mit.edu>
+
+ * krb5_32.def: Export krb5_kuserok.
+
1999-07-22 Jeffrey Altman <jaltman@columbia.edu>
* krb5_32.def
+1999-08-26 Tom Yu <tlyu@mit.edu>
+
+ * etypes.c: Add aliases "des" for "des-cbc-md5", "des3-hmac-sha1"
+ and "des3-cbc-sha1-kd" for "des3-cbc-sha1".
+
+ * cksumtypes.c: Add alias "hmac-sha1-des3-kd".
+
+1999-08-18 Tom Yu <tlyu@mit.edu>
+
+ * etypes.c: Update des3-cbc-sha1 to alignt with new number
+ assignments.
+
+ * cksumtypes.c: Update hmac-sha1-des3 to align with new number
+ assignments.
+
Tue May 18 19:52:56 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Remove - from recursive Win32 make invocation.
0, NULL,
&krb5_hash_sha1 },
- { CKSUMTYPE_HMAC_SHA1, KRB5_CKSUMFLAG_DERIVE,
- "hmac-sha1", "HMAC-SHA1",
+ { CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE,
+ "hmac-sha1-des3", "HMAC-SHA1 DES3 key",
+ 0, NULL,
+ &krb5_hash_sha1 },
+ { CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE,
+ "hmac-sha1-des3-kd", "HMAC-SHA1 DES3 key", /* alias */
0, NULL,
&krb5_hash_sha1 },
};
&krb5_enc_des, &krb5_hash_md5,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
krb5_des_string_to_key },
+ { ENCTYPE_DES_CBC_MD5,
+ "des", "DES cbc mode with RSA-MD5", /* alias */
+ &krb5_enc_des, &krb5_hash_md5,
+ krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
+ krb5_des_string_to_key },
{ ENCTYPE_DES_CBC_RAW,
"des-cbc-raw", "DES cbc mode raw",
krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
krb5_dk_string_to_key },
- { ENCTYPE_DES3_HMAC_SHA1,
- "des3-hmac-sha1", "Triple DES with HMAC/sha1",
+ { ENCTYPE_DES3_CBC_SHA1,
+ "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
&krb5_enc_des3, &krb5_hash_sha1,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
krb5_dk_string_to_key },
+ { ENCTYPE_DES3_CBC_SHA1, /* alias */
+ "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
+ &krb5_enc_des3, &krb5_hash_sha1,
+ krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
+ krb5_dk_string_to_key },
+ { ENCTYPE_DES3_CBC_SHA1, /* alias */
+ "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
+ &krb5_enc_des3, &krb5_hash_sha1,
+ krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
+ krb5_dk_string_to_key },
+
{ ENCTYPE_DES_HMAC_SHA1,
"des-hmac-sha1", "DES with HMAC/sha1",
&krb5_enc_des, &krb5_hash_sha1,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
krb5_dk_string_to_key },
#ifdef ATHENA_DES3_KLUDGE
+ /*
+ * If you are using this, you're almost certainly doing the
+ * Wrong Thing.
+ */
{ ENCTYPE_LOCAL_DES3_HMAC_SHA1,
"des3-marc-hmac-sha1",
"Triple DES with HMAC/sha1 and 32-bit length code",
+1999-08-25 Ken Raeburn <raeburn@mit.edu>
+
+ * old_decrypt.c (memmove) [HAVE_BCOPY && !HAVE_MEMMOVE]: Define to
+ use bcopy. Should work unless any system has no memmove *and*
+ bcopy isn't safe with overlaps.
+
Mon May 10 15:20:32 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Do win32 build in subdir.
#include "k5-int.h"
#include "old.h"
+#ifndef HAVE_MEMMOVE
+#ifdef HAVE_BCOPY
+#define memmove(dst,src,size) bcopy(src,dst,size)
+#endif
+#endif
+
krb5_error_code
krb5_old_decrypt(enc, hash, key, usage, ivec, input, arg_output)
krb5_const struct krb5_enc_provider *enc;
+1999-08-27 Tom Yu <tlyu@mit.edu>
+
+ * accept_sec_context.c (krb5_gss_accept_sec_context): Disable
+ krb5-mech2 stuff for now.
+
+ * init_sec_context.c (make_ap_req_v2): Disable krb5-mech2 stuff
+ for now.
+
Wed May 19 13:21:55 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Improve rule to create gssapi include dir under
#include "k5-int.h"
#include "gssapiP_krb5.h"
#include <memory.h>
+#include <assert.h>
/*
* $Id$
ctx->established = 1;
if (ctx->gsskrb5_version == 2000) {
- krb5_ui_4 tok_flags;
-
- tok_flags =
- (ctx->gss_flags & GSS_C_DELEG_FLAG)?KG2_RESP_FLAG_DELEG_OK:0;
-
- cksumdata.length = 8 + 4*ctx->nctypes + 4;
-
- if ((cksumdata.data = (char *) malloc(cksumdata.length)) == NULL) {
- code = ENOMEM;
- major_status = GSS_S_FAILURE;
- goto fail;
- }
-
- /* construct the token fields */
-
- ptr = cksumdata.data;
-
- ptr[0] = (KG2_TOK_RESPONSE >> 8) & 0xff;
- ptr[1] = KG2_TOK_RESPONSE & 0xff;
-
- ptr[2] = (tok_flags >> 24) & 0xff;
- ptr[3] = (tok_flags >> 16) & 0xff;
- ptr[4] = (tok_flags >> 8) & 0xff;
- ptr[5] = tok_flags & 0xff;
-
- ptr[6] = (ctx->nctypes >> 8) & 0xff;
- ptr[7] = ctx->nctypes & 0xff;
-
- ptr += 8;
-
- for (i=0; i<ctx->nctypes; i++) {
- ptr[i] = (ctx->ctypes[i] >> 24) & 0xff;
- ptr[i+1] = (ctx->ctypes[i] >> 16) & 0xff;
- ptr[i+2] = (ctx->ctypes[i] >> 8) & 0xff;
- ptr[i+3] = ctx->ctypes[i] & 0xff;
-
- ptr += 4;
- }
-
- memset(ptr, 0, 4);
-
- /* make the MIC token */
-
- {
- gss_buffer_desc text, token;
-
- text.length = cksumdata.length;
- text.value = cksumdata.data;
-
- /* ctx->seq_send must be set before this call */
-
- if (GSS_ERROR(major_status =
- krb5_gss_get_mic(&code, ctx,
- GSS_C_QOP_DEFAULT,
- &text, &token)))
- goto fail;
-
- mic.length = token.length;
- mic.data = token.value;
- }
-
- token.length = g_token_size((gss_OID) mech_used,
- (cksumdata.length-2)+4+ap_rep.length+
- mic.length);
-
- if ((token.value = (unsigned char *) xmalloc(token.length))
- == NULL) {
- code = ENOMEM;
- major_status = GSS_S_FAILURE;
- goto fail;
- }
- ptr = token.value;
- g_make_token_header((gss_OID) mech_used,
- (cksumdata.length-2)+4+ap_rep.length+mic.length,
- &ptr, KG2_TOK_RESPONSE);
-
- memcpy(ptr, cksumdata.data+2, cksumdata.length-2);
- ptr += cksumdata.length-2;
-
- ptr[0] = (ap_rep.length >> 8) & 0xff;
- ptr[1] = ap_rep.length & 0xff;
- memcpy(ptr+2, ap_rep.data, ap_rep.length);
-
- ptr += (2+ap_rep.length);
-
- ptr[0] = (mic.length >> 8) & 0xff;
- ptr[1] = mic.length & 0xff;
- memcpy(ptr+2, mic.data, mic.length);
-
- ptr += (2+mic.length);
-
- free(cksumdata.data);
- cksumdata.data = 0;
-
- /* gss krb5 v2 */
+ int krb5_mech2_supported = 0;
+ assert(krb5_mech2_supported);
} else {
/* gss krb5 v1 */
#include "gssapiP_krb5.h"
#include <memory.h>
#include <stdlib.h>
+#include <assert.h>
/*
* $Id$
gss_OID mech_type;
gss_buffer_t token;
{
- krb5_flags mk_req_flags = 0;
- krb5_int32 con_flags;
- krb5_error_code code;
- krb5_data credmsg, cksumdata, ap_req;
- int i, tlen, cblen, nctypes;
- krb5_cksumtype *ctypes;
- unsigned char *t, *ptr;
-
- credmsg.data = 0;
- cksumdata.data = 0;
- ap_req.data = 0;
- ctypes = 0;
-
- /* create the option data if necessary */
- if (ctx->gss_flags & GSS_C_DELEG_FLAG) {
- /* first get KRB_CRED message, so we know its length */
-
- /* clear the time check flag that was set in krb5_auth_con_init() */
- krb5_auth_con_getflags(context, ctx->auth_context, &con_flags);
- krb5_auth_con_setflags(context, ctx->auth_context,
- con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
-
- code = krb5_fwd_tgt_creds(context, ctx->auth_context, 0,
- cred->princ, ctx->there, cred->ccache, 1,
- &credmsg);
-
- /* turn KRB5_AUTH_CONTEXT_DO_TIME back on */
- krb5_auth_con_setflags(context, ctx->auth_context, con_flags);
-
- if (code) {
- /* don't fail here; just don't accept/do the delegation
- request */
- ctx->gss_flags &= ~GSS_C_DELEG_FLAG;
- } else {
- if (credmsg.length > KRB5_INT16_MAX) {
- krb5_free_data_contents(context, &credmsg);
- return(KRB5KRB_ERR_FIELD_TOOLONG);
- }
- }
- } else {
- credmsg.length = 0;
- }
-
- /* construct the list of compatible cksum types */
-
- if ((code = krb5_c_keyed_checksum_types(context,
- k_cred->keyblock.enctype,
- &nctypes, &ctypes)))
- goto cleanup;
-
- if (nctypes == 0) {
- code = KRB5_CRYPTO_INTERNAL;
- goto cleanup;
- }
-
- /* construct the checksum fields */
-
- cblen = 4*5;
- if (chan_bindings)
- cblen += (chan_bindings->initiator_address.length+
- chan_bindings->acceptor_address.length+
- chan_bindings->application_data.length);
-
- cksumdata.length = cblen + 8 + 4*nctypes + 4;
- if (credmsg.length)
- cksumdata.length += 4 + credmsg.length;
-
- if ((cksumdata.data = (char *) malloc(cksumdata.length)) == NULL)
- goto cleanup;
-
- /* helper macros. This code currently depends on a long being 32
- bits, and htonl dtrt. */
-
- ptr = cksumdata.data;
-
- if (chan_bindings) {
- TWRITE_INT(ptr, chan_bindings->initiator_addrtype, 1);
- TWRITE_BUF(ptr, chan_bindings->initiator_address, 1);
- TWRITE_INT(ptr, chan_bindings->acceptor_addrtype, 1);
- TWRITE_BUF(ptr, chan_bindings->acceptor_address, 1);
- TWRITE_BUF(ptr, chan_bindings->application_data, 1);
- } else {
- memset(ptr, 0, cblen);
- ptr += cblen;
- }
-
- /* construct the token fields */
-
- ptr[0] = (KG2_TOK_INITIAL >> 8) & 0xff;
- ptr[1] = KG2_TOK_INITIAL & 0xff;
-
- ptr[2] = (ctx->gss_flags >> 24) & 0xff;
- ptr[3] = (ctx->gss_flags >> 16) & 0xff;
- ptr[4] = (ctx->gss_flags >> 8) & 0xff;
- ptr[5] = ctx->gss_flags & 0xff;
-
- ptr[6] = (nctypes >> 8) & 0xff;
- ptr[7] = nctypes & 0xff;
-
- ptr += 8;
-
- for (i=0; i<nctypes; i++) {
- ptr[0] = (ctypes[i] >> 24) & 0xff;
- ptr[1] = (ctypes[i] >> 16) & 0xff;
- ptr[2] = (ctypes[i] >> 8) & 0xff;
- ptr[3] = ctypes[i] & 0xff;
-
- ptr += 4;
- }
-
- if (credmsg.length) {
- ptr[0] = (KRB5_GSS_FOR_CREDS_OPTION >> 8) & 0xff;
- ptr[1] = KRB5_GSS_FOR_CREDS_OPTION & 0xff;
-
- ptr[2] = (credmsg.length >> 8) & 0xff;
- ptr[3] = credmsg.length & 0xff;
-
- ptr += 4;
-
- memcpy(ptr, credmsg.data, credmsg.length);
-
- ptr += credmsg.length;
- }
-
- memset(ptr, 0, 4);
-
- /* call mk_req. subkey and ap_req need to be used or destroyed */
-
- mk_req_flags = AP_OPTS_USE_SUBKEY;
-
- if (ctx->gss_flags & GSS_C_MUTUAL_FLAG)
- mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED;
-
- if ((code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags,
- &cksumdata, k_cred, &ap_req)))
- goto cleanup;
-
- /* store the interesting stuff from creds and authent */
- ctx->endtime = k_cred->times.endtime;
- ctx->krb_flags = k_cred->ticket_flags;
-
- /* build up the token */
-
- /* allocate space for the token */
- tlen = g_token_size((gss_OID) mech_type,
- (cksumdata.length-(2+cblen))+2+ap_req.length);
-
- if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
- code = ENOMEM;
- goto cleanup;
- }
-
- ptr = t;
-
- g_make_token_header((gss_OID) mech_type,
- (cksumdata.length-(2+cblen))+2+ap_req.length,
- &ptr, KG2_TOK_INITIAL);
-
- /* skip over the channel bindings and the token id */
- memcpy(ptr, cksumdata.data+cblen+2, cksumdata.length-(cblen+2));
- ptr += cksumdata.length-(cblen+2);
- ptr[0] = (ap_req.length >> 8) & 0xff;
- ptr[1] = ap_req.length & 0xff;
- ptr += 2;
- memcpy(ptr, ap_req.data, ap_req.length);
-
- /* pass allocated data back */
-
- ctx->nctypes = nctypes;
- ctx->ctypes = ctypes;
-
- token->length = tlen;
- token->value = (void *) t;
-
- code = 0;
-
-cleanup:
- if (code) {
- if (ctypes)
- krb5_free_cksumtypes(context, ctypes);
- }
-
- if (credmsg.data)
- free(credmsg.data);
- if (ap_req.data)
- free(ap_req.data);
- if (cksumdata.data)
- free(cksumdata.data);
-
- return(code);
+ int krb5_mech2_supported = 0;
+ assert(krb5_mech2_supported);
}
static krb5_error_code
+1999-08-27 Tom Yu <tlyu@mit.edu>
+
+ * client_init.c (_kadm5_init_any): Remove support for krb5-mech2
+ for now.
+
Thu May 13 17:24:44 1999 Tom Yu <tlyu@mit.edu>
* client_init.c (_kadm5_init_any): Use gss_krb5_ccache_name() to
#ifndef INIT_TEST
handle->clnt->cl_auth = auth_gssapi_create(handle->clnt,
- &gssstat,
- &minor_stat,
- gss_client_creds,
- gss_target,
- gss_mech_krb5_v2,
- GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
- 0,
- NULL,
- NULL,
- NULL);
-
- if (!handle->clnt->cl_auth)
- handle->clnt->cl_auth = auth_gssapi_create(handle->clnt,
- &gssstat,
- &minor_stat,
- gss_client_creds,
- gss_target,
- gss_mech_krb5,
- GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
- 0,
- NULL,
- NULL,
- NULL);
+ &gssstat,
+ &minor_stat,
+ gss_client_creds,
+ gss_target,
+ gss_mech_krb5,
+ GSS_C_MUTUAL_FLAG
+ | GSS_C_REPLAY_FLAG,
+ 0,
+ NULL,
+ NULL,
+ NULL);
(void) gss_release_name(&minor_stat, &gss_target);
#endif /* ! INIT_TEST */
+1999-08-30 Ken Raeburn <raeburn@mit.edu>
+
+ * api.2/init-v2.exp (RESOLVE): New variable.
+ (get_hostname): New proc, taken from tests/dejagnu.
+ (test101): Use get_hostname, set a variable in the target process
+ to hold the result, and use that variable in the other commands
+ passed.
+
+ * Makefile.in (unit-test-client-body): Pass $(RUNTESTFLAGS) to
+ runtest, so the user can run subsets of the test suite.
+ (unit-test-server-body): Likewise.
+
+1999-08-26 Ken Raeburn <raeburn@mit.edu>
+
+ * api.2/init-v2.exp (test101): Use local host name instead of
+ "localhost", since address 127.0.0.1 probably won't be listed in
+ credentials.
+
1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Set the myfulldir and mydir variables (which are
$(ENV_SETUP) $(RUNTEST) --tool api RPC=1 API=$(CLNTTCL) \
KINIT=$(BUILDTOP)/clients/kinit/kinit \
KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
- KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local
+ KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local $(RUNTESTFLAGS)
-mv api.log capi.log
-mv api.sum capi.sum
unit-test-server-body: site.exp test-handle-server lock-test
$(ENV_SETUP) $(RUNTEST) --tool api RPC=0 API=$(SRVTCL) \
LOCKTEST=./lock-test \
- KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local
+ KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local $(RUNTESTFLAGS)
-mv api.log sapi.log
-mv api.sum sapi.sum
}
if {$RPC} test100
+if ![info exists RESOLVE] {
+ set RESOLVE [findfile $objdir/../../../tests/resolve/resolve]
+}
+proc get_hostname { } {
+ global RESOLVE
+ global hostname
+ global localhostname
+ global domain
+
+ if {[info exists hostname] && [info exists localhostname]} {
+ return 1
+ }
+
+ catch "exec $RESOLVE -q >myname" exec_output
+ if ![string match "" $exec_output] {
+ send_log "$exec_output\n"
+ verbose $exec_output
+ send_error "ERROR: can't get hostname\n"
+ return 0
+ }
+ set file [open myname r]
+ if { [ gets $file hostname ] == -1 } {
+ send_error "ERROR: no output from hostname\n"
+ return 0
+ }
+ close $file
+ catch "exec rm -f myname" exec_output
+ regexp "^(\[^.\]*)\.(.*)$" $hostname foo localhostname domain
+
+ set hostname [string tolower $hostname]
+ set localhostname [string tolower $localhostname]
+ set domain [string tolower $domain]
+ verbose "hostname: $hostname; localhostname: $localhostname; domain $domain"
+
+ return 1
+}
+
+
test "init 101"
proc test101 {} {
global test
+ global hostname
+
+ get_hostname
+ tcl_cmd "set hostname $hostname"
# XXX Fix to work with a remote TEST_SERVER. For now, make sure
# it fails in that case.
one_line_succeed_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} {localhost 1751}] \
+ [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1751]] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
}
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} {localhost 1}] \
+ [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1]] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "RPC_ERROR"
+1999-08-30 Ken Raeburn <raeburn@mit.edu>
+
+ * t_kdb.c (add_principal): Free only contents of a generated key,
+ since the keyblock structure itself is on the stack.
+
+1999-08-17 Ken Raeburn <raeburn@mit.edu>
+
+ * t_kdb.c (add_principal): Update for new calling sequence to
+ krb5_dbekd_encrypt_key_data.
+ (do_testing): Update calls.
+
1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Set the myfulldir and mydir variables (which are
* Add a principal to the database.
*/
static krb5_error_code
-add_principal(kcontext, principal, eblock, key, rseed)
+add_principal(kcontext, principal, mkey, key, rseed)
krb5_context kcontext;
krb5_principal principal;
- krb5_encrypt_block * eblock;
+ krb5_keyblock * mkey;
krb5_keyblock * key;
krb5_pointer rseed;
{
krb5_error_code kret;
krb5_db_entry dbent;
- krb5_keyblock * rkey = NULL;
+ krb5_keyblock * rkey = NULL, lkey;
krb5_timestamp timenow;
int nentries = 1;
goto out;
if (!key) {
- if ((kret = krb5_random_key(kcontext, eblock, rseed, &rkey)))
+ kret = krb5_c_make_random_key (kcontext, mkey->enctype, &lkey);
+ if (kret)
goto out;
+ rkey = &lkey;
} else
rkey = key;
if ((kret = krb5_dbe_create_key_data(kcontext, &dbent)))
goto out;
- if ((kret = krb5_dbekd_encrypt_key_data(kcontext, eblock, rkey, NULL, 1,
+ if ((kret = krb5_dbekd_encrypt_key_data(kcontext, mkey, rkey, NULL, 1,
&dbent.key_data[0])))
goto out;
if (!key)
- krb5_free_keyblock(kcontext, rkey);
+ krb5_free_keyblock_contents(kcontext, rkey);
kret = krb5_db_put_principal(kcontext, &dbent, &nentries);
if ((!kret) && (nentries != 1))
op = "adding master principal";
if ((kret = add_principal(kcontext,
master_princ,
- &master_encblock,
+ &master_keyblock,
&master_keyblock,
rseed)))
goto goodbye;
swatch_on();
}
if ((kret = add_principal(kcontext, playback_principal(passno),
- &master_encblock, kbp, rseed))) {
+ &master_keyblock, kbp, rseed))) {
linkage = "initially ";
oparg = playback_name(passno);
goto cya;
}
if ((kret = add_principal(kcontext,
playback_principal(nvalid),
- &master_encblock,
+ &master_keyblock,
kbp, rseed))) {
oparg = playback_name(nvalid);
goto cya;
for (passno=0; passno<passes; passno++) {
op = "adding principal";
if ((kret = add_principal(kcontext, playback_principal(passno),
- &master_encblock, &stat_kb, rseed)))
+ &master_keyblock, &stat_kb, rseed)))
goto goodbye;
if (verbose > 4)
fprintf(stderr, "*A(%s)\n", playback_name(passno));
for (j=0; j<nper; j++) {
if ((kret = add_principal(ccontext,
playback_principal(base+j),
- &master_encblock,
+ &master_keyblock,
&stat_kb,
rseed))) {
fprintf(stderr,
+1999-08-26 Danilo Almeida <dalmeida@mit.edu>
+
+ * memcache.c (change_cache): Use PostMessage instead of SendMessage
+ so we do not block.
+
+Fri Aug 13 23:23:00 1999 Brad Thompson <yak@mit.edu>
+
+ * sendauth.c: Initialize __krb_sendauth_hidden_tkt_len so
+ it doesn't end up in the common block.
+
+ * pkt_clen.c: Initialize swap_bytes so that it doesn't end
+ up in the common block.
+
Mon May 10 15:23:15 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Do win32 build in subdir.
locked = FALSE;
}
- SendMessage(HWND_BROADCAST, krb_get_notification_message(), 0, 0);
+ PostMessage(HWND_BROADCAST, krb_get_notification_message(), 0, 0);
}
#include "prot.h"
extern int krb_debug;
-int swap_bytes;
+int swap_bytes=0;
/*
* Given a pointer to an AUTH_MSG_KDC_REPLY packet, return the length of
*
* See FIXME KLUDGE code in appl/bsd/kcmd.c.
*/
-KRB4_32 __krb_sendauth_hidden_tkt_len;
+KRB4_32 __krb_sendauth_hidden_tkt_len=0;
#define raw_tkt_len __krb_sendauth_hidden_tkt_len
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * cc_retr.c: New file.
+ (krb5_cc_retrieve_cred_seq): New function, derived from
+ fcc_retrieve but takes an optional list of enctypes to look for in
+ priority order.
+ (krb5_cc_retrieve_cred_default): New function. Same signature as
+ original fcc_retrieve but if new flag KRB5_TC_SUPPORTED_KTYPES is
+ set, calls krb5_get_tgs_ktypes to get a list of enctypes to look
+ for.
+ * Makefile.in (STLIBOBJS, OBJS, SRCS): Add it.
+
Tue May 18 19:52:56 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Remove - from recursive Win32 make invocation.
cccopy.o \
ccdefault.o \
ccdefops.o \
+ cc_retr.o \
ser_cc.o
OBJS= $(OUTPRE)ccbase.$(OBJEXT) \
$(OUTPRE)cccopy.$(OBJEXT) \
$(OUTPRE)ccdefault.$(OBJEXT) \
$(OUTPRE)ccdefops.$(OBJEXT) \
+ $(OUTPRE)cc_retr.$(OBJEXT) \
$(OUTPRE)ser_cc.$(OBJEXT)
SRCS= $(srcdir)/ccbase.c \
$(srcdir)/cccopy.c \
$(srcdir)/ccdefault.c \
$(srcdir)/ccdefops.c \
+ $(srcdir)/cc_retr.c \
$(srcdir)/ser_cc.c
all-unix:: all-libobjs
--- /dev/null
+/*
+ * lib/krb5/ccache/cc_retr.c
+ *
+ * Copyright 1990,1991,1999 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ */
+
+#include "k5-int.h"
+
+#define KRB5_OK 0
+
+#define set(bits) (whichfields & bits)
+#define flags_match(a,b) (((a) & (b)) == (a))
+#define times_match_exact(t1,t2) (memcmp((char *)(t1), (char *)(t2), sizeof(*(t1))) == 0)
+
+static krb5_boolean
+times_match(t1, t2)
+ const krb5_ticket_times *t1;
+ const krb5_ticket_times *t2;
+{
+ if (t1->renew_till) {
+ if (t1->renew_till > t2->renew_till)
+ return FALSE; /* this one expires too late */
+ }
+ if (t1->endtime) {
+ if (t1->endtime > t2->endtime)
+ return FALSE; /* this one expires too late */
+ }
+ /* only care about expiration on a times_match */
+ return TRUE;
+}
+
+static krb5_boolean
+standard_fields_match(context, mcreds, creds)
+krb5_context context;
+const krb5_creds *mcreds;
+const krb5_creds *creds;
+{
+ return (krb5_principal_compare(context, mcreds->client,creds->client)
+ && krb5_principal_compare(context, mcreds->server,creds->server));
+}
+
+/* only match the server name portion, not the server realm portion */
+
+static krb5_boolean
+srvname_match(context, mcreds, creds)
+ krb5_context context;
+ const krb5_creds *mcreds, *creds;
+{
+ krb5_boolean retval;
+ krb5_principal_data p1, p2;
+
+ retval = krb5_principal_compare(context, mcreds->client,creds->client);
+ if (retval != TRUE)
+ return retval;
+ /*
+ * Hack to ignore the server realm for the purposes of the compare.
+ */
+ p1 = *mcreds->server;
+ p2 = *creds->server;
+ p1.realm = p2.realm;
+ return krb5_principal_compare(context, &p1, &p2);
+}
+
+static krb5_boolean
+authdata_match(mdata, data)
+ krb5_authdata * const *mdata, * const *data;
+{
+ const krb5_authdata *mdatap, *datap;
+
+ if (mdata == data)
+ return TRUE;
+
+ if (mdata == NULL)
+ return *data == NULL;
+
+ if (data == NULL)
+ return *mdata == NULL;
+
+ while ((mdatap = *mdata) && (datap = *data)) {
+ if ((mdatap->ad_type != datap->ad_type) ||
+ (mdatap->length != datap->length) ||
+ (memcmp ((char *)mdatap->contents,
+ (char *)datap->contents, mdatap->length) != 0))
+ return FALSE;
+ mdata++;
+ data++;
+ }
+ return (*mdata == NULL) && (*data == NULL);
+}
+
+static krb5_boolean
+data_match(data1, data2)
+ const krb5_data *data1, *data2;
+{
+ if (!data1) {
+ if (!data2)
+ return TRUE;
+ else
+ return FALSE;
+ }
+ if (!data2) return FALSE;
+
+ if (data1->length != data2->length)
+ return FALSE;
+ else
+ return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE;
+}
+
+static int
+pref (krb5_enctype my_ktype, int nktypes, krb5_enctype *ktypes)
+{
+ int i;
+ for (i = 0; i < nktypes; i++)
+ if (my_ktype == ktypes[i])
+ return i;
+ return -1;
+}
+
+/*
+ * Effects:
+ * Searches the credentials cache for a credential matching mcreds,
+ * with the fields specified by whichfields. If one if found, it is
+ * returned in creds, which should be freed by the caller with
+ * krb5_free_credentials().
+ *
+ * The fields are interpreted in the following way (all constants are
+ * preceded by KRB5_TC_). MATCH_IS_SKEY requires the is_skey field to
+ * match exactly. MATCH_TIMES requires the requested lifetime to be
+ * at least as great as that specified; MATCH_TIMES_EXACT requires the
+ * requested lifetime to be exactly that specified. MATCH_FLAGS
+ * requires only the set bits in mcreds be set in creds;
+ * MATCH_FLAGS_EXACT requires all bits to match.
+ *
+ * Flag SUPPORTED_KTYPES means check all matching entries that have
+ * any supported enctype (according to tgs_enctypes) and return the one
+ * with the enctype listed earliest. Return CC_NOT_KTYPE if a match
+ * is found *except* for having a supported enctype.
+ *
+ * Errors:
+ * system errors
+ * permission errors
+ * KRB5_CC_NOMEM
+ * KRB5_CC_NOT_KTYPE
+ */
+
+static krb5_error_code
+krb5_cc_retrieve_cred_seq (context, id, whichfields,
+ mcreds, creds, nktypes, ktypes)
+ krb5_context context;
+ krb5_ccache id;
+ krb5_flags whichfields;
+ krb5_creds *mcreds;
+ krb5_creds *creds;
+ int nktypes;
+ krb5_enctype *ktypes;
+{
+ /* This function could be considerably faster if it kept indexing */
+ /* information.. sounds like a "next version" idea to me. :-) */
+
+ krb5_cc_cursor cursor;
+ krb5_error_code kret;
+ krb5_error_code nomatch_err = KRB5_CC_NOTFOUND;
+ struct {
+ krb5_creds creds;
+ int pref;
+ } fetched, best;
+ int have_creds = 0;
+#define fetchcreds (fetched.creds)
+
+ kret = krb5_cc_start_seq_get(context, id, &cursor);
+ if (kret != KRB5_OK)
+ return kret;
+
+ while ((kret = krb5_cc_next_cred(context, id, &cursor, &fetchcreds)) == KRB5_OK) {
+ if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
+ srvname_match(context, mcreds, &fetchcreds)) ||
+ standard_fields_match(context, mcreds, &fetchcreds))
+ &&
+ (! set(KRB5_TC_MATCH_IS_SKEY) ||
+ mcreds->is_skey == fetchcreds.is_skey)
+ &&
+ (! set(KRB5_TC_MATCH_FLAGS_EXACT) ||
+ mcreds->ticket_flags == fetchcreds.ticket_flags)
+ &&
+ (! set(KRB5_TC_MATCH_FLAGS) ||
+ flags_match(mcreds->ticket_flags, fetchcreds.ticket_flags))
+ &&
+ (! set(KRB5_TC_MATCH_TIMES_EXACT) ||
+ times_match_exact(&mcreds->times, &fetchcreds.times))
+ &&
+ (! set(KRB5_TC_MATCH_TIMES) ||
+ times_match(&mcreds->times, &fetchcreds.times))
+ &&
+ ( ! set(KRB5_TC_MATCH_AUTHDATA) ||
+ authdata_match(mcreds->authdata, fetchcreds.authdata))
+ &&
+ (! set(KRB5_TC_MATCH_2ND_TKT) ||
+ data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
+ &&
+ ((! set(KRB5_TC_MATCH_KTYPE))||
+ (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype)))
+ {
+ if (ktypes) {
+ fetched.pref = pref (fetchcreds.keyblock.enctype,
+ nktypes, ktypes);
+ if (fetched.pref < 0)
+ nomatch_err = KRB5_CC_NOT_KTYPE;
+ else if (!have_creds || fetched.pref < best.pref) {
+ if (have_creds)
+ krb5_free_cred_contents (context, &best.creds);
+ else
+ have_creds = 1;
+ best = fetched;
+ continue;
+ }
+ } else {
+ krb5_cc_end_seq_get(context, id, &cursor);
+ *creds = fetchcreds;
+ return KRB5_OK;
+ }
+ }
+
+ /* This one doesn't match */
+ krb5_free_cred_contents(context, &fetchcreds);
+ }
+
+ /* If we get here, a match wasn't found */
+ krb5_cc_end_seq_get(context, id, &cursor);
+ if (have_creds) {
+ *creds = best.creds;
+ return KRB5_OK;
+ } else
+ return nomatch_err;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_retrieve_cred_default (context, id, flags, mcreds, creds)
+ krb5_context context;
+ krb5_ccache id;
+ krb5_flags flags;
+ krb5_creds *mcreds;
+ krb5_creds *creds;
+{
+ krb5_enctype *ktypes;
+ int nktypes;
+ krb5_error_code ret;
+
+ if (flags & KRB5_TC_SUPPORTED_KTYPES) {
+ ret = krb5_get_tgs_ktypes (context, mcreds->server, &ktypes);
+ if (ret)
+ return ret;
+ nktypes = 0;
+ while (ktypes[nktypes])
+ nktypes++;
+
+ ret = krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds,
+ nktypes, ktypes);
+ free (ktypes);
+ return ret;
+ } else {
+ return krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds,
+ 0, 0);
+ }
+}
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * stdcc.c (krb5_stdcc_retrieve): Replace with a version that calls
+ krb5_cc_retrieve_cred_default.
+
1999-08-05 Alexandra Ellwood <lxs@mit.edu>
* stdcc_util.c (deep_free_cc_v5_creds):
*
* - try to find a matching credential in the cache
*/
+#if 0
krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve
(krb5_context context,
krb5_ccache id,
return KRB5_CC_NOTFOUND;
}
+#else
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_stdcc_retrieve(context, id, whichfields, mcreds, creds)
+ krb5_context context;
+ krb5_ccache id;
+ krb5_flags whichfields;
+ krb5_creds *mcreds;
+ krb5_creds *creds;
+{
+ return krb5_cc_retrieve_cred_default (context, id, whichfields,
+ mcreds, creds);
+}
+
+#endif
/*
* end seq
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * fcc_retrv.c (krb5_fcc_retrieve): Replace with a version that
+ calls krb5_cc_retrieve_cred_default.
+
1999-06-10 Danilo Almeida <dalmeida@mit.edu>
* fcc_ops.c (krb5_cache_change): Use PostMessage instead of
* This file contains the source code for krb5_fcc_retrieve.
*/
+#if 0
+
#include "fcc.h"
#ifdef macintosh
}
return (*mdata == NULL) && (*data == NULL);
}
+
+#else
+
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_fcc_retrieve(context, id, whichfields, mcreds, creds)
+ krb5_context context;
+ krb5_ccache id;
+ krb5_flags whichfields;
+ krb5_creds *mcreds;
+ krb5_creds *creds;
+{
+ return krb5_cc_retrieve_cred_default (context, id, whichfields,
+ mcreds, creds);
+}
+
+#endif
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * mcc_retrv.c (krb5_mcc_retrieve): Replace with a version that
+ calls krb5_cc_retrieve_cred_default.
+
Mon May 10 15:25:06 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Do win32 build in subdir.
* This file contains the source code for krb5_mcc_retrieve.
*/
+#if 0
+
#include "mcc.h"
#define set(bits) (whichfields & bits)
}
return (*mdata == NULL) && (*data == NULL);
}
+
+#else
+
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_retrieve(context, id, whichfields, mcreds, creds)
+ krb5_context context;
+ krb5_ccache id;
+ krb5_flags whichfields;
+ krb5_creds *mcreds;
+ krb5_creds *creds;
+{
+ return krb5_cc_retrieve_cred_default (context, id, whichfields,
+ mcreds, creds);
+}
+
+#endif
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * scc_retrv.c (krb5_scc_retrieve): Replace with a version that
+ calls krb5_cc_retrieve_cred_default.
+
1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Set the myfulldir and mydir variables (which are
* This file contains the source code for krb5_scc_retrieve.
*/
+#if 0
+
#include "scc.h"
#define set(bits) (whichfields & bits)
krb5_scc_end_seq_get(context, id, &cursor);
return KRB5_CC_NOTFOUND;
}
+
+#else
+
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_scc_retrieve(context, id, whichfields, mcreds, creds)
+ krb5_context context;
+ krb5_ccache id;
+ krb5_flags whichfields;
+ krb5_creds *mcreds;
+ krb5_creds *creds;
+{
+ return krb5_cc_retrieve_cred_default (context, id, whichfields,
+ mcreds, creds);
+}
+
+#endif
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * krb5_err.et (KRB5_CC_NOT_KTYPE): New error code.
+
1999-07-29 Ken Raeburn <raeburn@mit.edu>
* Makefile.in: Delete dependency info for isode error table that
error_code KRB5_CC_WRITE, "Error writing to credentials cache file"
error_code KRB5_CC_NOMEM, "No more memory to allocate (in credentials cache code)"
error_code KRB5_CC_FORMAT, "Bad format in credentials cache"
+error_code KRB5_CC_NOT_KTYPE, "No credentials found with supported encryption types"
# errors for dual tgt library calls
error_code KRB5_INVALID_FLAGS, "Invalid KDC option combination (library internal error)"
+1999-08-26 Ken Raeburn <raeburn@mit.edu>
+
+ * init_ctx.c (get_profile_etype_list): Update name of the des3
+ entry in the default etype list.
+
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * init_ctx.c (get_profile_etype_list): New argument DESONLY; if
+ set, ignore any ktype values other than NULL, DES_CBC_CRC, and
+ DES_CBC_MD5.
+ (krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it.
+ (krb5_get_permitted_enctypes): Don't set it.
+
+ * fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES
+ when calling krb5_cc_retrieve_cred.
+ * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto.
+ * get_creds.c (krb5_get_credentials_core): Set that flag.
+ (krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return.
+
+1999-08-17 Ken Raeburn <raeburn@mit.edu>
+
+ * t_ser.c (main): Disable eblock serialization test, since the
+ code it tests was disabled nearly a year ago.
+
+ * str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra
+ argument to sprintf.
+
+1999-08-10 Alexandra Ellwood <lxs@mit.edu>
+
+ * chpw.c (krb5_mk_chpw_req):
+ Added call to free cipherpw.data. cipherpw.data is allocated
+ by krb5_mk_priv and passed back. Since cipherpw is never
+ passed back, krb5_mk_chpw_req should free it.
+
1999-08-05 Danilo Almeida <dalmeida@mit.edu>
* init_ctx.c (krb5_init_context): Document why krb5_win_ccdll_load
char *passwd;
krb5_data *packet;
{
- krb5_error_code ret;
+ krb5_error_code ret = 0;
krb5_data clearpw;
krb5_data cipherpw;
krb5_replay_data replay;
char *ptr;
+ cipherpw.data = NULL;
+
if (ret = krb5_auth_con_setflags(context, auth_context,
KRB5_AUTH_CONTEXT_DO_SEQUENCE))
- return(ret);
+ goto cleanup;
clearpw.length = strlen(passwd);
clearpw.data = passwd;
if (ret = krb5_mk_priv(context, auth_context,
&clearpw, &cipherpw, &replay))
- return(ret);
+ goto cleanup;
packet->length = 6 + ap_req->length + cipherpw.length;
packet->data = (char *) malloc(packet->length);
if (packet->data == NULL)
- return ENOMEM;
+ {
+ ret = ENOMEM;
+ goto cleanup;
+ }
ptr = packet->data;
/* length */
memcpy(ptr, cipherpw.data, cipherpw.length);
- return(0);
+cleanup:
+ if(cipherpw.data != NULL) /* allocated by krb5_mk_priv */
+ free(cipherpw.data);
+
+ return(ret);
}
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
}
/* fetch tgt directly from cache */
- retval = krb5_cc_retrieve_cred (context, cc, 0, &creds, &tgt);
+ retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES,
+ &creds, &tgt);
if (retval)
goto errout;
}
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
- if (retval != KRB5_CC_NOTFOUND) {
+ if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) {
goto cleanup;
}
goto cleanup;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
goto cleanup;
}
goto cleanup;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
- if (retval != KRB5_CC_NOTFOUND) {
+ if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) {
goto cleanup;
}
goto cleanup;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
if (retval != KRB5_CC_NOTFOUND) {
goto cleanup;
mcreds->client = in_creds->client;
*fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
- | KRB5_TC_MATCH_AUTHDATA ;
+ | KRB5_TC_MATCH_AUTHDATA
+ | KRB5_TC_SUPPORTED_KTYPES;
if (mcreds->keyblock.enctype)
*fields |= KRB5_TC_MATCH_KTYPE;
if (options & KRB5_GC_USER_USER) {
*out_creds = ncreds;
}
- if (retval != KRB5_CC_NOTFOUND || options & KRB5_GC_CACHED)
+ if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE)
+ || options & KRB5_GC_CACHED)
return retval;
retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts);
}
static krb5_error_code
-get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
+get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list, desonly)
krb5_context context;
krb5_enctype **ktypes;
char *profstr;
int ctx_count;
krb5_enctype FAR *ctx_list;
+ int desonly;
{
krb5_enctype *old_ktypes;
code = profile_get_string(context->profile, "libdefaults", profstr,
NULL,
- "des3-hmac-sha1 des-cbc-md5 des-cbc-crc",
+ "des3-cbc-sha1 des-cbc-md5 des-cbc-crc",
&retval);
if (code)
return code;
j = 0;
i = 1;
while (1) {
- if (! krb5_string_to_enctype(sp, &old_ktypes[j]))
+ if (! krb5_string_to_enctype(sp, &old_ktypes[j])) {
+ switch (old_ktypes[j]) {
+ default:
+ if (desonly)
+ /* Other types not supported yet. */
+ break;
+ /* else fall through */
+
+ case ENCTYPE_NULL:
+ case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES_CBC_MD5:
j++;
+ break;
+ }
+ }
if (i++ >= count)
break;
{
return(get_profile_etype_list(context, ktypes, "default_tkt_enctypes",
context->in_tkt_ktype_count,
- context->in_tkt_ktypes));
+ context->in_tkt_ktypes, 1));
}
krb5_error_code
{
return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
context->tgs_ktype_count,
- context->tgs_ktypes));
+ context->tgs_ktypes, 1));
}
krb5_error_code
{
return(get_profile_etype_list(context, ktypes, "permitted_enctypes",
context->tgs_ktype_count,
- context->tgs_ktypes));
+ context->tgs_ktypes, 0));
}
krb5_boolean
if (buflen >= sftime_default_len) {
sprintf(buffer, sftime_default_fmt,
tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year,
- tmp->tm_hour, tmp->tm_min, tmp->tm_sec);
+ tmp->tm_hour, tmp->tm_min);
ndone = strlen(buffer);
}
}
krb5_encrypt_block *eblock;
eblock = (krb5_encrypt_block *) nctx;
+#if 0
if (eblock->priv && eblock->priv_size)
krb5_xfree(eblock->priv);
+#endif
if (eblock->key)
krb5_free_keyblock(ser_ctx, eblock->key);
krb5_xfree(eblock);
krb5_use_enctype(kcontext, &eblock, DEFAULT_KDC_ENCTYPE);
if (!(kret = ser_data(verbose, "> NULL eblock",
(krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) {
+#if 0
eblock.priv = (krb5_pointer) stuff;
eblock.priv_size = 8;
+#endif
if (!(kret = ser_data(verbose, "> eblock with private data",
(krb5_pointer) &eblock,
KV5M_ENCRYPT_BLOCK))) {
case 'C':
do_ctest = 1;
break;
+#if 0
case 'E':
do_etest = 1;
break;
+#endif
case 'K':
do_ktest = 1;
break;
if (kret)
goto fail;
}
+#if 0 /* code to be tested is currently disabled */
if (do_etest) {
ch_err = 'e';
kret = ser_eblock_test(kcontext, verbose);
if (kret)
goto fail;
}
+#endif
if (do_ptest) {
ch_err = 'p';
kret = ser_princ_test(kcontext, verbose);
+1999-08-26 Danilo Almeida <dalmeida@mit.edu>
+
+ * kuserok.c (krb5_kuserok): Fix improper negation in
+ non-Unix localname check. Also fix calling convention
+ before this function is exported by the Windows DLL.
+
+ * localaddr.c (krb5_os_localaddr): Fix memset to clear
+ right address list. (Thanks to jaltman@columbia.edu).
+
+1999-08-21 Danilo Almeida <dalmeida@mit.edu>
+
+ * localaddr.c (krb5_os_localaddr): Use multiple addresses, if
+ present, on Mac and Windows.
+
+1999-08-17 Ken Raeburn <raeburn@mit.edu>
+
+ * get_krbhst.c (krb5_get_krbhst): Fix double-indirection
+ confusion. Do actually copy string contents to newly allocated
+ storage.
+
+1999-08-10 Alexandra Ellwood <lxs@mit.edu>
+
+ * changepw.c (krb5_change_password):
+ Reorganized code so that krb5_change_password actually frees
+ everything it allocated on error. Also fixed some memory
+ leaks which happened even without an error occurring.
+
+1999-08-09 Danilo Almeida <dalmeida@mit.edu>
+
+ * prompter.c (krb5_prompter_posix): Provide Win32 implementation
+ so that kinit and such work under Win32.
+
1999-08-06 Danilo Almeida <dalmeida@mit.edu>
+ * def_realm.c (krb5_get_default_realm):
+ * hst_realm.c (krb5_get_host_realm): Make sure we have FQDN
+ in the case where we use gethostname.
+
+ * def_realm.c (krb5_get_default_realm): Check that we have
+ a realm before trying to copy it (since profile_get_string
+ may return no error but not get anything).
+
* init_os_ctx.c (krb5_get_profile): Fix calling convention.
1999-08-05 Danilo Almeida <dalmeida@mit.edu>
krb5_address local_kaddr, remote_kaddr;
const char *realm_kdc_names[4];
int default_port;
- char **hostlist, *host, *port, *cp, *code_string;
- krb5_error_code code;
+ char **hostlist, *host, *tmphost, *port, *cp, *code_string;
+ krb5_error_code code = 0;
int i, j, out, count, addrlen;
struct sockaddr *addr_p, local_addr, remote_addr, tmp_addr;
struct sockaddr_in *sin_p;
u_short udpport = htons(KRB5_DEFAULT_PORT);
#endif
int cc, local_result_code, tmp_len;
- SOCKET s1, s2;
+ SOCKET s1 = INVALID_SOCKET, s2 = INVALID_SOCKET;
+ /* Initialize values so that cleanup call can safely check for NULL */
auth_context = NULL;
-
+ addr_p = NULL;
+ host = NULL;
+ hostlist = NULL;
+ memset(&chpw_req, 0, sizeof(krb5_data));
+ memset(&chpw_rep, 0, sizeof(krb5_data));
+ memset(&ap_req, 0, sizeof(krb5_data));
+
+ /* initialize auth_context so that we know we have to free it */
+ if ((code = krb5_auth_con_init(context, &auth_context)))
+ goto cleanup;
+
if (code = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
NULL, creds, &ap_req))
- return(code);
+ goto cleanup;
- if ((host = malloc(krb5_princ_realm(context, creds->client)->length + 1))
- == NULL)
- return ENOMEM;
+ if ((host = malloc(krb5_princ_realm(context, creds->client)->length + 1)) == NULL)
+ {
+ code = ENOMEM;
+ goto cleanup;
+ }
strncpy(host, krb5_princ_realm(context, creds->client)->data,
krb5_princ_realm(context, creds->client)->length);
code = profile_get_values(context->profile, realm_kdc_names, &hostlist);
- if (code == PROF_NO_RELATION) {
- realm_kdc_names[2] = "admin_server";
-
- default_port = 1;
-
- code = profile_get_values(context->profile, realm_kdc_names,
- &hostlist);
- }
-
- krb5_xfree(host);
+ if (code == PROF_NO_RELATION)
+ {
+ realm_kdc_names[2] = "admin_server";
+ default_port = 1;
+ code = profile_get_values(context->profile, realm_kdc_names, &hostlist);
+ }
if (code == PROF_NO_SECTION)
- return KRB5_REALM_UNKNOWN;
- else if (code == PROF_NO_RELATION)
- return KRB5_CONFIG_BADFORMAT;
- else if (code)
- return code;
+ {
+ code = KRB5_REALM_UNKNOWN;
+ goto cleanup;
+ }
+ else
+ if (code == PROF_NO_RELATION)
+ {
+ code = KRB5_CONFIG_BADFORMAT;
+ goto cleanup;
+ }
+ else
+ if (code)
+ goto cleanup;
#ifdef HAVE_NETINET_IN_H
/* XXX should look for "kpasswd" in /etc/services */
count++;
if (count == 0)
- /* XXX */
- return(KADM_NO_HOST);
+ {
+ /* XXX */
+ code = KADM_NO_HOST;
+ goto cleanup;
+ }
addr_p = (struct sockaddr *) malloc(sizeof(struct sockaddr) * count);
if (addr_p == NULL)
- return ENOMEM;
+ {
+ code = ENOMEM;
+ goto cleanup;
+ }
- host = hostlist[0];
+ tmphost = hostlist[0];
out = 0;
/*
* Strip off excess whitespace
*/
- cp = strchr(host, ' ');
+ cp = strchr(tmphost, ' ');
if (cp)
- *cp = 0;
- cp = strchr(host, '\t');
+ *cp = 0;
+ cp = strchr(tmphost, '\t');
if (cp)
- *cp = 0;
- port = strchr(host, ':');
+ *cp = 0;
+ port = strchr(tmphost, ':');
if (port) {
- *port = 0;
+ *port = 0;
port++;
/* if the admin_server line was used, ignore the specified
port */
}
hp = gethostbyname(hostlist[0]);
- if (hp != 0) {
- switch (hp->h_addrtype) {
+ if (hp != 0)
+ {
+ switch (hp->h_addrtype)
+ {
#ifdef HAVE_NETINET_IN_H
- case AF_INET:
- for (j=0; hp->h_addr_list[j]; j++) {
- sin_p = (struct sockaddr_in *) &addr_p[out++];
- memset ((char *)sin_p, 0, sizeof(struct sockaddr));
- sin_p->sin_family = hp->h_addrtype;
- sin_p->sin_port = port ? htons(atoi(port)) : udpport;
- memcpy((char *)&sin_p->sin_addr,
- (char *)hp->h_addr_list[j],
- sizeof(struct in_addr));
- if (out+1 >= count) {
- count += 5;
- addr_p = (struct sockaddr *)
- realloc ((char *)addr_p,
- sizeof(struct sockaddr) * count);
- if (addr_p == NULL)
- return ENOMEM;
- }
- }
- break;
+ case AF_INET:
+ for (j=0; hp->h_addr_list[j]; j++)
+ {
+ sin_p = (struct sockaddr_in *) &addr_p[out++];
+ memset ((char *)sin_p, 0, sizeof(struct sockaddr));
+ sin_p->sin_family = hp->h_addrtype;
+ sin_p->sin_port = port ? htons(atoi(port)) : udpport;
+ memcpy((char *)&sin_p->sin_addr,
+ (char *)hp->h_addr_list[j],
+ sizeof(struct in_addr));
+ if (out+1 >= count)
+ {
+ count += 5;
+ addr_p = (struct sockaddr *)
+ realloc ((char *)addr_p, sizeof(struct sockaddr) * count);
+ if (addr_p == NULL)
+ {
+ code = ENOMEM;
+ goto cleanup;
+ }
+ }
+ }
+ break;
#endif
- default:
- break;
- }
- }
-
- profile_free_list(hostlist);
-
- if (out == 0) { /* Couldn't resolve any KDC names */
- free (addr_p);
- return(KADM_NO_HOST);
- }
+ default:
+ break;
+ }
+ }
+
+ if (out == 0)
+ {
+ /* Couldn't resolve any KDC names */
+ code = KADM_NO_HOST;
+ goto cleanup;
+ }
/* this is really obscure. s1 is used for all communications. it
is left unconnected in case the server is multihomed and routes
hostname resolution to get the local ip addr) will work and
interoperate if the client is single-homed. */
- if ((s1 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET) {
- free(addr_p);
- return(SOCKET_ERRNO);
- }
-
- if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET) {
- free(addr_p);
- return(SOCKET_ERRNO);
- }
-
- for (i=0; i<out; i++) {
- if (connect(s2, &addr_p[i], sizeof(addr_p[i])) == SOCKET_ERROR) {
- if ((cc < 0) && ((SOCKET_ERRNO == ECONNREFUSED) ||
- (SOCKET_ERRNO == EHOSTUNREACH)))
- continue; /* try the next addr */
- free(addr_p);
- closesocket(s1);
- closesocket(s2);
- return(SOCKET_ERRNO);
- }
-
- addrlen = sizeof(local_addr);
-
- if (getsockname(s2, &local_addr, &addrlen) < 0) {
- if ((SOCKET_ERRNO == ECONNREFUSED) ||
- (SOCKET_ERRNO == EHOSTUNREACH))
- continue; /* try the next addr */
- free(addr_p);
- closesocket(s1);
- closesocket(s2);
- return(SOCKET_ERRNO);
- }
-
- /* some brain-dead OS's don't return useful information from
- * the getsockname call. Namely, windows and solaris. */
-
- if (((struct sockaddr_in *)&local_addr)->sin_addr.s_addr != 0) {
- local_kaddr.addrtype = ADDRTYPE_INET;
- local_kaddr.length =
- sizeof(((struct sockaddr_in *) &local_addr)->sin_addr);
- local_kaddr.contents =
- (krb5_octet *) &(((struct sockaddr_in *) &local_addr)->sin_addr);
- } else {
- krb5_address **addrs;
-
- krb5_os_localaddr(context, &addrs);
- local_kaddr.magic = addrs[0]->magic;
- local_kaddr.addrtype = addrs[0]->addrtype;
- local_kaddr.length = addrs[0]->length;
- local_kaddr.contents = malloc(addrs[0]->length);
- memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length);
-
- krb5_free_addresses(context, addrs);
- }
-
- addrlen = sizeof(remote_addr);
- if (getpeername(s2, &remote_addr, &addrlen) < 0) {
- if ((SOCKET_ERRNO == ECONNREFUSED) ||
- (SOCKET_ERRNO == EHOSTUNREACH))
- continue; /* try the next addr */
- free(addr_p);
- closesocket(s1);
- closesocket(s2);
- return(SOCKET_ERRNO);
- }
-
- remote_kaddr.addrtype = ADDRTYPE_INET;
- remote_kaddr.length =
- sizeof(((struct sockaddr_in *) &remote_addr)->sin_addr);
- remote_kaddr.contents =
- (krb5_octet *) &(((struct sockaddr_in *) &remote_addr)->sin_addr);
-
- /* mk_priv requires that the local address be set.
- getsockname is used for this. rd_priv requires that the
- remote address be set. recvfrom is used for this. If
- rd_priv is given a local address, and the message has the
- recipient addr in it, this will be checked. However, there
- is simply no way to know ahead of time what address the
- message will be delivered *to*. Therefore, it is important
- that either no recipient address is in the messages when
- mk_priv is called, or that no local address is passed to
- rd_priv. Both is a better idea, and I have done that. In
- summary, when mk_priv is called, *only* a local address is
- specified. when rd_priv is called, *only* a remote address
- is specified. Are we having fun yet? */
-
- if (code = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr,
- NULL)) {
- free(addr_p);
- closesocket(s1);
- closesocket(s2);
- return(code);
- }
-
- if (code = krb5_mk_chpw_req(context, auth_context, &ap_req,
- newpw, &chpw_req)) {
- free(addr_p);
- closesocket(s1);
- closesocket(s2);
- return(code);
- }
-
- if ((cc = sendto(s1, chpw_req.data, chpw_req.length, 0,
- (struct sockaddr *) &addr_p[i],
- sizeof(addr_p[i]))) !=
- chpw_req.length) {
- if ((cc < 0) && ((SOCKET_ERRNO == ECONNREFUSED) ||
- (SOCKET_ERRNO == EHOSTUNREACH)))
- continue; /* try the next addr */
- free(addr_p);
- closesocket(s1);
- closesocket(s2);
- return((cc < 0)?SOCKET_ERRNO:ECONNABORTED);
- }
-
- krb5_xfree(chpw_req.data);
-
- chpw_rep.length = 1500;
- chpw_rep.data = (char *) malloc(chpw_rep.length);
-
- /* XXX need a timeout/retry loop here */
-
- /* "recv" would be good enough here... except that Windows/NT
- commits the atrocity of returning -1 to indicate failure,
- but leaving errno set to 0.
-
- "recvfrom(...,NULL,NULL)" would seem to be a good enough
- alternative, and it works on NT, but it doesn't work on
- SunOS 4.1.4 or Irix 5.3. Thus we must actually accept the
- value and discard it. */
- tmp_len = sizeof(tmp_addr);
- if ((cc = recvfrom(s1, chpw_rep.data, chpw_rep.length, 0, &tmp_addr, &tmp_len)) < 0) {
- free(addr_p);
- closesocket(s1);
- closesocket(s2);
- return(SOCKET_ERRNO);
- }
-
- closesocket(s1);
- closesocket(s2);
-
- chpw_rep.length = cc;
-
- if (code = krb5_auth_con_setaddrs(context, auth_context, NULL,
- &remote_kaddr)) {
- free(addr_p);
- closesocket(s1);
- closesocket(s2);
- return(code);
- }
-
- code = krb5_rd_chpw_rep(context, auth_context, &chpw_rep,
- &local_result_code, result_string);
-
- free(chpw_rep.data);
- free(addr_p);
-
- if (code)
- return(code);
-
- if (result_code)
- *result_code = local_result_code;
-
- if (result_code_string) {
- if (code = krb5_chpw_result_code_string(context, local_result_code,
- &code_string))
- return(code);
-
- result_code_string->length = strlen(code_string);
- if ((result_code_string->data =
- (char *) malloc(result_code_string->length)) == NULL)
- return(ENOMEM);
- strncpy(result_code_string->data, code_string,
- result_code_string->length);
- }
-
- return(0);
- }
-
- free(addr_p);
- closesocket(s1);
- closesocket(s2);
- return(SOCKET_ERRNO);
+ if ((s1 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET)
+ {
+ code = SOCKET_ERRNO;
+ goto cleanup;
+ }
+
+ if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET)
+ {
+ code = SOCKET_ERRNO;
+ goto cleanup;
+ }
+
+ for (i=0; i<out; i++)
+ {
+ if (connect(s2, &addr_p[i], sizeof(addr_p[i])) == SOCKET_ERROR)
+ {
+ if ((SOCKET_ERRNO == ECONNREFUSED) || (SOCKET_ERRNO == EHOSTUNREACH))
+ continue; /* try the next addr */
+
+ code = SOCKET_ERRNO;
+ goto cleanup;
+ }
+
+ addrlen = sizeof(local_addr);
+
+ if (getsockname(s2, &local_addr, &addrlen) < 0)
+ {
+ if ((SOCKET_ERRNO == ECONNREFUSED) || (SOCKET_ERRNO == EHOSTUNREACH))
+ continue; /* try the next addr */
+
+ code = SOCKET_ERRNO;
+ goto cleanup;
+ }
+
+ /* some brain-dead OS's don't return useful information from
+ * the getsockname call. Namely, windows and solaris. */
+
+ if (((struct sockaddr_in *)&local_addr)->sin_addr.s_addr != 0)
+ {
+ local_kaddr.addrtype = ADDRTYPE_INET;
+ local_kaddr.length = sizeof(((struct sockaddr_in *) &local_addr)->sin_addr);
+ local_kaddr.contents = (krb5_octet *) &(((struct sockaddr_in *) &local_addr)->sin_addr);
+ }
+ else
+ {
+ krb5_address **addrs;
+
+ krb5_os_localaddr(context, &addrs);
+
+ local_kaddr.magic = addrs[0]->magic;
+ local_kaddr.addrtype = addrs[0]->addrtype;
+ local_kaddr.length = addrs[0]->length;
+ local_kaddr.contents = malloc(addrs[0]->length);
+ memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length);
+
+ krb5_free_addresses(context, addrs);
+ }
+
+ addrlen = sizeof(remote_addr);
+ if (getpeername(s2, &remote_addr, &addrlen) < 0)
+ {
+ if ((SOCKET_ERRNO == ECONNREFUSED) || (SOCKET_ERRNO == EHOSTUNREACH))
+ continue; /* try the next addr */
+
+ code = SOCKET_ERRNO;
+ goto cleanup;
+ }
+
+ remote_kaddr.addrtype = ADDRTYPE_INET;
+ remote_kaddr.length = sizeof(((struct sockaddr_in *) &remote_addr)->sin_addr);
+ remote_kaddr.contents = (krb5_octet *) &(((struct sockaddr_in *) &remote_addr)->sin_addr);
+
+ /* mk_priv requires that the local address be set.
+ getsockname is used for this. rd_priv requires that the
+ remote address be set. recvfrom is used for this. If
+ rd_priv is given a local address, and the message has the
+ recipient addr in it, this will be checked. However, there
+ is simply no way to know ahead of time what address the
+ message will be delivered *to*. Therefore, it is important
+ that either no recipient address is in the messages when
+ mk_priv is called, or that no local address is passed to
+ rd_priv. Both is a better idea, and I have done that. In
+ summary, when mk_priv is called, *only* a local address is
+ specified. when rd_priv is called, *only* a remote address
+ is specified. Are we having fun yet? */
+
+ if (code = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL))
+ {
+ code = SOCKET_ERRNO;
+ goto cleanup;
+ }
+
+ if (code = krb5_mk_chpw_req(context, auth_context, &ap_req, newpw, &chpw_req))
+ {
+ code = SOCKET_ERRNO;
+ goto cleanup;
+ }
+
+ if ((cc = sendto(s1, chpw_req.data, chpw_req.length, 0,
+ (struct sockaddr *) &addr_p[i],
+ sizeof(addr_p[i]))) != chpw_req.length)
+ {
+ if ((cc < 0) && ((SOCKET_ERRNO == ECONNREFUSED) ||
+ (SOCKET_ERRNO == EHOSTUNREACH)))
+ continue; /* try the next addr */
+
+ code = (cc < 0) ? SOCKET_ERRNO : ECONNABORTED;
+ goto cleanup;
+ }
+
+ chpw_rep.length = 1500;
+ chpw_rep.data = (char *) malloc(chpw_rep.length);
+
+ /* XXX need a timeout/retry loop here */
+
+ /* "recv" would be good enough here... except that Windows/NT
+ commits the atrocity of returning -1 to indicate failure,
+ but leaving errno set to 0.
+
+ "recvfrom(...,NULL,NULL)" would seem to be a good enough
+ alternative, and it works on NT, but it doesn't work on
+ SunOS 4.1.4 or Irix 5.3. Thus we must actually accept the
+ value and discard it. */
+ tmp_len = sizeof(tmp_addr);
+ if ((cc = recvfrom(s1, chpw_rep.data, chpw_rep.length, 0, &tmp_addr, &tmp_len)) < 0)
+ {
+ code = SOCKET_ERRNO;
+ goto cleanup;
+ }
+
+ closesocket(s1);
+ s1 = INVALID_SOCKET;
+ closesocket(s2);
+ s2 = INVALID_SOCKET;
+
+ chpw_rep.length = cc;
+
+ if (code = krb5_auth_con_setaddrs(context, auth_context, NULL, &remote_kaddr))
+ goto cleanup;
+
+ if(code = krb5_rd_chpw_rep(context, auth_context, &chpw_rep,
+ &local_result_code, result_string))
+ goto cleanup;
+
+ if (result_code)
+ *result_code = local_result_code;
+
+ if (result_code_string)
+ {
+ if (code = krb5_chpw_result_code_string(context, local_result_code,
+ &code_string))
+ goto cleanup;
+
+ result_code_string->length = strlen(code_string);
+ if ((result_code_string->data =
+ (char *) malloc(result_code_string->length)) == NULL)
+ return(ENOMEM);
+ strncpy(result_code_string->data, code_string, result_code_string->length);
+ }
+
+ code = 0;
+ goto cleanup;
+ }
+
+ code = SOCKET_ERRNO;
+
+cleanup:
+ if(auth_context != NULL)
+ krb5_auth_con_free(context, auth_context);
+
+ if(host != NULL)
+ krb5_xfree(host);
+
+ if(addr_p != NULL)
+ krb5_xfree(addr_p);
+
+ if(hostlist != NULL)
+ profile_free_list(hostlist);
+
+ if(s1 != INVALID_SOCKET)
+ closesocket(s1);
+
+ if(s2 != INVALID_SOCKET)
+ closesocket(s2);
+
+ krb5_free_data_contents(context, &chpw_req);
+ krb5_free_data_contents(context, &chpw_rep);
+ krb5_free_data_contents(context, &ap_req);
+
+ return(code);
}
"default_realm", 0, 0,
&realm);
- if (!retval) {
+ if (!retval && realm) {
context->default_realm = malloc(strlen(realm) + 1);
if (!context->default_realm) {
profile_release_string(realm);
*/
char localhost[MAX_DNS_NAMELEN+1];
char * p;
- localhost[0] = localhost[sizeof(localhost)-1] = 0;
- gethostname(localhost,MAX_DNS_NAMELEN);
-
+ struct hostent * h;
+
+ localhost[0] = 0;
+ gethostname(localhost, sizeof(localhost));
+ localhost[sizeof(localhost) - 1] = 0;
+
if ( localhost[0] ) {
+ /*
+ * Try to make sure that we have a fully qualified
+ * name if possible. We want to be able to handle
+ * the case where gethostname returns a partial
+ * name (i.e., it has a dot, but it is not a
+ * FQDN).
+ */
+ h = gethostbyname(localhost);
+ if (h) {
+ strncpy(localhost, h->h_name, sizeof(localhost));
+ localhost[sizeof(localhost) - 1] = '\0';
+ }
+
p = localhost;
do {
retval = krb5_try_realm_txt_rr("_kerberos", p,
const char *realm_kdc_names[4];
krb5_error_code retval;
int i, count;
+ char **rethosts;
- *hostlist = 0;
+ rethosts = 0;
realm_kdc_names[0] = "realms";
realm_kdc_names[1] = realm->data;
*cp = 0;
}
count = cpp - values;
- *hostlist = malloc(sizeof(char *) * (count + 1));
- if (!*hostlist) {
+ rethosts = malloc(sizeof(char *) * (count + 1));
+ if (!rethosts) {
retval = ENOMEM;
goto cleanup;
}
for (i = 0; i < count; i++) {
- *hostlist[i] = malloc(strlen(values[i]) + 1);
- if (!*hostlist[i]) {
+ int len = strlen (values[i]) + 1;
+ rethosts[i] = malloc(len);
+ if (!rethosts[i]) {
retval = ENOMEM;
goto cleanup;
}
+ memcpy (rethosts[i], values[i], len);
}
- *hostlist[count] = 0;
+ rethosts[count] = 0;
cleanup:
- if (retval && *hostlist) {
- for (cpp = *hostlist; *cpp; cpp++)
+ if (retval && rethosts) {
+ for (cpp = rethosts; *cpp; cpp++)
free(*cpp);
- free(*hostlist);
+ free(rethosts);
+ rethosts = 0;
}
profile_free_list(values);
+ *hostlist = rethosts;
return retval;
}
krb5_error_code retval;
int l;
char local_host[MAX_DNS_NAMELEN+1];
+ struct hostent *h;
+
if (host)
- strncpy(local_host, host, MAX_DNS_NAMELEN);
+ strncpy(local_host, host, sizeof(local_host));
else {
- if (gethostname(local_host, sizeof(local_host)-1) == -1)
+ if (gethostname(local_host, sizeof(local_host)) == -1)
return SOCKET_ERRNO;
+ /*
+ * Try to make sure that we have a fully qualified name if
+ * possible. We need to handle the case where the host has a
+ * dot but is not FQDN, so we call gethostbyname.
+ */
+ h = gethostbyname(local_host);
+ if (h) {
+ strncpy(local_host, h->h_name, sizeof(local_host));
+ }
}
- local_host[MAX_DNS_NAMELEN] = '\0';
+ local_host[sizeof(local_host) - 1] = '\0';
+
for (cp = local_host; *cp; cp++) {
if (isupper(*cp))
*cp = tolower(*cp);
*
*/
-krb5_boolean
+krb5_boolean KRB5_CALLCONV
krb5_kuserok(context, principal, luser)
krb5_context context;
krb5_principal principal;
* If the given Kerberos name "server" translates to the same name as "luser"
* (using * krb5_aname_to_lname()), returns TRUE.
*/
-krb5_boolean
+krb5_boolean KRB5_CALLCONV
krb5_kuserok(context, principal, luser)
krb5_context context;
krb5_principal principal;
{
char kuser[50];
- if (! krb5_aname_to_localname(context, principal, sizeof(kuser), kuser))
+ if (krb5_aname_to_localname(context, principal, sizeof(kuser), kuser))
return FALSE;
if (strcmp(kuser, luser) == 0)
krb5_os_localaddr (krb5_context context, krb5_address ***addr) {
char host[64]; /* Name of local machine */
struct hostent *hostrec;
- int err;
-
- *addr = calloc (2, sizeof (krb5_address *));
- if (*addr == NULL)
- return ENOMEM;
+ int err, count, i;
+ krb5_address ** paddr;
+ *addr = 0;
+ paddr = 0;
err = 0;
if (gethostname (host, sizeof(host))) {
return err;
}
- (*addr)[0] = calloc (1, sizeof(krb5_address));
- if ((*addr)[0] == NULL) {
- free (*addr);
- return ENOMEM;
+ for (count = 0; hostrec->h_addr_list[count]; count++);
+
+
+ paddr = (krb5_address **)malloc(sizeof(krb5_address *) * (count+1));
+ if (!paddr) {
+ err = ENOMEM;
+ goto cleanup;
+ }
+
+ memset(paddr, 0, sizeof(krb5_address *) * (count+1));
+
+ for (i = 0; i < count; i++)
+ {
+ paddr[i] = (krb5_address *)malloc(sizeof(krb5_address));
+ if (paddr[i] == NULL) {
+ err = ENOMEM;
+ goto cleanup;
+ }
+
+ paddr[i]->magic = KV5M_ADDRESS;
+ paddr[i]->addrtype = hostrec->h_addrtype;
+ paddr[i]->length = hostrec->h_length;
+ paddr[i]->contents = (unsigned char *)malloc(paddr[i]->length);
+ if (!paddr[i]->contents) {
+ err = ENOMEM;
+ goto cleanup;
+ }
+ memcpy(paddr[i]->contents,
+ hostrec->h_addr_list[i],
+ paddr[i]->length);
}
- (*addr)[0]->magic = KV5M_ADDRESS;
- (*addr)[0]->addrtype = hostrec->h_addrtype;
- (*addr)[0]->length = hostrec->h_length;
- (*addr)[0]->contents = (unsigned char *)malloc((*addr)[0]->length);
- if (!(*addr)[0]->contents) {
- free((*addr)[0]);
- free(*addr);
- return ENOMEM;
- } else {
- memcpy ((*addr)[0]->contents,
- hostrec->h_addr,
- (*addr)[0]->length);
+
+ cleanup:
+ if (err) {
+ if (paddr) {
+ for (i = 0; i < count; i++)
+ {
+ if (paddr[i]) {
+ if (paddr[i]->contents)
+ free(paddr[i]->contents);
+ free(paddr[i]);
+ }
+ }
+ free(paddr);
+ }
}
- /* FIXME, deal with the case where gethostent returns multiple addrs */
+ else
+ *addr = paddr;
- return(0);
+ return(err);
}
#endif
-
}
#else /* MSDOS */
+#if defined(_WIN32)
+
+#include <io.h>
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_prompter_posix(krb5_context context,
+ void *data,
+ const char *name,
+ const char *banner,
+ int num_prompts,
+ krb5_prompt prompts[])
+{
+ HANDLE handle;
+ DWORD old_mode, new_mode;
+ char *ptr;
+ int scratchchar;
+ krb5_error_code errcode = 0;
+ int i;
+
+ handle = GetStdHandle(STD_INPUT_HANDLE);
+ if (handle == INVALID_HANDLE_VALUE)
+ return ENOTTY;
+ if (!GetConsoleMode(handle, &old_mode))
+ return ENOTTY;
+
+ new_mode = old_mode;
+ new_mode |= ( ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT );
+ new_mode &= ~( ENABLE_ECHO_INPUT );
+
+ if (!SetConsoleMode(handle, new_mode))
+ return ENOTTY;
+
+ if (!SetConsoleMode(handle, old_mode))
+ return ENOTTY;
+
+ if (name) {
+ fputs(name, stdout);
+ fputs("\n", stdout);
+ }
+
+ if (banner) {
+ fputs(banner, stdout);
+ fputs("\n", stdout);
+ }
+
+ for (i = 0; i < num_prompts; i++) {
+ if (prompts[i].hidden) {
+ if (!SetConsoleMode(handle, new_mode)) {
+ errcode = ENOTTY;
+ goto cleanup;
+ }
+ }
+
+ fputs(prompts[i].prompt,stdout);
+ fputs(": ", stdout);
+ fflush(stdout);
+ memset(prompts[i].reply->data, 0, prompts[i].reply->length);
+
+ if (fgets(prompts[i].reply->data, prompts[i].reply->length, stdin)
+ == NULL) {
+ if (prompts[i].hidden)
+ putchar('\n');
+ errcode = KRB5_LIBOS_CANTREADPWD;
+ goto cleanup;
+ }
+ if (prompts[i].hidden)
+ putchar('\n');
+ /* fgets always null-terminates the returned string */
+
+ /* replace newline with null */
+ if ((ptr = strchr(prompts[i].reply->data, '\n')))
+ *ptr = '\0';
+ else /* flush rest of input line */
+ do {
+ scratchchar = getchar();
+ } while (scratchchar != EOF && scratchchar != '\n');
+
+ prompts[i].reply->length = strlen(prompts[i].reply->data);
+
+ if (!SetConsoleMode(handle, old_mode)) {
+ errcode = ENOTTY;
+ goto cleanup;
+ }
+ }
+
+ cleanup:
+ if (errcode) {
+ for (i = 0; i < num_prompts; i++) {
+ memset(prompts[i].reply->data, 0, prompts[i].reply->length);
+ }
+ }
+ return errcode;
+}
+
+#else /* !_WIN32 */
+
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
krb5_prompter_posix(krb5_context context,
void *data,
int num_prompts,
krb5_prompt prompts[])
{
- return(EINVAL);
+ return(EINVAL);
}
-#endif /* !MSDOS */
-
+#endif /* !_WIN32 */
+#endif /* !MSDOS */
krb5_ser_rcache_init
decode_krb5_ap_req
krb5_mcc_ops
-
;
;Added for Kermit 95
krb5_address_search
krb5_auth_con_getrcache
krb5_c_enctype_compare
+ krb5_kuserok
-#!/usr/athena/bin/perl -w
+#!/usr/local/bin/perl -w
+use strict; # Turn on careful syntax checking
+use 5.002; # Require Perl 5.002 or later
+
+# Pre-declare globals, as required by "use strict"
+use vars qw(%RESERVEDWORDS $file $prototype);
+
+# C words which aren't a type or a parameter name
+# [digit] is special cased later on...
%RESERVEDWORDS = (
- const => "const",
- "*" => "*",
- "[]" => "[]",
- struct => "struct",
- enum => "enum",
- union => "union"
+ const => "const",
+ "*" => "*",
+ "[]" => "[]",
+ struct => "struct",
+ enum => "enum",
+ union => "union",
+ unsigned => "unsigned",
+ register => "register"
);
-while(<STDIN>)
+# Read the entire file into $file
+{
+ local $/;
+ undef $/; # Ignore end-of-line delimiters in the file
+ $file .= <STDIN>;
+}
+
+# Remove the C and C++ comments from the file.
+# If this regexp scares you, don't worry, it scares us too.
+$file =~ s@/ # Both kinds of comment begin with a /
+ # First, process /* ... */
+ ((\*[^*]*\*+ # 1: Identify /**, /***, /* foo *, etc.
+ ([^/*][^*]*\*+)* # 2: Match nothing, x*, x/*, x/y*, x*y* etc.
+ /) # 3: Look for the trailing /. If not present, back up
+ # through the matches from step 2 (x*y* becomes x*)
+ #### if we get here, we have /* ... */
+ | # Or, it's // and we just need to match to the end of the line
+ (/.*?\n)) # 4. Slash, shortest possible run of characters ending in newline (\n)
+ @\n@xg; # => Replace match with a newline.
+ ### "x" modifier allows whitespace and comments in patterns
+ ### "g" modifier means "do this globally"
+
+$file =~ tr! \t\n! !s; # Convert newlines, tabs, and runs of spaces into single spaces
+
+foreach $prototype (split /;/, $file) # Break string apart at semicolons, pass each piece to our Convert routine
{
- chop($_);
- $prototype = $_;
- @splitup = split(/\s*\(\s*/, $prototype);
-
- # the return value type and the function name:
- $temp = $splitup[0];
- $temp =~ s/\s*\*\s*/ \* /g; # add spaces around *
- @funcAndArgs = split(/\s+/, $temp);
- $functionName = $funcAndArgs[$#funcAndArgs];
-
- # Is this function already in the Hash Table?
- if(!exists($FUNCTIONS{$functionName}))
- {
- $FUNCTIONS{$functionName}{prototypeText} = $prototype;
- pop @{funcAndArgs};
- $FUNCTIONS{$functionName}{returnType} = join(' ', @funcAndArgs);
+ Convert($prototype);
+}
+
+exit (0);
+
+# ========================================
+# Subroutines follow
+# ========================================
+
+sub Convert()
+{
+ # Take our special C-style function prototypes and print out the
+ # appropriate glue code.
+
+ my $prototype = shift;
+ my ($returnType, $functionName, $paramString);
+ my (@parameters, @types);
+
+ return if ($prototype =~ /^\s*$/); # Ignore blank lines
+ # Use custom function to remove leading & trailing spaces &
+ # collapse runs of spaces.
+ $prototype = StripSpaces($prototype);
+
+ # ====================
+ # STAGE 1.1: Get the function name and return type.
+ # Do general syntax checking.
+ # ====================
+
+ # See if we have a legal prototype and begin parsing. A legal prototype has
+ # a return type (optional), function name, and parameter list.
+ unless ($prototype =~ /((\w+\*? )*(\w+\*?)) (\w+)\s*\((.*)\)$/)
+ {
+ die "Prototype \"$prototype;\" does not appear to be a legal prototype.\n";
+ }
+
+ # That unless had a nice side effect -- the parentheses in the regular expression
+ # stuffed the matching parts of the expression into variables $1, $2, and $3.
+
+ ($returnType, $functionName) = ($1, $4);
+ # Kill 2 birds at a time -- get rid of leading & trailing spaces *and* get an
+ # empty string back if there are no parameters
+ $paramString = StripSpaces($5);
+
+ # Insist on having an argument list in the prototype
+ unless ($paramString)
+ {
+ die("Prototype: \"$prototype;\" has no arguments.\n" .
+ "This is ambiguous between C and C++ (please specify " .
+ "either (int) or (void)).\n");
+ }
+
+ # Check for variable arguments by looking for
+ # "va_list <something>" or "..."
+ if(($paramString =~ /va_list\s+\S+/) or # va_list + spaces + not-a-spaces
+ ($paramString =~ /\Q.../)) # \Q = "quote metacharacters" => \.\.\.
+ {
+ die("Prototype: \"$prototype;\" takes a variable " .
+ "number of arguments. Variable arguments are not " .
+ "supported by CFM Glue.\n");
+ }
+
+ # ====================
+ # STAGE 1.2: Digest the parameter list.
+ # ====================
+
+ if ($paramString eq "void")
+ {
+ $parameters[0] = "void";
+ $types[0] = "void";
+ }
+ else
+ {
+ # The function has nonvoid arguments
- # the arguments:
- @splitup2 = split(/\s*\)\s*/, $splitup[1]);
- @argsAndParams = split(/\s*,\s*/, $splitup2[0]);
+ # Add spaces around * and turn [#] into [#] with spaces around it
+ # for ease of parsing
+ $paramString =~ s/\s*\*\s*/ \* /g;
+ $paramString =~ s/\s*\[(\d*)\]\s*/ [$1] /g;
+
+ # Extract the list elements
+ my @arguments = split /,\s*/, $paramString;
- for($i = 0, $j = 1; $i <= $#argsAndParams; $i++, $j++)
- {
- $temp = $argsAndParams[$i];
- $temp =~ s/\s*\*\s*/ \* /g; # add spaces around *
- $temp =~ s/\s*\[\]\s*/ \[\] /g; # add spaces around []
-
- @elements = split(/\s+/, $temp);
-
- # Is there a parameter name in this argument?
- $identifierCount = 0;
- foreach $element (@elements)
- {
- if(!exists($RESERVEDWORDS{$element})) {
- $identifierCount++;
+ # Make sure we don't have more than 13 arguments
+ if ($#arguments >= 13)
+ {
+ die "Prototype \"$prototype;\" has more than 13 arguments,\n".
+ "which the CFM68K glue will not support.";
}
- }
-
- if(($identifierCount > 2) or ($identifierCount < 1)) {
- print("************** $argsAndParams ****************");
- die;
- }
-
- if($identifierCount >= 2) {
- $param = $elements[$#elements];
- pop(@elements);
- if($param eq "[]") {
- $param = $elements[$#elements];
- pop(@elements);
- push(@elements, '*');
+
+ # We need to look at each argument and come out with two lists: a list
+ # of parameter names and a corresponding list of parameter types. For example:
+ # ( const int x, short y[], int )
+ # needs to become two lists:
+ # @parameters = ("x", "y", "__param0")
+ # @elements = ("const int", "short *", int)
+ my $i = 0; # parameter counter
+ foreach my $argument (@arguments)
+ {
+ my @elements = split(' ', $argument);
+
+ # A legal argument will have a name and/or a parameter type.
+ # It might _also_ have some C keywords
+ # We'll syntax check the argument by counting the number of things
+ # which are names and/or variable types
+ my $identifierCount = grep { !$RESERVEDWORDS{$_} && !/\[\d*\]/ } @elements;
+
+ if ($identifierCount == 1) {
+ # We have a type without a name, so generate an arbitrary unique name
+ push @parameters, "__param" . $i;
+ }
+ elsif ($identifierCount == 2) {
+ # We have a type and a name. We'll assume the name is the last thing seen,
+ my $paramName = pop @elements;
+ # ...but have to make certain it's not a qualified array reference
+ if ($paramName =~ /\[\d*\]/)
+ {
+ # Whoops...the argument ended in a [], so extract the name and put back
+ # the array notation
+ my $temp = $paramName;
+ $paramName = pop @elements;
+ push @elements, $temp;
+ }
+ push @parameters, $paramName;
+ }
+ else # $identifierCount == 0 or $identifierCount > 2
+ {
+ die("Prototype: \"$prototype;\" has an " .
+ "invalid number ($identifierCount)" .
+ " of non-reserved words in argument '$argument'.\n");
+ }
+
+ # Replace all "[]" with "*" to turn array references into pointers.
+ # "map" sets $_ to each array element in turn; modifying $_ modifies
+ # the corresponding value in the array. (s -- substutition -- works
+ # on $_ by default.)
+ map { s/\[\d*\]/*/ } @elements;
+
+ push @types, join(' ', @elements); # Construct a type definition
+
+ # Increment the argument counter:
+ $i++;
}
- $type = join(' ', @elements);
- } else {
- $type = $argsAndParams[$i];
- $param = "param" . $j;
- }
- $FUNCTIONS{$functionName}{typeList}[$i] = $type;
- $FUNCTIONS{$functionName}{paramList}[$i] = $param;
}
- }
-}
-foreach $function (keys(%FUNCTIONS))
-{
- # the variables we will be playing with:
- $name = $function;
- $retType = $FUNCTIONS{$function}{returnType};
- $prototype = $FUNCTIONS{$function}{prototypeText};
- @args = @{ $FUNCTIONS{$function}{typeList} };
- @params = @{ $FUNCTIONS{$function}{paramList} };
-
-
- # Now Generate the ProcInfo Macro:
- # --------------------------------
- print("/**** $name ****/\n");
- print("/* $prototype */\n\n");
-
- print("enum {\n");
- print(" $name" . "_ProcInfo = kThinkCStackBased\n");
- if($retType ne "void") {
- print(" | RESULT_SIZE(SIZE_CODE(sizeof($retType)))\n");
- }
- for($i = 0, $j = 1; $i <= $#args; $i++, $j++)
- {
- $arg = $args[$i];
- print(" | STACK_ROUTINE_PARAMETER($j, SIZE_CODE(sizeof($arg)))\n");
- }
- print("};\n\n");
-
- # Now Generate the ProcPtr Typedef
- # --------------------------------
- print("typedef ");
- print("$retType ");
- print("(*$name" . "_ProcPtrType)(");
-
- for($i = 0; $i<=$#args; $i++) {
- $arg = $args[$i];
- print("$arg");
- if ($i ne $#args) {
- print (", ");
- }
- }
- print(");\n");
-
-
- # Now Generate the Static 68K Function Declaration:
- # -------------------------------------------------
- print("$retType $name (\n");
- for($i = 0; $i <= $#args; $i++)
- {
- for($j = 0; $j <= length($retType); $j++) {
- print(" ");
+ # ====================
+ # STAGE 2: Print out the glue.
+ # ====================
+
+ # Generate the ProcInfo Macro:
+ # ----------------------------
+ my $result = ""; # Will be inserted into the final macro
+ if ($returnType ne "void") {
+ $result = "\n | RESULT_SIZE(SIZE_CODE(sizeof($returnType)))";
}
- print($args[$i] . ' ' . $params[$i]);
- if($i >= $#args) {
- print(")\n");
- } else {
- print(",\n");
+
+ # Convert a list of parameter types into entries for the macro.
+ # All non-void parameters need to have a line in the final macro.
+ my @parameterMacros;
+ my $paramCount = -1;
+ @parameterMacros = map { $paramCount++; $_ eq "void" ? "" :
+ " | STACK_ROUTINE_PARAMETER(" . ($paramCount + 1) . ", SIZE_CODE(sizeof($_)))" } @types;
+ my $macroString = join "\n", @parameterMacros;
+
+ print <<HEADER; # Print everything from here to the word HEADER below, returns and all
+/**** $functionName ****/
+/* $prototype; */
+
+enum {
+ ${functionName}_ProcInfo = kThinkCStackBased $result
+$macroString
+};
+
+
+HEADER
+
+
+ # Generate the ProcPtr Typedef
+ # --------------------------------
+ my $typeList = join ", ", @types;
+ print "typedef $returnType (*${functionName}_ProcPtrType)($typeList);\n";
+
+
+ # Generate the Static 68K Function Declaration:
+ # -------------------------------------------------
+ # Most of the complexity in this code comes from
+ # pretty-printing the declaration
+
+ my $functionDec = "$returnType $functionName (";
+ my $fnArguments;
+ if($types[0] eq "void")
+ {
+ $fnArguments = "void";
}
- }
- print("{\n");
- print(" static $name" . "_ProcPtrType $name" . "_ProcPtr = kUnresolvedCFragSymbolAddress;\n\n");
-
- print(" // if this symbol has not been setup yet...\n");
- print(" if((Ptr) $name" . "_ProcPtr == (Ptr) kUnresolvedCFragSymbolAddress)\n");
- print(" Find_Symbol((Ptr *) &" . $name . "_ProcPtr, ");
- print("\"\\p" . $name . "\", $name" . "_ProcInfo);\n");
- print(" if((Ptr) $name" . "_ProcPtr != (Ptr) kUnresolvedCFragSymbolAddress)\n");
- if($retType ne "void") {
- print(" return $name" . "_ProcPtr(");
- } else {
- print(" $name" . "_ProcPtr(");
- }
- for($i = 0; $i <= $#args; $i++)
- {
- print($params[$i]);
- if($i >= $#args) {
- print(");\n");
- } else {
- print(", ");
+ else
+ {
+ my @joinedList;
+ # Merge the parameter and type lists together
+ foreach my $i (0..$#types)
+ {
+ push @joinedList, ($types[$i] . ' ' . $parameters[$i]);
+ }
+
+ # Build a list of parameters where each parameter is aligned vertically
+ # beneath the one above.
+ # "' ' x 5" is a Perl technique to get a string of 5 spaces
+ $fnArguments = join (",\n".(' ' x length($functionDec)), @joinedList);
+ }
+
+ # Create a list of parameters to pass to the 68K function
+ my $fnParams = "";
+ if($types[0] ne "void") {
+ $fnParams = join ", ", @parameters;
}
- }
-
- print("}\n\n\n");
+
+ # Do we have an explicit return statement? This depends on the return type
+ my $returnAction = " ";
+ $returnAction = "return " if ($returnType ne "void");
+
+ # The following code introduces a new Perl trick -- ${a} is the same as $a in a string
+ # (interpolate the value of variable $a); the brackets are used to seperate the variable
+ # name from the text immediately following the variable name so the Perl interpreter
+ # doesn't go looking for the wrong variable.
+ print <<FUNCTION;
+${functionDec}$fnArguments)
+{
+ static ${functionName}_ProcPtrType ${functionName}_ProcPtr = kUnresolvedCFragSymbolAddress;
+
+ // if this symbol has not been setup yet...
+ if((Ptr) ${functionName}_ProcPtr == (Ptr) kUnresolvedCFragSymbolAddress)
+ FindLibrarySymbol((Ptr *) &${functionName}_ProcPtr, "\\p$functionName", ${functionName}_ProcInfo);
+ if((Ptr) ${functionName}_ProcPtr != (Ptr) kUnresolvedCFragSymbolAddress)
+ $returnAction ${functionName}_ProcPtr($fnParams);
+}
+
+
+FUNCTION
+
+ # That's all!
+}
+
+sub StripSpaces()
+{
+ # Remove duplicate, leading, and trailing spaces from a string
+ my $string = shift;
+ return "" unless ($string); # If it's undefined, return an empty string
+
+ $string =~ tr! ! !s; # remove duplicate spaces
+ $string =~ s/\s*(\w.+)?\s*$/$1/; # Strip leading and trailing spaces
+ return $string;
}
+
#include "gssapi_err_generic.h"
#include "gssapi_err_krb5.h"
+#include "gssapi.h"
OSErr __initializeGSS(CFragInitBlockPtr ibp);
void __terminateGSS(void);
void __terminateGSS(void)
{
+
+ OM_uint32 maj_stat, min_stat;
+
+ maj_stat = kg_release_defcred (&min_stat);
remove_error_table(&et_k5g_error_table);
remove_error_table(&et_ggss_error_table);
-OM_uint32 gss_wrap(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, gss_buffer_t, int *, gss_buffer_t);
-OM_uint32 gss_release_buffer(OM_uint32 *, gss_buffer_t);
-OM_uint32 gss_unwrap(OM_uint32 *, gss_ctx_id_t, gss_buffer_t, gss_buffer_t, int *, gss_qop_t *);
-OM_uint32 gss_delete_sec_context(OM_uint32 *, gss_ctx_id_t *, gss_buffer_t);
-OM_uint32 gss_display_status(OM_uint32 *, OM_uint32, int, gss_OID, OM_uint32 *, gss_buffer_t);
-OM_uint32 gss_init_sec_context(OM_uint32 *, gss_cred_id_t, gss_ctx_id_t *, gss_name_t, gss_OID, OM_uint32, OM_uint32, gss_channel_bindings_t, gss_buffer_t, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *);
-OM_uint32 gss_import_name(OM_uint32 *, gss_buffer_t, gss_OID, gss_name_t *);
-OM_uint32 gss_release_name(OM_uint32 *, gss_name_t *);
-OM_uint32 gss_wrap_size_limit(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, OM_uint32, OM_uint32 *);
+OM_uint32 gss_acquire_cred(OM_uint32 *, gss_name_t, OM_uint32, gss_OID_set, gss_cred_usage_t, gss_cred_id_t *, gss_OID_set *, OM_uint32 * );
+OM_uint32 gss_release_cred(OM_uint32 *, gss_cred_id_t * );
+OM_uint32 gss_init_sec_context(OM_uint32 *, gss_cred_id_t, gss_ctx_id_t *, gss_name_t, gss_OID, OM_uint32, OM_uint32, gss_channel_bindings_t, gss_buffer_t, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 * );
+OM_uint32 gss_accept_sec_context(OM_uint32 *, gss_ctx_id_t *, gss_cred_id_t, gss_buffer_t, gss_channel_bindings_t, gss_name_t *, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *, gss_cred_id_t * );
+OM_uint32 gss_process_context_token(OM_uint32 *, gss_ctx_id_t, gss_buffer_t );
+OM_uint32 gss_delete_sec_context(OM_uint32 *, gss_ctx_id_t *, gss_buffer_t );
+OM_uint32 gss_context_time(OM_uint32 *, gss_ctx_id_t, OM_uint32 * );
+OM_uint32 gss_get_mic(OM_uint32 *, gss_ctx_id_t, gss_qop_t, gss_buffer_t, gss_buffer_t );
+OM_uint32 gss_verify_mic(OM_uint32 *, gss_ctx_id_t, gss_buffer_t, gss_buffer_t, gss_qop_t * );
+OM_uint32 gss_wrap(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, gss_buffer_t, int *, gss_buffer_t );
+OM_uint32 gss_unwrap(OM_uint32 *, gss_ctx_id_t, gss_buffer_t, gss_buffer_t, int *, gss_qop_t * );
+OM_uint32 gss_display_status(OM_uint32 *, OM_uint32, int, gss_OID, OM_uint32 *, gss_buffer_t );
+OM_uint32 gss_indicate_mechs(OM_uint32 *, gss_OID_set * );
+OM_uint32 gss_compare_name(OM_uint32 *, gss_name_t, gss_name_t, int * );
+OM_uint32 gss_display_name(OM_uint32 *, gss_name_t, gss_buffer_t, gss_OID * );
+OM_uint32 gss_import_name(OM_uint32 *, gss_buffer_t, gss_OID, gss_name_t * );
+OM_uint32 gss_release_name(OM_uint32 *, gss_name_t * );
+OM_uint32 gss_release_buffer(OM_uint32 *, gss_buffer_t );
+OM_uint32 gss_release_oid_set(OM_uint32 *, gss_OID_set * );
+OM_uint32 gss_inquire_cred(OM_uint32 *, gss_cred_id_t, gss_name_t *, OM_uint32 *, gss_cred_usage_t *, gss_OID_set * );
+OM_uint32 gss_inquire_context(OM_uint32 *, gss_ctx_id_t, gss_name_t *, gss_name_t *, OM_uint32 *, gss_OID *, OM_uint32 *, int *, int * );
+OM_uint32 gss_wrap_size_limit(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, OM_uint32, OM_uint32 * );
+OM_uint32 gss_import_name_object(OM_uint32 *, void *, gss_OID, gss_name_t * );
+OM_uint32 gss_export_name_object(OM_uint32 *, gss_name_t, gss_OID, void * * );
+OM_uint32 gss_add_cred(OM_uint32 *, gss_cred_id_t, gss_name_t, gss_OID, gss_cred_usage_t, OM_uint32, OM_uint32, gss_cred_id_t *, gss_OID_set *, OM_uint32 *, OM_uint32 * );
+OM_uint32 gss_inquire_cred_by_mech(OM_uint32 *, gss_cred_id_t, gss_OID, gss_name_t *, OM_uint32 *, OM_uint32 *, gss_cred_usage_t * );
+OM_uint32 gss_export_sec_context(OM_uint32 *, gss_ctx_id_t *, gss_buffer_t );
+OM_uint32 gss_import_sec_context(OM_uint32 *, gss_buffer_t, gss_ctx_id_t * );
+OM_uint32 gss_release_oid(OM_uint32 *, gss_OID * );
+OM_uint32 gss_create_empty_oid_set(OM_uint32 *, gss_OID_set * );
+OM_uint32 gss_add_oid_set_member(OM_uint32 *, gss_OID, gss_OID_set * );
+OM_uint32 gss_test_oid_set_member(OM_uint32 *, gss_OID, gss_OID_set, int * );
+OM_uint32 gss_str_to_oid(OM_uint32 *, gss_buffer_t, gss_OID * );
+OM_uint32 gss_oid_to_str(OM_uint32 *, gss_OID, gss_buffer_t );
+OM_uint32 gss_inquire_names_for_mech(OM_uint32 *, gss_OID, gss_OID_set * );
+OM_uint32 gss_sign(OM_uint32 *, gss_ctx_id_t, int, gss_buffer_t, gss_buffer_t );
+OM_uint32 gss_verify(OM_uint32 *, gss_ctx_id_t, gss_buffer_t, gss_buffer_t, int * );
+OM_uint32 gss_seal(OM_uint32 *, gss_ctx_id_t, int, int, gss_buffer_t, int *, gss_buffer_t );
+OM_uint32 gss_unseal(OM_uint32 *, gss_ctx_id_t, gss_buffer_t, gss_buffer_t, int *, int * );
+OM_uint32 gss_export_name(OM_uint32 *, const gss_name_t, gss_buffer_t );
+OM_uint32 gss_duplicate_name(OM_uint32 *, const gss_name_t, gss_name_t * );
+OM_uint32 gss_canonicalize_name(OM_uint32 *, const gss_name_t, const gss_OID, gss_name_t * );
OM_uint32 gss_krb5_ccache_name(OM_uint32 *minor_status, const char *name, const char **out_name);
gss_export_name
gss_duplicate_name
#
-# GSS-API variables
-#
- gss_nt_user_name
- gss_nt_machine_uid_name
- gss_nt_string_uid_name
- gss_nt_service_name
-#
# krb5-specific CCache name stuff
#
gss_krb5_ccache_name
void __terminateK5(void)
{
+
+ krb5_stdcc_shutdown();
remove_error_table(&et_krb5_error_table);
remove_error_table(&et_kv5m_error_table);
/* Include prototypes for glue functions */
#include <krb5.h>
-#include <des_int.h>
/* Hardcode library fragment name here */
-#define kLibraryName "\pK5Library"
+#define kLibraryName "\pMIT Kerberos¥Kerberos5Lib"
-krb5_error_code krb5_init_context(krb5_context *);
-void krb5_free_context(krb5_context);
-krb5_error_code krb5_get_credentials(krb5_context, const krb5_flags, krb5_ccache, krb5_creds *, krb5_creds **);
-krb5_error_code krb5_mk_req_extended(krb5_context, krb5_auth_context *, const krb5_flags, krb5_data *, krb5_creds *, krb5_data * );
-krb5_error_code krb5_rd_rep(krb5_context, krb5_auth_context, const krb5_data *, krb5_ap_rep_enc_part **);
-krb5_error_code krb5_copy_keyblock(krb5_context, const krb5_keyblock *, krb5_keyblock **);
-void krb5_init_ets(krb5_context);
-krb5_error_code krb5_cc_default(krb5_context, krb5_ccache *);
-void krb5_free_principal(krb5_context, krb5_principal );
-void krb5_free_creds(krb5_context, krb5_creds *);
-void krb5_free_cred_contents(krb5_context, krb5_creds *);
-void krb5_free_keyblock(krb5_context, krb5_keyblock *);
-void krb5_free_ap_rep_enc_part(krb5_context, krb5_ap_rep_enc_part *);
-krb5_error_code krb5_sname_to_principal(krb5_context, const char *, const char *, krb5_int32, krb5_principal *);
-krb5_error_code krb5_fwd_tgt_creds(krb5_context, krb5_auth_context, char *, krb5_principal, krb5_principal, krb5_ccache, int forwardable, krb5_data *);
-krb5_error_code krb5_auth_con_init(krb5_context, krb5_auth_context *);
-krb5_error_code krb5_auth_con_free(krb5_context, krb5_auth_context);
-krb5_error_code krb5_auth_con_setflags(krb5_context, krb5_auth_context, krb5_int32);
-krb5_error_code krb5_auth_con_setaddrs(krb5_context, krb5_auth_context, krb5_address *, krb5_address *);
-krb5_error_code krb5_auth_con_setports(krb5_context, krb5_auth_context, krb5_address *, krb5_address *);
-krb5_error_code krb5_auth_con_getlocalsubkey(krb5_context, krb5_auth_context, krb5_keyblock **);
-krb5_error_code krb5_auth_con_genaddrs(krb5_context, krb5_auth_context, int, int);
-int mit_des_ecb_encrypt(const mit_des_cblock *, mit_des_cblock *, mit_des_key_schedule , int );
-krb5_error_code mit_des_init_random_key( const krb5_encrypt_block *, const krb5_keyblock *, krb5_pointer *);
-int mit_des_key_sched(mit_des_cblock , mit_des_key_schedule );
-krb5_error_code mit_des_random_key( const krb5_encrypt_block *, krb5_pointer , krb5_keyblock * *);
-void com_err_va(const char *whoami, errcode_t code, const char *fmt, va_list ap));
+krb5_error_code krb5_c_encrypt (krb5_context context, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*ivec, const krb5_data*input, krb5_enc_data*output);
+krb5_error_code krb5_c_decrypt (krb5_context context, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*ivec, const krb5_enc_data*input, krb5_data*output);
+krb5_error_code krb5_c_encrypt_length (krb5_context context, krb5_enctype enctype, size_t inputlen, size_t*length);
+krb5_error_code krb5_c_block_size (krb5_context context, krb5_enctype enctype, size_t*blocksize);
+krb5_error_code krb5_c_make_random_key (krb5_context context, krb5_enctype enctype, krb5_keyblock*random_key);
+krb5_error_code krb5_c_random_make_octets (krb5_context context, krb5_data*data);
+krb5_error_code krb5_c_random_seed (krb5_context context, krb5_data*data);
+krb5_error_code krb5_c_string_to_key (krb5_context context, krb5_enctype enctype, const krb5_data*string, const krb5_data*salt, krb5_keyblock*key);
+krb5_error_code krb5_c_enctype_compare (krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean*similar);
+krb5_error_code krb5_c_make_checksum (krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*input, krb5_checksum*cksum);
+krb5_error_code krb5_c_verify_checksum (krb5_context context, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*data, const krb5_checksum*cksum, krb5_boolean*valid);
+krb5_error_code krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, size_t*length);
+krb5_error_code krb5_c_keyed_checksum_types (krb5_context context, krb5_enctype enctype, unsigned int*count, krb5_cksumtype**cksumtypes);
+krb5_boolean valid_enctype (const krb5_enctype ktype);
+krb5_boolean valid_cksumtype (const krb5_cksumtype ctype);
+krb5_boolean is_coll_proof_cksum (const krb5_cksumtype ctype);
+krb5_boolean is_keyed_cksum (const krb5_cksumtype ctype);
+krb5_error_code krb5_encrypt (krb5_context context, const krb5_pointer inptr, krb5_pointer outptr, const size_t size, krb5_encrypt_block* eblock, krb5_pointer ivec);
+krb5_error_code krb5_decrypt (krb5_context context, const krb5_pointer inptr, krb5_pointer outptr, const size_t size, krb5_encrypt_block* eblock, krb5_pointer ivec);
+krb5_error_code krb5_process_key (krb5_context context, krb5_encrypt_block* eblock, const krb5_keyblock* key);
+krb5_error_code krb5_finish_key (krb5_context context, krb5_encrypt_block* eblock);
+krb5_error_code krb5_string_to_key (krb5_context context, const krb5_encrypt_block* eblock, krb5_keyblock* keyblock, const krb5_data* data, const krb5_data* salt);
+krb5_error_code krb5_init_random_key (krb5_context context, const krb5_encrypt_block* eblock, const krb5_keyblock* keyblock, krb5_pointer* ptr);
+krb5_error_code krb5_finish_random_key (krb5_context context, const krb5_encrypt_block* eblock, krb5_pointer* ptr);
+krb5_error_code krb5_random_key (krb5_context context, const krb5_encrypt_block* eblock, krb5_pointer ptr, krb5_keyblock** keyblock);
+krb5_enctype krb5_eblock_enctype (krb5_context context, const krb5_encrypt_block* eblock);
+krb5_error_code krb5_use_enctype (krb5_context context, krb5_encrypt_block* eblock, const krb5_enctype enctype);
+size_t krb5_encrypt_size (const size_t length, krb5_enctype crypto);
+size_t krb5_checksum_size (krb5_context context, const krb5_cksumtype ctype);
+krb5_error_code krb5_calculate_checksum (krb5_context context, const krb5_cksumtype ctype, const krb5_pointer in, const size_t in_length, const krb5_pointer seed, const size_t seed_length, krb5_checksum* outcksum);
+krb5_error_code krb5_verify_checksum (krb5_context context, const krb5_cksumtype ctype, const krb5_checksum* cksum, const krb5_pointer in, const size_t in_length, const krb5_pointer seed, const size_t seed_length);
+krb5_error_code krb5_random_confounder (size_t, krb5_pointer);
+krb5_error_code krb5_encrypt_data (krb5_context context, krb5_keyblock*key, krb5_pointer ivec, krb5_data*data, krb5_enc_data*enc_data);
+krb5_error_code krb5_decrypt_data (krb5_context context, krb5_keyblock*key, krb5_pointer ivec, krb5_enc_data*data, krb5_data*enc_data);
+krb5_error_code krb5_rc_default (krb5_context, krb5_rcache*);
+krb5_error_code krb5_rc_register_type (krb5_context, krb5_rc_ops*);
+krb5_error_code krb5_rc_resolve_type (krb5_context, krb5_rcache*,char*);
+krb5_error_code krb5_rc_resolve_full (krb5_context, krb5_rcache*,char*);
+char* krb5_rc_get_type (krb5_context, krb5_rcache);
+char* krb5_rc_default_type (krb5_context);
+char* krb5_rc_default_name (krb5_context);
+krb5_error_code krb5_auth_to_rep (krb5_context, krb5_tkt_authent*, krb5_donot_replay*);
+krb5_error_code krb5_init_context (krb5_context*);
+void krb5_free_context (krb5_context);
+krb5_error_code krb5_set_default_in_tkt_ktypes (krb5_context, const krb5_enctype*);
+krb5_error_code krb5_get_default_in_tkt_ktypes (krb5_context, krb5_enctype**);
+krb5_error_code krb5_set_default_tgs_ktypes (krb5_context, const krb5_enctype*);
+krb5_error_code krb5_get_tgs_ktypes (krb5_context, krb5_const_principal, krb5_enctype**);
+krb5_error_code krb5_get_permitted_enctypes (krb5_context, krb5_enctype**);
+krb5_boolean krb5_is_permitted_enctype (krb5_context, krb5_enctype);
+krb5_error_code krb5_kdc_rep_decrypt_proc (krb5_context, const krb5_keyblock*, krb5_const_pointer, krb5_kdc_rep* );
+krb5_error_code krb5_decrypt_tkt_part (krb5_context, const krb5_keyblock*, krb5_ticket* );
+krb5_error_code krb5_get_cred_from_kdc (krb5_context, krb5_ccache, krb5_creds*, krb5_creds**, krb5_creds*** );
+krb5_error_code krb5_get_cred_from_kdc_validate (krb5_context, krb5_ccache, krb5_creds*, krb5_creds**, krb5_creds***);
+krb5_error_code krb5_get_cred_from_kdc_renew (krb5_context, krb5_ccache, krb5_creds*, krb5_creds**, krb5_creds***);
+void krb5_free_tgt_creds (krb5_context, krb5_creds**);
+krb5_error_code krb5_get_credentials (krb5_context, const krb5_flags, krb5_ccache, krb5_creds*, krb5_creds**);
+krb5_error_code krb5_get_credentials_validate (krb5_context, const krb5_flags, krb5_ccache, krb5_creds*, krb5_creds**);
+krb5_error_code krb5_get_credentials_renew (krb5_context, const krb5_flags, krb5_ccache, krb5_creds*, krb5_creds**);
+krb5_error_code krb5_get_cred_via_tkt (krb5_context, krb5_creds*, const krb5_flags, krb5_address* const*, krb5_creds*, krb5_creds**);
+krb5_error_code krb5_mk_req (krb5_context, krb5_auth_context*, const krb5_flags, char*, char*, krb5_data*, krb5_ccache, krb5_data*);
+krb5_error_code krb5_mk_req_extended (krb5_context, krb5_auth_context*, const krb5_flags, krb5_data*, krb5_creds*, krb5_data*);
+krb5_error_code krb5_mk_rep (krb5_context, krb5_auth_context, krb5_data*);
+krb5_error_code krb5_rd_rep (krb5_context, krb5_auth_context, const krb5_data*, krb5_ap_rep_enc_part**);
+krb5_error_code krb5_mk_error (krb5_context, const krb5_error*, krb5_data*);
+krb5_error_code krb5_rd_error (krb5_context, const krb5_data*, krb5_error**);
+krb5_error_code krb5_rd_safe (krb5_context, krb5_auth_context, const krb5_data*, krb5_data*, krb5_replay_data*);
+krb5_error_code krb5_rd_priv (krb5_context, krb5_auth_context, const krb5_data*, krb5_data*, krb5_replay_data*);
+krb5_error_code krb5_parse_name (krb5_context, const char*, krb5_principal*);
+krb5_error_code krb5_unparse_name (krb5_context, krb5_const_principal, char**);
+krb5_error_code krb5_unparse_name_ext (krb5_context, krb5_const_principal, char**, int*);
+krb5_error_code krb5_set_principal_realm (krb5_context, krb5_principal, const char*);
+krb5_boolean krb5_address_search (krb5_context, const krb5_address*, krb5_address* const*);
+krb5_boolean krb5_address_compare (krb5_context, const krb5_address*, const krb5_address*);
+int krb5_address_order (krb5_context, const krb5_address*, const krb5_address*);
+krb5_boolean krb5_realm_compare (krb5_context, krb5_const_principal, krb5_const_principal);
+krb5_boolean krb5_principal_compare (krb5_context, krb5_const_principal, krb5_const_principal);
+krb5_error_code krb5_copy_keyblock (krb5_context, const krb5_keyblock*, krb5_keyblock**);
+krb5_error_code krb5_copy_keyblock_contents (krb5_context, const krb5_keyblock*, krb5_keyblock*);
+krb5_error_code krb5_copy_creds (krb5_context, const krb5_creds*, krb5_creds**);
+krb5_error_code krb5_copy_data (krb5_context, const krb5_data*, krb5_data**);
+krb5_error_code krb5_copy_principal (krb5_context, krb5_const_principal, krb5_principal*);
+krb5_error_code krb5_copy_addr (krb5_context, const krb5_address*, krb5_address**);
+krb5_error_code krb5_copy_addresses (krb5_context, krb5_address* const*, krb5_address***);
+krb5_error_code krb5_copy_ticket (krb5_context, const krb5_ticket*, krb5_ticket**);
+krb5_error_code krb5_copy_authdata (krb5_context, krb5_authdata* const*, krb5_authdata***);
+krb5_error_code krb5_copy_authenticator (krb5_context, const krb5_authenticator*, krb5_authenticator**);
+krb5_error_code krb5_copy_checksum (krb5_context, const krb5_checksum*, krb5_checksum**);
+void krb5_init_ets (krb5_context);
+void krb5_free_ets (krb5_context);
+krb5_error_code krb5_generate_subkey (krb5_context, const krb5_keyblock*, krb5_keyblock**);
+krb5_error_code krb5_generate_seq_number (krb5_context, const krb5_keyblock*, krb5_int32*);
+krb5_error_code krb5_get_server_rcache (krb5_context, const krb5_data*, krb5_rcache*);
+krb5_error_code krb5_build_principal_va (krb5_context, krb5_principal, int, const char*, va_list);
+krb5_error_code krb5_425_conv_principal (krb5_context, const char*name, const char*instance, const char*realm, krb5_principal*princ);
+krb5_error_code krb5_524_conv_principal (krb5_context context, const krb5_principal princ, char*name, char*inst, char*realm);
+krb5_error_code krb5_mk_chpw_req (krb5_context context, krb5_auth_context auth_context, krb5_data*ap_req, char*passwd, krb5_data*packet);
+krb5_error_code krb5_rd_chpw_rep (krb5_context context, krb5_auth_context auth_context, krb5_data*packet, int*result_code, krb5_data*result_data);
+krb5_error_code krb5_chpw_result_code_string (krb5_context context, int result_code, char**result_codestr);
+krb5_error_code krb5_kt_register (krb5_context, krb5_kt_ops*);
+krb5_error_code krb5_kt_resolve (krb5_context, const char*, krb5_keytab*);
+krb5_error_code krb5_kt_default_name (krb5_context, char*, int);
+krb5_error_code krb5_kt_default (krb5_context, krb5_keytab*);
+krb5_error_code krb5_kt_free_entry (krb5_context, krb5_keytab_entry*);
+krb5_error_code krb5_kt_remove_entry (krb5_context, krb5_keytab, krb5_keytab_entry*);
+krb5_error_code krb5_kt_add_entry (krb5_context, krb5_keytab, krb5_keytab_entry*);
+krb5_error_code krb5_principal2salt (krb5_context, krb5_const_principal, krb5_data*);
+krb5_error_code krb5_principal2salt_norealm (krb5_context, krb5_const_principal, krb5_data*);
+krb5_error_code krb5_cc_resolve (krb5_context, const char*, krb5_ccache*);
+const char* krb5_cc_default_name (krb5_context);
+krb5_error_code krb5_cc_set_default_name (krb5_context, const char*);
+krb5_error_code krb5_cc_default (krb5_context, krb5_ccache*);
+unsigned int krb5_get_notification_message (void);
+krb5_error_code krb5_cc_copy_creds (krb5_context context, krb5_ccache incc, krb5_ccache outcc);
+krb5_error_code krb5_check_transited_list (krb5_context, krb5_data*trans, krb5_data*realm1, krb5_data*realm2);
+void krb5_free_realm_tree (krb5_context, krb5_principal*);
+void krb5_free_principal (krb5_context, krb5_principal);
+void krb5_free_authenticator (krb5_context, krb5_authenticator*);
+void krb5_free_authenticator_contents (krb5_context, krb5_authenticator*);
+void krb5_free_addresses (krb5_context, krb5_address**);
+void krb5_free_address (krb5_context, krb5_address*);
+void krb5_free_authdata (krb5_context, krb5_authdata**);
+void krb5_free_enc_tkt_part (krb5_context, krb5_enc_tkt_part*);
+void krb5_free_ticket (krb5_context, krb5_ticket*);
+void krb5_free_tickets (krb5_context, krb5_ticket**);
+void krb5_free_kdc_req (krb5_context, krb5_kdc_req*);
+void krb5_free_kdc_rep (krb5_context, krb5_kdc_rep*);
+void krb5_free_last_req (krb5_context, krb5_last_req_entry**);
+void krb5_free_enc_kdc_rep_part (krb5_context, krb5_enc_kdc_rep_part*);
+void krb5_free_error (krb5_context, krb5_error*);
+void krb5_free_ap_req (krb5_context, krb5_ap_req*);
+void krb5_free_ap_rep (krb5_context, krb5_ap_rep*);
+void krb5_free_safe (krb5_context, krb5_safe*);
+void krb5_free_priv (krb5_context, krb5_priv*);
+void krb5_free_priv_enc_part (krb5_context, krb5_priv_enc_part*);
+void krb5_free_cred (krb5_context, krb5_cred*);
+void krb5_free_creds (krb5_context, krb5_creds*);
+void krb5_free_cred_contents (krb5_context, krb5_creds*);
+void krb5_free_cred_enc_part (krb5_context, krb5_cred_enc_part*);
+void krb5_free_checksum (krb5_context, krb5_checksum*);
+void krb5_free_checksum_contents (krb5_context, krb5_checksum*);
+void krb5_free_keyblock (krb5_context, krb5_keyblock*);
+void krb5_free_keyblock_contents (krb5_context, krb5_keyblock*);
+void krb5_free_pa_data (krb5_context, krb5_pa_data**);
+void krb5_free_ap_rep_enc_part (krb5_context, krb5_ap_rep_enc_part*);
+void krb5_free_tkt_authent (krb5_context, krb5_tkt_authent*);
+void krb5_free_pwd_data (krb5_context, krb5_pwd_data*);
+void krb5_free_pwd_sequences (krb5_context, passwd_phrase_element**);
+void krb5_free_data (krb5_context, krb5_data*);
+void krb5_free_data_contents (krb5_context, krb5_data*);
+void krb5_free_unparsed_name (krb5_context, char*);
+void krb5_free_cksumtypes (krb5_context, krb5_cksumtype*);
+krb5_error_code krb5_us_timeofday (krb5_context, krb5_int32*, krb5_int32*);
+krb5_error_code krb5_timeofday (krb5_context, krb5_int32*);
+krb5_error_code krb5_os_localaddr (krb5_context, krb5_address***);
+krb5_error_code krb5_get_default_realm (krb5_context, char**);
+krb5_error_code krb5_set_default_realm (krb5_context, const char*);
+krb5_error_code krb5_sname_to_principal (krb5_context, const char*, const char*, krb5_int32, krb5_principal*);
+krb5_error_code krb5_change_password (krb5_context context, krb5_creds*creds, char*newpw, int*result_code, krb5_data*result_code_string, krb5_data*result_string);
+krb5_error_code krb5_get_profile (krb5_context, profile_t*);
+krb5_error_code krb5_secure_config_files (krb5_context);
+krb5_error_code krb5_send_tgs (krb5_context, const krb5_flags, const krb5_ticket_times*, const krb5_enctype*, krb5_const_principal, krb5_address* const*, krb5_authdata* const*, krb5_pa_data* const*, const krb5_data*, krb5_creds*, krb5_response*);
+krb5_error_code krb5_get_in_tkt_with_password (krb5_context, const krb5_flags, krb5_address* const*, krb5_enctype*, krb5_preauthtype*, const char*, krb5_ccache, krb5_creds*, krb5_kdc_rep**);
+krb5_error_code krb5_get_in_tkt_with_skey (krb5_context, const krb5_flags, krb5_address* const*, krb5_enctype*, krb5_preauthtype*, const krb5_keyblock*, krb5_ccache, krb5_creds*, krb5_kdc_rep**);
+krb5_error_code krb5_get_in_tkt_with_keytab (krb5_context, const krb5_flags, krb5_address* const*, krb5_enctype*, krb5_preauthtype*, const krb5_keytab, krb5_ccache, krb5_creds*, krb5_kdc_rep**);
+krb5_error_code krb5_decode_kdc_rep (krb5_context, krb5_data*, const krb5_keyblock*, krb5_kdc_rep**);
+krb5_error_code krb5_rd_req (krb5_context, krb5_auth_context*, const krb5_data*, krb5_const_principal, krb5_keytab, krb5_flags*, krb5_ticket**);
+krb5_error_code krb5_rd_req_decoded (krb5_context, krb5_auth_context*, const krb5_ap_req*, krb5_const_principal, krb5_keytab, krb5_flags*, krb5_ticket**);
+krb5_error_code krb5_rd_req_decoded_anyflag (krb5_context, krb5_auth_context*, const krb5_ap_req*, krb5_const_principal, krb5_keytab, krb5_flags*, krb5_ticket**);
+krb5_error_code krb5_kt_read_service_key (krb5_context, krb5_pointer, krb5_principal, krb5_kvno, krb5_enctype, krb5_keyblock**);
+krb5_error_code krb5_mk_safe (krb5_context, krb5_auth_context, const krb5_data*, krb5_data*, krb5_replay_data*);
+krb5_error_code krb5_mk_priv (krb5_context, krb5_auth_context, const krb5_data*, krb5_data*, krb5_replay_data*);
+krb5_error_code krb5_cc_register (krb5_context, krb5_cc_ops*, krb5_boolean);
+krb5_error_code krb5_sendauth (krb5_context, krb5_auth_context*, krb5_pointer, char*, krb5_principal, krb5_principal, krb5_flags, krb5_data*, krb5_creds*, krb5_ccache, krb5_error**, krb5_ap_rep_enc_part**, krb5_creds**);
+krb5_error_code krb5_recvauth (krb5_context, krb5_auth_context*, krb5_pointer, char*, krb5_principal, krb5_int32, krb5_keytab, krb5_ticket**);
+krb5_error_code krb5_walk_realm_tree (krb5_context, const krb5_data*, const krb5_data*, krb5_principal**, int);
+krb5_error_code krb5_mk_ncred (krb5_context, krb5_auth_context, krb5_creds**, krb5_data**, krb5_replay_data*);
+krb5_error_code krb5_mk_1cred (krb5_context, krb5_auth_context, krb5_creds*, krb5_data**, krb5_replay_data*);
+krb5_error_code krb5_rd_cred (krb5_context, krb5_auth_context, krb5_data*, krb5_creds***, krb5_replay_data*);
+krb5_error_code krb5_fwd_tgt_creds (krb5_context, krb5_auth_context, char*, krb5_principal, krb5_principal, krb5_ccache, int forwardable, krb5_data*);
+krb5_error_code krb5_auth_con_init (krb5_context, krb5_auth_context*);
+krb5_error_code krb5_auth_con_free (krb5_context, krb5_auth_context);
+krb5_error_code krb5_auth_con_setflags (krb5_context, krb5_auth_context, krb5_int32);
+krb5_error_code krb5_auth_con_getflags (krb5_context, krb5_auth_context, krb5_int32*);
+krb5_error_code krb5_auth_con_setaddrs (krb5_context, krb5_auth_context, krb5_address*, krb5_address*);
+krb5_error_code krb5_auth_con_getaddrs (krb5_context, krb5_auth_context, krb5_address**, krb5_address**);
+krb5_error_code krb5_auth_con_setports (krb5_context, krb5_auth_context, krb5_address*, krb5_address*);
+krb5_error_code krb5_auth_con_setuseruserkey (krb5_context, krb5_auth_context, krb5_keyblock*);
+krb5_error_code krb5_auth_con_getkey (krb5_context, krb5_auth_context, krb5_keyblock**);
+krb5_error_code krb5_auth_con_getlocalsubkey (krb5_context, krb5_auth_context, krb5_keyblock**);
+krb5_error_code krb5_auth_con_set_req_cksumtype (krb5_context, krb5_auth_context, krb5_cksumtype);
+krb5_error_code krb5_auth_con_set_safe_cksumtype (krb5_context, krb5_auth_context, krb5_cksumtype);
+krb5_error_code krb5_auth_con_getcksumtype (krb5_context, krb5_auth_context, krb5_cksumtype*);
+krb5_error_code krb5_auth_con_getlocalseqnumber (krb5_context, krb5_auth_context, krb5_int32*);
+krb5_error_code krb5_auth_con_getremoteseqnumber (krb5_context, krb5_auth_context, krb5_int32*);
+krb5_error_code krb5_auth_con_initivector (krb5_context, krb5_auth_context);
+krb5_error_code krb5_auth_con_setivector (krb5_context, krb5_auth_context, krb5_pointer);
+krb5_error_code krb5_auth_con_getivector (krb5_context, krb5_auth_context, krb5_pointer*);
+krb5_error_code krb5_auth_con_setrcache (krb5_context, krb5_auth_context, krb5_rcache);
+krb5_error_code krb5_auth_con_getrcache (krb5_context, krb5_auth_context, krb5_rcache*);
+krb5_error_code krb5_auth_con_getauthenticator (krb5_context, krb5_auth_context, krb5_authenticator**);
+krb5_error_code krb5_auth_con_getremotesubkey (krb5_context, krb5_auth_context, krb5_keyblock**);
+krb5_error_code krb5_read_password (krb5_context, const char*, const char*, char*, int*);
+krb5_error_code krb5_aname_to_localname (krb5_context, krb5_const_principal, const int, char*);
+krb5_error_code krb5_get_host_realm (krb5_context, const char*, char***);
+krb5_error_code krb5_free_host_realm (krb5_context, char* const*);
+krb5_error_code krb5_get_realm_domain (krb5_context, const char*, char**);
+krb5_boolean krb5_kuserok (krb5_context, krb5_principal, const char*);
+krb5_error_code krb5_auth_con_genaddrs (krb5_context, krb5_auth_context, int, int);
+krb5_error_code krb5_gen_portaddr (krb5_context, const krb5_address*, krb5_const_pointer, krb5_address**);
+krb5_error_code krb5_make_fulladdr (krb5_context, krb5_address*, krb5_address*, krb5_address*);
+krb5_error_code krb5_os_hostaddr (krb5_context, const char*, krb5_address***);
+krb5_error_code krb5_set_real_time (krb5_context, krb5_int32, krb5_int32);
+krb5_error_code krb5_set_debugging_time (krb5_context, krb5_int32, krb5_int32);
+krb5_error_code krb5_use_natural_time (krb5_context);
+krb5_error_code krb5_get_time_offsets (krb5_context, krb5_int32*, krb5_int32*);
+krb5_error_code krb5_set_time_offsets (krb5_context, krb5_int32, krb5_int32);
+krb5_error_code krb5_string_to_enctype (char*, krb5_enctype*);
+krb5_error_code krb5_string_to_salttype (char*, krb5_int32*);
+krb5_error_code krb5_string_to_cksumtype (char*, krb5_cksumtype*);
+krb5_error_code krb5_string_to_timestamp (char*, krb5_timestamp*);
+krb5_error_code krb5_string_to_deltat (char*, krb5_deltat*);
+krb5_error_code krb5_enctype_to_string (krb5_enctype, char*, size_t);
+krb5_error_code krb5_salttype_to_string (krb5_int32, char*, size_t);
+krb5_error_code krb5_cksumtype_to_string (krb5_cksumtype, char*, size_t);
+krb5_error_code krb5_timestamp_to_string (krb5_timestamp, char*, size_t);
+krb5_error_code krb5_timestamp_to_sfstring (krb5_timestamp, char*, size_t, char*);
+krb5_error_code krb5_deltat_to_string (krb5_deltat, char*, size_t);
+krb5_error_code krb5_prompter_posix (krb5_context context, void*data, const char*name, const char*banner, int num_prompts, krb5_prompt prompts[]);
+void krb5_get_init_creds_opt_init (krb5_get_init_creds_opt*opt);
+void krb5_get_init_creds_opt_set_tkt_life (krb5_get_init_creds_opt*opt, krb5_deltat tkt_life);
+void krb5_get_init_creds_opt_set_renew_life (krb5_get_init_creds_opt*opt, krb5_deltat renew_life);
+void krb5_get_init_creds_opt_set_forwardable (krb5_get_init_creds_opt*opt, int forwardable);
+void krb5_get_init_creds_opt_set_proxiable (krb5_get_init_creds_opt*opt, int proxiable);
+void krb5_get_init_creds_opt_set_etype_list (krb5_get_init_creds_opt*opt, krb5_enctype*etype_list, int etype_list_length);
+void krb5_get_init_creds_opt_set_address_list (krb5_get_init_creds_opt*opt, krb5_address**addresses);
+void krb5_get_init_creds_opt_set_preauth_list (krb5_get_init_creds_opt*opt, krb5_preauthtype*preauth_list, int preauth_list_length);
+void krb5_get_init_creds_opt_set_salt (krb5_get_init_creds_opt*opt, krb5_data*salt);
+krb5_error_code krb5_get_init_creds_password (krb5_context context, krb5_creds*creds, krb5_principal client, char*password, krb5_prompter_fct prompter, void*data, krb5_deltat start_time, char*in_tkt_service, krb5_get_init_creds_opt*options);
+krb5_error_code krb5_get_init_creds_keytab (krb5_context context, krb5_creds*creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, char*in_tkt_service, krb5_get_init_creds_opt*options);
+void krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt*options);
+void krb5_verify_init_creds_opt_set_ap_req_nofail (krb5_verify_init_creds_opt*options, int ap_req_nofail);
+krb5_error_code krb5_verify_init_creds (krb5_context context, krb5_creds*creds, krb5_principal ap_req_server, krb5_keytab ap_req_keytab, krb5_ccache*ccache, krb5_verify_init_creds_opt*options);
+krb5_error_code krb5_get_validated_creds (krb5_context context, krb5_creds*creds, krb5_principal client, krb5_ccache ccache, char*in_tkt_service);
+krb5_error_code krb5_get_renewed_creds (krb5_context context, krb5_creds*creds, krb5_principal client, krb5_ccache ccache, char*in_tkt_service);
+krb5_error_code krb5_realm_iterator_create (krb5_context context, void**iter_p);
+krb5_error_code krb5_realm_iterator (krb5_context context, void**iter_p, char**ret_realm);
+void krb5_realm_iterator_free (krb5_context context, void**iter_p);
+void krb5_free_realm_string (krb5_context context, char*str);
#Temporary exports (DO NOT USE)
decode_krb5_ticket
-# profile_get_values
krb5_random_confounder
krb5_size_opaque
krb5_internalize_opaque
krb5_ser_rcache_init
decode_krb5_ap_req
krb5_mcc_ops
-
-#com_err -- we should really have this in a separate lib!
-# add_error_table
-# remove_error_table
- error_message
-
\ No newline at end of file
##############################################################################################################
# Everything
-all Ä glue all-debug all-final
+all Ä unset-echo glue all-debug all-final
# Debugging versions
-all-debug Ä ppc-debug 68k-debug headers
+all-debug Ä unset-echo ppc-debug 68k-debug headers
# Final versions
-all-final Ä ppc-final 68k-final headers
+all-final Ä unset-echo ppc-final 68k-final headers
# Clasic 68K glue
-glue Ä glue-gss glue-krb5
+glue Ä unset-echo glue-gss glue-krb5
+
+unset-echo Ä
+ If ({MacdevScriptDebug})
+ Set Echo 1
+ Else
+ Unset Echo
+ End
##############################################################################################################
### More global constants
krb5-globals-library-output-folder = {root-folder}:Kerberos5GlobalsLib:Binaries:
krb5-globals-data-library-output-folder = {krb5-globals-library-output-folder}
profile-library-output-folder = {root-folder}:KerberosProfileLib:Binaries:
+comerr-library-output-folder = {root-folder}:ComErrLib:Binaries:
gss-library-name = GSSLib
krb5-library-name = Kerberos5Lib
krb5-globals-library-name = Krb5GlobalsLib
krb5-globals-data-library-name = Krb5GlobalsDataLib
profile-library-name = KrbProfileLib
+comerr-library-name = ComErrLib
gss-library-export = {root-folder}mac:GSSLibrary.exp
krb5-library-export = {root-folder}mac:K5Library.exp
krb5-globals-library-export = {krb5-globals-root-folder}Krb5Globals.exp
krb5-globals-data-library-export = {krb5-globals-root-folder}Krb5GlobalsData.exp
profile-library-export = {root-folder}util:profile:profile.exp
+comerr-library-export = {root-folder}util:et:et.exp
gss-library-fragment-name = "GSSLibrary"
krb5-library-fragment-name = "MIT Kerberos¥Kerberos5Lib"
krb5-globals-library-fragment-name = "MIT Kerberos¥Kerberos5GlobalsLib"
krb5-globals-data-library-fragment-name = "MIT Kerberos¥Kerberos5GlobalsDataLib"
profile-library-fragment-name = "MIT Kerberos¥KerberosProfileLib"
+comerr-library-fragment-name = "MIT Kerberos¥ComErrLib"
gss-library-main = ¶"¶"
krb5-library-main = ¶"¶"
krb5-globals-library-main = ¶"¶"
krb5-globals-data-library-main = ¶"¶"
profile-library-main = ¶"¶"
+comerr-library-main = ¶"¶"
gss-library-init = __initializeGSS
krb5-library-init = __initializeK5
krb5-globals-library-init = __initialize_Kerberos5GlobalsLib
krb5-globals-data-library-init = __initialize
profile-library-init = InitializeProfileLib
+comerr-library-init = __initialize
gss-library-term = __terminateGSS
krb5-library-term = __terminateK5
krb5-globals-library-term = __terminate_Kerberos5GlobalsLib
krb5-globals-data-library-term = __terminate
profile-library-term = TerminateProfileLib
+comerr-library-term = __terminate
gss-library-current-version = 1
gss-library-definition-version = 0
profile-library-definition-version = 0
profile-library-implementation-version = 0
+comerr-library-current-version = 0
+comerr-library-definition-version = 0
+comerr-library-implementation-version = 0
+
##############################################################################################################
### Generation of file lists
##############################################################################################################
+list-generation-script-working-folder = "{root-folder}mac:"
list-generation-script-folder = "{root-folder}mac:"
list-generation-script = "{list-generation-script-folder}macfile_gen.pl"
list-generation-script-root = ".."
-list-generation-script-prefix = "{root-folder}"
all-files-list = {root-folder}"All files.list"
all-sources-list = {root-folder}"All sources.list"
profile-objects-ppc-final-list = {root-folder}"Profile objects PPC final.list"
profile-objects-68k-final-list = {root-folder}"Profile objects 68K final.list"
+comerr-objects-ppc-debug-list = {root-folder}"ComErr objects PPC debug.list"
+comerr-objects-68k-debug-list = {root-folder}"ComErr objects 68K debug.list"
+comerr-objects-ppc-final-list = {root-folder}"ComErr objects PPC final.list"
+comerr-objects-68k-final-list = {root-folder}"ComErr objects 68K final.list"
+
all-lists = ¶
{all-files-list} ¶
{all-sources-list} ¶
{profile-objects-ppc-debug-list} ¶
{profile-objects-68k-debug-list} ¶
{profile-objects-ppc-final-list} ¶
- {profile-objects-68k-final-list}
+ {profile-objects-68k-final-list} ¶
+ {comerr-objects-ppc-debug-list} ¶
+ {comerr-objects-68k-debug-list} ¶
+ {comerr-objects-ppc-final-list} ¶
+ {comerr-objects-68k-final-list}
file-lists Ä {all-lists}
# path to root Makefile.in. This is why we run it with -x to specify the root.
{all-files-list} Ä {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} all-files {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} all-files {list-generation-script-root} ¶
> {Targ}
{all-sources-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} all-sources {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} all-sources {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{all-folders-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} all-folders {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} all-folders {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{include-folders-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} include-folders {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} include-folders {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{gss-sources-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} gss-sources {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-sources {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{krb5-sources-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} krb5-sources {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-sources {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{gss-objects-ppc-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} gss-objects-ppc-debug {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-ppc-debug {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{gss-objects-68k-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} gss-objects-68k-debug {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-68k-debug {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{gss-objects-ppc-final-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} gss-objects-ppc-final {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-ppc-final {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{gss-objects-68k-final-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} gss-objects-68k-final {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-68k-final {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{krb5-objects-ppc-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} krb5-objects-ppc-debug {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-ppc-debug {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{krb5-objects-68k-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} krb5-objects-68k-debug {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-68k-debug {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{krb5-objects-ppc-final-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} krb5-objects-ppc-final {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-ppc-final {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{krb5-objects-68k-final-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} krb5-objects-68k-final {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-68k-final {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{profile-objects-ppc-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} profile-objects-ppc-debug {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-ppc-debug {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{profile-objects-68k-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} profile-objects-68k-debug {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-68k-debug {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{profile-objects-ppc-final-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} profile-objects-ppc-final {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-ppc-final {list-generation-script-root} ¶
< {all-files-list} > {Targ}
{profile-objects-68k-final-list} Ä {all-files-list} {list-generation-script} {makefile-name}
- perl -x"{list-generation-script-folder}" {list-generation-script} profile-objects-68k-final {list-generation-script-root} {list-generation-script-prefix} ¶
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-68k-final {list-generation-script-root} ¶
+ < {all-files-list} > {Targ}
+
+{comerr-objects-ppc-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name}
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-ppc-debug {list-generation-script-root} ¶
+ < {all-files-list} > {Targ}
+
+{comerr-objects-68k-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name}
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-68k-debug {list-generation-script-root} ¶
+ < {all-files-list} > {Targ}
+
+{comerr-objects-ppc-final-list} Ä {all-files-list} {list-generation-script} {makefile-name}
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-ppc-final {list-generation-script-root} ¶
+ < {all-files-list} > {Targ}
+
+{comerr-objects-68k-final-list} Ä {all-files-list} {list-generation-script} {makefile-name}
+ perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-68k-final {list-generation-script-root} ¶
< {all-files-list} > {Targ}
##############################################################################################################
### krb5-globals-library-term -- name of Krb5 globals library termination routine
### krb5-globals-library-linker-options -- all other Krb5 globals library linker options
### For profile library
-### profile-library-output-folder -- destination of Krb5 globals library output
-### profile-library-name -- name of the Krb5 globals library
-### profile-library-export -- name of gss Krb5 globals library export file
-### profile-library-libraries -- list of libraries Krb5 globals library links against
-### profile-library-objects -- list of object files Krb5 globals library links
-### profile-library-fragment-name -- name of Krb5 globals library fragment
-### profile-library-main -- name of Krb5 globals library main entry point
-### profile-library-init -- name of Krb5 globals library initialization routine
-### profile-library-term -- name of Krb5 globals library termination routine
-### profile-library-linker-options -- all other Krb5 globals library linker options
+### profile-library-output-folder -- destination of profile library output
+### profile-library-name -- name of the profile library
+### profile-library-export -- name of gss profile library export file
+### profile-library-libraries -- list of libraries profile library links against
+### profile-library-objects -- list of object files profile library links
+### profile-library-fragment-name -- name of profile library fragment
+### profile-library-main -- name of profile library main entry point
+### profile-library-init -- name of profile library initialization routine
+### profile-library-term -- name of profile library termination routine
+### profile-library-linker-options -- all other profile library linker options
+### For comerr library
+### comerr-library-output-folder -- destination of comerr library output
+### comerr-library-name -- name of the comerr library
+### comerr-library-export -- name of gss comerr library export file
+### comerr-library-libraries -- list of libraries comerr library links against
+### comerr-library-objects -- list of object files comerr library links
+### comerr-library-fragment-name -- name of comerr library fragment
+### comerr-library-main -- name of comerr library main entry point
+### comerr-library-init -- name of comerr library initialization routine
+### comerr-library-term -- name of comerr library termination routine
+### comerr-library-linker-options -- all other comerr library linker options
### General
### library-linker -- linker to use
### autogenerated-files -- list of autogenerated files
gss-library-libraries-ppc-debug = ¶
{standard-libraries-ppc-debug} ¶
{krb5-library-output-folder}{krb5-library-name}{library-platform-ppc}{library-kind-debug} ¶
- {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-debug}
+ {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-debug} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-debug}
gss-library-libraries-68k-debug = ¶
{standard-libraries-68k-debug} ¶
{krb5-library-output-folder}{krb5-library-name}{library-platform-68k}{library-kind-debug} ¶
- {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-debug}
+ {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-debug} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-debug}
gss-library-libraries-ppc-final = ¶
{standard-libraries-ppc-final} ¶
{krb5-library-output-folder}{krb5-library-name}{library-platform-ppc}{library-kind-final} ¶
- {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-final}
+ {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-final} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-final}
gss-library-libraries-68k-final = ¶
{standard-libraries-68k-final} ¶
{krb5-library-output-folder}{krb5-library-name}{library-platform-68k}{library-kind-final} ¶
- {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-final}
+ {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-final} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-final}
krb5-library-libraries-ppc-debug = ¶
{standard-libraries-ppc-debug} ¶
{errorlib-ppc-debug} ¶
{krb5-globals-library-output-folder}{krb5-globals-library-name}{library-platform-ppc}{library-kind-debug} ¶
{profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-debug} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-debug} ¶
¶"{PPCLibraries}PPCMath64Lib.o¶" ¶
¶"{SharedLibraries}DriverServicesLib¶"
krb5-library-libraries-68k-debug = ¶
{socketslib-68k-debug} ¶
{errorlib-68k-debug} ¶
{krb5-globals-library-output-folder}{krb5-globals-library-name}{library-platform-68k}{library-kind-debug} ¶
- {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-debug}
+ {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-debug} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-debug}
krb5-library-libraries-ppc-final = ¶
{standard-libraries-ppc-final} ¶
{ccachelib-ppc-final} ¶
{errorlib-ppc-final} ¶
{krb5-globals-library-output-folder}{krb5-globals-library-name}{library-platform-ppc}{library-kind-final} ¶
{profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-final} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-final} ¶
¶"{PPCLibraries}PPCMath64Lib.o¶" ¶
¶"{SharedLibraries}DriverServicesLib¶"
krb5-library-libraries-68k-final = ¶
{socketslib-68k-final} ¶
{errorlib-68k-final} ¶
{krb5-globals-library-output-folder}{krb5-globals-library-name}{library-platform-68k}{library-kind-final} ¶
- {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-final}
+ {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-final} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-final}
krb5-globals-library-libraries-ppc-debug = ¶
{standard-libraries-ppc-debug} ¶
krb5-globals-data-library-libraries-68k = ¶"{MW68KLibraries}MSL MWCFM68KRuntime.Lib¶"
profile-library-libraries-ppc-debug = ¶
- {standard-libraries-ppc-debug}
+ {standard-libraries-ppc-debug} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-debug}
profile-library-libraries-68k-debug = ¶
- {standard-libraries-68k-debug}
+ {standard-libraries-68k-debug} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-debug}
profile-library-libraries-ppc-final = ¶
- {standard-libraries-ppc-final}
+ {standard-libraries-ppc-final} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-final}
profile-library-libraries-68k-final = ¶
+ {standard-libraries-68k-final} ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-final}
+
+comerr-library-libraries-ppc-debug = ¶
+ {standard-libraries-ppc-debug}
+comerr-library-libraries-68k-debug = ¶
+ {standard-libraries-68k-debug}
+comerr-library-libraries-ppc-final = ¶
+ {standard-libraries-ppc-final}
+comerr-library-libraries-68k-final = ¶
{standard-libraries-68k-final}
### Construct linker options.
profile-library-linker-options-ppc-final = {common-linker-options-final} {profile-library-common-linker-options}
profile-library-linker-options-68k-final = {common-linker-options-final} {profile-library-common-linker-options}
-gss-library-objects-ppc-debug = `catenate {gss-objects-ppc-debug-list}` {root-folder}mac:GSS.CFM{object-suffix-ppc-debug}
-gss-library-objects-68k-debug = `catenate {gss-objects-68k-debug-list}` {root-folder}mac:GSS.CFM{object-suffix-68k-debug}
-gss-library-objects-ppc-final = `catenate {gss-objects-ppc-final-list}` {root-folder}mac:GSS.CFM{object-suffix-ppc-final}
-gss-library-objects-68k-final = `catenate {gss-objects-68k-final-list}` {root-folder}mac:GSS.CFM{object-suffix-68k-final}
-
-krb5-library-objects-ppc-debug = `catenate {krb5-objects-ppc-debug-list}` {root-folder}mac:K5.CFM{object-suffix-ppc-debug}
-krb5-library-objects-68k-debug = `catenate {krb5-objects-68k-debug-list}` {root-folder}mac:K5.CFM{object-suffix-68k-debug}
-krb5-library-objects-ppc-final = `catenate {krb5-objects-ppc-final-list}` {root-folder}mac:K5.CFM{object-suffix-ppc-final}
-krb5-library-objects-68k-final = `catenate {krb5-objects-68k-final-list}` {root-folder}mac:K5.CFM{object-suffix-68k-final}
+comerr-library-common-linker-options = ¶
+ -cv {comerr-library-current-version} ¶
+ -dv {comerr-library-definition-version} ¶
+ -uv {comerr-library-implementation-version}
+
+comerr-library-linker-options-ppc-debug = {common-linker-options-debug} {comerr-library-common-linker-options}
+comerr-library-linker-options-68k-debug = {common-linker-options-debug} {comerr-library-common-linker-options}
+comerr-library-linker-options-ppc-final = {common-linker-options-final} {comerr-library-common-linker-options}
+comerr-library-linker-options-68k-final = {common-linker-options-final} {comerr-library-common-linker-options}
+
+gss-library-objects-ppc-debug = `catenate {gss-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:GSS.CFM{object-suffix-ppc-debug}
+gss-library-objects-68k-debug = `catenate {gss-objects-68k-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:GSS.CFM{object-suffix-68k-debug}
+gss-library-objects-ppc-final = `catenate {gss-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:GSS.CFM{object-suffix-ppc-final}
+gss-library-objects-68k-final = `catenate {gss-objects-68k-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:GSS.CFM{object-suffix-68k-final}
+
+krb5-library-objects-ppc-debug = `catenate {krb5-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:K5.CFM{object-suffix-ppc-debug}
+krb5-library-objects-68k-debug = `catenate {krb5-objects-68k-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:K5.CFM{object-suffix-68k-debug}
+krb5-library-objects-ppc-final = `catenate {krb5-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:K5.CFM{object-suffix-ppc-final}
+krb5-library-objects-68k-final = `catenate {krb5-objects-68k-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:K5.CFM{object-suffix-68k-final}
krb5-globals-library-objects-ppc-debug = ¶
{krb5-globals-root-folder}Krb5Globals{object-suffix-ppc-debug} ¶
krb5-globals-data-library-objects-ppc = {krb5-globals-root-folder}Krb5GlobalsData{object-suffix-ppc-data}
krb5-globals-data-library-objects-68k = {krb5-globals-root-folder}Krb5GlobalsData{object-suffix-68k-data}
-profile-library-objects-ppc-debug = `catenate {profile-objects-ppc-debug-list}` {root-folder}mac:ProfileLib.CFM{object-suffix-ppc-debug}
-profile-library-objects-68k-debug = `catenate {profile-objects-68k-debug-list}` {root-folder}mac:ProfileLib.CFM{object-suffix-68k-debug}
-profile-library-objects-ppc-final = `catenate {profile-objects-ppc-final-list}` {root-folder}mac:ProfileLib.CFM{object-suffix-ppc-final}
-profile-library-objects-68k-final = `catenate {profile-objects-68k-final-list}` {root-folder}mac:ProfileLib.CFM{object-suffix-68k-final}
+profile-library-objects-ppc-debug = `catenate {profile-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:ProfileLib.CFM{object-suffix-ppc-debug}
+profile-library-objects-68k-debug = `catenate {profile-objects-68k-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:ProfileLib.CFM{object-suffix-68k-debug}
+profile-library-objects-ppc-final = `catenate {profile-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:ProfileLib.CFM{object-suffix-ppc-final}
+profile-library-objects-68k-final = `catenate {profile-objects-68k-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶
+ {root-folder}mac:ProfileLib.CFM{object-suffix-68k-final}
+
+comerr-library-objects-ppc-debug = `catenate {comerr-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"`
+comerr-library-objects-68k-debug = `catenate {comerr-objects-68k-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"`
+comerr-library-objects-ppc-final = `catenate {comerr-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"`
+comerr-library-objects-68k-final = `catenate {comerr-objects-68k-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"`
library-linker-ppc = MWLinkPPC
library-linker-68K = MWLink68K
-model farData
# Don't put the prefix file in these options because they are used to precompile the prefix file
-ppc-compiler-options =
+ppc-compiler-options = -tb on
68k-compiler-options = -model cfmflat
debug-compiler-options = -sym on
final-compiler-options = -sym off
-i {mitsupportlib-root-folder}ErrorLib:Headers: ¶
-i {mitsupportlib-root-folder}UtilitiesLib:Headers:
-include-paths = `catenate {include-folders-list}` ¶
+include-paths = `catenate {include-folders-list} | StreamEdit -d -set prefix="{root-folder}mac:" -e "/-i (Å)¨1/ Print '-i 'prefix¨1"` ¶
-i {mitkerberoslib-root-folder}CCacheLib:Headers: ¶
-i {krb5-globals-root-folder} ¶
{mitsupportlib-include-paths}
-d profile-library-fragment-name={profile-library-fragment-name} ¶
-d profile-library-main="{profile-library-main}" ¶
-d profile-library-init="{profile-library-init}" ¶
- -d profile-library-term="{profile-library-term}"
+ -d profile-library-term="{profile-library-term}" ¶
+ -d comerr-library-output-folder="{comerr-library-output-folder}" ¶
+ -d comerr-library-name="{comerr-library-name}" ¶
+ -d comerr-library-export="{comerr-library-export}" ¶
+ -d comerr-library-fragment-name={comerr-library-fragment-name} ¶
+ -d comerr-library-main="{comerr-library-main}" ¶
+ -d comerr-library-init="{comerr-library-init}" ¶
+ -d comerr-library-term="{comerr-library-term}"
make-options-ppc-debug = ¶
-d library-linker="{library-linker-ppc}" ¶
-d profile-library-libraries="{profile-library-libraries-ppc-debug}" ¶
-d profile-library-objects="{profile-library-objects-ppc-debug}" ¶
-d profile-library-linker-options="{profile-library-linker-options-ppc-debug}" ¶
+ -d comerr-library-libraries="{comerr-library-libraries-ppc-debug}" ¶
+ -d comerr-library-objects="{comerr-library-objects-ppc-debug}" ¶
+ -d comerr-library-linker-options="{comerr-library-linker-options-ppc-debug}" ¶
-d object-suffix="{object-suffix-ppc-debug}" ¶
-d object-suffix-data="{object-suffix-ppc-data}" ¶
-d compiler-options="{compiler-options-ppc-debug}" ¶
-d profile-library-libraries="{profile-library-libraries-68k-debug}" ¶
-d profile-library-objects="{profile-library-objects-68k-debug}" ¶
-d profile-library-linker-options="{profile-library-linker-options-68k-debug}" ¶
+ -d comerr-library-libraries="{comerr-library-libraries-68k-debug}" ¶
+ -d comerr-library-objects="{comerr-library-objects-68k-debug}" ¶
+ -d comerr-library-linker-options="{comerr-library-linker-options-68k-debug}" ¶
-d object-suffix="{object-suffix-68k-debug}" ¶
-d object-suffix-data="{object-suffix-68k-data}" ¶
-d compiler-options="{compiler-options-68k-debug}" ¶
-d profile-library-libraries="{profile-library-libraries-ppc-final}" ¶
-d profile-library-objects="{profile-library-objects-ppc-final}" ¶
-d profile-library-linker-options="{profile-library-linker-options-ppc-final}" ¶
+ -d comerr-library-libraries="{comerr-library-libraries-ppc-final}" ¶
+ -d comerr-library-objects="{comerr-library-objects-ppc-final}" ¶
+ -d comerr-library-linker-options="{comerr-library-linker-options-ppc-final}" ¶
-d object-suffix="{object-suffix-ppc-final}" ¶
-d object-suffix-data="{object-suffix-ppc-data}" ¶
-d compiler-options="{compiler-options-ppc-final}" ¶
-d profile-library-libraries="{profile-library-libraries-68k-final}" ¶
-d profile-library-objects="{profile-library-objects-68k-final}" ¶
-d profile-library-linker-options="{profile-library-linker-options-68k-final}" ¶
+ -d comerr-library-libraries="{comerr-library-libraries-68k-final}" ¶
+ -d comerr-library-objects="{comerr-library-objects-68k-final}" ¶
+ -d comerr-library-linker-options="{comerr-library-linker-options-68k-final}" ¶
-d object-suffix="{object-suffix-68k-final}" ¶
-d object-suffix-data="{object-suffix-68k-data}" ¶
-d compiler-options="{compiler-options-68k-final}" ¶
submakefile-target = gss-library
ppc-debug Ä {makefile-name} {gss-objects-ppc-debug-list} {krb5-objects-ppc-debug-list} ¶
- {profile-objects-ppc-debug-list} {include-folders-list}
+ {profile-objects-ppc-debug-list} {comerr-objects-ppc-debug-list} {include-folders-list}
Make {make-options-common} {make-options-ppc-debug} {submakefile-target} > {make-output}
{make-output}
68k-debug Ä {makefile-name} {gss-objects-68k-debug-list} {krb5-objects-68k-debug-list} ¶
- {profile-objects-68k-debug-list} {include-folders-list}
+ {profile-objects-68k-debug-list} {comerr-objects-68k-debug-list} {include-folders-list}
Make {make-options-common} {make-options-68k-debug} {submakefile-target} > {make-output}
{make-output}
ppc-final Ä {makefile-name} {gss-objects-ppc-final-list} {krb5-objects-ppc-final-list} ¶
- {profile-objects-ppc-final-list} {include-folders-list}
+ {profile-objects-ppc-final-list} {comerr-objects-ppc-final-list} {include-folders-list}
Make {make-options-common} {make-options-ppc-final} {submakefile-target} > {make-output}
{make-output}
68k-final Ä {makefile-name} {gss-objects-68k-final-list} {krb5-objects-68k-final-list} ¶
- {profile-objects-68k-final-list} {include-folders-list}
+ {profile-objects-68k-final-list} {comerr-objects-68k-final-list} {include-folders-list}
Make {make-options-common} {make-options-68k-final} {submakefile-target} > {make-output}
{make-output}
### profile-library-init -- name of profile library initialization routine
### profile-library-term -- name of profile library termination routine
### profile-library-linker-options -- all other profile library linker options
+### For comerr library
+### comerr-library-output-folder -- destination of comerr library output
+### comerr-library-name -- name of the comerr library
+### comerr-library-export -- name of comerr library export file
+### comerr-library-libraries -- list of libraries comerr library links against
+### comerr-library-objects -- list of object files comerr library links
+### comerr-library-fragment-name -- name of comerr library fragment
+### comerr-library-main -- name of comerr library main entry point
+### comerr-library-init -- name of comerr library initialization routine
+### comerr-library-term -- name of comerr library termination routine
+### comerr-library-linker-options -- all other comerr library linker options
### General
### library-linker -- linker to use
### autogenerated-files -- list of autogenerated files
profile-library-libraries =
profile-library-objects =
profile-library-linker-options =
+comerr-library-libraries =
+comerr-library-objects =
+comerr-library-linker-options =
### Generate various major components of build commands from the above variables
gss-library-output-files = ¶
{profile-library-linker-options} ¶
{profile-library-objects} {profile-library-libraries}
+comerr-library-output-files = ¶
+ {comerr-library-output-folder}{comerr-library-name}{library-platform}{library-kind}
+comerr-library-dependencies = ¶
+ {autogenerated-files} {comerr-library-export} {comerr-library-libraries} {comerr-library-objects}
+comerr-library-build-command = ¶
+ {library-linker} ¶
+ -name "{comerr-library-fragment-name}{library-kind}" ¶
+ -main {comerr-library-main} ¶
+ -init {comerr-library-init} ¶
+ -term {comerr-library-term} ¶
+ -@export {comerr-library-export} ¶
+ -map {comerr-library-output-folder}{comerr-library-name}{library-platform}{library-kind}.MAP ¶
+ -o {comerr-library-output-folder}{comerr-library-name}{library-platform}{library-kind} ¶
+ {comerr-library-linker-options} ¶
+ {comerr-library-objects} {comerr-library-libraries}
+
### Build commands
gss-library Ä {gss-library-output-files}
krb5-globals-library Ä {krb5-globals-library-output-files}
krb5-globals-data-library Ä {krb5-globals-data-library-output-files}
profile-library Ä {profile-library-output-files}
+comerr-library Ä {comerr-library-output-files}
{gss-library-output-files} ÄÄ {gss-library-dependencies} {makefile-name}
{create-folder} {gss-library-output-folder}
{create-folder} {profile-library-output-folder}
{profile-library-build-command}
+{comerr-library-output-files} ÄÄ {comerr-library-dependencies} {makefile-name}
+ {create-folder} {comerr-library-output-folder}
+ {comerr-library-build-command}
+
##############################################################################################################
### Default compilation rules
##############################################################################################################
{object-suffix} Ä .c {autogenerated-files} {makefile-name} {precompiled-headers}
+ echo {DepDir}{Default}.c
{compiler} {DepDir}{Default}.c -o {DepDir}{Default}{object-suffix} {compiler-options}
{object-suffix-data} Ä .c {autogenerated-files} {makefile-name} {precompiled-headers}
+ echo {DepDir}{Default}.c
{compiler} {DepDir}{Default}.c -o {DepDir}{Default}{object-suffix-data} {compiler-options}
##############################################################################################################
classic-glue-generation-script = {root-folder}mac:CFMGlue.pl
gss-library-glue-output-folder = {root-folder}:GSSLib:ClassicGlue:
krb5-library-glue-output-folder = {root-folder}:Kerberos5Lib:ClassicGlue:
+profile-library-glue-output-folder = {root-folder}:KerberosProfileLib:ClassicGlue:
+comerr-library-glue-output-folder = {root-folder}:ComErrLib:ClassicGlue:
gss-library-glue-output = {gss-library-glue-output-folder}GSSLib.glue.c
krb5-library-glue-output = {krb5-library-glue-output-folder}Kerberos5Lib.glue.c
+profile-library-glue-output = {profile-library-glue-output-folder}KrbProfileLib.glue.c
+comerr-library-glue-output = {comerr-library-glue-output-folder}ComErrLib.glue.c
classic-glue-output = ¶
{gss-library-glue-output} ¶
- {krb5-library-glue-output}
+ {krb5-library-glue-output} ¶
+ {profile-library-glue-output} ¶
+ {comerr-library-glue-output}
glue Ä {classic-glue-output}
glue-gss Ä {gss-library-glue-output}
glue-krb5 Ä {krb5-library-glue-output}
+glue-profile Ä {profile-library-glue-output}
+glue-comerr Ä {comerr-library-glue-output}
{krb5-library-glue-output} Ä {root-folder}mac:K5.CFMglue.cin {root-folder}mac:K5.CFMglue.proto.h ¶
{root-folder}mac:CFMglue.c {root-folder}mac:K5.moreCFMglue.cin {classic-glue-generation-script}
Catenate {root-folder}mac:GSS.CFMglue.cin {root-folder}mac:CFMglue.c {root-folder}mac:GSS.CFMglue.c ¶
{root-folder}mac:GSS.moreCFMglue.cin | Catenate > {gss-library-glue-output}
+{profile-library-glue-output} Ä {root-folder}mac:KrbProfileLib.glue.pre.cin {root-folder}mac:KrbProfileLib.glue.proto.h ¶
+ {root-folder}mac:CFMglue.c {root-folder}mac:KrbProfileLib.glue.post.cin {classic-glue-generation-script}
+ {create-folder} {profile-library-glue-output-folder}
+ perl {classic-glue-generation-script} < {root-folder}mac:KrbProfileLib.glue.proto.h > {root-folder}mac:KrbProfileLib.CFMglue.c
+ Catenate {root-folder}mac:KrbProfileLib.glue.pre.cin {root-folder}mac:CFMglue.c {root-folder}mac:KrbProfileLib.CFMglue.c ¶
+ {root-folder}mac:KrbProfileLib.glue.post.cin | Catenate > {profile-library-glue-output}
+
+{comerr-library-glue-output} Ä {root-folder}mac:ComErrLib.glue.pre.cin {root-folder}mac:ComErrLib.glue.proto.h ¶
+ {root-folder}mac:CFMglue.c {root-folder}mac:ComErrLib.glue.post.cin {classic-glue-generation-script}
+ {create-folder} {comerr-library-glue-output-folder}
+ perl {classic-glue-generation-script} < {root-folder}mac:ComErrLib.glue.proto.h > {root-folder}mac:ComErrLib.CFMglue.c
+ Catenate {root-folder}mac:ComErrLib.glue.pre.cin {root-folder}mac:CFMglue.c {root-folder}mac:ComErrLib.CFMglue.c ¶
+ {root-folder}mac:ComErrLib.glue.post.cin | Catenate > {comerr-library-glue-output}
+
##############################################################################################################
### Clean target deletes all generated files
##############################################################################################################
End
Duplicate -y "{root-folder}util:profile:profile.h" "{Targ}"
SetFile -a l "{Targ}"
+
+##############################################################################################################
+### Copying documentation around
+##############################################################################################################
+
+gss-documentation-output-folder = {root-folder}:GSSLib:Documentation:
+krb5-documentation-output-folder = {root-folder}:Kerberos5Lib:Documentation:
+krb5-globals-documentation-output-folder = {root-folder}:Kerberos5GlobalsLib:Documentation:
+profile-documentation-output-folder = {root-folder}:KerberosProfileLib:Documentation:
+
+gss-documentation-output = ""
+
+krb5-documentation-output = ¶
+ "{krb5-documentation-output-folder}krb5api.pdf"
+
+krb5-globals-documentation-output = ¶
+ "{krb5-globals-documentation-output-folder}Kerberos5Globals.html"
+
+profile-documentation-output = ""
+
+documentation-output = {gss-documentation-output} {krb5-documentation-output} ¶
+ {krb5-globals-documentation-output} {profile-documentation-output}
+
+documentation Ä {documentation-output}
+
+"{krb5-documentation-output-folder}krb5api.pdf" Ä {makefile-name}
+ "{create-folder}" "{TargDir}"
+ If (`Exists "{Targ}" | Count -l`)
+ SetFile -a l "{Targ}"
+ End
+ If (`Exists "{root-folder}:::Documentation:pdf:krb5api.pdf"`)
+ Duplicate -y "{root-folder}:::Documentation:pdf:krb5api.pdf" "{Targ}"
+ End
+ SetFile -a l "{Targ}"
+
+"{krb5-globals-documentation-output-folder}Kerberos5Globals.html" Ä "{root-folder}mac:libraries:Kerberos v5 Globals:Krb5Globals.html" {makefile-name}
+ "{create-folder}" "{TargDir}"
+ If (`Exists "{Targ}" | Count -l`)
+ SetFile -a l "{Targ}"
+ End
+ Duplicate -y "{root-folder}mac:libraries:Kerberos v5 Globals:Krb5Globals.html" "{Targ}"
+ SetFile -a l "{Targ}"
separated profile lib
fixed krb5 library CFM version numbers
fixed makefile and perl scripts to build form arbitrary root
+
+--- version upped to 2.5a1 ---
2.5a1 - Monday, July 26, 1999 1:00:00 PM
changed profile lib to use FSSpecs
removed "MIT Kerberos¥GSSLib" alias
removed "K5Library alias"
removed com_err exports from krb5 lib
- fixed win-mac.h redefinition of size_t
\ No newline at end of file
+ fixed win-mac.h redefinition of size_t
+
+2.5a2 - Friday, August 6, 1999 1:40:00 PM
+ fixed huge profile memory leak
+ fixed memory leak in krb5_stdcc_destroy
+ added traceback tables to PPC versions
+
+2.5b1
+ from tag Mac_GSSKerberos5_2_5b1
+ separated com_err lib
+ now tracking krb5-1-1 branch
+ added CCache cleanup to CFM termination procs
\ No newline at end of file
# gss-sources -- complete list of mac GSS sources, relative to root
# krb5-sources -- complete list of mac Krb5 sources, relative to root
# profile-sources -- complete list of mac profile sources, relative to root
+# comerr-sources -- complete list of mac com_err sources, relative to root
# gss-objects-ppc-debug -- complete list of mac GSS PPC debug objects, relative to root
# gss-objects-68k-debug -- complete list of mac GSS 68K debug objects, relative to root
# gss-objects-ppc-final -- complete list of mac GSS PPC final objects, relative to root
# profile-objects-68k-debug -- complete list of mac profile v5 68K debug objects, relative to root
# profile-objects-ppc-final -- complete list of mac profile v5 PPC final objects, relative to root
# profile-objects-68k-final -- complete list of mac profile v5 68K final objects, relative to root
+# comerr-objects-ppc-debug -- complete list of mac com_err PPC debug objects, relative to root
+# comerr-objects-68k-debug -- complete list of mac com_err v5 68K debug objects, relative to root
+# comerr-objects-ppc-final -- complete list of mac com_err v5 PPC final objects, relative to root
+# comerr-objects-68k-final -- complete list of mac com_err v5 68K final objects, relative to root
# include-folders -- complete list of include paths, relative to root
#
# input on stdin
# output on stdout
# Check number of arguments
-if (scalar @ARGV != 3) {
+if (scalar @ARGV != 2) {
print (STDERR "Got " . scalar @ARGV . " arguments, expected 2");
&usage;
exit;
# Parse arguments
$action = $ARGV [0];
$ROOT = $ARGV [1];
-$prefix = $ARGV [2];
+#$prefix = $ARGV [2];
# Read source list
if ($action ne "all-files") {
} else {
@sourceList = &make_macfile_maclist (&make_macfile_list ());
- foreach (@sourceList) {
- $_ =~ s/^:/$prefix/;
- }
+# foreach (@sourceList) {
+# $_ =~ s/^:/$prefix/;
+# }
# @sourceList = map { $prefix . $_;} @sourceList;
}
@outputList = grep (/:profile:/, @sourceList);
print (STDERR "Done. \n");
+} elsif ($action eq "comerr-sources") {
+
+ print (STDERR "# Building profile source listÉ ");
+ @outputList = grep (/:et:/, @sourceList);
+ print (STDERR "Done. \n");
+
} elsif ($action eq "gss-objects-ppc-debug") {
print (STDERR "# Building GSS PPC debug object listÉ ");
print (STDERR "# Building profile PPC debug object listÉ ");
@outputList = grep (s/\.c$/\.ppcd.o/, @sourceList);
- @outputList = grep (/:profile:|:et:/, @outputList);
+ @outputList = grep (/:profile:/, @outputList);
print (STDERR "Done. \n");
} elsif ($action eq "profile-objects-68k-debug") {
print (STDERR "# Building profile 68K debug object listÉ ");
@outputList = grep (s/\.c$/\.68kd.o/, @sourceList);
- @outputList = grep (/:profile:|:et:/, @outputList);
+ @outputList = grep (/:profile:/, @outputList);
print (STDERR "Done. \n");
} elsif ($action eq "profile-objects-ppc-final") {
print (STDERR "# Building profile PPC final object listÉ ");
@outputList = grep (s/\.c$/\.ppcf.o/, @sourceList);
- @outputList = grep (/:profile:|:et:/, @outputList);
+ @outputList = grep (/:profile:/, @outputList);
print (STDERR "Done. \n");
} elsif ($action eq "profile-objects-68k-final") {
print (STDERR "# Building profile 68K final object listÉ ");
@outputList = grep (s/\.c$/\.68kf.o/, @sourceList);
- @outputList = grep (/:profile:|:et:/, @outputList);
+ @outputList = grep (/:profile:/, @outputList);
+ print (STDERR "Done. \n");
+
+} elsif ($action eq "comerr-objects-ppc-debug") {
+
+ print (STDERR "# Building com_err PPC debug object listÉ ");
+ @outputList = grep (s/\.c$/\.ppcd.o/, @sourceList);
+ @outputList = grep (/:et:/, @outputList);
+ print (STDERR "Done. \n");
+
+} elsif ($action eq "comerr-objects-68k-debug") {
+
+ print (STDERR "# Building com_err 68K debug object listÉ ");
+ @outputList = grep (s/\.c$/\.68kd.o/, @sourceList);
+ @outputList = grep (/:et:/, @outputList);
+ print (STDERR "Done. \n");
+
+} elsif ($action eq "comerr-objects-ppc-final") {
+
+ print (STDERR "# Building com_err PPC final object listÉ ");
+ @outputList = grep (s/\.c$/\.ppcf.o/, @sourceList);
+ @outputList = grep (/:et:/, @outputList);
+ print (STDERR "Done. \n");
+
+} elsif ($action eq "comerr-objects-68k-final") {
+
+ print (STDERR "# Building com_err 68K final object listÉ ");
+ @outputList = grep (s/\.c$/\.68kf.o/, @sourceList);
+ @outputList = grep (/:et:/, @outputList);
print (STDERR "Done. \n");
} elsif ($action eq "include-folders") {
+1999-08-31 Ken Raeburn <raeburn@mit.edu>
+
+ * default.exp (setup_kerberos_files): Set kdc_supported_enctypes
+ in kdc.conf, and include des3-cbc-sha1:normal.
+ (setup_kerberos_db): If setting up krbtgt to use des3, now use
+ only des3, not des3 and des-crc both.
+
+1999-08-30 Ken Raeburn <raeburn@raeburn.org>
+
+ * default.exp (des3_krbtgt): New variable.
+ (setup_kerberos_files): Remove des3 from supported_enctypes in
+ kdc.conf.
+ (setup_kerberos_db): If des3_krbtgt is set, change krbtgt key, and
+ get a des3 key in addition to des.
+
+1999-08-27 Ken Raeburn <raeburn@raeburn.org>
+
+ * default.exp: Set default principal expiration a bit further into
+ the future.
+
+1999-08-26 Tom Yu <tlyu@mit.edu>
+
+ * default.exp (setup_kerberos_files): Tweak enctypes entered into
+ config files to exercise 3DES a little.
+
Fri Jan 30 23:48:57 1998 Tom Yu <tlyu@mit.edu>
* default.exp: Add kpasswd_server to krb5.conf.
set stty_init {erase \^h kill \^u}
set env(TERM) dumb
+set des3_krbtgt 1
+
# We do everything in a temporary directory.
if ![file isdirectory tmpdir] {catch "exec mkdir tmpdir" status}
set conffile [open tmpdir/krb5.conf w]
puts $conffile "\[libdefaults\]"
puts $conffile " default_realm = $REALMNAME"
- puts $conffile "default_tgs_enctypes = des3-cbc-md5 des-cbc-md5 des-cbc-crc"
+ puts $conffile "default_tgs_enctypes = des-cbc-md5 des-cbc-crc"
puts $conffile ""
puts $conffile "\[realms\]"
puts $conffile " $REALMNAME = \{"
puts $conffile " max_renewable_life = 3:00:00"
puts $conffile " master_key_type = des-cbc-md5"
puts $conffile " master_key_name = master/key"
- puts $conffile " supported_enctypes = des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
+# des3-cbc-sha1:normal
+ puts $conffile " supported_enctypes = des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
+ puts $conffile " kdc_supported_enctypes = des3-cbc-sha1:normal des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
puts $conffile " kdc_ports = 3088"
- puts $conffile " default_principal_expiration = 99.12.31.23.59.59"
+ puts $conffile " default_principal_expiration = 2037.12.31.23.59.59"
puts $conffile " default_principal_flags = -postdateable forwardable"
puts $conffile " \}"
puts $conffile ""
global KEY
global tmppwd
global spawn_id
+ global des3_krbtgt
if {!$standalone && [file exists tmpdir/db.ok]} {
return 1
return 0
}
+ if $des3_krbtgt {
+ # Set the TGT key to DES3.
+ spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal
+ expect_after {
+ timeout {
+ catch "expect_after"
+ fail "kadmin.local (timeout)"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
+ }
+ return 0
+ }
+ eof {
+ catch "expect_after"
+ fail "kadmin.local (eof)"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
+ }
+ return 0
+ }
+ }
+ expect "kadmin.local: "
+ send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r"
+ # It echos...
+ expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r"
+ expect {
+ "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { }
+ }
+ expect "kadmin.local: "
+ send "quit\r"
+ expect "\r"
+ expect_after
+ if ![check_exit_status kadmin_local] {
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
+ }
+ return 0
+ }
+ }
+
if ![setup_kadmind_srvtab] {
return 0
}
+1999-08-16 Tom Yu <tlyu@mit.edu>
+
+ * mkrel (reldate): Fix to deal with release branch snapshots.
+
Wed May 19 11:43:36 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Add all and cleanup rules for windows for windows,
+1999-08-15 Tom Yu <tlyu@mit.edu>
+
+ * README.NOT.SLEEPYCAT.DB: New file; pointer to README to
+ hopefully unconfuse people.
+
+ * README: Add notice to the effect that this is not Berkeley or
+ Sleepycat DB.
+
+ * README.db2: Renamed from README.
+
Fri Feb 13 14:37:47 1998 Tom Yu <tlyu@mit.edu>
* recno/extern.h: Additional renaming.
-# @(#)README 8.28 (Berkeley) 11/2/95
-
-This is version 2.0-ALPHA of the Berkeley DB code.
-THIS IS A PRELIMINARY RELEASE.
-
-For information on compiling and installing this software, see the file
-PORT/README.
-
-Newer versions of this software will periodically be made available by
-anonymous ftp from ftp.cs.berkeley.edu:ucb/4bsd/db.tar.{Z,gz} and from
-ftp.harvard.edu:margo/db.tar.{Z,gz}. If you want to receive announcements
-of future releases of this software, send email to the contact address
-below.
-
-Email questions may be addressed to dbinfo@eecs.harvard.edu.
-
-============================================
-Distribution contents:
-
-README This file.
-CHANGELOG List of changes, per version.
-btree B+tree access method.
-db The db_open interface routine.
-docs Various USENIX papers, and the formatted manual pages.
-hash Extended linear hashing access method.
-lock Lock manager.
-log Log manager.
-man The unformatted manual pages.
-mpool The buffer manager support.
-mutex Mutex support.
-recno The fixed/variable length record access method.
-test Test package.
-txn Transaction support.
-
-============================================
-Debugging:
-
-If you're running a memory checker (e.g. Purify) on DB, make sure that
-you recompile it with "-DPURIFY" in the CFLAGS, first. By default,
-allocated pages are not initialized by the DB code, and they will show
-up as reads of uninitialized memory in the buffer write routines.
+ IMPORTANT NOTICE:
+
+This directory contains code of somewhat unknown origin that is
+INCOMPATIBLE with both Berkeley DB 1.85 and Sleepycat DB 2.x. Do NOT
+contact Sleepycat regarding bugs in code found here; they do not
+appreciate it. All bug reports about this code should go to the MIT
+Kerberos team via krb5-send-pr or email to krb5-bugs@mit.edu, as
+usual.
+
+It is believed that this "db" code originated from Berkeley DB 1.85
+and was further modified by Cygnus and the MIT Kerberos team. Some
+significant changes to the hash code occured at some point.
+
+The file README.db2 contains the README file provided with the
+2.0-alpha release of Berkeley/Sleepycat DB, which may contain
+marginally useful information. It is not known at this time how well
+this code matches that of the 2.0-alpha release.
--- /dev/null
+THIS IS NOT THE SLEEPYCAT DB.
+Please see the README file for more information.
--- /dev/null
+# @(#)README 8.28 (Berkeley) 11/2/95
+
+This is version 2.0-ALPHA of the Berkeley DB code.
+THIS IS A PRELIMINARY RELEASE.
+
+For information on compiling and installing this software, see the file
+PORT/README.
+
+Newer versions of this software will periodically be made available by
+anonymous ftp from ftp.cs.berkeley.edu:ucb/4bsd/db.tar.{Z,gz} and from
+ftp.harvard.edu:margo/db.tar.{Z,gz}. If you want to receive announcements
+of future releases of this software, send email to the contact address
+below.
+
+Email questions may be addressed to dbinfo@eecs.harvard.edu.
+
+============================================
+Distribution contents:
+
+README This file.
+CHANGELOG List of changes, per version.
+btree B+tree access method.
+db The db_open interface routine.
+docs Various USENIX papers, and the formatted manual pages.
+hash Extended linear hashing access method.
+lock Lock manager.
+log Log manager.
+man The unformatted manual pages.
+mpool The buffer manager support.
+mutex Mutex support.
+recno The fixed/variable length record access method.
+test Test package.
+txn Transaction support.
+
+============================================
+Debugging:
+
+If you're running a memory checker (e.g. Purify) on DB, make sure that
+you recompile it with "-DPURIFY" in the CFLAGS, first. By default,
+allocated pages are not initialized by the DB code, and they will show
+up as reads of uninitialized memory in the buffer write routines.
+1999-08-18 Miro Jurisic <meeroh@mit.edu>
+
+ * et.exp: Added et.exp, MacOS export file for com_err library
+
1999-06-15 Danilo Almeida <dalmeida@mit.edu>
* texinfo.tex: Get rid of control characters in text file.
--- /dev/null
+#
+# comerr library Macintosh export file
+#
+# $Header$
+
+error_message
+add_error_table
+remove_error_table
relminor=`echo $release|awk -F. '{print $2}'`
relpatch=`echo $release|awk -F. '{print $3}'`
;;
+krb5-*.*-current)
+ release=`echo $reldir|sed -e 's/krb5-//'`
+ relhead=`echo $release|sed -e 's/-.*//'`
+ relmajor=`echo $relhead|awk -F. '{print $1}'`
+ relminor=`echo $relhead|awk -F. '{print $2}'`
+ release=${relhead}-$reldate
+ ;;
+krb5-*.*-*)
+ release=`echo $reldir|sed -e 's/krb5-//'`
+ relhead=`echo $release|sed -e 's/-.*//'`
+ relmajor=`echo $relhead|awk -F. '{print $1}'`
+ relminor=`echo $relhead|awk -F. '{print $2}'`
+ ;;
krb5-*.*)
release=`echo $reldir|sed -e 's/krb5-//'`
relmajor=`echo $release|awk -F. '{print $1}'`
krb5-current)
release=current-$reldate
;;
-*);;
+*)
+ release="$reldir"
+ ;;
esac
+echo "release=$release"
+echo "major=$relmajor minor=$relminor patch=$relpatch"
+
+# $release is used for send-pr
+# $reltag, $release, $reldate are used for brand.c currently
+# $relmajor, $relminor, $relpatch are used for patchlevel.h currently
+
if test $checkout = t; then
echo "Checking out krb5 with tag $reltag into directory $reldir..."
cvs -q -d $repository export -r$reltag -d $reldir krb5
+1999-09-01 Danilo Almeida <dalmeida@mit.edu>
+
+ * profile.hin (profile_init, profile_init_path): Define and use
+ const_profile_filespec_t.
+
+ * prof_init.c (profile_init, profile_init_path):
+ * prof_file.c (profile_open_file):
+ * prof_int.h (profile_open_file): Use const_profile_filespec_t.
+
+ * prof_int.h (PROFILE_LAST_FILESPEC): Compare a char against a char,
+ not a void*.
+
+ * Makefile.in: Remove DOSDEFS to avoid warnings. The thing it
+ defined is already set in win-mac.h.
+
+1999-08-18 Miro Jurisic <meeroh@mit.edu>
+
+ * profile.exp: removed com_err functions (they are in a library
+ of their own now) from MacOS export file
+
1999-08-05 Danilo Almeida <dalmeida@mit.edu>
* prof_get.c (profile_free_string):
##DOS##BUILDTOP = ..\..
##DOS##OBJFILE=$(OUTPRE)profile.lst
##DOS##LIBNAME=$(OUTPRE)profile.lib
-##DOS##DOSDEFS=-DHAVE_STDLIB_H
-CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) $(DOSDEFS)
+CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE)
LOCALINCLUDE=-I. -I$(srcdir)/../et
}
errcode_t profile_open_file(filespec, ret_prof)
- profile_filespec_t filespec;
+ const_profile_filespec_t filespec;
prf_file_t *ret_prof;
{
prf_file_t prf;
KRB5_DLLIMP errcode_t KRB5_CALLCONV
profile_init(files, ret_profile)
- profile_filespec_t *files;
+ const_profile_filespec_t *files;
profile_t *ret_profile;
{
- profile_filespec_t *fs;
+ const_profile_filespec_t *fs;
profile_t profile;
prf_file_t new_file, last = 0;
errcode_t retval = 0;
initialize_prof_error_table();
-
+
profile = malloc(sizeof(struct _profile_t));
if (!profile)
return ENOMEM;
*/
KRB5_DLLIMP errcode_t KRB5_CALLCONV
profile_init_path(filepath, ret_profile)
- profile_filespec_list_t filepath;
+ const_profile_filespec_list_t filepath;
profile_t *ret_profile;
{
int n_entries, i;
*/
#ifdef PROFILE_USES_PATHS
-#define PROFILE_LAST_FILESPEC(x) (((x) == NULL) || ((x)[0] == NULL))
+#define PROFILE_LAST_FILESPEC(x) (((x) == NULL) || ((x)[0] == '\0'))
#else
#define PROFILE_LAST_FILESPEC(x) (((x).vRefNum == 0) && ((x).parID == 0) && ((x).name[0] == '\0'))
#endif
/* prof_file.c */
errcode_t profile_open_file
- PROTOTYPE ((profile_filespec_t file, prf_file_t *ret_prof));
+ PROTOTYPE ((const_profile_filespec_t file, prf_file_t *ret_prof));
errcode_t profile_update_file
PROTOTYPE ((prf_file_t profile));
### Temporary -- DO NOT USE
-error_message
-add_error_table
-remove_error_table
profile_ser_internalize
profile_ser_externalize
profile_ser_size
#endif
#ifdef PROFILE_USES_PATHS
-typedef char* profile_filespec_t; /* path as C string */
+typedef char* profile_filespec_t; /* path as C string */
typedef char* profile_filespec_list_t; /* list of : separated paths, C string */
+typedef const char* const_profile_filespec_t; /* path as C string */
+typedef const char* const_profile_filespec_list_t; /* list of : separated paths, C string */
#else
/* On MacOS, we use native file specifiers as unique file identifiers */
#include <Files.h>
typedef FSSpec profile_filespec_t;
-typedef FSSpec* profile_filespec_list_t;
- /* array should be terminated with {0, 0, ""} */
+typedef FSSpec* profile_filespec_list_t;
+/* array should be terminated with {0, 0, ""} */
+typedef FSSpec const_profile_filespec_t;
+typedef FSSpec* const_profile_filespec_list_t;
#endif
KRB5_DLLIMP long KRB5_CALLCONV profile_init
- PROTOTYPE ((profile_filespec_t *files, profile_t *ret_profile));
+ PROTOTYPE ((const_profile_filespec_t *files, profile_t *ret_profile));
KRB5_DLLIMP long KRB5_CALLCONV profile_init_path
- PROTOTYPE ((profile_filespec_list_t filelist, profile_t *ret_profile));
+ PROTOTYPE ((const_profile_filespec_list_t filelist, profile_t *ret_profile));
KRB5_DLLIMP long KRB5_CALLCONV profile_flush
PROTOTYPE ((profile_t profile));
+1999-09-01 Danilo Almeida <dalmeida@mit.edu>
+
+ * readme, README: readme renamed to README.
+
+ * version.rc: Boost version to 1.1. Include 1998 & 1999 in copyright
+ years.
+
1999-06-21 Danilo Almeida <dalmeida@mit.edu>
* version.rc: Boost version to 1.0.8.
+1999-08-26 Danilo Almeida <dalmeida@mit.edu>
+
+ * cns_reg.c (cns_load_registry, cns_save_registry): Honor setting
+ in cns_res.cc_override.
+
Mon May 17 19:55:08 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Add included version resouce script to
} else
strcpy(cns_res.confname, cns_res.def_confname);
- if (registry_string_get(key, "ccname", &ts) == 0) {
+ if (cns_res.cc_override && (registry_string_get(key, "ccname", &ts) == 0)) {
strcpy(cns_res.ccname, ts);
free(ts);
} else
registry_string_set(key, "realm", cns_res.realm);
if (cns_res.conf_override)
- if (strcmp(cns_res.confname, cns_res.def_confname))
- registry_string_set(key, "confname", cns_res.confname);
- else
- registry_value_delete(key, "confname");
+ {
+ if (strcmp(cns_res.confname, cns_res.def_confname))
+ registry_string_set(key, "confname", cns_res.confname);
+ else
+ registry_value_delete(key, "confname");
+ }
- if (strcmp(cns_res.ccname, cns_res.def_ccname))
+ if (cns_res.cc_override)
+ {
+ if (strcmp(cns_res.ccname, cns_res.def_ccname))
registry_string_set(key, "ccname", cns_res.ccname);
- else
+ else
registry_value_delete(key, "ccname");
+ }
for (i = 0 ; i < FILE_MENU_MAX_LOGINS ; i++)
if (cns_res.logins[i][0] != '\0') {
/* we're going to stamp all the DLLs with the same version number */
-#define K5_PRODUCT_VERSION_STRING "1.0.8\0"
-#define K5_PRODUCT_VERSION 1, 0, 8, 0
+#define K5_PRODUCT_VERSION_STRING "1.1\0"
+#define K5_PRODUCT_VERSION 1, 1, 0, 0
-#define K5_COPYRIGHT "Copyright (C) 1997 by the Massachusetts Institute of Technology\0"
+#define K5_COPYRIGHT "Copyright (C) 1997-1999 by the Massachusetts Institute of Technology\0"
#define K5_COMPANY_NAME "Massachusetts Institute of Technology.\0"
/*
projects / krb5.git / commitdiff